Abstract
The accuracy of detecting an intrusion within a network of intrusion detection systems (IDSes) depends on the efficiency of collaboration between member IDSes. The security itself within this network is an additional concern that needs to be addressed. In this paper, we present a trust-based framework for secure and effective collaboration within an intrusion detection network (IDN). In particular, we design a trust model that allows each IDS to evaluate the trustworthiness of other IDSes based on its personal experience. We also propose an admission control algorithm for the IDS to manage the acquaintances it approaches for advice about intrusions. We discuss the effectiveness of our approach in protecting the IDN against common attacks. Additionally, experimental results demonstrate that our system yields significant improvement in detecting intrusions. The trust model further improves the robustness of the collaborative system against malicious attacks. The experimental results also support that our admission control algorithm is effective and fair, and creates incentives for collaboration.
Similar content being viewed by others
References
Danchev, D.: Conficker’s estimated economic cost? $9.1 billion. http://www.zdnet.com/blog/security/confickers-estimated-economic-cost-91-billion/3207 (2009). Accessed 3 Aug 2010
Zhou, C., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Comput. Secur. 29(1), 124–140 (2010)
Ullrich, J.: DShield. http://www.dshield.org (2000). Accessed 3 Aug 2010
Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings of 2002 IEEE Symposium on Security and Privacy, pp. 202–215. (2002)
Janakiraman, R., Zhang, M.: Indra: a peer-to-peer approach to network intrusion detection and prevention. In: WET ICE 2003. Proceedings of the 12th IEEE International Workshops on Enabling Technologies. (2003)
Cai, M., Hwang, K., Kwok, Y., Song, S., Chen, Y.: Collaborative internet worm containment. IEEE Secur. Priv. 3(3), 25–33 (2005)
Duma, C., Karresand, M., Shahmehri, N., Caronni, G.: A trust-aware, p2p-based overlay for intrusion detection. In: DEXA Workshops (2006)
Zhang, J., Cohen, R.: Trusting advice from other buyers in e-marketplaces: the problem of unfair ratings. In: ICEC ’06, pp. 225–234. ACM, New York, NY (2006)
Aycock, J.: Painting the internet: a different kind of warhol worm. Technical report, TR2006-834-27. University of Calgary (2006)
Douceur, J.: The sybil attack. In: Peer-to-Peer Systems: First International Workshop, IPTPS 2002, Cambridge, MA, USA, 7–8 March 2002
Resnick, P., Kuwabara, K., Zeckhauser, R., Friedman, E.: Reputation systems. Commun. ACM 43(12), 45–48 (2000)
Li, Z., Chen, Y., Beach, A.: Towards scalable and robust distributed intrusion alert fusion with good load balancing. In: LSAD ’06 (2006)
Ghosh, A., Sen, S.: Agent-based distributed intrusion alert system. In: Proceedings of the 6th International Workshop on Distributed Computing (IWDCG04). Springer (2004)
Fung, C., Zhang, J., Aib, I., Boutaba, R.: Robust and scalable trust management for collaborative intrusion detection. In: Proceedings of the Eleventh IFIP/IEEE International Symposium on Integrated Network Management (IM) (2009)
Marsh, S.: Formalising Trust as a Computational Concept. Ph.D. thesis, Department of Mathematics and Computer Science, University of Stirling (1994)
Tran, T., Cohen, R.: Improving user satisfaction in agent-based electronic marketplaces by reputation modeling and adjustable product quality. In: Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems (AAMAS), pp. 828–835. (2004)
Whitby, A., Jøsang, A., Indulska, J.: Filtering out unfair ratings in bayesian reputation systems. Icfain J. Manage. Res., 48–64 (2005)
Teacy, W.T.L., Patel, J., Jennings, N.R., Luck, M.: Coping with inaccurate reputation sources: experimental analysis of a probabilistic trust model. In: Proceedings of Fourth International Autonomous Agents and Multiagent Systems (AAMAS), pp. 997–1004. (2005)
Sabater, J., Sierra, C.: Regret: A reputation model for gregarious societies. In: Proceedings of the Fifth International Conference on Autonomous Agents Workshop on Deception, Fraud and Trust in Agent Societies, pp. 61–69. (2001)
Kamvar, S., Schlosser, M., Garcia-Molina, H.: The eigentrust algorithm for reputation management in p2p networks. In: WWW ’03: Proceedings of the 12th International Conference on World Wide Web, pp. 640–651. ACM Press (2003)
Jiang, T., Baras, J.: Trust evaluation in anarchy: a case study on autonomous networks. In: INFOCOM, IEEE (2006)
Sun, Y., Han, Z., Yu, W., Liu, K.: A trust evaluation framework in distributed networks: vulnerability analysis and defense against attacks. In: INFOCOM, IEEE (2006)
Xiong, L., Liu, L.: Peertrust: supporting reputation-based trust for peer-to-peer electronic communities. IEEE Trans. Knowl. Data Eng. 16(7), 843–857 (2004)
Mekouar, L., Iraqi, Y., Boutaba, R.: Reputation-based trust management in peer-to-peer systems: taxonomy and anatomy. In: Handbook of Peer-to-Peer Networking, pp. 689–732. (2010)
Rahbar, A., Yang, O.: Powertrust: a robust and scalable reputation system for trusted peer-to-peer computing. IEEE Trans. Parallel Distrib. Syst. 18(4), 460–473 (2007)
Srivatsa, M., Xiong, L., Liu, L.: TrustGuard: countering vulnerabilities in reputation management for decentralized overlay networks. In: Proceedings of the 14th International Conference on World Wide Web, pp. 422–431. ACM New York, NY, USA (2005)
Zhang, Y., Fang, Y.: A fine-grained reputation system for reliable service selection in peer-to-peer networks. IEEE Trans. Parallel Distrib. Syst., 1134–1145 (2007)
Acknowledgments
This work was supported in part by the Natural Science and Engineering Council of Canada (NSERC) Strategic program and in part by the WCU (World Class University) program through the Korea National Research Foundation funded by the Ministry of Education, Science and Technology (Project No. R31-2008-000-10100-0).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Fung, C., Zhang, J., Aib, I. et al. Trust Management and Admission Control for Host-Based Collaborative Intrusion Detection. J Netw Syst Manage 19, 257–277 (2011). https://doi.org/10.1007/s10922-010-9176-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10922-010-9176-7