Developing advanced fingerprint attacks on challenge-based collaborative intrusion detection networks

Wenjuan Li, Weizhi Meng*, Lam-For Kwok, Horace H.S. IP

*Corresponding author for this work

Research output: Contribution to journalJournal articleResearchpeer-review

Abstract

Traditionally, an isolated intrusion detection system (IDS) is vulnerable to various types of attacks. In order to enhance IDS performance, collaborative intrusion detection networks (CIDNs) are developed through enabling a set of IDS nodes to communicate with each other. Due to the distributed network architecture, insider attacks are one of the major threats. In the literature, challenge-based trust mechanisms have been built to identify malicious nodes by evaluating the satisfaction levels between challenges and responses. However, such mechanisms rely on two major assumptions, which may result in a weak threat model. In this case, CIDNs may be still vulnerable to advanced insider attacks in real-world deployment. In this paper, we propose a novel collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results demonstrate that our attack can help malicious nodes send malicious responses to normal requests, while maintaining their trust values.
Original languageEnglish
JournalCluster Computing: The Journal of Networks, Software Tools and Applications
Volume21
Issue number1
Pages (from-to)299-310
Number of pages12
ISSN1386-7857
DOIs
Publication statusPublished - 2018

Keywords

  • Collaborative network
  • Collusion attacks
  • Insider threats
  • Intrusion detection system
  • Computer crime

Fingerprint Dive into the research topics of 'Developing advanced fingerprint attacks on challenge-based collaborative intrusion detection networks'. Together they form a unique fingerprint.

Cite this