Enhancing Challenge-based Collaborative Intrusion Detection Against Insider Attacks using Spatial Correlation

Abstract

With cyber-attacks becoming more complicated and the networks increasingly interconnected, there has been a move towards using collaborative intrusion detection networks (CIDNs) to identify cyber-threats more effectively. However, insider attacks may remain challenging to mitigate in CIDNs, as the intruders are able to control one or more internal nodes. Challenge- based trust mechanism is one promising solution to help safeguard CIDNs against common insider attacks, but not necessarily against advanced attacks such as passive message fingerprint attacks. In this work, we focus on challenge-based trust mechanism and advocate that considering additional level of trust can enhance the robustness of CIDNs. Specifically, we design an enhanced trust management scheme by checking spatial correlation among nodes' behavior, regarding forwarding delay, packet dropping and sending rate. Then, we evaluate our approach in a simulated environment, as well as a realworld environment in collaboration with an IT organization. Experimental results demonstrate that our approach can help enhance the robustness of challenge-based trust mechanism by detecting malicious nodes faster than similar approaches (i.e., reducing time consumption by two to three days).