Challenge-based collaborative intrusion detection networks under passive message fingerprint attack: A further analysis

Wenjuan LI, Lam For KWOK

Research output: Contribution to journalArticlespeer-review

18 Citations (Scopus)

Abstract

Collaborative intrusion detection systems / networks (CIDSs/CIDNs) have been widely used, aiming to enhance the performance of a single intrusion detection system (IDS), by allowing an IDS node communicating and collecting information from others. To protect such collaborative systems against insider attacks, trust management mechanisms are often deployed to evaluate the trustworthiness of a node. In particular, challenge-based mechanism attempts to identify malicious nodes by measuring the deviation between challenges and responses. However, it is found that such mechanisms may be vulnerable to advanced insider attacks like Passive Message Fingerprint Attacks (PMFA), where malicious nodes can distinguish challenges by analyzing the sending strategy. In this paper, we further analyze the effectiveness of PMFA and investigate whether an improved sending strategy can help detect malicious nodes. Our study reveals that PMFA could still be valid under even an improved sending strategy, i.e., malicious nodes can hold its reputation level by understanding the network context. We then provide some insights on how to defeat such kind of attack by properly adjusting such mechanism. Copyright © 2019 Elsevier Ltd. All rights reserved.

Original languageEnglish
Pages (from-to)1-7
JournalJournal of Information Security and Applications
Volume47
Early online dateApr 2019
DOIs
Publication statusPublished - Aug 2019

Citation

Li, W., & Kwok, L. F. (2019). Challenge-based collaborative intrusion detection networks under passive message fingerprint attack: A further analysis. Journal of Information Security and Applications, 47, 1-7. https://doi.org/10.1016/j.jisa.2019.03.019

Keywords

  • Intrusion detection system
  • Collaborative network
  • Insider attack and detection
  • Challenge-based CIDN
  • Trust management

Fingerprint

Dive into the research topics of 'Challenge-based collaborative intrusion detection networks under passive message fingerprint attack: A further analysis'. Together they form a unique fingerprint.