Adaptive security-related data collection with context awareness

Abstract

The huge economic loss resulting from network attacks and intrusions has led to an intensive study on network security. The network security is usually reflected by some relevant data that can be collected in a network system. By learning and analyzing such data, which are called security-related data, we can detect the intrusions to the network system and further measure its security level. Clearly, the first step of detecting network intrusions is to collect security-related data. However, in the context of 5G and big data, there are a number of challenges in collecting these data due to the heterogeneity of network and ever-growing amount of data. Therefore, traditional data collection methods cannot be applied in the next generation network systems directly, especially for security-related data. This paper presents the design and implementation of an adaptive security-related data collector based on network context in heterogeneous networks. The proposed collector solves the issue of heterogeneity of network system by designing a Security-related Data Description Language (SDDL) to instruct security related data collection in various networking contexts. It also applies adaptive sampling algorithms to reduce the amount of collected data. Furthermore, performance evaluation based on a prototype implementation shows the effectiveness of the adaptive security-related data collector in terms of a number of pre-defined design requirements.