More Web Proxy on the site http://driver.im/

research-article

Towards Bayesian-Based Trust Management for Insider Attacks in Healthcare Software-Defined Networks

Authors:

Kim-Kwang Raymond Choo,

Steven Furnell,

Athanasios V. Vasilakos,

Christian W. ProbstAuthors Info & Claims

IEEE Transactions on Network and Service Management, Volume 15, Issue 2

Pages 761 - 773

https://doi.org/10.1109/TNSM.2018.2815280

Published: 01 June 2018 Publication History

Abstract

The medical industry is increasingly digitalized and Internet-connected (e.g., Internet of Medical Things), and when deployed in an Internet of Medical Things environment, software-defined networks (SDNs) allow the decoupling of network control from the data plane. There is no debate among security experts that the security of Internet-enabled medical devices is crucial, and an ongoing threat vector is insider attacks. In this paper, we focus on the identification of insider attacks in healthcare SDNs. Specifically, we survey stakeholders from 12 healthcare organizations (i.e., two hospitals and two clinics in Hong Kong, two hospitals and two clinics in Singapore, and two hospitals and two clinics in China). Based on the survey findings, we develop a trust-based approach based on Bayesian inference to figure out malicious devices in a healthcare environment. Experimental results in either a simulated and a real-world network environment demonstrate the feasibility and effectiveness of our proposed approach regarding the detection of malicious healthcare devices, i.e., our approach could decrease the trust values of malicious devices faster than similar approaches.

References

[1]

A. AlEroud and I. Alsmadi, “Identifying cyber-attacks on software defined networks: An inference-based intrusion detection approach,” J. Netw. Comput. Appl., vol. 80, pp. 152–164, Feb. 2017.

Digital Library

[2]

F. Bao, I.-R. Chen, M. Chang, and J.-H. Cho, “Trust-based intrusion detection in wireless sensor networks,” in Proc. IEEE Int. Conf. Commun. (ICC), Kyoto, Japan, 2011, pp. 1–6.

[3]

F. Bao, I.-R. Chen, M. Chang, and J.-H. Cho, “Hierarchical trust management for wireless sensor networks and its applications to trust-based routing and intrusion detection,” IEEE Trans. Netw. Service Manag., vol. 9, no. 2, pp. 169–183, Jun. 2012.

[4]

C. Beek, C. McFarland, and R. Samani. (Oct. 2016). Mcafee Report: Health Warning-Cyberattacks are Targeting the Health Care Industry. [Online]. Available: https://www.mcafee.com/us/resources/reports/rp-health-warning.pdf

[5]

B. Chappell and M. Penman. Ransomware Attacks Ravage Computer Networks in Dozens of Countries. Accessed: Nov. 15, 2017. [Online]. Available: http://www.npr.org/sections/thetwo-way/2017/05/12/528119808/large-cyber-attack-hits-englands-nhs-hospital-system-ransoms-demanded

[6]

H. Chen, H. Wu, J. Hu, and C. Gao, “Event-based trust framework model in wireless sensor networks,” in Proc. Int. Conf. Netw. Archit. Stor. (NAS), 2008, pp. 359–364.

[7]

J.-H. Cho, A. Swami, and I.-R. Chen, “A survey on trust management for mobile ad hoc networks,” IEEE Commun. Surveys Tuts., vol. 13, no. 4, pp. 562–583, 4th Quart., 2011.

[8]

C. Duma, M. Karresand, N. Shahmehri, and G. Caronni, “A trust-aware, P2P-based overlay for intrusion detection,” in Proc. 17th Int. Workshop Database Expert Syst. Appl. (DEXA), Kraków, Poland, 2006, pp. 692–697.

[9]

J. M. Gonzalez, M. Anwar, and J. B. D. Joshi, “A trust-based approach against IP-spoofing attacks,” in Proc. 9th Int. Conf. Privacy Security Trust (PST), Montreal, QC, Canada, 2011, pp. 63–70.

[10]

A. K. Ghosh, J. Wanken, and F. Charron, “Detecting anomalous and unknown intrusions against programs,” in Proc. Annu. Comput. Security Appl. Conf. (ACSAC), Phoenix, AZ, USA, 1998, pp. 259–267.

