PMFA : Toward passive message fingerprint attacks on challenge-based collaborative intrusion detection networks

Research output: Chapters, Conference Papers, Creative and Literary Works (RGC: 12, 32, 41, 45)32_Refereed conference paper (with ISBN/ISSN)Not applicablepeer-review

19 Scopus Citations
View graph of relations

Author(s)

Related Research Unit(s)

Detail(s)

Original languageEnglish
Title of host publicationNetwork and System Security
Subtitle of host publication10th International Conference, NSS 2016, Proceedings
EditorsMoti Yung, Jiageng Chen, Chunhua Su, Vincenzo Piuri
PublisherSpringer Verlag
Pages433-449
Volume9955 LNCS
ISBN (Print)9783319462974
Publication statusPublished - 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9955 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Title10th International Conference on Network and System Security, NSS 2016
PlaceTaiwan
CityTaipei
Period28 - 30 September 2016

Abstract

To enhance the performance of single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed, which enable a set of IDS nodes to communicate with each other. In such a distributed network, insider attacks like collusion attacks are the main threat. In the literature, challenge-based trust mechanisms have been established to identify malicious nodes by evaluating the satisfaction between challenges and responses. However, we find that such mechanisms rely on two major assumptions, which may result in a weak threat model and make CIDNs still vulnerable to advanced insider attacks in practical deployment. In this paper, we design a novel type of collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results indicate that under our attack, malicious nodes can send malicious responses to normal requests while maintaining their trust values.

Research Area(s)

  • Challenge-based trust mechanism, Collaborative network, Collusion attacks, Insider threats, Intrusion detection system

Citation Format(s)

PMFA : Toward passive message fingerprint attacks on challenge-based collaborative intrusion detection networks. / Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For; Shing Ip, Horace Ho.

Network and System Security: 10th International Conference, NSS 2016, Proceedings. ed. / Moti Yung; Jiageng Chen; Chunhua Su; Vincenzo Piuri. Vol. 9955 LNCS Springer Verlag, 2016. p. 433-449 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9955 LNCS).

Research output: Chapters, Conference Papers, Creative and Literary Works (RGC: 12, 32, 41, 45)32_Refereed conference paper (with ISBN/ISSN)Not applicablepeer-review