n‐Grams exclusion and inclusion filter for intrusion detection in Internet of Energy big data systems

Author First name, Last name, Institution

Monther Aldwairi, Jordan University of Science and Technology
Duaa Alansari, Jordan University of Science and Technology

ORCID Identifiers

0000-0003-1150-2404

Document Type

Conference Proceeding

Source of Publication

Transactions on Emerging Telecommunications Technologies

Publication Date

7-31-2019

Abstract

The advent of Internet of Energy (IoE) and the seamless integration of grid operators, power generators, distributors, sensors, and end users promise more efficient use of energy. However, the IoE will inherit the vulnerabilities from all of the integrated systems, and this raises concerns for trust and privacy. The evolving complexity and increased speed of network‐based attacks emphasizes the need for an efficient intrusion detection system. Consequently, with the emergence of new attacks and the increasing number of signatures, traditional signature‐based intrusion detection systems cannot both sift through big data and meet high network speeds. Detection performance severely deteriorates when matching hundreds of gigabits per second to the growing number of attack signatures. Given that pattern matching takes up to 60% of the overall intrusion detection time, this paper presents a new and fast software‐based pattern matching system, Exscind. It proposes an exclusion‐inclusion filter to preclude clean traffic before having to do expensive pattern matching. Additionally, if the traffic is malicious, the system only matches against a subset of signatures that have a high probability of being a match. We extensively evaluate the system's performance and conclude that using 6‐grams signature prefix provides the best speedup and memory consumption with negligible false positives and linear scaling. We report a best‐case speedup of 6.5 times for normal traffic and 1.53 times for the worst possible scenario. For best‐case normal traffic, Exscind skips pattern matching for 98.36% of the packets. 6‐grams attack signature prefix exclusion and inclusion Bloom filter. Skipping pattern matching for 98.4% of normal traffic. Up to 6 times faster intrusion detection with linear scaling.

DOI Link

10.1002/ett.3711

ISSN

2161-3915

Publisher

Wiley

Disciplines

Electrical and Computer Engineering

Scopus ID

85126693059

Recommended Citation

Aldwairi, Monther and Alansari, Duaa, "n‐Grams exclusion and inclusion filter for intrusion detection in Internet of Energy big data systems" (2019). All Works. 2509.
https://zuscholars.zu.ac.ae/works/2509

Indexed in Scopus

yes

Open Access

no