Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks

Research output: Chapters, Conference Papers, Creative and Literary Works (RGC: 12, 32, 41, 45)32_Refereed conference paper (with ISBN/ISSN)

1 Scopus Citations
View graph of relations

Author(s)

  • Weizhi Meng
  • Wenjuan Li
  • Lijun Jiang
  • Kim-Kwang Raymond Choo
  • Chunhua Su

Related Research Unit(s)

Detail(s)

Original languageEnglish
Title of host publicationComputer Security – ESORICS 2019
Subtitle of host publicationProceedings, Part I
EditorsKazue Sako, Steve Schneider, Peter Y. A. Ryan
Place of PublicationCham, Switzerland
PublisherSpringer Nature Switzerland AG
Pages493-511
ISBN (Electronic)9783030299590
ISBN (Print)9783030299583
Publication statusPublished - Sep 2019

Publication series

NameLecture Notes in Computer Science
Volume11735
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Title24th European Symposium on Research in Computer Security (ESORICS 2019)
LocationParc Alvisse Hotel
PlaceLuxembourg
CityLuxembourg City
Period23 - 27 September 2019

Abstract

As adversarial techniques constantly evolve to circumvent existing security measures, an isolated, stand-alone intrusion detection system (IDS) is unlikely to be efficient or effective. Hence, there has been a trend towards developing collaborative intrusion detection networks (CIDNs), where IDS nodes collaborate and communicate with each other. Such a distributed ecosystem can achieve improved detection accuracy, particularly for detecting emerging threats in a timely fashion (before the threat becomes common knowledge). However, there are inherent limitations due to malicious insiders who can seek to compromise and poison the ecosystem. A potential mitigation strategy is to introduce a challenge-based trust mechanism, in order to identify and penalize misbehaving nodes by evaluating the satisfaction between challenges and responses. While this mechanism has been shown to be robust against common insider attacks, it may still be vulnerable to advanced insider attacks in a real-world deployment. Therefore, in this paper, we develop a collusion attack, hereafter referred to as Bayesian Poisoning Attack, which enables a malicious node to model received messages and to craft a malicious response to those messages whose aggregated appearance probability of normal requests is above the defined threshold. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results demonstrate that the malicious nodes under our attack can successfully craft and send untruthful feedback while maintaining their trust values.

Research Area(s)

  • Bayesian Poisoning Attack, Challenge-based trust mechanism, Collaborative network, Insider threat, Intrusion detection

Citation Format(s)

Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks. / Meng, Weizhi; Li, Wenjuan; Jiang, Lijun; Choo, Kim-Kwang Raymond; Su, Chunhua.

Computer Security – ESORICS 2019: Proceedings, Part I. ed. / Kazue Sako; Steve Schneider; Peter Y. A. Ryan. Cham, Switzerland : Springer Nature Switzerland AG, 2019. p. 493-511 (Lecture Notes in Computer Science; Vol. 11735 ).

Research output: Chapters, Conference Papers, Creative and Literary Works (RGC: 12, 32, 41, 45)32_Refereed conference paper (with ISBN/ISSN)