Collaborative Intrusion Detection Networks and Insider Attacks

 

Carol Fung

University of Waterloo

200 University Avenue West

Waterloo, Ontario,

Canada, N2L 3G1

j22fung@uwaterloo.ca

 

 

Abstract

 

Cyber intrusion is becoming an increasingly global and urgent problem. Intrusion Detection

Systems (IDSs) are deployed to identify intrusions and mitigate their damage. A stand alone IDS

does not have complete information or knowledge to detect intrusions. A Collaborative Intrusion

Detection Network (CIDN) consists in a set of cooperating IDSs which use collective knowledge

and experience to achieve improved intrusion detection accuracy. However, insider attackers may

severely degrade the efficiency of CIDNs. This paper provides a survey of some CIDNs and analyzes

their robustness against insider attacks. We first classify network intrusions, IDSs, and insider attacks

for CIDNs according to their behaviors and the techniques they use. A taxonomy of CIDNs is then

provided with an analysis based on criteria of topology, scope, specialization, data privacy awareness,

and their vulnerabilities to insider attacks. Some of the open challenges and future directions in

cooperative CIDNs are discussed in the last section.

 

Keywords: collaborative intrusion detection networks, insider attacks

 

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA),

Vol. 2, No. 1, pp. 63-74, June 2011 [pdf]