TY - GEN
T1 - Identifying Passive Message Fingerprint Attacks via Honey Challenge in Collaborative Intrusion Detection Networks
AU - Li, Wenjuan
AU - Meng, Weizhi
AU - Wang, Yu
AU - Kwok, Lam For
AU - Lu, Rongxing
N1 - Funding Information:
ACKNOWLEDGMENT The authors would like to thank the participating organization. This work was partially supported by National Natural Science Foundation of China (No. 61472091).
Publisher Copyright:
© 2018 IEEE.
PY - 2018/9/5
Y1 - 2018/9/5
N2 - To enhance the detection capability of a single intrusion detection system (IDS), collaborative intrusion detection networks (CIDNs) have been exploited and developed via enabling a set of IDS nodes to exchange information with each other. In CIDNs, challenge-based trust mechanism has been considered as one promising solution to identify malicious nodes by evaluating the satisfaction levels between challenges and responses. However, such mechanism is still vulnerable to some advanced insider attacks like passive message fingerprint attack (PMFA), which is deemed as an advanced attack on challenge-based CIDNs by collecting messages and identifying normal requests in a passive way. In this work, we focus on PMFA and design Honey Challenge, an improved challenge mechanism for challenge-based CIDNs characterized by sending challenges in a similar way of sending normal requests, in such a way malicious nodes cannot accurately identify the normal requests. In the evaluation, we investigate the attack performance under both simulated and real network environments. Experimental results demonstrate that our proposed mechanism can identify malicious nodes under PMFA and decrease their trust values in a quick manner.
AB - To enhance the detection capability of a single intrusion detection system (IDS), collaborative intrusion detection networks (CIDNs) have been exploited and developed via enabling a set of IDS nodes to exchange information with each other. In CIDNs, challenge-based trust mechanism has been considered as one promising solution to identify malicious nodes by evaluating the satisfaction levels between challenges and responses. However, such mechanism is still vulnerable to some advanced insider attacks like passive message fingerprint attack (PMFA), which is deemed as an advanced attack on challenge-based CIDNs by collecting messages and identifying normal requests in a passive way. In this work, we focus on PMFA and design Honey Challenge, an improved challenge mechanism for challenge-based CIDNs characterized by sending challenges in a similar way of sending normal requests, in such a way malicious nodes cannot accurately identify the normal requests. In the evaluation, we investigate the attack performance under both simulated and real network environments. Experimental results demonstrate that our proposed mechanism can identify malicious nodes under PMFA and decrease their trust values in a quick manner.
KW - Challenge-based Mechanism
KW - Collaborative Environment
KW - Insider Threat
KW - Intrusion Detection
KW - Passive Message Fingerprint Attack
KW - Trust Computation
UR - http://www.scopus.com/inward/record.url?scp=85054099374&partnerID=8YFLogxK
U2 - 10.1109/TrustCom/BigDataSE.2018.00167
DO - 10.1109/TrustCom/BigDataSE.2018.00167
M3 - Conference article published in proceeding or book
AN - SCOPUS:85054099374
SN - 9781538643877
T3 - Proceedings - 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018
SP - 1208
EP - 1213
BT - Proceedings - 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018
Y2 - 31 July 2018 through 3 August 2018
ER -