PMFA: Toward passive message fingerprint attacks on challenge-based collaborative intrusion detection networks

Wenjuan Li, Weizhi Meng, Lam For Kwok, Horace Ho Shing Ip

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

32 Citations (Scopus)

Abstract

To enhance the performance of single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed, which enable a set of IDS nodes to communicate with each other. In such a distributed network, insider attacks like collusion attacks are the main threat. In the literature, challenge-based trust mechanisms have been established to identify malicious nodes by evaluating the satisfaction between challenges and responses. However, we find that such mechanisms rely on two major assumptions, which may result in a weak threat model and make CIDNs still vulnerable to advanced insider attacks in practical deployment. In this paper, we design a novel type of collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results indicate that under our attack, malicious nodes can send malicious responses to normal requests while maintaining their trust values.

Original languageEnglish
Title of host publicationNetwork and System Security - 10th International Conference, NSS 2016, Proceedings
EditorsMoti Yung, Jiageng Chen, Chunhua Su, Vincenzo Piuri
PublisherSpringer Verlag
Pages433-449
Number of pages17
ISBN (Print)9783319462974
DOIs
Publication statusPublished - 2016
Externally publishedYes
Event10th International Conference on Network and System Security, NSS 2016 - Taipei, Taiwan
Duration: 28 Sep 201630 Sep 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9955 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference10th International Conference on Network and System Security, NSS 2016
Country/TerritoryTaiwan
CityTaipei
Period28/09/1630/09/16

Keywords

  • Challenge-based trust mechanism
  • Collaborative network
  • Collusion attacks
  • Insider threats
  • Intrusion detection system

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this