TY - GEN
T1 - Towards securing challenge-based collaborative intrusion detection networks via message verification
AU - Li, Wenjuan
AU - Meng, Weizhi
AU - Wang, Yu
AU - Han, Jinguang
AU - Li, Jin
N1 - Publisher Copyright:
© Springer Nature Switzerland AG 2018.
PY - 2018
Y1 - 2018
N2 - With the increasing number of Internet-of-Things (IoT) devices, intrusion detection systems (IDSs) have been widely deployed in a distributed or collaborative setting, in which a collaborative intrusion detection network (CIDN) improves the detection accuracy of a single IDS by enabling IDS nodes to exchange useful information with each other. To protect CIDNs against insider attacks, challenge-based trust mechanisms are one promising solution to detect malicious nodes through sending challenges. However, several studies have revealed that this kind of mechanism is still vulnerable to some advanced insider attacks like passive message fingerprint attack (PMFA). Motivated by this observation, in this work, we focus on enhancing the security of challenge-based CIDNs and propose a compact but efficient message verification approach to defeat such insider attack by inserting a verifying alarm into each normal request. In the evaluation, we investigate the attack performance under both simulated and real network environments. Experimental results demonstrate that our approach can identify malicious nodes under PMFA and decrease their trust values in a quick manner.
AB - With the increasing number of Internet-of-Things (IoT) devices, intrusion detection systems (IDSs) have been widely deployed in a distributed or collaborative setting, in which a collaborative intrusion detection network (CIDN) improves the detection accuracy of a single IDS by enabling IDS nodes to exchange useful information with each other. To protect CIDNs against insider attacks, challenge-based trust mechanisms are one promising solution to detect malicious nodes through sending challenges. However, several studies have revealed that this kind of mechanism is still vulnerable to some advanced insider attacks like passive message fingerprint attack (PMFA). Motivated by this observation, in this work, we focus on enhancing the security of challenge-based CIDNs and propose a compact but efficient message verification approach to defeat such insider attack by inserting a verifying alarm into each normal request. In the evaluation, we investigate the attack performance under both simulated and real network environments. Experimental results demonstrate that our approach can identify malicious nodes under PMFA and decrease their trust values in a quick manner.
KW - Challenge-based trust mechanism
KW - Collaborative network
KW - Insider attack
KW - Intrusion detection
KW - Passive message fingerprint attack
UR - http://www.scopus.com/inward/record.url?scp=85054354942&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-99807-7_19
DO - 10.1007/978-3-319-99807-7_19
M3 - Conference article published in proceeding or book
AN - SCOPUS:85054354942
SN - 9783319998060
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 313
EP - 328
BT - Information Security Practice and Experience - 14th International Conference, ISPEC 2018, Proceedings
A2 - Kikuchi, Hiroaki
A2 - Su, Chunhua
PB - Springer Verlag
T2 - 14th International Conference on Information Security Practice and Experience, ISPEC 2018
Y2 - 25 September 2018 through 27 September 2018
ER -