Challenge-based collaborative intrusion detection networks under passive message fingerprint attack: A further analysis

Wenjuan Li, Lam For Kwok

Research output: Journal article publicationJournal articleAcademic researchpeer-review

15 Citations (Scopus)

Abstract

Collaborative intrusion detection systems / networks (CIDSs/CIDNs) have been widely used, aiming to enhance the performance of a single intrusion detection system (IDS), by allowing an IDS node communicating and collecting information from others. To protect such collaborative systems against insider attacks, trust management mechanisms are often deployed to evaluate the trustworthiness of a node. In particular, challenge-based mechanism attempts to identify malicious nodes by measuring the deviation between challenges and responses. However, it is found that such mechanisms may be vulnerable to advanced insider attacks like Passive Message Fingerprint Attacks (PMFA), where malicious nodes can distinguish challenges by analyzing the sending strategy. In this paper, we further analyze the effectiveness of PMFA and investigate whether an improved sending strategy can help detect malicious nodes. Our study reveals that PMFA could still be valid under even an improved sending strategy, i.e., malicious nodes can hold its reputation level by understanding the network context. We then provide some insights on how to defeat such kind of attack by properly adjusting such mechanism.

Original languageEnglish
Pages (from-to)1-7
Number of pages7
JournalJournal of Information Security and Applications
Volume47
DOIs
Publication statusPublished - Aug 2019
Externally publishedYes

Keywords

  • Challenge-based CIDN
  • Collaborative network
  • Insider attack and detection
  • Intrusion detection system
  • Trust management

ASJC Scopus subject areas

  • Software
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Challenge-based collaborative intrusion detection networks under passive message fingerprint attack: A further analysis'. Together they form a unique fingerprint.

Cite this