TY - JOUR
T1 - Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model
AU - Li, Wenjuan
AU - Meng, Weizhi
AU - Kwok, Lam For
AU - IP, Horace H.S.
N1 - Funding Information:
We would like to thank HoneybirdHK for supporting and providing expert knowledge. The authors were fully funded by the Innovation to Realization Funding Scheme of the City University of Hong Kong (under the Project no. 6351018).
Publisher Copyright:
© 2016 Elsevier Ltd
PY - 2017/1/1
Y1 - 2017/1/1
N2 - To defend against complex attacks, collaborative intrusion detection networks (CIDNs) have been developed to enhance the detection accuracy, which enable an IDS to collect information and learn experience from others. However, this kind of networks is vulnerable to malicious nodes which are utilized by insider attacks (e.g., betrayal attacks). In our previous research, we developed a notion of intrusion sensitivity and identified that it can help improve the detection of insider attacks, whereas it is still a challenge for these nodes to automatically assign the values. In this article, we therefore aim to design an intrusion sensitivity-based trust management model that allows each IDS to evaluate the trustworthiness of others by considering their detection sensitivities, and further develop a supervised approach, which employs machine learning techniques to automatically assign the values of intrusion sensitivity based on expert knowledge. In the evaluation, we compare the performance of three different supervised classifiers in assigning sensitivity values and investigate our trust model under different attack scenarios and in a real wireless sensor network. Experimental results indicate that our trust model can enhance the detection accuracy of malicious nodes and achieve better performance as compared with similar models.
AB - To defend against complex attacks, collaborative intrusion detection networks (CIDNs) have been developed to enhance the detection accuracy, which enable an IDS to collect information and learn experience from others. However, this kind of networks is vulnerable to malicious nodes which are utilized by insider attacks (e.g., betrayal attacks). In our previous research, we developed a notion of intrusion sensitivity and identified that it can help improve the detection of insider attacks, whereas it is still a challenge for these nodes to automatically assign the values. In this article, we therefore aim to design an intrusion sensitivity-based trust management model that allows each IDS to evaluate the trustworthiness of others by considering their detection sensitivities, and further develop a supervised approach, which employs machine learning techniques to automatically assign the values of intrusion sensitivity based on expert knowledge. In the evaluation, we compare the performance of three different supervised classifiers in assigning sensitivity values and investigate our trust model under different attack scenarios and in a real wireless sensor network. Experimental results indicate that our trust model can enhance the detection accuracy of malicious nodes and achieve better performance as compared with similar models.
KW - Collaborative network
KW - Insider attacks
KW - Intrusion detection
KW - Intrusion sensitivity
KW - Machine learning
KW - Trust management model
UR - http://www.scopus.com/inward/record.url?scp=84995480624&partnerID=8YFLogxK
U2 - 10.1016/j.jnca.2016.09.014
DO - 10.1016/j.jnca.2016.09.014
M3 - Journal article
AN - SCOPUS:84995480624
SN - 1084-8045
VL - 77
SP - 135
EP - 145
JO - Journal of Network and Computer Applications
JF - Journal of Network and Computer Applications
ER -