Data mining aims to extract from huge amount of data stochastic theories, called knowledge models, to explain or predict complex phenomenon. In this paper we propose new distributed data mining algorithms to recognize network attacks against a set of devices from statistic data generated locally by each device according to the standard Simple Network Management Protocol (SNMP) available in each modern operating systems. The idea is to place an autonomous mining resource in each network node that cooperates with its neighbors in a peer-to-peer fashion in order to reciprocally improve their detection capabilities. Differently from existing security solutions, which are based on centralized databases of attack signatures and transmissions of huge amount of raw traffic data, in this solution the network nodes exchange local knowledge models of few hundred bytes. The approach efficacy has been validated performing experiments with several types of attacks, with different network topologies and distributions of attacks so as to also test the node capability of detecting unknown attacks.
|Cite as: Cerroni, W., Moro, G., Pirini, T. and Ramilli, M. (2013). Peer-to-Peer Data Mining Classiers for Decentralized Detection of Network Attacks. In Proc. Database Technologies 2013 (ADC 2013) Adelaide, Australia. CRPIT, 137. Wang, H. and Zhang, R. Eds., ACS. 101-108 |
(local if available)