Enhancing Challenge-based Collaborative Intrusion Detection against Insider Attacks using Spatial Correlation

Wenjuan Li, Weizhi Meng, Javier Parra-Arnau, Kim Kwang Raymond Choo

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

With cyber-attacks becoming more complicated and the networks increasingly interconnected, there has been a move towards using collaborative intrusion detection networks (CIDNs) to identify cyber-threats more effectively. However, insider attacks may remain challenging to mitigate in CIDNs, as the intruders are able to control one or more internal nodes. Challenge- based trust mechanism is one promising solution to help safeguard CIDNs against common insider attacks, but not necessarily against advanced attacks such as passive message fingerprint attacks. In this work, we focus on challenge-based trust mechanism and advocate that considering additional level of trust can enhance the robustness of CIDNs. Specifically, we design an enhanced trust management scheme by checking spatial correlation among nodes' behavior, regarding forwarding delay, packet dropping and sending rate. Then, we evaluate our approach in a simulated environment, as well as a realworld environment in collaboration with an IT organization. Experimental results demonstrate that our approach can help enhance the robustness of challenge-based trust mechanism by detecting malicious nodes faster than similar approaches (i.e., reducing time consumption by two to three days).

Original languageEnglish
Title of host publicationProceedings of 2021 IEEE Conference on Dependable and Secure Computing
Number of pages8
PublisherIEEE
Publication date30 Jan 2021
Article number9346232
ISBN (Electronic)9781728175348
DOIs
Publication statusPublished - 30 Jan 2021
Event2021 IEEE Conference on Dependable and Secure Computing - Aizuwakamatsu, Fukushima, Japan
Duration: 30 Jan 20212 Feb 2021

Conference

Conference2021 IEEE Conference on Dependable and Secure Computing
Country/TerritoryJapan
CityAizuwakamatsu, Fukushima
Period30/01/202102/02/2021

Bibliographical note

Funding Information:
ACKNOWLEDGMENT We would like to thank IT administrators from the participating organization for their assistance and support in deploying our mechanism. This work was partially supported by the National Natural Science Foundation of China (No. 61802077). K.-K. R. Choo was supported only by the Cloud Technology Endowed Professorship.

Publisher Copyright:
© 2021 IEEE.

Keywords

  • Advanced Insider Threat
  • Challenge-based Trust Management
  • Collaborative Intrusion Detection
  • Spatial Correlation
  • Trust Computation

Fingerprint

Dive into the research topics of 'Enhancing Challenge-based Collaborative Intrusion Detection against Insider Attacks using Spatial Correlation'. Together they form a unique fingerprint.

Cite this