A novel threat-driven data collection method for resource-constrained networks

Abstract

Real-time devices monitoring is a fundamental task of network security. When networks are threatened by cyberattacks, we need accurate monitoring data for timely detecting and disposing network threats. However, in resource-constrained networks, due to limitation of device processing capacity or network bandwidth, it is usually difficult to collect monitoring information precisely and efficiently. To address this problem, we propose a novel threat-driven data collection method. Our method firstly analyses features of the existing or potential network threats, then chooses devices that most probably be affected by the threats, and finally selects data items consistent to the threat features for those screened target collection devices. Experiment results prove that our threat-driven data collection method not only improves the collection efficiency with a satisfying data accuracy, but also reduces devices resource cost of gathering monitoring data, making it suitable for security management in resource-constrained networks.