Enhancing Trust Evaluation Using Intrusion Sensitivity in Collaborative Intrusion Detection Networks: Feasibility and Challenges

Intrusion detection systems (IDSs) have been widely deployed in computers and networks to identify a variety of attacks. But network intrusions are now becoming more and more sophisticated to detect, thus, collaborative intrusion detection networks (CIDNs) have been proposed which enables an IDS to collect information and learn experience from other IDS nodes. By maintaining interactions among a set of IDS nodes, a CIDN is expected to be more powerful in detecting some complicated attacks such as denial-of-service (DoS) than a single IDS. In real deployment, we identify that each IDS may have different levels of sensitivity in detecting different types of intrusions (i.e., based on their own signatures and settings). In this paper, we therefore define a notion of intrusion sensitivity and investigate the feasibility of using it to evaluate the trustworthiness of an IDS node. In addition, we describe several challenges when using this notion in practice. In the evaluation, the experimental results indicate that the use of intrusion sensitivity is feasible and encouraging to enhance the accuracy of detecting malicious nodes.