Design and evaluation of advanced collusion attacks on collaborative intrusion detection networks in practice

Weizhi Meng; Xiapu Luo; Wenjuan Li; Yan Li

doi:10.1109/TrustCom.2016.0176

Design and evaluation of advanced collusion attacks on collaborative intrusion detection networks in practice

Weizhi Meng, Xiapu Luo, Wenjuan Li, Yan Li

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

34 Citations (Scopus)

Abstract

To encourage collaboration among single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed that enable different IDS nodes to communicate information with each other. This distributed network infrastructure aims to improve the detection performance of a single IDS, but may suffer from various insider attacks like collusion attacks, where several malicious nodes can collaborate to perform adversary actions. To defend against insider threats, challenge-based trust mechanisms have been proposed in the literature and proven to be robust against collusion attacks. However, we identify that such mechanisms depend heavily on an assumption of malicious nodes, which is not likely to be realistic and may lead to a weak threat model in practical scenarios. In this paper, we analyze the robustness of challenge-based CIDNs in real-world applications and present an advanced collusion attack, called random poisoning attack, which derives from the existing attacks. In the evaluation, we investigate the attack performance in both simulated and real CIDN environments. Experimental results demonstrate that our attack can enables a malicious node to send untruthful information without decreasing its trust value at large. Our research attempts to stimulate more research in designing more robust CIDN framework in practice.

Original language	English
Title of host publication	Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016
Publisher	IEEE
Pages	1061-1068
Number of pages	8
ISBN (Electronic)	9781509032051
DOIs	https://doi.org/10.1109/TrustCom.2016.0176
Publication status	Published - 1 Jan 2016
Event	Joint 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016 - Tianjin, China Duration: 23 Aug 2016 → 26 Aug 2016

Conference

Conference	Joint 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016
Country/Territory	China
City	Tianjin
Period	23/08/16 → 26/08/16

Keywords

Collaborative intrusion detection
Collusion attack
Distributed network
Insider attack
Network security

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Hardware and Architecture
Information Systems
Safety, Risk, Reliability and Quality

More information

10.1109/TrustCom.2016.0176

Cite this

Meng, W., Luo, X., Li, W., & Li, Y. (2016). Design and evaluation of advanced collusion attacks on collaborative intrusion detection networks in practice. In Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016 (pp. 1061-1068). Article 7847059 IEEE. https://doi.org/10.1109/TrustCom.2016.0176

Meng, Weizhi ; Luo, Xiapu ; Li, Wenjuan et al. / Design and evaluation of advanced collusion attacks on collaborative intrusion detection networks in practice. Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016. IEEE, 2016. pp. 1061-1068

@inproceedings{b3ff3c05fb954344834831078ff63e8c,

title = "Design and evaluation of advanced collusion attacks on collaborative intrusion detection networks in practice",

abstract = "To encourage collaboration among single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed that enable different IDS nodes to communicate information with each other. This distributed network infrastructure aims to improve the detection performance of a single IDS, but may suffer from various insider attacks like collusion attacks, where several malicious nodes can collaborate to perform adversary actions. To defend against insider threats, challenge-based trust mechanisms have been proposed in the literature and proven to be robust against collusion attacks. However, we identify that such mechanisms depend heavily on an assumption of malicious nodes, which is not likely to be realistic and may lead to a weak threat model in practical scenarios. In this paper, we analyze the robustness of challenge-based CIDNs in real-world applications and present an advanced collusion attack, called random poisoning attack, which derives from the existing attacks. In the evaluation, we investigate the attack performance in both simulated and real CIDN environments. Experimental results demonstrate that our attack can enables a malicious node to send untruthful information without decreasing its trust value at large. Our research attempts to stimulate more research in designing more robust CIDN framework in practice.",

keywords = "Collaborative intrusion detection, Collusion attack, Distributed network, Insider attack, Network security",

author = "Weizhi Meng and Xiapu Luo and Wenjuan Li and Yan Li",

year = "2016",

month = jan,

day = "1",

doi = "10.1109/TrustCom.2016.0176",

language = "English",

pages = "1061--1068",

booktitle = "Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016",

publisher = "IEEE",

address = "United States",

note = "Joint 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016 ; Conference date: 23-08-2016 Through 26-08-2016",

