Abstract
With the increasing number of Internet-of-Things (IoT) devices, intrusion detection systems (IDSs) have been widely deployed in a distributed or collaborative setting, in which a collaborative intrusion detection network (CIDN) improves the detection accuracy of a single IDS by enabling IDS nodes to exchange useful information with each other. To protect CIDNs against insider attacks, challenge-based trust mechanisms are one promising solution to detect malicious nodes through sending challenges. However, several studies have revealed that this kind of mechanism is still vulnerable to some advanced insider attacks like passive message fingerprint attack (PMFA). Motivated by this observation, in this work, we focus on enhancing the security of challenge-based CIDNs and propose a compact but efficient message verification approach to defeat such insider attack by inserting a verifying alarm into each normal request. In the evaluation, we investigate the attack performance under both simulated and real network environments. Experimental results demonstrate that our approach can identify malicious nodes under PMFA and decrease their trust values in a quick manner. Copyright © 2018 Springer Nature Switzerland AG.
Original language | English |
---|---|
Title of host publication | Information security practice and experience: 14th International Conference, ISPEC 2018, Tokyo, Japan, September 25-27, 2018, proceedings |
Editors | Chunhua SU, Hiroaki KIKUCHI |
Place of Publication | Cham |
Publisher | Springer |
Pages | 313-328 |
ISBN (Electronic) | 9783319998077 |
ISBN (Print) | 9783319998060 |
DOIs | |
Publication status | Published - 2018 |
Citation
Li, W., Meng, W., Wang, Y., Han, J., & Li, J. (2018). Towards securing challenge-based collaborative intrusion detection networks via message verification. In C. Su & H. Kikuchi (Eds.), Information security practice and experience: 14th International Conference, ISPEC 2018, Tokyo, Japan, September 25-27, 2018, proceedings (pp. 313-328). Springer. https://doi.org/10.1007/978-3-319-99807-7_19Keywords
- Intrusion detection
- Collaborative network
- Insider attack
- Passive message fingerprint attack
- Challenge-based trust mechanism