PMFA: Toward passive message fingerprint attacks on challenge-based collaborative intrusion detection networks

Wenjuan LI, Weizhi MENG, Lam-For KWOK, Horace Ho Shing IP

Research output: Chapter in Book/Report/Conference proceedingChapters

38 Citations (Scopus)

Abstract

To enhance the performance of single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed, which enable a set of IDS nodes to communicate with each other. In such a distributed network, insider attacks like collusion attacks are the main threat. In the literature, challenge-based trust mechanisms have been established to identify malicious nodes by evaluating the satisfaction between challenges and responses. However, we find that such mechanisms rely on two major assumptions, which may result in a weak threat model and make CIDNs still vulnerable to advanced insider attacks in practical deployment. In this paper, we design a novel type of collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results indicate that under our attack, malicious nodes can send malicious responses to normal requests while maintaining their trust values. Copyright © 2016 Springer International Publishing AG.

Original languageEnglish
Title of host publicationNetwork and system security: 10th International Conference, NSS 2016, Taipei, Taiwan, September 28-30, 2016, proceedings
EditorsJiageng CHEN, Vincenzo PIURI, Chunhua SU, Moti YUNG
Place of PublicationCham
PublisherSpringer
Pages433-449
ISBN (Electronic)9783319462981
ISBN (Print)9783319462974
DOIs
Publication statusPublished - 2016

Citation

Li, W., Meng, W., Kwok, L.-F., & Ip, H. H. S. (2016). PMFA: Toward passive message fingerprint attacks on challenge-based collaborative intrusion detection networks. In J. Chen, V. Piuri, C. Su, & M. Yung (Eds.), Network and system security: 10th International Conference, NSS 2016, Taipei, Taiwan, September 28-30, 2016, proceedings (pp. 433-449). Springer. https://doi.org/10.1007/978-3-319-46298-1_28

Keywords

  • Intrusion detection system
  • Collaborative network
  • Insider threats
  • Collusion attacks
  • Challenge-based trust mechanism

Fingerprint

Dive into the research topics of 'PMFA: Toward passive message fingerprint attacks on challenge-based collaborative intrusion detection networks'. Together they form a unique fingerprint.