Skip to main content
SpringerLink
Log in

Trust Management and Admission Control for Host-Based Collaborative Intrusion Detection

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

The accuracy of detecting an intrusion within a network of intrusion detection systems (IDSes) depends on the efficiency of collaboration between member IDSes. The security itself within this network is an additional concern that needs to be addressed. In this paper, we present a trust-based framework for secure and effective collaboration within an intrusion detection network (IDN). In particular, we design a trust model that allows each IDS to evaluate the trustworthiness of other IDSes based on its personal experience. We also propose an admission control algorithm for the IDS to manage the acquaintances it approaches for advice about intrusions. We discuss the effectiveness of our approach in protecting the IDN against common attacks. Additionally, experimental results demonstrate that our system yields significant improvement in detecting intrusions. The trust model further improves the robustness of the collaborative system against malicious attacks. The experimental results also support that our admission control algorithm is effective and fair, and creates incentives for collaboration.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. Danchev, D.: Conficker’s estimated economic cost? $9.1 billion. http://www.zdnet.com/blog/security/confickers-estimated-economic-cost-91-billion/3207 (2009). Accessed 3 Aug 2010

  2. Zhou, C., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Comput. Secur. 29(1), 124–140 (2010)

    Article  Google Scholar 

  3. Ullrich, J.: DShield. http://www.dshield.org (2000). Accessed 3 Aug 2010

  4. Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings of 2002 IEEE Symposium on Security and Privacy, pp. 202–215. (2002)

  5. Janakiraman, R., Zhang, M.: Indra: a peer-to-peer approach to network intrusion detection and prevention. In: WET ICE 2003. Proceedings of the 12th IEEE International Workshops on Enabling Technologies. (2003)

  6. Cai, M., Hwang, K., Kwok, Y., Song, S., Chen, Y.: Collaborative internet worm containment. IEEE Secur. Priv. 3(3), 25–33 (2005)

    Article  Google Scholar 

  7. Duma, C., Karresand, M., Shahmehri, N., Caronni, G.: A trust-aware, p2p-based overlay for intrusion detection. In: DEXA Workshops (2006)

  8. Zhang, J., Cohen, R.: Trusting advice from other buyers in e-marketplaces: the problem of unfair ratings. In: ICEC ’06, pp. 225–234. ACM, New York, NY (2006)

  9. Aycock, J.: Painting the internet: a different kind of warhol worm. Technical report, TR2006-834-27. University of Calgary (2006)

  10. Douceur, J.: The sybil attack. In: Peer-to-Peer Systems: First International Workshop, IPTPS 2002, Cambridge, MA, USA, 7–8 March 2002

  11. Resnick, P., Kuwabara, K., Zeckhauser, R., Friedman, E.: Reputation systems. Commun. ACM 43(12), 45–48 (2000)

    Article  Google Scholar 

  12. Li, Z., Chen, Y., Beach, A.: Towards scalable and robust distributed intrusion alert fusion with good load balancing. In: LSAD ’06 (2006)

  13. Ghosh, A., Sen, S.: Agent-based distributed intrusion alert system. In: Proceedings of the 6th International Workshop on Distributed Computing (IWDCG04). Springer (2004)

  14. Fung, C., Zhang, J., Aib, I., Boutaba, R.: Robust and scalable trust management for collaborative intrusion detection. In: Proceedings of the Eleventh IFIP/IEEE International Symposium on Integrated Network Management (IM) (2009)

  15. Marsh, S.: Formalising Trust as a Computational Concept. Ph.D. thesis, Department of Mathematics and Computer Science, University of Stirling (1994)

  16. Tran, T., Cohen, R.: Improving user satisfaction in agent-based electronic marketplaces by reputation modeling and adjustable product quality. In: Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems (AAMAS), pp. 828–835. (2004)

  17. Whitby, A., Jøsang, A., Indulska, J.: Filtering out unfair ratings in bayesian reputation systems. Icfain J. Manage. Res., 48–64 (2005)

  18. Teacy, W.T.L., Patel, J., Jennings, N.R., Luck, M.: Coping with inaccurate reputation sources: experimental analysis of a probabilistic trust model. In: Proceedings of Fourth International Autonomous Agents and Multiagent Systems (AAMAS), pp. 997–1004. (2005)

  19. Sabater, J., Sierra, C.: Regret: A reputation model for gregarious societies. In: Proceedings of the Fifth International Conference on Autonomous Agents Workshop on Deception, Fraud and Trust in Agent Societies, pp. 61–69. (2001)

  20. Kamvar, S., Schlosser, M., Garcia-Molina, H.: The eigentrust algorithm for reputation management in p2p networks. In: WWW ’03: Proceedings of the 12th International Conference on World Wide Web, pp. 640–651. ACM Press (2003)

  21. Jiang, T., Baras, J.: Trust evaluation in anarchy: a case study on autonomous networks. In: INFOCOM, IEEE (2006)

  22. Sun, Y., Han, Z., Yu, W., Liu, K.: A trust evaluation framework in distributed networks: vulnerability analysis and defense against attacks. In: INFOCOM, IEEE (2006)

  23. Xiong, L., Liu, L.: Peertrust: supporting reputation-based trust for peer-to-peer electronic communities. IEEE Trans. Knowl. Data Eng. 16(7), 843–857 (2004)

    Article  Google Scholar 

  24. Mekouar, L., Iraqi, Y., Boutaba, R.: Reputation-based trust management in peer-to-peer systems: taxonomy and anatomy. In: Handbook of Peer-to-Peer Networking, pp. 689–732. (2010)

  25. Rahbar, A., Yang, O.: Powertrust: a robust and scalable reputation system for trusted peer-to-peer computing. IEEE Trans. Parallel Distrib. Syst. 18(4), 460–473 (2007)

    Article  Google Scholar 

  26. Srivatsa, M., Xiong, L., Liu, L.: TrustGuard: countering vulnerabilities in reputation management for decentralized overlay networks. In: Proceedings of the 14th International Conference on World Wide Web, pp. 422–431. ACM New York, NY, USA (2005)

  27. Zhang, Y., Fang, Y.: A fine-grained reputation system for reliable service selection in peer-to-peer networks. IEEE Trans. Parallel Distrib. Syst., 1134–1145 (2007)

Download references

Acknowledgments

This work was supported in part by the Natural Science and Engineering Council of Canada (NSERC) Strategic program and in part by the WCU (World Class University) program through the Korea National Research Foundation funded by the Ministry of Education, Science and Technology (Project No. R31-2008-000-10100-0).

Author information

Authors and Affiliations

  1. David R. Cheriton School of Computer Science, University of Waterloo, 200 University west, Waterloo, ON, Canada

    Carol Fung, Issam Aib & Raouf Boutaba

  2. School of Computer Engineering, Nanyang Technological University, Block N4 #02c-110 Nanyang Avenue, Singapore, 639798, Singapore

    Jie Zhang

Authors
  1. Carol Fung
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jie Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Issam Aib
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Raouf Boutaba
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Carol Fung.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Fung, C., Zhang, J., Aib, I. et al. Trust Management and Admission Control for Host-Based Collaborative Intrusion Detection. J Netw Syst Manage 19, 257–277 (2011). https://doi.org/10.1007/s10922-010-9176-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10922-010-9176-7

Keywords

Search

Navigation