Identifying Passive Message Fingerprint Attacks via Honey Challenge in Collaborative Intrusion Detection Networks

Wenjuan Li, Weizhi Meng, Yu Wang, Lam For Kwok, Rongxing Lu

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

To enhance the detection capability of a single intrusion detection system (IDS), collaborative intrusion detection networks (CIDNs) have been exploited and developed via enabling a set of IDS nodes to exchange information with each other. In CIDNs, challenge-based trust mechanism has been considered as one promising solution to identify malicious nodes by evaluating the satisfaction levels between challenges and responses. However, such mechanism is still vulnerable to some advanced insider attacks like passive message fingerprint attack (PMFA), which is deemed as an advanced attack on challenge-based CIDNs by collecting messages and identifying normal requests in a passive way. In this work, we focus on PMFA and design Honey Challenge, an improved challenge mechanism for challenge-based CIDNs characterized by sending challenges in a similar way of sending normal requests, in such a way malicious nodes cannot accurately identify the normal requests. In the evaluation, we investigate the attack performance under both simulated and real network environments. Experimental results demonstrate that our proposed mechanism can identify malicious nodes under PMFA and decrease their trust values in a quick manner.

Original languageEnglish
Title of host publicationProceedings of 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018
PublisherIEEE
Publication date5 Sep 2018
Pages1208-1213
Article number8456036
ISBN (Print)9781538643877
DOIs
Publication statusPublished - 5 Sep 2018
Event17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications - New York, United States
Duration: 31 Jul 20183 Aug 2018
Conference number: 17

Conference

Conference17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications
Number17
CountryUnited States
CityNew York
Period31/07/201803/08/2018

Keywords

  • Challenge-based Mechanism
  • Collaborative Environment
  • Insider Threat
  • Intrusion Detection
  • Passive Message Fingerprint Attack
  • Trust Computation

Cite this

Li, W., Meng, W., Wang, Y., Kwok, L. F., & Lu, R. (2018). Identifying Passive Message Fingerprint Attacks via Honey Challenge in Collaborative Intrusion Detection Networks. In Proceedings of 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018 (pp. 1208-1213). [8456036] IEEE. https://doi.org/10.1109/TrustCom/BigDataSE.2018.00167
Li, Wenjuan ; Meng, Weizhi ; Wang, Yu ; Kwok, Lam For ; Lu, Rongxing. / Identifying Passive Message Fingerprint Attacks via Honey Challenge in Collaborative Intrusion Detection Networks. Proceedings of 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018. IEEE, 2018. pp. 1208-1213
@inproceedings{c2bb8d238faf42628ef493d046926c66,
title = "Identifying Passive Message Fingerprint Attacks via Honey Challenge in Collaborative Intrusion Detection Networks",
abstract = "To enhance the detection capability of a single intrusion detection system (IDS), collaborative intrusion detection networks (CIDNs) have been exploited and developed via enabling a set of IDS nodes to exchange information with each other. In CIDNs, challenge-based trust mechanism has been considered as one promising solution to identify malicious nodes by evaluating the satisfaction levels between challenges and responses. However, such mechanism is still vulnerable to some advanced insider attacks like passive message fingerprint attack (PMFA), which is deemed as an advanced attack on challenge-based CIDNs by collecting messages and identifying normal requests in a passive way. In this work, we focus on PMFA and design Honey Challenge, an improved challenge mechanism for challenge-based CIDNs characterized by sending challenges in a similar way of sending normal requests, in such a way malicious nodes cannot accurately identify the normal requests. In the evaluation, we investigate the attack performance under both simulated and real network environments. Experimental results demonstrate that our proposed mechanism can identify malicious nodes under PMFA and decrease their trust values in a quick manner.",
keywords = "Challenge-based Mechanism, Collaborative Environment, Insider Threat, Intrusion Detection, Passive Message Fingerprint Attack, Trust Computation",
author = "Wenjuan Li and Weizhi Meng and Yu Wang and Kwok, {Lam For} and Rongxing Lu",
year = "2018",
month = "9",
day = "5",
doi = "10.1109/TrustCom/BigDataSE.2018.00167",
language = "English",
isbn = "9781538643877",
pages = "1208--1213",
booktitle = "Proceedings of 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018",
publisher = "IEEE",
address = "United States",

