Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks

Weizhi Meng, Wenjuan Li, Lijun Jiang, Kim-Kwang Raymond Choo, Chunhua Su

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

As adversarial techniques constantly evolve to circumvent existing security measures, an isolated, stand-alone intrusion detection system (IDS) is unlikely to be efficient or effective. Hence, there has been a trend towards developing collaborative intrusion detection networks (CIDNs), where IDS nodes collaborate and communicate with each other. Such a distributed ecosystem can achieve improved detection accuracy, particularly for detecting emerging threats in a timely fashion (before the threat becomes common knowledge). However, there are inherent limitations due to malicious insiders who can seek to compromise and poison the ecosystem. A potential mitigation strategy is to introduce a challenge-based trust mechanism, in order to identify and penalize misbehaving nodes by evaluating the satisfaction between challenges and responses. While this mechanism has been shown to be robust against common insider attacks, it may still be vulnerable to advanced insider attacks in a real-world deployment. Therefore, in this paper, we develop a collusion attack, hereafter referred to as Bayesian Poisoning Attack, which enables a malicious node to model received messages and to craft a malicious response to those messages whose aggregated appearance probability of normal requests is above the defined threshold. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results demonstrate that the malicious nodes under our attack can successfully craft and send untruthful feedback while maintaining their trust values.
Original languageEnglish
Title of host publicationEuropean Symposium on Research in Computer Security
PublisherSpringer
Publication date2019
Pages493-511
ISBN (Print)978-3-030-29958-3
DOIs
Publication statusPublished - 2019
EventThe European Symposium on Research in Computer Security - Parc Alvisse Hotel, Luxembourg city, Luxembourg
Duration: 23 Sep 201927 Sep 2019
https://esorics2019.uni.lu/

Conference

ConferenceThe European Symposium on Research in Computer Security
LocationParc Alvisse Hotel
CountryLuxembourg
CityLuxembourg city
Period23/09/201927/09/2019
Internet address
SeriesLecture Notes in Computer Science
Volume11735
ISSN0302-9743

Keywords

  • Intrusion detection
  • Collaborative network
  • Insider threat
  • Bayesian Poisoning Attack
  • Challenge-based trust mechanism

Cite this

Meng, W., Li, W., Jiang, L., Choo, K-K. R., & Su, C. (2019). Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks. In European Symposium on Research in Computer Security (pp. 493-511). Springer. Lecture Notes in Computer Science, Vol.. 11735 https://doi.org/10.1007/978-3-030-29959-0_24
Meng, Weizhi ; Li, Wenjuan ; Jiang, Lijun ; Choo, Kim-Kwang Raymond ; Su, Chunhua. / Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks. European Symposium on Research in Computer Security. Springer, 2019. pp. 493-511 (Lecture Notes in Computer Science, Vol. 11735).
@inproceedings{ae03f9fda0f944698d8e5242f98b6741,
title = "Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks",
abstract = "As adversarial techniques constantly evolve to circumvent existing security measures, an isolated, stand-alone intrusion detection system (IDS) is unlikely to be efficient or effective. Hence, there has been a trend towards developing collaborative intrusion detection networks (CIDNs), where IDS nodes collaborate and communicate with each other. Such a distributed ecosystem can achieve improved detection accuracy, particularly for detecting emerging threats in a timely fashion (before the threat becomes common knowledge). However, there are inherent limitations due to malicious insiders who can seek to compromise and poison the ecosystem. A potential mitigation strategy is to introduce a challenge-based trust mechanism, in order to identify and penalize misbehaving nodes by evaluating the satisfaction between challenges and responses. While this mechanism has been shown to be robust against common insider attacks, it may still be vulnerable to advanced insider attacks in a real-world deployment. Therefore, in this paper, we develop a collusion attack, hereafter referred to as Bayesian Poisoning Attack, which enables a malicious node to model received messages and to craft a malicious response to those messages whose aggregated appearance probability of normal requests is above the defined threshold. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results demonstrate that the malicious nodes under our attack can successfully craft and send untruthful feedback while maintaining their trust values.",
keywords = "Intrusion detection, Collaborative network, Insider threat, Bayesian Poisoning Attack, Challenge-based trust mechanism",
author = "Weizhi Meng and Wenjuan Li and Lijun Jiang and Choo, {Kim-Kwang Raymond} and Chunhua Su",
year = "2019",
doi = "10.1007/978-3-030-29959-0_24",
language = "English",
isbn = "978-3-030-29958-3",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "493--511",
booktitle = "European Symposium on Research in Computer Security",

