Investigating the influence of special on-off attacks on challenge-based collaborative intrusion detection networks

Wenjuan Li, Weizhi Meng, Lam For Kwok

Research output: Journal article publicationJournal articleAcademic researchpeer-review

27 Citations (Scopus)


Intrusions are becoming more complicated with the recent development of adversarial techniques. To boost the detection accuracy of a separate intrusion detector, the collaborative intrusion detection network (CIDN) has thus been developed by allowing intrusion detection system (IDS) nodes to exchange data with each other. Insider attacks are a great threat for such types of collaborative networks, where an attacker has the authorized access within the network. In literature, a challenge-based trust mechanism is effective at identifying malicious nodes by sending challenges. However, such mechanisms are heavily dependent on two assumptions, which would cause CIDNs to be vulnerable to advanced insider attacks in practice. In this work, we investigate the influence of advanced on-off attacks on challenge-based CIDNs, which can respond truthfully to one IDS node but behave maliciously to another IDS node. To evaluate the attack performance, we have conducted two experiments under a simulated and a real CIDN environment. The obtained results demonstrate that our designed attack is able to compromise the robustness of challenge-based CIDNs in practice; that is, some malicious nodes can behave untruthfully without a timely detection.

Original languageEnglish
Article number6
JournalFuture Internet
Issue number1
Publication statusPublished - 8 Jan 2018
Externally publishedYes


  • Challenge-based mechanism
  • Collaborative network
  • Intrusion detection
  • On-off attack
  • Trust computation and management

ASJC Scopus subject areas

  • Computer Networks and Communications


Dive into the research topics of 'Investigating the influence of special on-off attacks on challenge-based collaborative intrusion detection networks'. Together they form a unique fingerprint.

Cite this