Acquaintance Management Algorithm Based on the Multi-Class Risk-Cost Analysis for Collaborative Intrusion Detection Network


  • Yudha Purwanto School of Electrical Engineering, Telkom University, Jalan Telekomunikasi, Bandung, Indonesia
  • Kuspriyanto Kuspriyanto School of Electrical Engineering and Informatics, Institut Teknologi Bandung, Jalan Ganesha No. 10, Bandung 40132,
  • Hendrawan Hendrawan School of Electrical Engineering and Informatics, Institut Teknologi Bandung, Jalan Ganesha No. 10, Bandung 40132,
  • Budi Rahardjo School of Electrical Engineering and Informatics, Institut Teknologi Bandung, Jalan Ganesha No. 10, Bandung 40132,



The collaborative intrusion detection network (CIDN) framework provides collaboration capability among intrusion detection systems (IDS). Collaboration selection is done by an acquaintance management algorithm. A recent study developed an effective acquaintance management algorithm by the use of binary risk analysis and greedy-selection-sort based methods. However, most algorithms do not pay attention to the possibility of wrong responses in multi-botnet attacks. The greedy-based acquaintance management algorithm also leads to a poor acquaintance selection processing time when there is a high number of IDS candidates. The growing number of advanced distributed denial of service (DDoS) attacks make acquaintance management potentially end up with an unreliable CIDN acquaintance list, resulting in low decision accuracy. This paper proposes an acquaintance management algorithm based on multi-class risk-cost analysis and merge-sort selection methods. The algorithm implements merge risk-ordered selection to reduce computation complexity. The simulation result showed the reliability of CIDN in reducing the acquaintance selection processing time decreased and increasing the decision accuracy.


Mirkovic, J. & Reiher, P., A Taxonomy of DDoS Attack and DDoS Defense Mechanism, ACM SIGCOMM Computer and Communication Review, 34(2), pp. 39-53, April 2004.

Bhuyan, M.H., Bhattacharyya, D.K. & Kalita, J.K., Network Anomaly Detection: Methods, Systems and Tools, IEEE Communications Surveys & Tutorials, 16(1), pp. 303-336, February 2014.

Purwanto, Y., Kuspriyanto, Hendrawan & Rahardjo, B., Traffic Anomaly Detection in DDoS Flooding Attack, in International Conference on Telecommunication Systems, Services, and Applications, Bali, Indonesia, October 2014.

Fung, C. & Zhu, Q., FACID: A Trust-based Collaborative Decision Framework for Intrusion Detection Networks, Elsevier Ad Hoc Networks Journal (ADHOC), 53, pp. 17-31, December 2016.

Soldo, F., Predicting Future Attacks Data Analysis of Dshield Data Set, Technical Report, 2009. dshield-analysis-tr. pdf. (December 2019)

Le, D.N., Bhatt, C. & Madhukar, M., Security Designs for the Cloud, IoT, and Social Networking, John Wiley & Sons, Inc and Scrivener Publishing LLC, 2019.

Benkhelifa, E., Welsh, T. & Hamouda, W., A Critical Review of Practices and Challenges in Intrusion Detection Systems for IoT: Toward Universal and Resilient Systems, IEEE Communications Surveys & Tutorials, 20(4), pp. 3496-3509, 2018.

Nguyen, T.G., Phan, T.V., Nguyen, B.T., Baig, Z.A. & Sanguanpong, S., SeArch: A Collaborative and Intelligent NIDS Architecture for SDN-Based Cloud IoT Networks, IEEE Access, 7, pp. 107678-107694, 2019.

Meng, W., Tischhauser, E.W., Wang, Q., Wang, Y. & Han, J., When Intrusion Detection Meets Blockchain Technology: A Review, IEEE Access, 6, pp. 10179-10188, 2018.

Tan, Z., Nagar, U.T., He, X., Nanda, P., Liu, R.P., Wang, S. & Hu, J., Enhancing Big Data Security with Collaborative Intrusion Detection, IEEE Cloud Computing, 1(3), pp. 27-33, 2014.

Purwanto, Y., Kuspriyanto, Hendrawan & Rahardjo, B., Cost Analysis for Classification-based Autonomous Response System, International Journal of Network Security, 20(1), pp. 121-130, January 2018.

Fung, C., Design and Management of Collaborative Intrusion Detection Network, Doctor of Philosophy Thesis of University of Waterloo, Ontario, Canada, 2013.

Vasilomanolakis, E. & Mlhser, M., Detection and Mitigation of Monitor Identification Attacks in Collaborative Intrusion Detection Systems, International Journal of Network Management, 29(2), e2059, 2019. DOI: 10.1002/nem.2059.

Rezapour, A. & Tzeng, W.G., A Robust Algorithm for Predicting Attacks Using Collaborative Security Logs, Journal of Information Science and Engineering, 36(3), pp. 597-619, 2020.

