Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

8-2016

Abstract

To encourage collaboration among single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed that enable different IDS nodes to communicate information with each other. This distributed network infrastructure aims to improve the detection performance of a single IDS, but may suffer from various insider attacks like collusion attacks, where several malicious nodes can collaborate to perform adversary actions. To defend against insider threats, challenge-based trust mechanisms have been proposed in the literature and proven to be robust against collusion attacks. However, we identify that such mechanisms depend heavily on an assumption of malicious nodes, which is not likely to be realistic and may lead to a weak threat model in practical scenarios. In this paper, we analyze the robustness of challenge-based CIDNs in real-world applications and present an advanced collusion attack, called random poisoning attack, which derives from the existing attacks. In the evaluation, we investigate the attack performance in both simulated and real CIDN environments. Experimental results demonstrate that our attack can enables a malicious node to send untruthful information without decreasing its trust value at large. Our research attempts to stimulate more research in designing more robust CIDN framework in practice.

Keywords

Peer-to-peer computing, Collaboration, Robustness, Intrusion detection, Computational modeling, Registers

Discipline

Information Security

Publication

IEEE TrustCom/BigDataSE/ISPA 2016: Proceedings: 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications; 10th IEEE International Conference on Big Data Science and Engineering; 14th IEEE International Symposium on Parallel and Distributed Processing with Applications: 23-26 August, Tianjin, China

First Page

1061

Last Page

1068

ISBN

9781509032051

Identifier

10.1109/TrustCom.2016.0176

Publisher

IEEE Computer Society

City or Country

Los Alamitos, CA

Embargo Period

12-6-2020

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1109/TrustCom.2016.0176

Share

COinS