[11]

P. C. Evans and M. Annunziata. (Nov. 2012). Industrial Internet, Pushing the Boundary of Mind and Machines. [Online]. Available: http://www.ge.com/sites/default/files/Industrial_Internet.pdf

[12]

G. Grispos, W. B. Glisson, and K.-K. R. Choo, “Medical cyber-physical systems development: A forensics-driven approach,” in Proc. IEEE/ACM Conf. Connected Health Appl. Syst. Eng. Technol. (CHASE), Philadelphia, PA, USA, 2017, pp. 108–114.

[13]

J. Guo, A. Marshall, and B. Zhou, “A new trust management framework for detecting malicious and selfish behaviour for mobile ad hoc networks,” in Proc. 10th IEEE Int. Conf. Trust Security Privacy Comput. Commun. (TrustCom), Changsha, China, 2011, pp. 142–149.

[14]

T. Haet al., “Suspicious traffic sampling for intrusion detection in software-defined networks,” Comput. Netw., vol. 109, pp. 172–182, Nov. 2016.

Digital Library

[15]

P. Harries. (Dec. 2014). The Prognosis for Healthcare Payers and Providers: Rising Cybersecurity Risks and Costs. [Online]. Available: http://usblogs.pwc.com/cybersecurity/the-prognosis-for-healthcare-payers-and-providers-rising-cybersecurity-risks-and-costs/

[16]

R. Hasan, S. Zawoad, S. Noor, M. M. Haque, and D. Burke, “How secure is the healthcare network from insider attacks? An audit guideline for vulnerability analysis,” in Proc. 40th Annu. Comput. Softw. Appl. Conf., Atlanta, GA, USA, 2016, pp. 417–422.

[17]

J. Healey, N. Pollard, and B. Woods. (Mar. 2015). The Healthcare Internet of Things: Rewards and Risks. [Online]. Available: http://www.mcafee.com/mx/resources/reports/rp-healthcare-iot-rewards-risks.pdf

[18]

C. J. Fung, O. Baysal, J. Zhang, I. Aib, and R. Boutaba, “Trust management for host-based collaborative intrusion detection,” in Proc. 19th IFIP/IEEE Int. Workshop Distrib. Syst. Oper. Manag. (DSOM), 2008, pp. 109–122.

[19]

C. J. Fung, O. Baysal, J. Zhang, I. Aib, and R. Boutaba, “Robust and scalable trust management for collaborative intrusion detection,” in Proc. IFIP/IEEE Int. Symp. Integr. Netw. Manag. (IM), 2009, pp. 33–40.

[20]

S. Larson. Why Hospitals are so Vulnerable to Ransomware Attacks. Accessed: Nov. 10, 2017. [Online]. Available: http://money.cnn.com/2017/05/16/technology/hospitals-vulnerable-wannacry-ransomware/index.html

[21]

Z. Li, Y. Chen, and A. Beach, “Towards scalable and robust distributed intrusion alert fusion with good load balancing,” in Proc. SIGCOMM Workshop Largescale Attack Defense (LISA), Pisa, Italy, 2006, pp. 115–122.

[22]

W. Li, Y. Meng, and L.-F. Kwok, “Enhancing trust evaluation using intrusion sensitivity in collaborative intrusion detection networks: Feasibility and challenges,” in Proc. 9th Int. Conf. Comput. Intell. Security (CIS), Leshan, China, 2013, pp. 518–522.

[23]

W. Li, W. Meng, and L.-F. Kwok, “Design of intrusion sensitivity-based trust management model for collaborative intrusion detection networks,” in Proc. 8th IFIP WG 11.11 Int. Conf. Trust Manag. (IFIPTM), 2014, pp. 61–76.

[24]

W. Li, W. Meng, and L. F. Kwok, “A survey on OpenFlow-based software defined networks: Security challenges and countermeasures,” J. Netw. Comput. Appl., vol. 68, pp. 126–139, Jun. 2016.

Digital Library

[25]

W. Li, W. Meng, L.-F. Kwok, and H. H. S. Ip, “Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model,” J. Netw. Comput. Appl., vol. 77, pp. 135–145, Jan. 2017.

Digital Library

[26]

Y. Meng and L.-F. Kwok, “Enhancing false alarm reduction using voted ensemble selection in intrusion detection,” Int. J. Comput. Intell. Syst., vol. 6, no. 4, pp. 626–638, 2013.