}

Meng, W, Li, W, Jiang, L, Choo, K-KR & Su, C 2019, Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks. in European Symposium on Research in Computer Security. Springer, Lecture Notes in Computer Science, vol. 11735, pp. 493-511, The European Symposium on Research in Computer Security, Luxembourg city, Luxembourg, 23/09/2019. https://doi.org/10.1007/978-3-030-29959-0_24

Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks. / Meng, Weizhi; Li, Wenjuan; Jiang, Lijun; Choo, Kim-Kwang Raymond; Su, Chunhua.

European Symposium on Research in Computer Security. Springer, 2019. p. 493-511 (Lecture Notes in Computer Science, Vol. 11735).

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

TY - GEN

T1 - Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks

AU - Meng, Weizhi

AU - Li, Wenjuan

AU - Jiang, Lijun

AU - Choo, Kim-Kwang Raymond

AU - Su, Chunhua

PY - 2019

Y1 - 2019

N2 - As adversarial techniques constantly evolve to circumvent existing security measures, an isolated, stand-alone intrusion detection system (IDS) is unlikely to be efficient or effective. Hence, there has been a trend towards developing collaborative intrusion detection networks (CIDNs), where IDS nodes collaborate and communicate with each other. Such a distributed ecosystem can achieve improved detection accuracy, particularly for detecting emerging threats in a timely fashion (before the threat becomes common knowledge). However, there are inherent limitations due to malicious insiders who can seek to compromise and poison the ecosystem. A potential mitigation strategy is to introduce a challenge-based trust mechanism, in order to identify and penalize misbehaving nodes by evaluating the satisfaction between challenges and responses. While this mechanism has been shown to be robust against common insider attacks, it may still be vulnerable to advanced insider attacks in a real-world deployment. Therefore, in this paper, we develop a collusion attack, hereafter referred to as Bayesian Poisoning Attack, which enables a malicious node to model received messages and to craft a malicious response to those messages whose aggregated appearance probability of normal requests is above the defined threshold. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results demonstrate that the malicious nodes under our attack can successfully craft and send untruthful feedback while maintaining their trust values.

AB - As adversarial techniques constantly evolve to circumvent existing security measures, an isolated, stand-alone intrusion detection system (IDS) is unlikely to be efficient or effective. Hence, there has been a trend towards developing collaborative intrusion detection networks (CIDNs), where IDS nodes collaborate and communicate with each other. Such a distributed ecosystem can achieve improved detection accuracy, particularly for detecting emerging threats in a timely fashion (before the threat becomes common knowledge). However, there are inherent limitations due to malicious insiders who can seek to compromise and poison the ecosystem. A potential mitigation strategy is to introduce a challenge-based trust mechanism, in order to identify and penalize misbehaving nodes by evaluating the satisfaction between challenges and responses. While this mechanism has been shown to be robust against common insider attacks, it may still be vulnerable to advanced insider attacks in a real-world deployment. Therefore, in this paper, we develop a collusion attack, hereafter referred to as Bayesian Poisoning Attack, which enables a malicious node to model received messages and to craft a malicious response to those messages whose aggregated appearance probability of normal requests is above the defined threshold. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results demonstrate that the malicious nodes under our attack can successfully craft and send untruthful feedback while maintaining their trust values.

KW - Intrusion detection

KW - Collaborative network

KW - Insider threat

KW - Bayesian Poisoning Attack

KW - Challenge-based trust mechanism

U2 - 10.1007/978-3-030-29959-0_24

DO - 10.1007/978-3-030-29959-0_24

M3 - Article in proceedings

SN - 978-3-030-29958-3

T3 - Lecture Notes in Computer Science

SP - 493

EP - 511

BT - European Symposium on Research in Computer Security

PB - Springer

ER -

Meng W, Li W, Jiang L, Choo K-KR, Su C. Practical Bayesian Poisoning Attacks on Challenge-Based Collaborative Intrusion Detection Networks. In European Symposium on Research in Computer Security. Springer. 2019. p. 493-511. (Lecture Notes in Computer Science, Vol. 11735). https://doi.org/10.1007/978-3-030-29959-0_24