A Trust-Aware, P2P-Based Overlay for Intrusion Detection

Authors:
Claudiu Duma;Martin Karresand;Nahid Shahmehri;Germano Caronni
Affiliations:
Linkopings Universitet, Sweden;Swedish Defense Research Agency, Sweden;Linkopings Universitet, Sweden;Sun Microsystems Laboratories, USA
Venue:
DEXA '06 Proceedings of the 17th International Conference on Database and Expert Systems Applications
Year:
2006

Citing 0
Cited 7

Trust Management for Host-Based Collaborative Intrusion Detection

DSOM '08 Proceedings of the 19th IFIP/IEEE international workshop on Distributed Systems: Operations and Management: Managing Large-Scale Service Deployment
Robust and scalable trust management for collaborative intrusion detection

IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
A game-theoretical approach to incentive design in collaborative intrusion detection network

GameNets'09 Proceedings of the First ICST international conference on Game Theory for Networks
P2P-AIS: a P2P artificial immune systems architecture for detecting DDoS flooding attacks

GIIS'09 Proceedings of the Second international conference on Global Information Infrastructure Symposium
Trust Management and Admission Control for Host-Based Collaborative Intrusion Detection

Journal of Network and Systems Management
TRAP: open decentralized distributed spam filtering

TrustBus'11 Proceedings of the 8th international conference on Trust, privacy and security in digital business
Game theory meets network security and privacy

ACM Computing Surveys (CSUR)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Collaborative intrusion detection systems (IDSs) have a great potential for addressing the challenges posed by the increasing aggressiveness of current Internet attacks. However, one of the major concerns with the proposed collaborative IDSs is their vulnerability to the insider threat. Malicious intruders, infiltrating such a system, could poison the collaborative detectors with false alarms, disrupting the intrusion detection functionality and placing at risk the whole system. In this paper, we propose a P2P-based overlay for intrusion detection (Overlay IDS) that addresses the insider threat by means of a trust-aware engine for correlating alerts and an adaptive scheme for managing trust. We have implemented our system using JXTA framework and we have evaluated its effectiveness for preventing the spread of a real Internet worm over an emulated network. The evaluation results show that our Overlay IDS significantly increases the overall survival rate of the network.