Design and evaluation of advanced collusion attacks on collaborative intrusion detection networks in practice

Design and evaluation of advanced collusion attacks on collaborative intrusion detection networks in practice

To encourage collaboration among single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed that enable different IDS nodes to communicate information with each other. This distributed network infrastructure aims to improve the detection perform...

Full description

Saved in:
Bibliographic Details
Main Authors: MENG, Weizhi, LUO, Xiapu, LI, Wenjuan, LI, Yan
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2016
Subjects:
Peer-to-peer computing
Collaboration
Robustness
Intrusion detection
Computational modeling
Registers
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/5400
https://ink.library.smu.edu.sg/context/sis_research/article/6404/viewcontent/AdvancedCollusionAttacks_TrustCom_2016_av.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:To encourage collaboration among single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed that enable different IDS nodes to communicate information with each other. This distributed network infrastructure aims to improve the detection performance of a single IDS, but may suffer from various insider attacks like collusion attacks, where several malicious nodes can collaborate to perform adversary actions. To defend against insider threats, challenge-based trust mechanisms have been proposed in the literature and proven to be robust against collusion attacks. However, we identify that such mechanisms depend heavily on an assumption of malicious nodes, which is not likely to be realistic and may lead to a weak threat model in practical scenarios. In this paper, we analyze the robustness of challenge-based CIDNs in real-world applications and present an advanced collusion attack, called random poisoning attack, which derives from the existing attacks. In the evaluation, we investigate the attack performance in both simulated and real CIDN environments. Experimental results demonstrate that our attack can enables a malicious node to send untruthful information without decreasing its trust value at large. Our research attempts to stimulate more research in designing more robust CIDN framework in practice.

Similar Items