}

Li, W, Meng, W, Wang, Y, Kwok, LF & Lu, R 2018, Identifying Passive Message Fingerprint Attacks via Honey Challenge in Collaborative Intrusion Detection Networks. in Proceedings of 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018., 8456036, IEEE, pp. 1208-1213, 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications, New York, United States, 31/07/2018. https://doi.org/10.1109/TrustCom/BigDataSE.2018.00167

Identifying Passive Message Fingerprint Attacks via Honey Challenge in Collaborative Intrusion Detection Networks. / Li, Wenjuan; Meng, Weizhi; Wang, Yu; Kwok, Lam For; Lu, Rongxing.

Proceedings of 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018. IEEE, 2018. p. 1208-1213 8456036.

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

TY - GEN

T1 - Identifying Passive Message Fingerprint Attacks via Honey Challenge in Collaborative Intrusion Detection Networks

AU - Li, Wenjuan

AU - Meng, Weizhi

AU - Wang, Yu

AU - Kwok, Lam For

AU - Lu, Rongxing

PY - 2018/9/5

Y1 - 2018/9/5

N2 - To enhance the detection capability of a single intrusion detection system (IDS), collaborative intrusion detection networks (CIDNs) have been exploited and developed via enabling a set of IDS nodes to exchange information with each other. In CIDNs, challenge-based trust mechanism has been considered as one promising solution to identify malicious nodes by evaluating the satisfaction levels between challenges and responses. However, such mechanism is still vulnerable to some advanced insider attacks like passive message fingerprint attack (PMFA), which is deemed as an advanced attack on challenge-based CIDNs by collecting messages and identifying normal requests in a passive way. In this work, we focus on PMFA and design Honey Challenge, an improved challenge mechanism for challenge-based CIDNs characterized by sending challenges in a similar way of sending normal requests, in such a way malicious nodes cannot accurately identify the normal requests. In the evaluation, we investigate the attack performance under both simulated and real network environments. Experimental results demonstrate that our proposed mechanism can identify malicious nodes under PMFA and decrease their trust values in a quick manner.

AB - To enhance the detection capability of a single intrusion detection system (IDS), collaborative intrusion detection networks (CIDNs) have been exploited and developed via enabling a set of IDS nodes to exchange information with each other. In CIDNs, challenge-based trust mechanism has been considered as one promising solution to identify malicious nodes by evaluating the satisfaction levels between challenges and responses. However, such mechanism is still vulnerable to some advanced insider attacks like passive message fingerprint attack (PMFA), which is deemed as an advanced attack on challenge-based CIDNs by collecting messages and identifying normal requests in a passive way. In this work, we focus on PMFA and design Honey Challenge, an improved challenge mechanism for challenge-based CIDNs characterized by sending challenges in a similar way of sending normal requests, in such a way malicious nodes cannot accurately identify the normal requests. In the evaluation, we investigate the attack performance under both simulated and real network environments. Experimental results demonstrate that our proposed mechanism can identify malicious nodes under PMFA and decrease their trust values in a quick manner.

KW - Challenge-based Mechanism

KW - Collaborative Environment

KW - Insider Threat

KW - Intrusion Detection

KW - Passive Message Fingerprint Attack

KW - Trust Computation

U2 - 10.1109/TrustCom/BigDataSE.2018.00167

DO - 10.1109/TrustCom/BigDataSE.2018.00167

M3 - Article in proceedings

AN - SCOPUS:85054099374

SN - 9781538643877

SP - 1208

EP - 1213

BT - Proceedings of 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018

PB - IEEE

ER -

Li W, Meng W, Wang Y, Kwok LF, Lu R. Identifying Passive Message Fingerprint Attacks via Honey Challenge in Collaborative Intrusion Detection Networks. In Proceedings of 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018. IEEE. 2018. p. 1208-1213. 8456036 https://doi.org/10.1109/TrustCom/BigDataSE.2018.00167