Towards effective trust-based packet filtering in collaborative network environments

Weizhi MENG, Wenjuan LI, Lam For KWOK

Research output: Contribution to journalArticlespeer-review

46 Citations (Scopus)

Abstract

Overhead network packets are a big challenge for intrusion detection systems (IDSs), which may increase system burden, degrade system performance, and even cause the whole system collapse, when the number of incoming packets exceeds the maximum handling capability. To address this issue, packet filtration is considered as a promising solution, and our previous research efforts have proven that designing a trust-based packet filter was able to refine unwanted network packets and reduce the workload of a local IDS. With the development of Internet cooperation, collaborative intrusion detection environments (e.g., CIDNs) have been developed, which allow IDS nodes to collect information and learn experience from others. However, it would not be effective for the previously built trust-based packet filter to work in such a collaborative environment, since the process of trust computation can be easily compromised by insider attacks. In this paper, we adopt the existing CIDN framework and aim to apply a collaborative trust-based approach to reduce unwanted packets. More specifically, we develop a collaborative trust-based packet filter, which can be deployed in collaborative networks and be robust against typical insider attacks (e.g., betrayal attacks). Experimental results in various simulated and practical environments demonstrate that our filter can perform effectively in reducing unwanted traffic and can defend against insider attacks through identifying malicious nodes in a quick manner, as compared to similar approaches. Copyright © 2017 IEEE.

Original languageEnglish
Pages (from-to)233-245
JournalIEEE Transactions on Network and Service Management
Volume14
Issue number1
Early online dateFeb 2017
DOIs
Publication statusPublished - Mar 2017

Citation

Meng, W., Li, W., & Kwok, L. F. (2017). Towards effective trust-based packet filtering in collaborative network environments. IEEE Transactions on Network and Service Management, 14(1), 233-245. https://doi.org/10.1109/TNSM.2017.2664893

Keywords

  • Intrusion detection
  • Packet filter
  • Trust computation
  • Blacklist generation
  • Collaborative network

Fingerprint

Dive into the research topics of 'Towards effective trust-based packet filtering in collaborative network environments'. Together they form a unique fingerprint.