Design and evaluation of advanced collusion attacks on collaborative intrusion detection networks in practice

Author

Weizhi MENG, Institute for Infocomm Research
Xiapu LUO, Hong Kong Polytechnic University
Wenjuan LI, City University of Hong Kong
Yan LI, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

8-2016

Abstract

To encourage collaboration among single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed that enable different IDS nodes to communicate information with each other. This distributed network infrastructure aims to improve the detection performance of a single IDS, but may suffer from various insider attacks like collusion attacks, where several malicious nodes can collaborate to perform adversary actions. To defend against insider threats, challenge-based trust mechanisms have been proposed in the literature and proven to be robust against collusion attacks. However, we identify that such mechanisms depend heavily on an assumption of malicious nodes, which is not likely to be realistic and may lead to a weak threat model in practical scenarios. In this paper, we analyze the robustness of challenge-based CIDNs in real-world applications and present an advanced collusion attack, called random poisoning attack, which derives from the existing attacks. In the evaluation, we investigate the attack performance in both simulated and real CIDN environments. Experimental results demonstrate that our attack can enables a malicious node to send untruthful information without decreasing its trust value at large. Our research attempts to stimulate more research in designing more robust CIDN framework in practice.

Keywords

Peer-to-peer computing, Collaboration, Robustness, Intrusion detection, Computational modeling, Registers

Discipline

Information Security

Publication

IEEE TrustCom/BigDataSE/ISPA 2016: Proceedings: 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications; 10th IEEE International Conference on Big Data Science and Engineering; 14th IEEE International Symposium on Parallel and Distributed Processing with Applications: 23-26 August, Tianjin, China

First Page

1061

Last Page

1068

ISBN

9781509032051

Identifier

10.1109/TrustCom.2016.0176

Publisher

IEEE Computer Society

City or Country

Los Alamitos, CA

Embargo Period

12-6-2020

Citation

MENG, Weizhi; LUO, Xiapu; LI, Wenjuan; and LI, Yan. Design and evaluation of advanced collusion attacks on collaborative intrusion detection networks in practice. (2016). IEEE TrustCom/BigDataSE/ISPA 2016: Proceedings: 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications; 10th IEEE International Conference on Big Data Science and Engineering; 14th IEEE International Symposium on Parallel and Distributed Processing with Applications: 23-26 August, Tianjin, China. 1061-1068.
Available at: https://ink.library.smu.edu.sg/sis_research/5400

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/TrustCom.2016.0176