Challenge-based collaborative intrusion detection networks under passive message fingerprint attack: A further analysis
Journal of Information Security and Applications(2019)
摘要
Collaborative intrusion detection systems / networks (CIDSs/CIDNs) have been widely used, aiming to enhance the performance of a single intrusion detection system (IDS), by allowing an IDS node communicating and collecting information from others. To protect such collaborative systems against insider attacks, trust management mechanisms are often deployed to evaluate the trustworthiness of a node. In particular, challenge-based mechanism attempts to identify malicious nodes by measuring the deviation between challenges and responses. However, it is found that such mechanisms may be vulnerable to advanced insider attacks like Passive Message Fingerprint Attacks (PMFA), where malicious nodes can distinguish challenges by analyzing the sending strategy. In this paper, we further analyze the effectiveness of PMFA and investigate whether an improved sending strategy can help detect malicious nodes. Our study reveals that PMFA could still be valid under even an improved sending strategy, i.e., malicious nodes can hold its reputation level by understanding the network context. We then provide some insights on how to defeat such kind of attack by properly adjusting such mechanism.
更多查看译文
关键词
Intrusion detection system,Collaborative network,Insider attack and detection,Challenge-based CIDN,Trust management
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要