TU Darmstadt / ULB / TUbiblio

Sphinx: a Colluder-Resistant Trust Mechanism for Collaborative Intrusion Detection

Garcia Cordero, Carlos ; Traverso, Giulia ; Nojoumian, Mehrdad ; Habib, Sheikh Mahbub ; Mühlhäuser, Max ; Buchmann, Johannes ; Vasilomanolakis, Emmanouil (2018):
Sphinx: a Colluder-Resistant Trust Mechanism for Collaborative Intrusion Detection.
In: IEEE Access, 6, pp. 72427-72438. IEEE, e-ISSN 2169-3536,
DOI: 10.1109/ACCESS.2018.2880297,
[Article]

Abstract

The destructive effects of cyber-attacks demand more proactive security approaches. One such promising approach is the idea of Collaborative Intrusion Detection Systems (CIDSs). These systems combine the knowledge of multiple sensors (e.g., intrusion detection systems, honeypots or firewalls) to create a holistic picture of a monitored network. Sensors monitor parts of a network and exchange alert data to learn from each other, improve their detection capabilities and ultimately identify sophisticated attacks. Nevertheless, if one or a group of sensors is unreliable (due to incompetence or malice), the system might miss important information needed to detect attacks. In this article, we propose Sphinx, an evidence-based trust mechanism capable of detecting unreliable sensors within a CIDS. Sphinx detects, both, single sensors or coalitions of dishonest sensors that lie about the reliability of others to boost or worsen their trust score. Our evaluation shows that, given an honest majority of sensors, dishonesty is punished in a timely manner. Moreover, if several coalitions exist, even when more than 50% of all sensors are dishonest, dishonesty is punished.

Item Type: Article
Erschienen: 2018
Creators: Garcia Cordero, Carlos ; Traverso, Giulia ; Nojoumian, Mehrdad ; Habib, Sheikh Mahbub ; Mühlhäuser, Max ; Buchmann, Johannes ; Vasilomanolakis, Emmanouil
Title: Sphinx: a Colluder-Resistant Trust Mechanism for Collaborative Intrusion Detection
Language: English
Abstract:

The destructive effects of cyber-attacks demand more proactive security approaches. One such promising approach is the idea of Collaborative Intrusion Detection Systems (CIDSs). These systems combine the knowledge of multiple sensors (e.g., intrusion detection systems, honeypots or firewalls) to create a holistic picture of a monitored network. Sensors monitor parts of a network and exchange alert data to learn from each other, improve their detection capabilities and ultimately identify sophisticated attacks. Nevertheless, if one or a group of sensors is unreliable (due to incompetence or malice), the system might miss important information needed to detect attacks. In this article, we propose Sphinx, an evidence-based trust mechanism capable of detecting unreliable sensors within a CIDS. Sphinx detects, both, single sensors or coalitions of dishonest sensors that lie about the reliability of others to boost or worsen their trust score. Our evaluation shows that, given an honest majority of sensors, dishonesty is punished in a timely manner. Moreover, if several coalitions exist, even when more than 50% of all sensors are dishonest, dishonesty is punished.

Journal or Publication Title: IEEE Access
Journal Volume: 6
Publisher: IEEE
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Telecooperation
Date Deposited: 16 Nov 2018 10:34
DOI: 10.1109/ACCESS.2018.2880297
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details