Collaborative Intrusion Detection Networks and Insider Attacks

Cyber intrusion is becoming an increasingly global and urgent problem. Intrusion Detection Systems (IDSs) are deployed to identify intrusions and mitigate their damage. A stand alone IDS does not have complete information or knowledge to detect intrusions. A Collaborative Intrusion Detection Network (CIDN) consists in a set of cooperating IDSs which use collective knowledge and experience to achieve improved intrusion detection accuracy. However, insider attackers may severely degrade the efficiency of CIDNs. This paper provides a survey of some CIDNs and analyzes their robustness against insider attacks. We first classify network intrusions, IDSs, and insider attacks for CIDNs according to their behaviors and the techniques they use. A taxonomy of CIDNs is then provided with an analysis based on criteria of topology, scope, specialization, data privacy awareness, and their vulnerabilities to insider attacks. Some of the open challenges and future directions in cooperative CIDNs are discussed in the last section.