A Robust Intrusion Detection Network Using Thresholdless Trust Management System with Incentive Design

  • Amir RezapourEmail author
  • Wen-Guey Tzeng
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 255)


Intrusion detection networks (IDNs) have been developed to improve the detection accuracy of a single IDS, by collecting intrusion intelligence knowledge and learning experience from other IDSs. However, some malicious IDSs within an IDN can corrupt the whole collaborative network. In this paper, we propose a robust trust management system, where each IDS evaluates the trustworthiness of its neighbors by making direct observations on their recommendations over time. We present a thresholdless clustering technique that automatically discards malicious neighbors. Our clustering approach with its effective features only needs to assume that each IDS has at least one honest neighbor. Hence, we do not need to assume that the majority of the involved IDSs are honest. Furthermore, we design an incentive utility function to penalize free-riders.


Trust management model Intrusion detection network Collaborative network 


  1. 1.
    Dshield dataset.
  2. 2.
    Alpcan, T., Basar, T.: A game theoretic approach to decision and analysis in network intrusion detection. In: Proceedings of 42nd IEEE Conference on Decision and Control, vol. 3, pp. 2595–2600. IEEE (2003)Google Scholar
  3. 3.
    Chen, S., Liu, D., Chen, S., Jajodia, S.: V-cops: a vulnerability-based cooperative alert distribution system. In: 22nd Annual Computer Security Applications Conference, ACSAC 2006, pp. 43–56. IEEE (2006)Google Scholar
  4. 4.
    Douceur, J.R.: The sybil attack. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002). Scholar
  5. 5.
    Frey, B.J., Dueck, D.: Clustering by passing messages between data points. Science 315(5814), 972–976 (2007)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Fung, C.J., Baysal, O., Zhang, J., Aib, I., Boutaba, R.: Trust management for host-based collaborative intrusion detection. In: De Turck, F., Kellerer, W., Kormentzas, G. (eds.) DSOM 2008. LNCS, vol. 5273, pp. 109–122. Springer, Heidelberg (2008). Scholar
  7. 7.
    Fung, C.J., Zhang, J., Aib, I., Boutaba, R.: Robust and scalable trust management for collaborative intrusion detection. In: IFIP/IEEE International Symposium on Integrated Network Management, IM 2009, pp. 33–40. IEEE (2009)Google Scholar
  8. 8.
    Ganeriwal, S., Balzano, L.K., Srivastava, M.B.: Reputation-based framework for high integrity sensor networks. ACM Trans. Sens. Netw. 4(3), 15:1–15:37 (2008)CrossRefGoogle Scholar
  9. 9.
    Hongjun, D., Zhiping, J., Xiaona, D.: An entropy-based trust modeling and evaluation for wireless sensor networks. In: International Conference on Embedded Software and Systems, ICESS 2008, pp. 27–34. IEEE (2008)Google Scholar
  10. 10.
    Li, W., Meng, W., Kwok, L.F., IP, H.H.: Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model. J. Netw. Comput. Appl. 77(C), 135–145 (2017)CrossRefGoogle Scholar
  11. 11.
    Marchang, N., Datta, R., Das, S.K.: A novel approach for efficient usage of intrusion detection system in mobile ad hoc networks. IEEE Trans. Veh. Technol. 66(2), 1684–1695 (2017)CrossRefGoogle Scholar
  12. 12.
    Nguyen, T., Seneviratne, A., Hoang, D., Nguyen, D.: Initial trust establishment for personal space IoT systems. In: IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS): MobiSec 2017 (2017)Google Scholar
  13. 13.
    Nielsen, M., Krukow, K., Sassone, V.: A Bayesian model for event-based trust. Electron. Notes Theor. Comput. Sci. 172, 499–521 (2007)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Rezapour, A., Tzeng, W.G.: A robust algorithm for predicting attacks using collaborative security logs (2017). ManuscriptGoogle Scholar
  15. 15.
    Soldo, F., Le, A., Markopoulou, A.: Predictive blacklisting as an implicit recommendation system. In: Proceedings of the 29th Conference on Information Communications, INFOCOM 2010, pp. 1640–1648. IEEE Press, Piscataway (2010)Google Scholar
  16. 16.
    Srour, L., Kayssi, A., Chehab, A.: Reputation-based algorithm for managing trust in file sharing networks. In: Securecomm and Workshops, pp. 1–10. IEEE (2006)Google Scholar
  17. 17.
    Sun, Y.L., Yu, W., Han, Z., Liu, K.J.: Information theoretic framework of trust modeling and evaluation for ad hoc networks. IEEE J. Sel. A. Commun. 24(2), 305–317 (2006)CrossRefGoogle Scholar
  18. 18.
    Tuan, T.A.: A game-theoretic analysis of trust management in P2P systems. In: First International Conference on Communications and Electronics, ICCE 2006, pp. 130–134. IEEE (2006)Google Scholar
  19. 19.
    Wu, Y.S., Foo, B., Mei, Y., Bagchi, S.: Collaborative intrusion detection system (CIDS): a framework for accurate and efficient IDs. In: Proceedings of the 19th Annual Computer Security Applications Conference, ACSAC 2003, p. 234. IEEE Computer Society, Washington, DC (2003)Google Scholar
  20. 20.
    Yegneswaran, V., Barford, P., Jha, S.: Global intrusion detection in the domino overlay system. In: NDSS (2004)Google Scholar
  21. 21.
    Zhang, J., Porras, P., Ullrich, J.: Highly predictive blacklisting. In: Proceedings of the 17th Conference on Security Symposium, SS 2008, pp. 107–122. USENIX Association, Berkeley (2008)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  1. 1.Department of Computer ScienceNational Chiao Tung UniversityHsinchuTaiwan

Personalised recommendations