TY - GEN
T1 - PMFA: Toward passive message fingerprint attacks on challenge-based collaborative intrusion detection networks
AU - Li, Wenjuan
AU - Meng, Weizhi
AU - Kwok, Lam For
AU - Shing Ip, Horace Ho
N1 - Publisher Copyright:
© Springer International Publishing AG 2016.
PY - 2016
Y1 - 2016
N2 - To enhance the performance of single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed, which enable a set of IDS nodes to communicate with each other. In such a distributed network, insider attacks like collusion attacks are the main threat. In the literature, challenge-based trust mechanisms have been established to identify malicious nodes by evaluating the satisfaction between challenges and responses. However, we find that such mechanisms rely on two major assumptions, which may result in a weak threat model and make CIDNs still vulnerable to advanced insider attacks in practical deployment. In this paper, we design a novel type of collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results indicate that under our attack, malicious nodes can send malicious responses to normal requests while maintaining their trust values.
AB - To enhance the performance of single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed, which enable a set of IDS nodes to communicate with each other. In such a distributed network, insider attacks like collusion attacks are the main threat. In the literature, challenge-based trust mechanisms have been established to identify malicious nodes by evaluating the satisfaction between challenges and responses. However, we find that such mechanisms rely on two major assumptions, which may result in a weak threat model and make CIDNs still vulnerable to advanced insider attacks in practical deployment. In this paper, we design a novel type of collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results indicate that under our attack, malicious nodes can send malicious responses to normal requests while maintaining their trust values.
KW - Challenge-based trust mechanism
KW - Collaborative network
KW - Collusion attacks
KW - Insider threats
KW - Intrusion detection system
UR - http://www.scopus.com/inward/record.url?scp=84989968049&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-46298-1_28
DO - 10.1007/978-3-319-46298-1_28
M3 - Conference article published in proceeding or book
AN - SCOPUS:84989968049
SN - 9783319462974
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 433
EP - 449
BT - Network and System Security - 10th International Conference, NSS 2016, Proceedings
A2 - Yung, Moti
A2 - Chen, Jiageng
A2 - Su, Chunhua
A2 - Piuri, Vincenzo
PB - Springer Verlag
T2 - 10th International Conference on Network and System Security, NSS 2016
Y2 - 28 September 2016 through 30 September 2016
ER -