Abstract
Network intrusions are a big security threat to current computer networks. For protection, collaborative intrusion detection networks (CIDNs) are developed attempting to reach better detection performance than a single detector, by allowing a set of detectors to switch data or information with each other. However, there is a need to implement suitable trust management schemes, with the aim to safeguard such distributed detection networks against insider threats. In the literature, previous studies have indicated that the notion of intrusion sensitivity can be used to enhance the effectiveness of trust management, by highlighting the feedback from expert nodes. In addition, machine learning can be used to assign the value of intrusion sensitivity automatically. In this work, we evaluate the performance of typical supervised learning classifiers in allocating the value of intrusion sensitivity, and figure out some limitations under different data sets. Then we investigate the impact of intrusion sensitivity in a real network environment under adversarial conditions. The results demonstrate that a wrongly assigned sensitivity value may greatly degrade the detection effectiveness of insider attacks. There is a significant need to choose a suitable classifier in allocating the value of intrusion sensitivity in practice. Copyright © 2020 John Wiley & Sons Ltd.
Original language | English |
---|---|
Article number | e5957 |
Journal | Concurrency and Computation: Practice and Experience |
Volume | 34 |
Issue number | 16 |
Early online date | Sept 2020 |
DOIs | |
Publication status | Published - Jul 2022 |
Citation
Li, W., Tian, F., Li, J., & Xiang, Y. (2022). Evaluating intrusion sensitivity allocation with supervised learning in collaborative intrusion detection. Concurrency and Computation: Practice and Experience, 34(16), Article e5957. https://doi.org/10.1002/cpe.5957Keywords
- Collaborative intrusion detection
- Insider threat
- Intrusion sensitivity
- Supervised learning
- Trust management