Challenge-based collaborative intrusion detection networks under passive message fingerprint attack : A further analysis

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journal

4 Scopus Citations
View graph of relations

Related Research Unit(s)

Detail(s)

Original languageEnglish
Pages (from-to)1-7
Journal / PublicationJournal of Information Security and Applications
Volume47
Online published5 Apr 2019
Publication statusPublished - Aug 2019

Abstract

Collaborative intrusion detection systems / networks (CIDSs/CIDNs) have been widely used, aiming to enhance the performance of a single intrusion detection system (IDS), by allowing an IDS node communicating and collecting information from others. To protect such collaborative systems against insider attacks, trust management mechanisms are often deployed to evaluate the trustworthiness of a node. In particular, challenge-based mechanism attempts to identify malicious nodes by measuring the deviation between challenges and responses. However, it is found that such mechanisms may be vulnerable to advanced insider attacks like Passive Message Fingerprint Attacks (PMFA), where malicious nodes can distinguish challenges by analyzing the sending strategy. In this paper, we further analyze the effectiveness of PMFA and investigate whether an improved sending strategy can help detect malicious nodes. Our study reveals that PMFA could still be valid under even an improved sending strategy, i.e., malicious nodes can hold its reputation level by understanding the network context. We then provide some insights on how to defeat such kind of attack by properly adjusting such mechanism.

Research Area(s)

  • Challenge-based CIDN, Collaborative network, Insider attack and detection, Intrusion detection system, Trust management