Probe-response attacks on collaborative intrusion detection systems: Effectiveness and countermeasures

Over the last years the number of cyber-attacks has been constantly increasing. Since isolated Intrusion Detection Systems (IDSs) cannot cope with the number and sophistication of attacks, collaboration among the defenders is required. Collaborative IDSs (CIDSs) work by exchanging alert traffic to construct a holistic view of the monitored network. However, an adversary can utilize probe-response attacks to successfully detect CIDS´s monitoring sensors. We discuss the practicability of such attacks, suggest improvements, and also propose novel techniques to reduce the effects of such attacks. Moreover, we present preliminary results in the applicability of the attacks and hints on performing such attacks in a well known CIDS.