Abstract
To enhance the performance of single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed, which enable a set of IDS nodes to communicate with each other. In such a distributed network, insider attacks like collusion attacks are the main threat. In the literature, challenge-based trust mechanisms have been established to identify malicious nodes by evaluating the satisfaction between challenges and responses. However, we find that such mechanisms rely on two major assumptions, which may result in a weak threat model and make CIDNs still vulnerable to advanced insider attacks in practical deployment. In this paper, we design a novel type of collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results indicate that under our attack, malicious nodes can send malicious responses to normal requests while maintaining their trust values. Copyright © 2016 Springer International Publishing AG.
Original language | English |
---|---|
Title of host publication | Network and system security: 10th International Conference, NSS 2016, Taipei, Taiwan, September 28-30, 2016, proceedings |
Editors | Jiageng CHEN, Vincenzo PIURI, Chunhua SU, Moti YUNG |
Place of Publication | Cham |
Publisher | Springer |
Pages | 433-449 |
ISBN (Electronic) | 9783319462981 |
ISBN (Print) | 9783319462974 |
DOIs | |
Publication status | Published - 2016 |
Citation
Li, W., Meng, W., Kwok, L.-F., & Ip, H. H. S. (2016). PMFA: Toward passive message fingerprint attacks on challenge-based collaborative intrusion detection networks. In J. Chen, V. Piuri, C. Su, & M. Yung (Eds.), Network and system security: 10th International Conference, NSS 2016, Taipei, Taiwan, September 28-30, 2016, proceedings (pp. 433-449). Springer. https://doi.org/10.1007/978-3-319-46298-1_28Keywords
- Intrusion detection system
- Collaborative network
- Insider threats
- Collusion attacks
- Challenge-based trust mechanism