Skip to main content
SpringerLink
Log in

Evaluating the Impact of Intrusion Sensitivity on Securing Collaborative Intrusion Detection Networks Against SOOA

  • Conference paper
  • First Online:
Algorithms and Architectures for Parallel Processing (ICA3PP 2018)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11337))

Abstract

Cyber attacks are greatly expanding in both size and complexity. To handle this issue, research has been focused on collaborative intrusion detection networks (CIDNs), which can improve the detection accuracy of a single IDS by allowing various nodes to communicate with each other. While such collaborative system or network is vulnerable to insider attacks, which can significantly reduce the advantages of a detector. To protect CIDNs against insider attacks, one potential way is to enhance the trust evaluation among IDS nodes, i.e., by emphasizing the impact of expert nodes. In this work, we adopt the notion of intrusion sensitivity that assigns different values of detection capability relating to particular attacks, and evaluate its impact on defending against a special On-Off attack (SOOA). In the evaluation, we investigate the impact of intrusion sensitivity in a simulated CIDN environment, and experimental results demonstrate that the use of intrusion sensitivity can help enhance the security of CIDNs under adversarial scenarios, like SOOA.

W. Meng—The author was previously known as Yuxin Meng.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Chun, B., Lee, J., Weatherspoon, H., Chun, B.N.: Netbait: a distributed worm detection service. Technical report IRB-TR-03-033, Intel Research Berkeley (2003)

    Google Scholar 

  2. Douceur, J.R.: The sybil attack. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45748-8_24

    Chapter  Google Scholar 

  3. Duma, C., Karresand, M., Shahmehri, N., Caronni, G.: A trust-aware, P2P-based overlay for intrusion detection. In: DEXA Workshop, pp. 692–697 (2006)

    Google Scholar 

  4. Fadlullah, Z.M., Taleb, T., Vasilakos, A.V., Guizani, M., Kato, N.: DTRAB: combating against attacks on encrypted protocols through traffic-feature analysis. IEEE/ACM Trans. Netw. 18(4), 1234–1247 (2010)

    Article  Google Scholar 

  5. Friedberg, I., Skopik, F., Settanni, G., Fiedler, R.: Combating advanced persistent threats: from network event correlation to incident detection. Comput. Secur. 48, 35–47 (2015)

    Article  Google Scholar 

  6. Fung, C.J., Baysal, O., Zhang, J., Aib, I., Boutaba, R.: Trust management for host-based collaborative intrusion detection. In: De Turck, F., Kellerer, W., Kormentzas, G. (eds.) DSOM 2008. LNCS, vol. 5273, pp. 109–122. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-87353-2_9

    Chapter  Google Scholar 

  7. Fung, C.J., Zhang, J., Aib, I., Boutaba, R.: Robust and scalable trust management for collaborative intrusion detection. In: Proceedings of the 11th IFIP/IEEE International Conference on Symposium on Integrated Network Management (IM), pp. 33–40 (2009)

    Google Scholar 

  8. Ghosh, A.K., Wanken, J., Charron, F.: Detecting anomalous and unknown intrusions against programs. In: Proceedings of Annual Computer Security Applications Conference (ACSAC), pp. 259–267 (1998)

    Google Scholar 

  9. Gong, F.: Next Generation Intrusion Detection Systems (IDS). McAfee Network Security Technologies Group (2003)

    Google Scholar 

  10. Gou, Z., Ahmadon, M.A.B., Yamaguchi, S., Gupta, B.B.: A Petri net-based framework of intrusion detection systems. In: Proceedings of the 4th IEEE Global Conference on Consumer Electronics, pp. 579–583 (2015)

    Google Scholar 

  11. Huebsch, R., et al.: The architecture of PIER: an internet-scale query processor. In: Proceedings of the 2005 Conference on Innovative Data Systems Research (CIDR), pp. 28–43 (2005)

    Google Scholar 

  12. Li, Z., Chen, Y., Beach, A.: Towards scalable and robust distributed intrusion alert fusion with good load balancing. In: Proceedings of the 2006 SIGCOMM Workshop on Large-Scale Attack Defense (LSAD), pp. 115–122 (2006)