}

Meng, W, Luo, X, Li, W & Li, Y 2016, Design and evaluation of advanced collusion attacks on collaborative intrusion detection networks in practice. in Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016., 7847059, IEEE, pp. 1061-1068, Joint 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016, Tianjin, China, 23/08/16. https://doi.org/10.1109/TrustCom.2016.0176

Design and evaluation of advanced collusion attacks on collaborative intrusion detection networks in practice. / Meng, Weizhi; Luo, Xiapu; Li, Wenjuan et al.
Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016. IEEE, 2016. p. 1061-1068 7847059.

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

TY - GEN

T1 - Design and evaluation of advanced collusion attacks on collaborative intrusion detection networks in practice

AU - Meng, Weizhi

AU - Luo, Xiapu

AU - Li, Wenjuan

AU - Li, Yan

PY - 2016/1/1

Y1 - 2016/1/1

N2 - To encourage collaboration among single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed that enable different IDS nodes to communicate information with each other. This distributed network infrastructure aims to improve the detection performance of a single IDS, but may suffer from various insider attacks like collusion attacks, where several malicious nodes can collaborate to perform adversary actions. To defend against insider threats, challenge-based trust mechanisms have been proposed in the literature and proven to be robust against collusion attacks. However, we identify that such mechanisms depend heavily on an assumption of malicious nodes, which is not likely to be realistic and may lead to a weak threat model in practical scenarios. In this paper, we analyze the robustness of challenge-based CIDNs in real-world applications and present an advanced collusion attack, called random poisoning attack, which derives from the existing attacks. In the evaluation, we investigate the attack performance in both simulated and real CIDN environments. Experimental results demonstrate that our attack can enables a malicious node to send untruthful information without decreasing its trust value at large. Our research attempts to stimulate more research in designing more robust CIDN framework in practice.

AB - To encourage collaboration among single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed that enable different IDS nodes to communicate information with each other. This distributed network infrastructure aims to improve the detection performance of a single IDS, but may suffer from various insider attacks like collusion attacks, where several malicious nodes can collaborate to perform adversary actions. To defend against insider threats, challenge-based trust mechanisms have been proposed in the literature and proven to be robust against collusion attacks. However, we identify that such mechanisms depend heavily on an assumption of malicious nodes, which is not likely to be realistic and may lead to a weak threat model in practical scenarios. In this paper, we analyze the robustness of challenge-based CIDNs in real-world applications and present an advanced collusion attack, called random poisoning attack, which derives from the existing attacks. In the evaluation, we investigate the attack performance in both simulated and real CIDN environments. Experimental results demonstrate that our attack can enables a malicious node to send untruthful information without decreasing its trust value at large. Our research attempts to stimulate more research in designing more robust CIDN framework in practice.

KW - Collaborative intrusion detection

KW - Collusion attack

KW - Distributed network

KW - Insider attack

KW - Network security

UR - http://www.scopus.com/inward/record.url?scp=85015146175&partnerID=8YFLogxK

U2 - 10.1109/TrustCom.2016.0176

DO - 10.1109/TrustCom.2016.0176

M3 - Conference article published in proceeding or book

SP - 1061

EP - 1068

BT - Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016

PB - IEEE

T2 - Joint 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016

Y2 - 23 August 2016 through 26 August 2016

ER -

Meng W, Luo X, Li W, Li Y. Design and evaluation of advanced collusion attacks on collaborative intrusion detection networks in practice. In Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016. IEEE. 2016. p. 1061-1068. 7847059 doi: 10.1109/TrustCom.2016.0176

Design and evaluation of advanced collusion attacks on collaborative intrusion detection networks in practice

Abstract

Conference

Keywords

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this