دانلود رایگان مقاله انگلیسی چارچوب برنامه ریزی برای سیستم تشخیص نفوذ توزیع شده بر معماری شبکه های ناهمگن - الزویر 2018

Abstract

The evolving trends of mobility, cloud computing and collaboration have blurred the perimeter separating corporate networks from the wider world. These new tools and business models enhance productivity and present new opportunities for competitive advantage although they also introduce new risks. Currently, security is one of the most limiting issues for technological development in fields such as Internet of Things or Cyber-physical systems. This work contributes to the cyber security research field with a design that can incorporate advanced scheduling algorithms and predictive models in a parallel and distributed way, in order to improve intrusion detection in the current scenario, where increased demand for global and wireless interconnection has weakened approaches based on protection tasks running only on specific perimeter security devices. The aim of this paper is to provide a framework to properly distribute intrusion detection system (IDS) tasks, considering security requirements and variable availability of computing resources. To accomplish this, we propose a novel approach, which promotes the integration of personal and enterprise computing resources with externally supplied cloud services, in order to handle the security requirements. For example, in a business environment, there is a set information resources that need to be specially protected, including data handled and transmitted by small mobile devices. These devices can execute part of the IDS tasks necessary for self-protection, but other tasks could be derived to other more powerful systems. This integration must be achieved in a dynamic way: cloud resources are used only when necessary, minimizing utility computing costs and security problems posed by cloud, but preserving local resources when those are required for business processes or user experience. In addition to satisfying the main objective, the strengths and benefits of the proposed framework can be explored in future research. This framework provides the integration of different security approaches, including well-known and recent advances in intrusion detection as well as supporting techniques that increase the resilience of the system. The proposed framework consists of: (1) a controller component, which among other functions, decides the source and target hosts for each data flow; and (2) a switching mechanism, allowing tasks to redirect data flows as established by the controller scheduler. The proposed approach has been validated through a number of experiments. First, an experimental DIDS is designed by selecting and combining a number of existing IDS solutions. Then, a prototype implementation of the proposed framework, working as a proof of concept, is built. Finally, singular tests showing the feasibility of our approach and providing a good insight into future work are performed.

Conclusion and future work

The major contribution of this work is the design of a novel framework that allows convenient distribution of intrusion detection tasks taking into account security requirements, variable availability of computing resources in personal and 515 enterprise computers, and additional capabilities coming from cloud services. In addition, the proposal integrates IDS projects built on diverse technologies and approaches, allowing modular re-use of established IDS techniques. As a derived result, the framework avoids a single point of failure or attack, by supporting multiple instances of the different tasks required for the overall IDS. The experiments show the feasibility of the approach, and provide insight into future work. The framework itself can evolve in different directions, listed below. From the scheduling point of view, two main problems have been identified, which can be explored further. First, considerable effort must be spent in order 525 to adapt and test existing techniques for flow scheduling on the proposed architecture; well-known and novel methods, algorithms and heuristics should be taken into account. Second, additional research is required to integrate existing predictive models, taking the most of their capabilities in order to increase the effectiveness of the scheduler component. 530 Another future work line has to do with the way in which optimum framework parameters are established: in addition to simulation aided estimation, adaptive behaviour could be added to the proposed framework, incorporating the results from advanced modelling techniques using, for example, neural networks. 535 System resilience is another interesting issue to work on. The framework supports a fallback policy, to be activated when central control is not available or accessible. This could be expanded by adding a service discovery mechanism, allowing devices to autonomously take suboptimal decisions based on local information coming from neighbour computers. 540 Finally, the experimental design should be completed, integrating other relevant factors, such as main memory usage, storage requirements and energy consumption.