    Google Scholar 

  13. Li, W., Meng, Y., Kwok, L.-F.: Enhancing trust evaluation using intrusion sensitivity in collaborative intrusion detection networks: feasibility and challenges. In: Proceedings of the 9th International Conference on Computational Intelligence and Security (CIS), pp. 518–522. IEEE (2013)

    Google Scholar 

  14. Li, W., Meng, W., Kwok, L.-F.: Design of intrusion sensitivity-based trust management model for collaborative intrusion detection networks. In: Zhou, J., Gal-Oz, N., Zhang, J., Gudes, E. (eds.) IFIPTM 2014. IAICT, vol. 430, pp. 61–76. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43813-8_5

    Chapter  Google Scholar 

  15. Li, W., Meng, W.: Enhancing collaborative intrusion detection networks using intrusion sensitivity in detecting pollution attacks. Inf. Comput. Secur. 24(3), 265–276 (2016)

    Article  MathSciNet  Google Scholar 

  16. Li, W., Meng, W., Kwok, L.-F., Ip, H.H.S.: Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model. J. Netw. Comput. Appl. 77, 135–145 (2017)

    Article  Google Scholar 

  17. Li, W., Meng, W., Kwok, L.-F., Ip, H.H.S.: PMFA: toward passive message fingerprint attacks on challenge-based collaborative intrusion detection networks. In: Chen, J., Piuri, V., Su, C., Yung, M. (eds.) NSS 2016. LNCS, vol. 9955, pp. 433–449. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46298-1_28

    Chapter  Google Scholar 

  18. Li, W., Meng, W., Kwok, L.-F.: SOOA: exploring special on-off attacks on challenge-based collaborative intrusion detection networks. In: Au, M.H.A., Castiglione, A., Choo, K.-K.R., Palmieri, F., Li, K.-C. (eds.) GPC 2017. LNCS, vol. 10232, pp. 402–415. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57186-7_30

    Chapter  Google Scholar 

  19. Meng, Y., Kwok, L.F.: Enhancing false alarm reduction using voted ensemble selection in intrusion detection. Int. J. Comput. Intell. Syst. 6(4), 626–638 (2013)

    Article  Google Scholar 

  20. Meng, Y., Li, W., Kwok, L.F.: Towards adaptive character frequency-based exclusive signature matching scheme and its applications in distributed intrusion detection. Comput. Netw. 57(17), 3630–3640 (2013)

    Article  Google Scholar 

  21. Meng, W., Li, W., Kwok, L.-F.: An evaluation of single character frequency-based exclusive signature matching in distinct IDS environments. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 465–476. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13257-0_29

    Chapter  Google Scholar 

  22. Meng, W., Li, W., Kwok, L.-F.: EFM: enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism. Comput. Secur. 43, 189–204 (2014)

    Article  Google Scholar 

  23. Meng, W., Li, W., Kwok, L.-F.: Design of intelligent KNN-based alarm filter using knowledge-based alert verification in intrusion detection. Secur. Commun. Netw. 8(18), 3883–3895 (2015)

    Article  Google Scholar 

  24. Meng, W., Au, M.H.: Towards statistical trust computation for medical smartphone networks based on behavioral profiling. In: Steghöfer, J.-P., Esfandiari, B. (eds.) IFIPTM 2017. IAICT, vol. 505, pp. 152–159. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59171-1_12

    Chapter  Google Scholar 

  25. Meng, W., Li, W., Xiang, Y., Choo, K.K.R.: A Bayesian inference-based detection mechanism to defend medical smartphone networks against insider attacks. J. Netw. Comput. Appl. 78, 162–169 (2017)

    Article  Google Scholar 

  26. Meng, W., Li, W., Kwok, L.-F.: Towards effective trust-based packet filtering in collaborative network environments. IEEE Trans. Netw. Serv. Manag. 14(1), 233–245 (2017)

    Article  Google Scholar 

  27. Meng, W., Wang, Y., Li, W., Liu, Z., Li, J., Probst, C.W.: Enhancing intelligent alarm reduction for distributed intrusion detection systems via edge computing. In: Susilo, W., Yang, G. (eds.) ACISP 2018. LNCS, vol. 10946, pp. 759–767. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93638-3_44

