Interest has been increasing in mining information from a huge amount of data for various purposes such as business processes, scientific discoveries, and security. MINDS (Minnesota INtrusion Detection System) is a tool utilizing data mining techniques to identify both known and unknown network intrusions. While performing well with a high degree of accuracy in detecting intrusions, MINDS is intrinsically limited due to its centralized design. At the same time, there are increasing needs for coordinating multiple distributed sites to find correlations of suspicious events and for sharing distributed anomaly data in different administrative domains since network intrusions become more sophisticated and harder to identify by a single site analysis. In this work, we consider a distributed model of MINDS to eliminate the limitations that the current MINDS suffers from due to its centralized nature. We utilize Grid technologies to achieve the distribution of services. In addition, we develop security frameworks for authentication and access control since it is important to preserve privacy and sensitivity of data regardless of distribution. To verify the feasibility of our approach, we also present our experimental results conducted in a local testbed with four nodes and in a wide-area setting in PlanetLab with 20 nodes geographically dispersed.
Bibliographical noteFunding Information:
2This project was funded by NSF
© 2014, Springer Science+Business Media Dordrecht.
- Access Control
- Distributed Data Mining
- Security-enabled Grid