A Case Study in Tailoring a Bio-Inspired Cyber-Security Algorithm: Designing Anomaly Detection for Multilayer Networks
DOI:
https://doi.org/10.13052/2245-1439.815Keywords:
Cyber-Security, Bio-Inspired, Anomaly detection, Multilayer NetworksAbstract
Although bio-inspired designs for cybersecurity have yielded many elegant solutions to challenging problems, the vast majority of these efforts have been ad hoc analogies between the natural and human-designed systems.We propose to improve on the current approach of searching through the vast diversity of existing natural algorithms for one most closely resembling each new cybersecurity challenge, and then trying to replicate it in a designed cyber setting. Instead, we suggest that researchers should follow a protocol of functional abstraction, considering which features of the natural algorithm provide the efficiency/effectiveness in the real world, and then use those abstracted features as design components to build purposeful, tailored (perhaps even optimized) solutions. Here, we demonstrate how this can work by considering a case study employing this method. We design an extension of an existing (and ad hoc-created) algorithm, DIAMoND, for application beyond its originally intended solution space (detection of Distributed Denial of Service attacks in simple networks) to function on multilayer networks.We show how this protocol provides insights that might be harder or take longer to discover by direct analogy-building alone; in this case, we see that differential weighting of shared information by the providing network layer, and dynamic individual thresholds for independent analysis are likely to be effective.
Downloads
References
Mazurczyk, W., Drobniak, S., and Moore, S. (2016). Towards a systematic view on cybersecurity ecology. In Combatting Cybercrime and Cyberterrorism (pp. 17–37). Springer, Cham.
Enache, A. C., and Sgârciu, V. (2015). Anomaly intrusions detection based on support vector machines with an improved bat algorithm. In 20th International Conference on Control Systems and Computer Science (CSCS), (pp. 317–321). IEEE.
Gowri, R., and Rathipriya, R. (2016). Venus Flytrap Optimization. In Computational Intelligence, Cyber Security and Computational Models (pp. 519–531). Springer, Singapore.
Cho, J. H., Shin, J. Y., Lee, H., Kim, J. M., and Lee, G. (2015). DDoS Prevention System Using Multi-Filtering Method. In International Conference on Chemical, Material and Food Engineering. Atlantis Press.
Mirkovic, J., and Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), 39–53.
Bhuyan, M. H., Bhattacharyya, D. K., and Kalita, J. K. (2017). Network traffic anomaly detection and prevention: concepts, techniques, and tools. Springer.
Korczynski, M., Hamieh, A., Huh, J. H., Holm, H., Rajagopalan, S. R., and Fefferman, N. H. (2015). DIAMoND: Distributed intrusion/anomaly monitoring for nonparametric detection. In 24th International Conference on Computer Communication and Networks (ICCCN), 2015 (pp. 1–8). IEEE.
Korczynski, M., Hamieh, A., Huh, J. H., Holm, H., Rajagopalan, S. R., and Fefferman, N. H. (2016). Hive oversight for network intrusion early warning using DIAMoND: a bee-inspired method for fully distributed cyber defense. IEEE Communications Magazine, 54(6), 60–67.
Winston, M. L. (1991). The biology of the honey bee. harvard university press.
Gallos, L. K., Korczyński, M., and Fefferman, N. H. (2017). Anomaly detection through information sharing under different topologies,” EURASIP Journal on Information Security, No. 1, p. 5.
Rinaldi, S. M., Peerenboom, J. P., and Kelly, T. K. (2001). Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Systems, 21(6), 11–25.
