A False Positive Resilient Distributed Trust Management Framework for Collaborative Intrusion Detection Systems

IF 5.5 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Services Computing Pub Date : 2025-02-05 DOI:10.1109/TSC.2025.3539202

Kadhim Hayawi;Imran Makhdoom;Saifullah Khalid;Richard Adeyemi Ikuesan;Mohammed Kaosar;Ishfaq Ahmad

{"title":"A False Positive Resilient Distributed Trust Management Framework for Collaborative Intrusion Detection Systems","authors":"Kadhim Hayawi;Imran Makhdoom;Saifullah Khalid;Richard Adeyemi Ikuesan;Mohammed Kaosar;Ishfaq Ahmad","doi":"10.1109/TSC.2025.3539202","DOIUrl":null,"url":null,"abstract":"Collaborative Intrusion Detection System (CIDS) protect large networks against distributed attacks. However, a CIDS is vulnerable to insider attacks that decrease the mutual trust among the CIDS nodes. Most existing trust management approaches rely on a central authority, trusted third parties or network peers for managing trust. The current techniques are prone to high false positives and vulnerable to various reputation attacks. For instance, device attestation manages trust among CIDS nodes by verifying the integrity of a node’s hardware and software configuration. However, it lacks real-time monitoring of the dynamic state, limiting its effectiveness against ongoing attacks and malware. Therefore, incorporating the system’s dynamic state in the trust framework is crucial, but it causes false positives requiring corrective mechanisms. To address these challenges, this paper proposes a blockchain-based integrated trust management framework for CIDS, incorporating the device’s genome attestation, the system’s dynamic parameters, and a false positive resilient reputation mechanism. By storing the reputation scores on the blockchain, the framework alleviates the need for a third party for trust management and thus mitigates attacks applicable to reputation-based systems. The paper performs a comprehensive security and performance analysis of the proposed framework to gauge its efficiency and study the effects of a penalty on a node’s reputation during the recovery and rally phases. We also study the impact of false positives on the reputation of a node. The results show that Hyperledger Fabric offers lower transaction latency and low CPU utilization compared to Ethereum Blockchain.","PeriodicalId":13255,"journal":{"name":"IEEE Transactions on Services Computing","volume":"18 2","pages":"513-526"},"PeriodicalIF":5.5000,"publicationDate":"2025-02-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Services Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10874202/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Collaborative Intrusion Detection System (CIDS) protect large networks against distributed attacks. However, a CIDS is vulnerable to insider attacks that decrease the mutual trust among the CIDS nodes. Most existing trust management approaches rely on a central authority, trusted third parties or network peers for managing trust. The current techniques are prone to high false positives and vulnerable to various reputation attacks. For instance, device attestation manages trust among CIDS nodes by verifying the integrity of a node’s hardware and software configuration. However, it lacks real-time monitoring of the dynamic state, limiting its effectiveness against ongoing attacks and malware. Therefore, incorporating the system’s dynamic state in the trust framework is crucial, but it causes false positives requiring corrective mechanisms. To address these challenges, this paper proposes a blockchain-based integrated trust management framework for CIDS, incorporating the device’s genome attestation, the system’s dynamic parameters, and a false positive resilient reputation mechanism. By storing the reputation scores on the blockchain, the framework alleviates the need for a third party for trust management and thus mitigates attacks applicable to reputation-based systems. The paper performs a comprehensive security and performance analysis of the proposed framework to gauge its efficiency and study the effects of a penalty on a node’s reputation during the recovery and rally phases. We also study the impact of false positives on the reputation of a node. The results show that Hyperledger Fabric offers lower transaction latency and low CPU utilization compared to Ethereum Blockchain.

查看原文本刊更多论文

用于协作式入侵检测系统的抗假阳性分布式信任管理框架

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Services Computing COMPUTER SCIENCE, INFORMATION SYSTEMS-COMPUTER SCIENCE, SOFTWARE ENGINEERING

CiteScore

11.50

自引率

6.20%

发文量

278

审稿时长

>12 weeks

期刊介绍： IEEE Transactions on Services Computing encompasses the computing and software aspects of the science and technology of services innovation research and development. It places emphasis on algorithmic, mathematical, statistical, and computational methods central to services computing. Topics covered include Service Oriented Architecture, Web Services, Business Process Integration, Solution Performance Management, and Services Operations and Management. The transactions address mathematical foundations, security, privacy, agreement, contract, discovery, negotiation, collaboration, and quality of service for web services. It also covers areas like composite web service creation, business and scientific applications, standards, utility models, business process modeling, integration, collaboration, and more in the realm of Services Computing.