Towards Trust-Aware Collaborative Intrusion Detection: Challenges and Solutions
Collaborative Intrusion Detection Systems (CIDSs) are an emerging field in cyber-security. In such an approach, multiple sensors collaborate by exchanging alert data with the goal of generating a complete picture of the monitored network. This can provide significant improvements in intrusion detection and especially in the identification of sophisticated attacks. However, the challenge of deciding to which extend a sensor can trust others, has not yet been holistically addressed in related work. In this paper, we firstly propose a set of requirements for reliable trust management in CIDSs. Afterwards, we carefully investigate the most dominant CIDS trust schemes. The main contribution of the paper is mapping the results of the analysis to the aforementioned requirements, along with a comparison of the state of the art. Furthermore, this paper identifies and discusses the research gaps and challenges with regard to trust and CIDSs.
KeywordsIntrusion Detection System Trust Management Trust Level Initial Trust Computational Trust
This work has received funding from the European Union’s Horizon 2020 Research and Innovation Program, PROTECTIVE, under Grant Agreement No 700071.
- 1.Duma, C., Karresand, M., Shahmehri, N., Caronni, G.: A trust-aware, P2P-based overlay for intrusion detection. In: 17th International Workshop on Database and Expert Systems Applications, DEXA 2006, September 2006Google Scholar
- 3.Fung, C.: Collaborative intrusion detection networks and insider attacks. J. Wireless Mob. Netw. Ubiquit. Comput. Dependable Appl. 2(1), 63–74 (2011)Google Scholar
- 5.Habib, S.M., Volk, F., Hauke, S., Mühlhäuser, M.: Computational trust methods for security quantification in the cloud ecosystem. In: The Cloud Security Ecosystem - Technical, Legal, Business and Management Issues, pp. 463–493. Syngress (2015)Google Scholar
- 11.Yu, B., Singh, M.: Detecting deception in reputation management. In: Proceedings of the Second International Joint Conference on Autonomous Agents and Multiagent Systems (2003)Google Scholar