nach oben

Cluster Computing

Erschienen in:

31.05.2017

Developing advanced fingerprint attacks on challenge-based collaborative intrusion detection networks

verfasst von: Wenjuan Li, Weizhi Meng, Lam-For Kwok, Horace H. S. Ip

Erschienen in: Cluster Computing | Ausgabe 1/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Traditionally, an isolated intrusion detection system (IDS) is vulnerable to various types of attacks. In order to enhance IDS performance, collaborative intrusion detection networks (CIDNs) are developed through enabling a set of IDS nodes to communicate with each other. Due to the distributed network architecture, insider attacks are one of the major threats. In the literature, challenge-based trust mechanisms have been built to identify malicious nodes by evaluating the satisfaction levels between challenges and responses. However, such mechanisms rely on two major assumptions, which may result in a weak threat model. In this case, CIDNs may be still vulnerable to advanced insider attacks in real-world deployment. In this paper, we propose a novel collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way. In the evaluation, we explore the attack performance under both simulated and real network environments. Experimental results demonstrate that our attack can help malicious nodes send malicious responses to normal requests, while maintaining their trust values.

Vorheriger Artikel A new efficient authorized private set intersection protocol from Schnorr signature and its applications

Nächster Artikel Object and motion cues based collaborative approach for human activity localization and recognition in unconstrained videos

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Li, W., Meng, W., Kwok, L.F., Ip, H.H.S.: PMFA: toward passive message fingerprint attacks on challenge-based collaborative intrusion detection networks. In: Proceedings of the 10th International Conference on Network and System Security (NSS 2016), pp. 433–449 (2016)

Chun, B., Lee, J., Weatherspoon, H., Chun, B.N.: Netbait: a distributed worm detection service. Technical Report IRB-TR-03-033, Intel Research Berkeley (2003)

Douceur, J.: The sybil attack. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429. Springer, Heidelberg (2002)

Duma, C., Karresand, M., Shahmehri, N., Caronni, G.: A trust-aware, P2P-based overlay for intrusion detection. In: DEXA Workshop, pp. 692–697 (2006)

Friedberg, I., Skopik, F., Settanni, G., Fiedler, R.: Combating advanced persistent threats: from network event correlation to incident detection. Comput. Secur. 48, 35–57 (2015)CrossRef

Fung, C.J., Baysal, O., Zhang, J., Aib, I., Boutaba, R.: Trust management for host-based collaborative intrusion detection. In: De Turck, F., Kellerer, W. Kormentzas, G. (eds.) DSOM 2008. LNCS, vol. 5273, pp. 109–122 (2008)

Fung, C.J., Zhang. J., Aib, I., Boutaba, R.: Robust and scalable trust management for collaborative intrusion detection. In: Proceedings of the 11th IFIP/IEEE International Conference on Symposium on Integrated Network Management (IM), pp. 33–40 (2009)

Fung, C.J., Zhu, Q., Boutaba, R., Basar, T.: Bayesian decision aggregation in collaborative intrusion detection networks. In: NOMS, pp. 349–356 (2010)

Fung, C.J., Boutaba, R.: Design and management of collaborative intrusion detection networks. In: Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 955–961 (2013)

10.

Gong, F.: Next Generation Intrusion Detection Systems (IDS). McAfee Network Security Technologies Group (2003)

11.

Gou, Z., Ahmadon, M.A.B., Yamaguchi, S., Gupta, B.B.: A Petri Net-based Framework of Intrusion Detection Systems. In: Proceedings of the 4th IEEE Global Conference on Consumer Electronics, pp. 579–583 (2015)

12.

Huebsch, R., Chun, B.N., Hellerstein, J.M., Loo, B.T., Maniatis, P., Roscoe, T., Shenker, S., Stoica, I., Yumerefendi, A.R.: The architecture of PIER: an internet-scale query processor. In: Proceedings of the 2005 Conference on Innovative Data Systems Research (CIDR), pp. 28–43 (2005)

13.

Li, Z., Chen, Y., Beach, A.: Towards scalable and robust distributed intrusion alert fusion with good load balancing. In: Proceedings of the 2006 SIGCOMM Workshop on Large-Scale Attack Defense (LSAD), pp. 115–122 (2006)

14.

Li, W., Meng, Y., Kwok, L.-F.: Enhancing trust evaluation using intrusion sensitivity in collaborative intrusion detection networks: feasibility and challenges. In: Proceedings of the 9th International Conference on Computational Intelligence and Security (CIS), pp. 518–522. IEEE, Piscataway (2013)

15.

