Collaborative Intrusion Detection Networks and Insider
Attacks
Carol Fung
University of Waterloo
200 University Avenue West
Waterloo, Ontario,
Canada, N2L 3G1
j22fung@uwaterloo.ca
Abstract
Cyber intrusion is becoming an increasingly global and
urgent problem. Intrusion Detection
Systems (IDSs) are deployed to identify intrusions and
mitigate their damage. A stand alone IDS
does not have complete information or knowledge to detect
intrusions. A Collaborative Intrusion
Detection Network (CIDN) consists in a set of cooperating
IDSs which use collective knowledge
and experience to achieve improved intrusion detection
accuracy. However, insider attackers may
severely degrade the efficiency of CIDNs. This paper
provides a survey of some CIDNs and analyzes
their robustness against insider attacks. We first
classify network intrusions, IDSs, and insider attacks
for CIDNs according to their behaviors and the techniques
they use. A taxonomy of CIDNs is then
provided with an analysis based on criteria of topology,
scope, specialization, data privacy awareness,
and their vulnerabilities to insider attacks. Some of the
open challenges and future directions in
cooperative CIDNs are discussed in the last section.
Keywords: collaborative intrusion detection networks, insider attacks
Journal of Wireless Mobile Networks,
Ubiquitous Computing, and Dependable Applications (JoWUA),
Vol. 2, No. 1, pp. 63-74, June 2011 [pdf]