Abstract
To enhance the performance of single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed, which enable a set of IDS nodes to communicate with each other. In such a distributed network, insider attacks like collusion attacks are the main threat. In the literature, challenge-based trust mechanisms have been established to identify malicious nodes by evaluating the satisfaction between challenges and responses. However, we find that such mechanisms rely on two major assumptions, which may result in a weak threat model and make CIDNs still vulnerable to advanced insider attacks in practical deployment. In this paper, we design a novel type of collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results indicate that under our attack, malicious nodes can send malicious responses to normal requests while maintaining their trust values.
Original language | English |
---|---|
Title of host publication | Proceedings of the 10th International Conference on Network and System Security (NSS 2016) |
Publisher | Springer |
Publication date | 2016 |
Pages | 433-449 |
ISBN (Print) | 978-3-319-46297-4 |
ISBN (Electronic) | 978-3-319-46298-1 |
DOIs | |
Publication status | Published - 2016 |
Event | 10th International Conference on Network and System Security - Taipei, Taiwan, Province of China Duration: 28 Sept 2016 → 30 Sept 2016 Conference number: 10 http://nsclab.org/nss2016/ |
Conference
Conference | 10th International Conference on Network and System Security |
---|---|
Number | 10 |
Country/Territory | Taiwan, Province of China |
City | Taipei |
Period | 28/09/2016 → 30/09/2016 |
Internet address |
Series | Lecture Notes in Computer Science |
---|---|
Volume | 9955 |
ISSN | 0302-9743 |
Keywords
- Intrusion Detection System
- Collaborative network
- Insider threats
- Collusion attacks
- Challenge-based trust mechanism