Developing advanced fingerprint attacks on challenge-based collaborative intrusion detection networks

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalNot applicablepeer-review

3 Scopus Citations
View graph of relations

Related Research Unit(s)

Detail(s)

Original languageEnglish
Pages (from-to)299–310
Journal / PublicationCluster Computing
Volume21
Issue number1
Early online date31 May 2017
Publication statusPublished - Mar 2018

Abstract

Traditionally, an isolated intrusion detection system (IDS) is vulnerable to various types of attacks. In order to enhance IDS performance, collaborative intrusion detection networks (CIDNs) are developed through enabling a set of IDS nodes to communicate with each other. Due to the distributed network architecture, insider attacks are one of the major threats. In the literature, challenge-based trust mechanisms have been built to identify malicious nodes by evaluating the satisfaction levels between challenges and responses. However, such mechanisms rely on two major assumptions, which may result in a weak threat model. In this case, CIDNs may be still vulnerable to advanced insider attacks in real-world deployment. In this paper, we propose a novel collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results demonstrate that our attack can help malicious nodes send malicious responses to normal requests, while maintaining their trust values.

Research Area(s)

  • Challenge-based trust mechanism, Collaborative network, Collusion attacks, Insider threats, Intrusion detection system