Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks

Weizhi Meng; Wenjuan Li; Lijun Jiang; Kim Kwang Raymond Choo; Chunhua Su

doi:10.1007/978-3-030-29959-0_24

Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks

Weizhi Meng, Wenjuan Li, Lijun Jiang, Kim Kwang Raymond Choo, Chunhua Su

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

15 Citations (Scopus)

Abstract

As adversarial techniques constantly evolve to circumvent existing security measures, an isolated, stand-alone intrusion detection system (IDS) is unlikely to be efficient or effective. Hence, there has been a trend towards developing collaborative intrusion detection networks (CIDNs), where IDS nodes collaborate and communicate with each other. Such a distributed ecosystem can achieve improved detection accuracy, particularly for detecting emerging threats in a timely fashion (before the threat becomes common knowledge). However, there are inherent limitations due to malicious insiders who can seek to compromise and poison the ecosystem. A potential mitigation strategy is to introduce a challenge-based trust mechanism, in order to identify and penalize misbehaving nodes by evaluating the satisfaction between challenges and responses. While this mechanism has been shown to be robust against common insider attacks, it may still be vulnerable to advanced insider attacks in a real-world deployment. Therefore, in this paper, we develop a collusion attack, hereafter referred to as Bayesian Poisoning Attack, which enables a malicious node to model received messages and to craft a malicious response to those messages whose aggregated appearance probability of normal requests is above the defined threshold. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results demonstrate that the malicious nodes under our attack can successfully craft and send untruthful feedback while maintaining their trust values.

Original language	English
Title of host publication	Computer Security – ESORICS 2019 - 24th European Symposium on Research in Computer Security, Proceedings
Editors	Kazue Sako, Steve Schneider, Peter Y.A. Ryan
Publisher	Springer
Pages	493-511
Number of pages	19
ISBN (Print)	9783030299583
DOIs	https://doi.org/10.1007/978-3-030-29959-0_24
Publication status	Published - 2019
Externally published	Yes
Event	24th European Symposium on Research in Computer Security, ESORICS 2019 - Luxembourg, Luxembourg Duration: 23 Sept 2019 → 27 Sept 2019

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11735 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	24th European Symposium on Research in Computer Security, ESORICS 2019
Country/Territory	Luxembourg
City	Luxembourg
Period	23/09/19 → 27/09/19

Keywords

Bayesian Poisoning Attack
Challenge-based trust mechanism
Collaborative network
Insider threat
Intrusion detection

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

More information

10.1007/978-3-030-29959-0_24

Cite this

Meng, W., Li, W., Jiang, L., Choo, K. K. R., & Su, C. (2019). Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks. In K. Sako, S. Schneider, & P. Y. A. Ryan (Eds.), Computer Security – ESORICS 2019 - 24th European Symposium on Research in Computer Security, Proceedings (pp. 493-511). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11735 LNCS). Springer. https://doi.org/10.1007/978-3-030-29959-0_24

Meng, Weizhi ; Li, Wenjuan ; Jiang, Lijun et al. / Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks. Computer Security – ESORICS 2019 - 24th European Symposium on Research in Computer Security, Proceedings. editor / Kazue Sako ; Steve Schneider ; Peter Y.A. Ryan. Springer, 2019. pp. 493-511 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{610f64b991a641bc82d6c351ac16d8c6,

title = "Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks",

abstract = "As adversarial techniques constantly evolve to circumvent existing security measures, an isolated, stand-alone intrusion detection system (IDS) is unlikely to be efficient or effective. Hence, there has been a trend towards developing collaborative intrusion detection networks (CIDNs), where IDS nodes collaborate and communicate with each other. Such a distributed ecosystem can achieve improved detection accuracy, particularly for detecting emerging threats in a timely fashion (before the threat becomes common knowledge). However, there are inherent limitations due to malicious insiders who can seek to compromise and poison the ecosystem. A potential mitigation strategy is to introduce a challenge-based trust mechanism, in order to identify and penalize misbehaving nodes by evaluating the satisfaction between challenges and responses. While this mechanism has been shown to be robust against common insider attacks, it may still be vulnerable to advanced insider attacks in a real-world deployment. Therefore, in this paper, we develop a collusion attack, hereafter referred to as Bayesian Poisoning Attack, which enables a malicious node to model received messages and to craft a malicious response to those messages whose aggregated appearance probability of normal requests is above the defined threshold. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results demonstrate that the malicious nodes under our attack can successfully craft and send untruthful feedback while maintaining their trust values.",

keywords = "Bayesian Poisoning Attack, Challenge-based trust mechanism, Collaborative network, Insider threat, Intrusion detection",

author = "Weizhi Meng and Wenjuan Li and Lijun Jiang and Choo, {Kim Kwang Raymond} and Chunhua Su",

note = "Funding Information: Acknowledgments. We would like to thank all anonymous reviewers for their helpful comments in improving the paper. Weizhi Meng was partially supported by H2020 SU-ICT-03-2018 CyberSec4Europe. Publisher Copyright: {\textcopyright} 2019, Springer Nature Switzerland AG.; 24th European Symposium on Research in Computer Security, ESORICS 2019 ; Conference date: 23-09-2019 Through 27-09-2019",

year = "2019",

doi = "10.1007/978-3-030-29959-0_24",

language = "English",

isbn = "9783030299583",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "493--511",

editor = "Kazue Sako and Steve Schneider and Ryan, {Peter Y.A.}",

booktitle = "Computer Security – ESORICS 2019 - 24th European Symposium on Research in Computer Security, Proceedings",

