TU Darmstadt / ULB / TUbiblio

Sphinx: a Colluder-Resistant Trust Mechanism for Collaborative Intrusion Detection

Garcia Cordero, Carlos and Traverso, Giulia and Nojoumian, Mehrdad and Habib, Sheikh Mahbub and Mühlhäuser, Max and Buchmann, Johannes and Vasilomanolakis, Emmanouil (2018):
Sphinx: a Colluder-Resistant Trust Mechanism for Collaborative Intrusion Detection.
In: IEEE ACCESS, IEEE, DOI: 10.1109/ACCESS.2018.2880297,
[Online-Edition: http://ieeeaccess.ieee.org],
[Article]

Abstract

The destructive effects of cyber-attacks demand more proactive security approaches. One such promising approach is the idea of Collaborative Intrusion Detection Systems (CIDSs). These systems combine the knowledge of multiple sensors (e.g., intrusion detection systems, honeypots or firewalls) to create a holistic picture of a monitored network. Sensors monitor parts of a network and exchange alert data to learn from each other, improve their detection capabilities and ultimately identify sophisticated attacks. Nevertheless, if one or a group of sensors is unreliable (due to incompetence or malice), the system might miss important information needed to detect attacks. In this article, we propose Sphinx, an evidence-based trust mechanism capable of detecting unreliable sensors within a CIDS. Sphinx detects, both, single sensors or coalitions of dishonest sensors that lie about the reliability of others to boost or worsen their trust score. Our evaluation shows that, given an honest majority of sensors, dishonesty is punished in a timely manner. Moreover, if several coalitions exist, even when more than 50% of all sensors are dishonest, dishonesty is punished.

Item Type: Article
Erschienen: 2018
Creators: Garcia Cordero, Carlos and Traverso, Giulia and Nojoumian, Mehrdad and Habib, Sheikh Mahbub and Mühlhäuser, Max and Buchmann, Johannes and Vasilomanolakis, Emmanouil
Title: Sphinx: a Colluder-Resistant Trust Mechanism for Collaborative Intrusion Detection
Language: English
Abstract:

The destructive effects of cyber-attacks demand more proactive security approaches. One such promising approach is the idea of Collaborative Intrusion Detection Systems (CIDSs). These systems combine the knowledge of multiple sensors (e.g., intrusion detection systems, honeypots or firewalls) to create a holistic picture of a monitored network. Sensors monitor parts of a network and exchange alert data to learn from each other, improve their detection capabilities and ultimately identify sophisticated attacks. Nevertheless, if one or a group of sensors is unreliable (due to incompetence or malice), the system might miss important information needed to detect attacks. In this article, we propose Sphinx, an evidence-based trust mechanism capable of detecting unreliable sensors within a CIDS. Sphinx detects, both, single sensors or coalitions of dishonest sensors that lie about the reliability of others to boost or worsen their trust score. Our evaluation shows that, given an honest majority of sensors, dishonesty is punished in a timely manner. Moreover, if several coalitions exist, even when more than 50% of all sensors are dishonest, dishonesty is punished.

Journal or Publication Title: IEEE ACCESS
Publisher: IEEE
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Telecooperation
Date Deposited: 16 Nov 2018 10:34
DOI: 10.1109/ACCESS.2018.2880297
Official URL: http://ieeeaccess.ieee.org
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item