TY - GEN
T1 - SOOA: Exploring special on-off attacks on challenge-based collaborative intrusion detection networks
AU - Li, Wenjuan
AU - Meng, Weizhi
AU - Kwok, Lam For
N1 - Publisher Copyright:
© Springer International Publishing AG 2017.
PY - 2017
Y1 - 2017
N2 - The development of collaborative intrusion detection networks (CIDNs) aims to enhance the performance of a single intrusion detection system (IDS), through communicating and collecting information from other IDS nodes. To defend CIDNs against insider attacks, trust-based mechanisms are crucial for evaluating the trustworthiness of a node. In the literature, challenge-based trust mechanisms are well established to identify malicious nodes by identifying the deviation between challenges and responses. However, such mechanisms rely on two major assumptions, which may result in a weak threat model and render CIDNs still vulnerable to advanced insider attacks in a practical deployment. In this paper, our motivation is to investigate the effect of On-Off attacks on challenge-based CIDNs. In particular, as a study, we explore a special On-Off attack (called SOOA), which can keep responding normally to one node while acting abnormally to another node. In the evaluation, we explore the attack performance under simulated CIDN environments. Experimental results indicate that our attack can interfere the effectiveness of trust computation for CIDN nodes.
AB - The development of collaborative intrusion detection networks (CIDNs) aims to enhance the performance of a single intrusion detection system (IDS), through communicating and collecting information from other IDS nodes. To defend CIDNs against insider attacks, trust-based mechanisms are crucial for evaluating the trustworthiness of a node. In the literature, challenge-based trust mechanisms are well established to identify malicious nodes by identifying the deviation between challenges and responses. However, such mechanisms rely on two major assumptions, which may result in a weak threat model and render CIDNs still vulnerable to advanced insider attacks in a practical deployment. In this paper, our motivation is to investigate the effect of On-Off attacks on challenge-based CIDNs. In particular, as a study, we explore a special On-Off attack (called SOOA), which can keep responding normally to one node while acting abnormally to another node. In the evaluation, we explore the attack performance under simulated CIDN environments. Experimental results indicate that our attack can interfere the effectiveness of trust computation for CIDN nodes.
KW - Challenge-based CIDN
KW - Collaborative network
KW - Intrusion detection system
KW - On-off attacks
KW - Trust management
UR - http://www.scopus.com/inward/record.url?scp=85019254982&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-57186-7_30
DO - 10.1007/978-3-319-57186-7_30
M3 - Conference article published in proceeding or book
AN - SCOPUS:85019254982
SN - 9783319571850
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 402
EP - 415
BT - Green, Pervasive, and Cloud Computing - 12th International Conference, GPC 2017, Proceedings
A2 - Au, Man Ho Allen
A2 - Choo, Kim-Kwang Raymond
A2 - Li, Kuan-Ching
A2 - Castiglione, Arcangelo
A2 - Palmieri, Francesco
PB - Springer Verlag
T2 - 12th International Conference on Green, Pervasive and Cloud Computing, GPC 2017
Y2 - 11 May 2017 through 14 May 2017
ER -