TY - GEN
T1 - Enhancing Challenge-based Collaborative Intrusion Detection against Insider Attacks using Spatial Correlation
AU - Li, Wenjuan
AU - Meng, Weizhi
AU - Parra-Arnau, Javier
AU - Choo, Kim Kwang Raymond
N1 - Funding Information:
ACKNOWLEDGMENT We would like to thank IT administrators from the participating organization for their assistance and support in deploying our mechanism. This work was partially supported by the National Natural Science Foundation of China (No. 61802077). K.-K. R. Choo was supported only by the Cloud Technology Endowed Professorship.
Publisher Copyright:
© 2021 IEEE.
PY - 2021/1/30
Y1 - 2021/1/30
N2 - With cyber-attacks becoming more complicated and the networks increasingly interconnected, there has been a move towards using collaborative intrusion detection networks (CIDNs) to identify cyber-threats more effectively. However, insider attacks may remain challenging to mitigate in CIDNs, as the intruders are able to control one or more internal nodes. Challenge- based trust mechanism is one promising solution to help safeguard CIDNs against common insider attacks, but not necessarily against advanced attacks such as passive message fingerprint attacks. In this work, we focus on challenge-based trust mechanism and advocate that considering additional level of trust can enhance the robustness of CIDNs. Specifically, we design an enhanced trust management scheme by checking spatial correlation among nodes' behavior, regarding forwarding delay, packet dropping and sending rate. Then, we evaluate our approach in a simulated environment, as well as a realworld environment in collaboration with an IT organization. Experimental results demonstrate that our approach can help enhance the robustness of challenge-based trust mechanism by detecting malicious nodes faster than similar approaches (i.e., reducing time consumption by two to three days).
AB - With cyber-attacks becoming more complicated and the networks increasingly interconnected, there has been a move towards using collaborative intrusion detection networks (CIDNs) to identify cyber-threats more effectively. However, insider attacks may remain challenging to mitigate in CIDNs, as the intruders are able to control one or more internal nodes. Challenge- based trust mechanism is one promising solution to help safeguard CIDNs against common insider attacks, but not necessarily against advanced attacks such as passive message fingerprint attacks. In this work, we focus on challenge-based trust mechanism and advocate that considering additional level of trust can enhance the robustness of CIDNs. Specifically, we design an enhanced trust management scheme by checking spatial correlation among nodes' behavior, regarding forwarding delay, packet dropping and sending rate. Then, we evaluate our approach in a simulated environment, as well as a realworld environment in collaboration with an IT organization. Experimental results demonstrate that our approach can help enhance the robustness of challenge-based trust mechanism by detecting malicious nodes faster than similar approaches (i.e., reducing time consumption by two to three days).
KW - Advanced Insider Threat
KW - Challenge-based Trust Management
KW - Collaborative Intrusion Detection
KW - Spatial Correlation
KW - Trust Computation
UR - http://www.scopus.com/inward/record.url?scp=85101677934&partnerID=8YFLogxK
U2 - 10.1109/DSC49826.2021.9346232
DO - 10.1109/DSC49826.2021.9346232
M3 - Conference article published in proceeding or book
AN - SCOPUS:85101677934
T3 - 2021 IEEE Conference on Dependable and Secure Computing, DSC 2021
BT - 2021 IEEE Conference on Dependable and Secure Computing, DSC 2021
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2021 IEEE Conference on Dependable and Secure Computing, DSC 2021
Y2 - 30 January 2021 through 2 February 2021
ER -