Abdurrazaq, M.N.K., Trilaksono, B.R. & Rahardjo, B., DIDS Using Cooperative Agents Based on Ant Colony Clustering, Journal of ICT Research and Applications, 8(3), pp. 213-233, 2015.

Hung, J.C., The Behavior-based Intrusion Detection and Response System for the Internet Worm, Journal of Internet Technology, 4(4), pp. 247-254, October 2003.

Meng, W., Li, W., Yang, L.T. & Li, P., Enhancing Challenge-Based Collaborative Intrusion Detection Networks Against Insider Attacks Using Blockchain, International Journal of Information Security, 19(3), pp. 279-290, 2019. DOI: 10.1007/s10207-019-00462-x.

Zhou, C.V., Leckie, C., Karunasekera, S. & Peng, T., A Self-healing, Self-protecting Collaborative Intrusion Detection Architecture to Traceback Fast-flux Phishing Domains, in IEEE Workshop on Autonomic Communication and Network Management (ACNM 2008), Salvador da Bahia, Brazil, April 2008.

Li, X., Collaborative Intrusion Detection Method for Marine Distributed Network, Journal of Coastal Research, Advances in Sustainable Port and Ocean Engineering, (Special Issue 83), pp. 57-61, 2018.

Kanth, V., McAbee, A., Tummala, M. & McEachen, J.C., Collaborative Intrusion Detection leveraging Blockchain and Pluggable, in The 53rd Hawaii International Conference on System Sciences, Hawaii, 2020.

Zhu, Q., Fung, C., Boutaba, R. & Basar, T., GUIDEX: A Game-theoretic Incentive-based Mechanism for Intrusion Detection Networks, IEEE Journal on Selected Areas in Communications, 30(11), pp. 2220-2230, December 2009.

Rezapour, A. & Tzeng, W.G., A Robust Intrusion Detection Network Using Thresholdless Trust Management System with Incentive Design, in Beyah R., Chang B., Li Y., Zhu S. (Eds.), Security and Privacy in Communication Networks, SecureComm 2018, in Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, 255, Springer Verlag, 2018. DOI: 10.1007/978-3-030-01704-0_8.

Li, W., Meng, W. & Kwok, L.F., Investigating the Influence of Special On-Off Attacks on Challenge-Based Collaborative Intrusion Detection Networks, Future Internet, 10(1), pp. 1-16, 2018.

Li, W. & Kwok, L.F., Challenge-Based Collaborative Intrusion Detection Networks under Passive Message Fingerprint Attack: A Further Analysis, Journal of Information Security and Applications, 47, pp. 1-7, 2019.

Purwanto, Y., Kuspriyanto, Hendrawan & Rahardjo, B., Consultation Request Algorithm in Distance Based Intrusion Detection Network, in International Conference on Satellite Technology, Bandung, Indonesia, October 2018.

Fung, C. J., Zhang, J., Aib, I. & Boutaba, R., Dirichlet-based Trust Management for Effective Collaborative Intrusion Detection Networks, IEEE Transaction on Network and Service Management, 8(2), pp. 79-91, June 2011.

Li, W. & Meng, W., Enhancing Collaborative Intrusion Detection Networks Using Intrusion Sensitivity in Detecting Pollution Attacks, Information and Computer Security, 24(3), pp. 265-276, 2016.

Orfila, A., Carbo, J. & Ribagorda, A., Autonomous Decision on Intrusion Detection with Trained BDI Agents, Computer Communications Journal, 31(9), pp. 1803-1813, June 2008.

Duma, C., Karresand, M., Shahmehri, N. & Caronni, G., A Trust-Aware, P2P-based Overlay for Intrusion Detection, in International Conference on Database and Expert Systems Applications, Krakow, Poland, September 2006.

Fung, C. J., Zhang, J. & Boutaba, R., Effective Acquaintance Management Based on Bayesian Learning for Distributed Intrusion Detection Networks, IEEE Transactions on Network and Service Management, 9(3), pp. 320-332, September 2012.

Purwanto, Y., Kuspriyanto, Hendrawan & Rahardjo, B., Multistage Process to Decrease Processing Time in Intrusion Prevention System, in International Conference on Wireless and Telematics, Palembang, Indonesia, July 2017.

Purwanto, Y., Kuspriyanto, Hendrawan & Rahardjo, B., Minimal Triangle Area Mahalanobis Distance for Stream Homogeneous Group-based DDoS Classification, International Journal on Electrical Engineering and Informatic, 10(2), pp. 369-383, June 2018.

KDD Cup 99, Available on:, 1 October 1999. (March 28, 2018)

Ziegler, B.P., Multifacetted Modelling and Discrete Event Simulation, Orlando: Academic Press, London, 1984.