With cyber-attacks becoming more complicated and the networks increasingly interconnected, there has been a move towards using collaborative intrusion detection networks (CIDNs) to identify cyber-threats more effectively. However, insider attacks may remain challenging to mitigate in CIDNs, as the intruders are able to control one or more internal nodes. Challenge- based trust mechanism is one promising solution to help safeguard CIDNs against common insider attacks, but not necessarily against advanced attacks such as passive message fingerprint attacks. In this work, we focus on challenge-based trust mechanism and advocate that considering additional level of trust can enhance the robustness of CIDNs. Specifically, we design an enhanced trust management scheme by checking spatial correlation among nodes' behavior, regarding forwarding delay, packet dropping and sending rate. Then, we evaluate our approach in a simulated environment, as well as a realworld environment in collaboration with an IT organization. Experimental results demonstrate that our approach can help enhance the robustness of challenge-based trust mechanism by detecting malicious nodes faster than similar approaches (i.e., reducing time consumption by two to three days).
|Title of host publication||Proceedings of 2021 IEEE Conference on Dependable and Secure Computing|
|Number of pages||8|
|Publication date||30 Jan 2021|
|Publication status||Published - 30 Jan 2021|
|Event||2021 IEEE Conference on Dependable and Secure Computing - Aizuwakamatsu, Fukushima, Japan|
Duration: 30 Jan 2021 → 2 Feb 2021
|Conference||2021 IEEE Conference on Dependable and Secure Computing|
|Period||30/01/2021 → 02/02/2021|
|Series||2021 IEEE Conference on Dependable and Secure Computing, DSC 2021|
Bibliographical noteFunding Information:
ACKNOWLEDGMENT We would like to thank IT administrators from the participating organization for their assistance and support in deploying our mechanism. This work was partially supported by the National Natural Science Foundation of China (No. 61802077). K.-K. R. Choo was supported only by the Cloud Technology Endowed Professorship.
© 2021 IEEE.
- Advanced Insider Threat
- Challenge-based Trust Management
- Collaborative Intrusion Detection
- Spatial Correlation
- Trust Computation