}

Meng, W, Li, W, Jiang, L, Choo, KKR & Su, C 2019, Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks. in K Sako, S Schneider & PYA Ryan (eds), Computer Security – ESORICS 2019 - 24th European Symposium on Research in Computer Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11735 LNCS, Springer, pp. 493-511, 24th European Symposium on Research in Computer Security, ESORICS 2019, Luxembourg, Luxembourg, 23/09/19. https://doi.org/10.1007/978-3-030-29959-0_24

Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks. / Meng, Weizhi; Li, Wenjuan; Jiang, Lijun et al.
Computer Security – ESORICS 2019 - 24th European Symposium on Research in Computer Security, Proceedings. ed. / Kazue Sako; Steve Schneider; Peter Y.A. Ryan. Springer, 2019. p. 493-511 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11735 LNCS).

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

TY - GEN

T1 - Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks

AU - Meng, Weizhi

AU - Li, Wenjuan

AU - Jiang, Lijun

AU - Choo, Kim Kwang Raymond

AU - Su, Chunhua

N1 - Funding Information: Acknowledgments. We would like to thank all anonymous reviewers for their helpful comments in improving the paper. Weizhi Meng was partially supported by H2020 SU-ICT-03-2018 CyberSec4Europe. Publisher Copyright: © 2019, Springer Nature Switzerland AG.

PY - 2019

Y1 - 2019

N2 - As adversarial techniques constantly evolve to circumvent existing security measures, an isolated, stand-alone intrusion detection system (IDS) is unlikely to be efficient or effective. Hence, there has been a trend towards developing collaborative intrusion detection networks (CIDNs), where IDS nodes collaborate and communicate with each other. Such a distributed ecosystem can achieve improved detection accuracy, particularly for detecting emerging threats in a timely fashion (before the threat becomes common knowledge). However, there are inherent limitations due to malicious insiders who can seek to compromise and poison the ecosystem. A potential mitigation strategy is to introduce a challenge-based trust mechanism, in order to identify and penalize misbehaving nodes by evaluating the satisfaction between challenges and responses. While this mechanism has been shown to be robust against common insider attacks, it may still be vulnerable to advanced insider attacks in a real-world deployment. Therefore, in this paper, we develop a collusion attack, hereafter referred to as Bayesian Poisoning Attack, which enables a malicious node to model received messages and to craft a malicious response to those messages whose aggregated appearance probability of normal requests is above the defined threshold. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results demonstrate that the malicious nodes under our attack can successfully craft and send untruthful feedback while maintaining their trust values.

AB - As adversarial techniques constantly evolve to circumvent existing security measures, an isolated, stand-alone intrusion detection system (IDS) is unlikely to be efficient or effective. Hence, there has been a trend towards developing collaborative intrusion detection networks (CIDNs), where IDS nodes collaborate and communicate with each other. Such a distributed ecosystem can achieve improved detection accuracy, particularly for detecting emerging threats in a timely fashion (before the threat becomes common knowledge). However, there are inherent limitations due to malicious insiders who can seek to compromise and poison the ecosystem. A potential mitigation strategy is to introduce a challenge-based trust mechanism, in order to identify and penalize misbehaving nodes by evaluating the satisfaction between challenges and responses. While this mechanism has been shown to be robust against common insider attacks, it may still be vulnerable to advanced insider attacks in a real-world deployment. Therefore, in this paper, we develop a collusion attack, hereafter referred to as Bayesian Poisoning Attack, which enables a malicious node to model received messages and to craft a malicious response to those messages whose aggregated appearance probability of normal requests is above the defined threshold. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results demonstrate that the malicious nodes under our attack can successfully craft and send untruthful feedback while maintaining their trust values.

KW - Bayesian Poisoning Attack

KW - Challenge-based trust mechanism

KW - Collaborative network

KW - Insider threat

KW - Intrusion detection

UR - http://www.scopus.com/inward/record.url?scp=85075602278&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-29959-0_24

DO - 10.1007/978-3-030-29959-0_24

M3 - Conference article published in proceeding or book

AN - SCOPUS:85075602278

SN - 9783030299583

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 493

EP - 511

BT - Computer Security – ESORICS 2019 - 24th European Symposium on Research in Computer Security, Proceedings

A2 - Sako, Kazue

A2 - Schneider, Steve

A2 - Ryan, Peter Y.A.

PB - Springer

T2 - 24th European Symposium on Research in Computer Security, ESORICS 2019

Y2 - 23 September 2019 through 27 September 2019

ER -

Meng W, Li W, Jiang L, Choo KKR, Su C. Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks. In Sako K, Schneider S, Ryan PYA, editors, Computer Security – ESORICS 2019 - 24th European Symposium on Research in Computer Security, Proceedings. Springer. 2019. p. 493-511. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-29959-0_24

Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this