TY - GEN
T1 - A multi-level security based autonomic parameter selection approach for an effective and early detection of internet worms
AU - Simkhada, Kumar
AU - Taleb, Tarik
AU - Waizumi, Yuji
AU - Jamalipour, Abbas
AU - Hashimoto, Kazuo
AU - Kato, Nei
AU - Nemoto, Yoshiaki
PY - 2006
Y1 - 2006
N2 - In light of the fast propagation of recent Internet worms, human intervention in securing the Internet during worm outbreaks is of little significance. In order to reduce the damage worms may cause, existing Intrusion Detection Systems (IDSs) need to be adaptive to the security-related requirements of their monitoring networks. This paper presents a Multilevel security based Autonomic Parameter Selector (MAPS) that can be implemented over any existing IDSs. The deployment architecture consists of a number of hierarchically placed local security managers, metropolitan security managers, and a global security manager. These security managers report events to a Worm Advisory System (WAS). WAS accordingly sets the threat level of the network. Based on this level, MAPS selects the most optimum parameters for the entire IDS to combat against the propagating worm. The MAPS architecture maintains the system performance by constantly evaluating three metrics, namely False Negative Avoidance, False Positive Avoidance, and Performance Overhead. Extensive experiments, using real network traffic and a recently proposed worm detection system, demonstrate that MAPS is capable of advising an IDS with optimum parameter values to effectively and promptly hinder further propagation of worms.
AB - In light of the fast propagation of recent Internet worms, human intervention in securing the Internet during worm outbreaks is of little significance. In order to reduce the damage worms may cause, existing Intrusion Detection Systems (IDSs) need to be adaptive to the security-related requirements of their monitoring networks. This paper presents a Multilevel security based Autonomic Parameter Selector (MAPS) that can be implemented over any existing IDSs. The deployment architecture consists of a number of hierarchically placed local security managers, metropolitan security managers, and a global security manager. These security managers report events to a Worm Advisory System (WAS). WAS accordingly sets the threat level of the network. Based on this level, MAPS selects the most optimum parameters for the entire IDS to combat against the propagating worm. The MAPS architecture maintains the system performance by constantly evaluating three metrics, namely False Negative Avoidance, False Positive Avoidance, and Performance Overhead. Extensive experiments, using real network traffic and a recently proposed worm detection system, demonstrate that MAPS is capable of advising an IDS with optimum parameter values to effectively and promptly hinder further propagation of worms.
UR - http://www.scopus.com/inward/record.url?scp=50949125860&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=50949125860&partnerID=8YFLogxK
U2 - 10.1109/GLOCOM.2006.302
DO - 10.1109/GLOCOM.2006.302
M3 - Conference contribution
AN - SCOPUS:50949125860
SN - 142440357X
SN - 9781424403578
T3 - GLOBECOM - IEEE Global Telecommunications Conference
BT - IEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference
T2 - IEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference
Y2 - 27 November 2006 through 1 December 2006
ER -