Detection Models of Collusion Attacks

Abstract

Security protocols have been widely used to safeguard secure electronic transactions. We usually assume that principals are credible and will not maliciously disclose their individual secrets to someone else. Nevertheless, it is impractical to completely ignore the possibility that some principals may collude in private to achieve a fraudulent or illegal purpose.

Collusion attack has been recognized as a key issue in e-commerce systems and increasingly attracted people’s attention for quite some time in the literature on information security. Regardless of the wide application of security protocols, this attack has been largely ignored in the protocol analysis. There is a lack of efficient and intuitive approaches to identify this attack since it is usually hidden and too complicated to find. Therefore, it is critical to address the possibility of collusion attacks in order to analyse security protocols correctly. This chapter presents two frameworks by which to detect collusion attacks in security protocols. The possibility of security threats from insiders is especially taken into account. The results demonstrate that the frameworks are useful and promising in discovering and preventing collusion attacks, and enhancing the protocol analysis.

This chapter is organized as follows. Section 7.1 spells out our motivation to detect the collusion attack. Section 7.2 gives an overview to related work. In Section 7.3, we present the detection of collusion attack using data mining. The detection of collusion attack is converted into identifying frequent itemsets and matching rules. Section 7.4 presents a model by which to measure the probability of the attack using Bayesian networks. It helps users find the direct and indirect dependencies between secure messages. Section 7.5 concludes this chapter.