[27]

Y. Meng, L.-F. Kwok, and W. Li, “Towards designing packet filter with a trust-based approach using Bayesian inference in network intrusion detection,” in Proc. 8th Int. Conf. Security Privacy Commun. Netw. (SECURECOMM), Padua, Italy, 2012, pp. 203–221.

[28]

Y. Meng, W. Li, and L.-F. Kwok, “Evaluation of detecting malicious nodes using Bayesian model in wireless intrusion detection,” in Proc. 7th Int. Conf. Netw. Syst. Security (NSS), Madrid, Spain, 2013, pp. 40–53.

[29]

W. Meng, W. Li, and L.-F. Kwok, “EFM: Enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism,” Comput. Security vol. 43, pp. 189–204, Jun. 2014.

[30]

Y. Meng and L.-F. Kwok, “Adaptive blacklist-based packet filter with a statistic-based approach in network intrusion detection,” J. Netw. Comput. Appl., vol. 39, pp. 83–92, Mar. 2014.

[31]

W. Meng, W. Li, and L.-F. Kwok, “Design of intelligent KNN-based alarm filter using knowledge-based alert verification in intrusion detection,” Security Commun. Netw., vol. 8, no. 18, pp. 3883–3895, 2015.

Digital Library

[32]

W. Meng, W. Li, Y. Xiang, and K.-K. R. Choo, “A Bayesian inference-based detection mechanism to defend medical smartphone networks against insider attacks,” J. Netw. Comput. Appl., vol. 78, pp. 162–169, Jan. 2017.

Digital Library

[33]

ONF. (Aug. 2016). A Healthy Dose of SDN. [Online]. Available: https://www.opennetworking.org/?p=2411&option=com_wordpress&Itemid=316

[34]

J. Peng, K.-K. R. Choo, and H. Ashman, “User profiling in intrusion detection: A review,” J. Netw. Comput. Appl., vol. 72, pp. 14–27, Sep. 2016.

Digital Library

[35]

P. A. Porras and R. A. Kemmerer, “Penetration state transition analysis: A rule-based intrusion detection approach,” in Proc. 8th Annu. Comput. Security Appl. Conf. (ACSAC), San Antonio, TX, USA, 1992, pp. 220–229.

[36]

M. J. Probst and S. K. Kasera, “Statistical trust establishment in wireless sensor networks,” in Proc. Int. Conf. Parallel Distrib. Syst. (ICPADS), Hsinchu, Taiwan, 2007, pp. 1–8.

[37]

F. Wang, C. Huang, J. Zhang, and C. Rong, “IDMTM: A novel intrusion detection mechanism based on trust model for ad-hoc networks,” in Proc. 22nd IEEE Int. Conf. Adv. Inf. Netw. Appl. (AINA), 2008, pp. 978–984.

[38]

K. Scarfone and P. Mell, Guide to Intrusion Detection and Prevention Systems (IDPS), document SP 800-31, Inf. Technol. Lab., NIST, Gaithersburg, MD, USA, 2007. [Online]. Available: http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf

[39]

R. A. Shaikhet al., “Group-based trust management scheme for clustered wireless sensor networks,” IEEE Trans. Parallel Distrib. Syst., vol. 20, no. 11, pp. 1698–1712, Nov. 2009.

Digital Library

[40]

Snort: An an Open Source Network Intrusion Prevention and Detection System (IDS/IPS). Accessed: Nov. 1, 2017. [Online]. Available: http://www.snort.org/

[41]

Symantec. (Jun. 2015). Networked Medical Devices: Security and Privacy Threats. [Online]. Available: https://www.symantec.com/content/en/us/enterprise/white_papers/b-networked_medical_devices_WP_21177186.en-us.pdf

[42]

Y. L. Sun, W. Yu, Z. Han, and K. J. R. Liu, “Information theoretic framework of trust modeling and evaluation for ad hoc networks,” IEEE J. Sel. Areas Commun., vol. 24, no. 2, pp. 305–317, Feb. 2006.

Digital Library

[43]

E. Tara. (Apr. 2015). 92% of Healthcare IT Admins Fear Insider Threats. [Online]. Available: https://www.infosecurity-magazine.com/news/92-of-healthcare-it-admins-fear/

[44]

T. A. Tuan, “A game-theoretic analysis of trust management in P2P systems,” in Proc. 1st Int. Conf. Commun. Electron. (ICCE), 2006, pp. 130–134.

