Developing advanced fingerprint attacks on challenge-based collaborative intrusion detection networks

Wenjuan Li, Weizhi Meng, Lam For Kwok, Horace H.S. Ip

Research output: Journal article publicationJournal articleAcademic researchpeer-review

15 Citations (Scopus)

Abstract

Traditionally, an isolated intrusion detection system (IDS) is vulnerable to various types of attacks. In order to enhance IDS performance, collaborative intrusion detection networks (CIDNs) are developed through enabling a set of IDS nodes to communicate with each other. Due to the distributed network architecture, insider attacks are one of the major threats. In the literature, challenge-based trust mechanisms have been built to identify malicious nodes by evaluating the satisfaction levels between challenges and responses. However, such mechanisms rely on two major assumptions, which may result in a weak threat model. In this case, CIDNs may be still vulnerable to advanced insider attacks in real-world deployment. In this paper, we propose a novel collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results demonstrate that our attack can help malicious nodes send malicious responses to normal requests, while maintaining their trust values.

Original languageEnglish
Pages (from-to)299-310
Number of pages12
JournalCluster Computing
Volume21
Issue number1
DOIs
Publication statusPublished - 25 May 2017
Externally publishedYes

Keywords

  • Challengebased trust mechanism
  • Collaborative network
  • Collusion attacks
  • Insider threats
  • Intrusion detection system

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this