    Chapter  Google Scholar 

  28. Meng, W., Li, W., Wang, Y., Au, M.H.: Detecting insider attacks in medical cyber-physical networks based on behavioral profiling. Future Gener. Comput. Syst. (2018, in press). Elsevier

    Google Scholar 

  29. Mishra, A., Gupta, B.B., Joshi, R.C.: A comparative study of distributed denial of service attacks, intrusion tolerance and mitigation techniques. In: Proceedings of the 2011 European Intelligence and Security Informatics Conference, pp. 286–289 (2011)

    Google Scholar 

  30. Papadopoulos, C., Lindell, R., Mehringer, J., Hussain, A., Govindan, R.: COSSACK: coordinated suppression of simultaneous attacks. In: Proceedings of the 2003 DARPA Information Survivability Conference and Exposition (DISCEX), pp. 94–96 (2003)

    Google Scholar 

  31. Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)

    Article  Google Scholar 

  32. Porras, P.A., Neumann, P.G.: Emerald: event monitoring enabling responses to anomalous live disturbances. In: Proceedings of the 20th National Information Systems Security Conference, pp. 353–365 (1997)

    Google Scholar 

  33. Roesch, M.: Snort: lightweight intrusion detection for networks. In: Proceedings of USENIX Lisa Conference, pp. 229–238 (1999)

    Google Scholar 

  34. Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Special Publication 800–94 (2007)

    Google Scholar 

  35. Snapp, S.R., et al.: DIDS (Distributed Intrusion Detection System) - motivation, architecture, and an early prototype. In: Proceedings of the 14th National Computer Security Conference, pp. 167–176 (1991)

    Google Scholar 

  36. Snort: An open source network intrusion prevention and detection system (IDS/IPS). http://www.snort.org/

  37. Tuan, T.A.: A game-theoretic analysis of trust management in P2P systems. In: Proceedings of ICCE, pp. 130–134 (2006)

    Google Scholar 

  38. Valdes, A., Anderson, D.: Statistical methods for computer usage anomaly detection using NIDES. Technical report, SRI International, January 1995

    Google Scholar 

  39. Vigna, G., Kemmerer, R.A.: NetSTAT: a network-based intrusion detection approach. In: Proceedings of Annual Computer Security Applications Conference (ACSAC), pp. 25–34 (1998)

    Google Scholar 

  40. Wu, Y.-S., Foo, B., Mei, Y., Bagchi, S.: Collaborative intrusion detection system (CIDS): a framework for accurate and efficient IDS. In: Proceedings of the 2003 Annual Computer Security Applications Conference (ACSAC), pp. 234–244 (2003)

    Google Scholar 

  41. Yegneswaran, V., Barford, P., Jha, S.: Global intrusion detection in the DOMINO overlay system. In: Proceedings of the 2004 Network and Distributed System Security Symposium (NDSS), pp. 1–17 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Applied Mathematics and Computer Science, Technical University of Denmark, Kongens Lyngby, Denmark

    David Madsen, Wenjuan Li & Weizhi Meng

  2. Department of Computer Science, City University of Hong Kong, Kowloon Tong, Hong Kong

    Wenjuan Li

  3. School of Computer Science, Guangzhou University, Guangzhou, China

    Yu Wang

Authors
  1. David Madsen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wenjuan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Weizhi Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yu Wang .

Editor information

Editors and Affiliations

  1. Rutgers University, Newark, NJ, USA

    Jaideep Vaidya

  2. Guangzhou University, Guangzhou, China

    Jin Li

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Madsen, D., Li, W., Meng, W., Wang, Y. (2018). Evaluating the Impact of Intrusion Sensitivity on Securing Collaborative Intrusion Detection Networks Against SOOA. In: Vaidya, J., Li, J. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2018. Lecture Notes in Computer Science(), vol 11337. Springer, Cham. https://doi.org/10.1007/978-3-030-05063-4_36

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-05063-4_36

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-05062-7

  • Online ISBN: 978-3-030-05063-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation