Premium
Detection and mitigation of monitor identification attacks in collaborative intrusion detection systems
Author(s) -
Vasilomanolakis Emmanouil,
Mühlhäuser Max
Publication year - 2018
Publication title -
international journal of network management
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.373
H-Index - 28
eISSN - 1099-1190
pISSN - 1055-7148
DOI - 10.1002/nem.2059
Subject(s) - computer science , sophistication , identification (biology) , intrusion detection system , computer security , adversary , field (mathematics) , publication , class (philosophy) , data science , artificial intelligence , social science , botany , mathematics , sociology , advertising , pure mathematics , business , biology
Summary Collaborative defensive approaches such as collaborative intrusion detection system (CIDS) have emerged as a response to the continuous increase in the sophistication of cyberattacks. Such systems utilize a plethora of heterogeneous monitors to create a holistic picture of the monitored network. A number of research institutes deploy CIDSs that publish their alert data publicly over the Internet. This is important for researchers and security administrators, as such systems provide a source of real‐world alert data for experimentation. However, a class of identification attacks exists, namely probe‐response attacks (PRAs), which can significantly reduce the benefits of a CIDS. In particular, such attacks allow an adversary to detect the network location of the monitors of a CIDS. This article discusses the state of the art, with an emphasis on our previous and ongoing work, with regard to the detection and the mitigation of PRAs. We compare the most promising defensive mechanisms with respect to their effectiveness and the possible negative effects they might introduce to the CIDS. Finally, we provide a thorough discussion of research gaps and possible future directions for the field.