Investigating the influence of special on-off attacks on challenge-based collaborative intrusion detection networks

Wenjuan Li, Weizhi Meng*, Lam For Kwok

*Corresponding author for this work

Research output: Contribution to journalJournal articleResearchpeer-review

332 Downloads (Pure)

Abstract

Intrusions are becoming more complicated with the recent development of adversarial techniques. To boost the detection accuracy of a separate intrusion detector, the collaborative intrusion detection network (CIDN) has thus been developed by allowing intrusion detection system (IDS) nodes to exchange data with each other. Insider attacks are a great threat for such types of collaborative networks, where an attacker has the authorized access within the network. In literature, a challenge-based trust mechanism is effective at identifying malicious nodes by sending challenges. However, such mechanisms are heavily dependent on two assumptions, which would cause CIDNs to be vulnerable to advanced insider attacks in practice. In this work, we investigate the influence of advanced on-off attacks on challenge-based CIDNs, which can respond truthfully to one IDS node but behave maliciously to another IDS node. To evaluate the attack performance, we have conducted two experiments under a simulated and a real CIDN environment. The obtained results demonstrate that our designed attack is able to compromise the robustness of challenge-based CIDNs in practice; that is, some malicious nodes can behave untruthfully without a timely detection.
Original languageEnglish
JournalFuture Internet
Volume10
Issue number1
Number of pages16
ISSN1999-5903
DOIs
Publication statusPublished - 2018

Keywords

  • Collaborative network
  • On–off attack
  • Challenge-based Mechanism
  • Trust computation and management
  • Intrusion detectors

Fingerprint

Dive into the research topics of 'Investigating the influence of special on-off attacks on challenge-based collaborative intrusion detection networks'. Together they form a unique fingerprint.

Cite this