Evaluating intrusion sensitivity allocation with supervised learning in collaborative intrusion detection

Abstract

SummaryNetwork intrusions are a big security threat to current computer networks. For protection, collaborative intrusion detection networks (CIDNs) are developed attempting to reach better detection performance than a single detector, by allowing a set of detectors to switch data or information with each other. However, there is a need to implement suitable trust management schemes, with the aim to safeguard such distributed detection networks against insider threats. In the literature, previous studies have indicated that the notion of intrusion sensitivity can be used to enhance the effectiveness of trust management, by highlighting the feedback from expert nodes. In addition, machine learning can be used to assign the value of intrusion sensitivity automatically. In this work, we evaluate the performance of typical supervised learning classifiers in allocating the value of intrusion sensitivity, and figure out some limitations under different data sets. Then we investigate the impact of intrusion sensitivity in a real network environment under adversarial conditions. The results demonstrate that a wrongly assigned sensitivity value may greatly degrade the detection effectiveness of insider attacks. There is a significant need to choose a suitable classifier in allocating the value of intrusion sensitivity in practice.