Li, W., Meng, Y., Kwok, L.-F.: Design of intrusion sensitivity-based trust management model for collaborative intrusion detection networks. In: Proceedings of the 8th IFIP WG 11.11 International Conference on Trust Management (IFIPTM), pp. 61–76. Springer, New York (2014)

16.

Li, W., Meng, W.: Enhancing collaborative intrusion detection networks using intrusion sensitivity in detecting pollution attacks. Inform. Comput. Secur. 24(3), 265–276 (2016)CrossRef

17.

Meng, Y., Kwok, L.F.: Enhancing false alarm reduction using voted ensemble selection in intrusion detection. Int. J. Comput. Intell. Syst. 6(4), 626–638 (2013)CrossRef

18.

Meng, Y., Li, W., Kwok, L.F.: Towards adaptive character frequency-based exclusive signature matching scheme and its applications in distributed intrusion detection. Comput. Netw. 57(17), 3630–3640 (2013)CrossRef

19.

Meng, W., Li, W., Kwok, L.-F.: An evaluation of single character frequency-based exclusive signature matching in distinct IDS environments. In: Proceedings of the 17th International Conference on Information Security (ISC), pp. 465–476 (2014)

20.

Meng, W., Li, W., Kwok, L.F.: EFM: enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism. Comput. Secur. 43, 189–204 (2014)CrossRef

21.

Meng, W., Li, W., Kwok, L.F.: Design of intelligent KNN-based alarm filter using knowledge-based alert verification in intrusion detection. Secur. Commun. Netw. 8(18), 3883–3895 (2015)CrossRef

22.

Meng, W., Li, W., Xiang, Y., Choo, K.K.R.: A bayesian inference-based detection mechanism to defend medical smartphone networks against insider attacks. J. Netw. Comput. Appl. 78, 162–169 (2017)CrossRef

23.

Meng, W., Li, W., Kwok, L.-F.: Towards effective trust-based packet filtering in collaborative network environments. IEEE Trans. Netw. Serv. Manag. 14(1), 233–245 (2017)CrossRef

24.

Mishra, A., Gupta, B.B., Joshi, R.C.: A comparative study of distributed Denial of service attacks, intrusion tolerance and mitigation techniques. In: Proceedings of the 2011 European Intelligence and Security Informatics Conference, pp. 286–289 (2011)

25.

Papadopoulos, C., Lindell, R., Mehringer, J., Hussain, A., Govindan, R.: COSSACK: coordinated suppression of simultaneous attacks. In: Proceedings of the 2003 DARPA Information Survivability Conference and Exposition (DISCEX), pp. 94–96 (2003)

26.

Porras, P.A., Neumann, P.G.: Emerald: event monitoring enabling responses to anomalous live disturbances. In: Proceedings of the 20th National Information Systems Security Conference, pp. 353–365 (1997)

27.

Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Special Publication 800-94 (2007)

28.

Snapp, S.R., et al.: DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype. In: Proceedings of the 14th National Computer Security Conference, pp. 167–176 (1991)

29.

Snort: An an open source network intrusion prevention and detection system (IDS/IPS). Homepage. http://www.snort.org/

30.

Tuan, T.A.: A game-theoretic analysis of trust management in P2P systems. In: Proceedings of ICCE, pp. 130–134 (2006)

31.

Wu, Y.-S., Foo, B., Mei, Y., Bagchi, S.: Collaborative intrusion detection system (CIDS): a framework for accurate and efficient IDS. In: Proceedings of the 2003 Annual Computer Security Applications Conference (ACSAC), pp. 234–244 (2003)

32.

Yegneswaran, V., Barford, P., Jha, S.: Global intrusion detection in the DOMINO overlay system. In: Proceedings of the 2004 Network and Distributed System Security Symposium (NDSS), pp. 1–17 (2004)

Titel: Developing advanced fingerprint attacks on challenge-based collaborative intrusion detection networks
verfasst von: Wenjuan Li
Weizhi Meng
Lam-For Kwok
Horace H. S. Ip
Publikationsdatum: 31.05.2017
Verlag: Springer US
Erschienen in: Cluster Computing / Ausgabe 1/2018
Print ISSN: 1386-7857
Elektronische ISSN: 1573-7543
DOI: https://doi.org/10.1007/s10586-017-0955-8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2018

Parallel testing and coverage analysis for context-free applications

Text mining and sustainable clusters from unstructured data in cloud computing

A study on web services discovery system based on the internetof things user information

Enhancement of data confidentiality and secure data transaction in cloud storage environment

A robust algorithm for detecting people in overhead views

Research on the Internet of Things and the development of smart city industry based on big data