 Detection and mitigation of monitor identification attacks in collaborative intrusion detection systemsEmmanouil Vasilomanolakis and Max Mühlhäuser International Journal of Network Management, 2019, vol. 29, issue 2 Abstract: Collaborative defensive approaches such as collaborative intrusion detection system (CIDS) have emerged as a response to the continuous increase in the sophistication of cyberattacks. Such systems utilize a plethora of heterogeneous monitors to create a holistic picture of the monitored network. A number of research institutes deploy CIDSs that publish their alert data publicly over the Internet. This is important for researchers and security administrators, as such systems provide a source of real‐world alert data for experimentation. However, a class of identification attacks exists, namely probe‐response attacks (PRAs), which can significantly reduce the benefits of a CIDS. In particular, such attacks allow an adversary to detect the network location of the monitors of a CIDS. This article discusses the state of the art, with an emphasis on our previous and ongoing work, with regard to the detection and the mitigation of PRAs. We compare the most promising defensive mechanisms with respect to their effectiveness and the possible negative effects they might introduce to the CIDS. Finally, we provide a thorough discussion of research gaps and possible future directions for the field. Date: 2019 Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:wly:intnem:v:29:y:2019:i:2:n:e2059 Access Statistics for this article More articles in International Journal of Network Management from John Wiley & Sons |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.