[45]

E. Vasilomanolakis, S. Karuppayah, M. Mühlhäuser, and M. Fischer, “Taxonomy and survey of collaborative intrusion detection,” ACM Comput. Surveys, vol. 47, no. 4, 2015, Art. no.

[46]

Wireshark: Network Protocol Analyzer. Accessed: Nov. 7, 2017. [Online]. Available: http://www.wireshark.org/

[47]

P. A. H. Williams and A. J. Woodward, “Cybersecurity vulnerabilities in medical devices: A complex environment and multifaceted problem,” Med. Devices Evidence Res., vol. 8, pp. 305–316, Jul. 2015.

[48]

Y.-S. Wu, B. Foo, Y. Mei, and S. Bagchi, “Collaborative intrusion detection system (CIDS): A framework for accurate and efficient IDS,” in Proc. Annu. Comput. Security Appl. Conf. (ACSAC), 2003, pp. 234–244.

[49]

T. Zahariadis, P. Trakadas, H. C. Leligou, S. Maniatis, and P. Karkazis, “A novel trust-aware geographical routing scheme for wireless sensor networks,” Wireless Pers. Commun., vol. 69, no. 2, pp. 805–826, 2013.

Digital Library

[50]

J. Zhang, R. Shankaran, M. A. Orgun, V. Varadharajan, and A. Sattar, “A dynamic trust establishment and management framework for wireless sensor networks,” in Proc. IEEE/IFIP Int. Conf. Embedded Ubiquitous Comput. (EUC), 2010, pp. 484–491.

[51]

C. V. Zhou, C. Leckie, and S. Karunasekera, “A survey of coordinated attacks and collaborative intrusion detection,” Comput. Securirty, vol. 29, no. 1, pp. 124–140, 2010.

Digital Library

Cited By

Tao XLu SZhao FLan RChen LFu LJia R(2024)User Behavior Threat Detection Based on Adaptive Sliding Window GANIEEE Transactions on Network and Service Management10.1109/TNSM.2024.335569821:2(2493-2503)Online publication date: 18-Jan-2024
https://dl.acm.org/doi/10.1109/TNSM.2024.3355698
Zhu RBoukerche ALong LYang Q(2024)Design Guidelines on Trust Management for Underwater Wireless Sensor NetworksIEEE Communications Surveys & Tutorials10.1109/COMST.2024.338972826:4(2547-2576)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1109/COMST.2024.3389728
Al-Mhiqani MAlsboui TAl-Shehari TAbdulkareem KAhmad RMohammed M(2024)Insider threat detection in cyber-physical systemsComputers and Electrical Engineering10.1016/j.compeleceng.2024.109489119:PAOnline publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1016/j.compeleceng.2024.109489
Show More Cited By

Index Terms

Towards Bayesian-Based Trust Management for Insider Attacks in Healthcare Software-Defined Networks

Index terms have been assigned to the content through auto-classification.

Recommendations

DoS/DDoS attacks in Software Defined Networks: Current situation, challenges and future directions
Abstract
Software-Defined Network (SDN) is a perception of networking that separates the network into different layers responsible for applications, control, and data, thus providing a flexible and programmable architecture and making the network more ...
Highlights
- Detail of DoS/DDoS attacks across SDN layers and boundaries.
- Review the existing solutions for dealing with DoS/DDoS attacks in SDN.
- Security Issues and Challenges in the SDN environment are discussed.
- Vision for addressing DoS/...
ISDSDN: Mitigating SYN Flood Attacks in Software Defined Networks
Abstract
Software defined networking (SDN) has emerged over the past few years as a novel networking technology that enables fast and easy network management. Separating the control plane and the data plane in SDNs allows for dynamic network management, ...
Mitigating attacks in software defined networks
Abstract
Future network innovation lies in software defined networking (SDN). This innovative technology has revolutionised the networking world for half a decade and contributes to transform legacy network architectures. This transformation blesses the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE Transactions on Network and Service Management

IEEE Transactions on Network and Service Management Volume 15, Issue 2

June 2018

375 pages

ISSN:1932-4537

Issue’s Table of Contents

1932-4537 © 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

Publisher

IEEE Press

Publication History

Published: 01 June 2018

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Tao XLu SZhao FLan RChen LFu LJia R(2024)User Behavior Threat Detection Based on Adaptive Sliding Window GANIEEE Transactions on Network and Service Management10.1109/TNSM.2024.335569821:2(2493-2503)Online publication date: 18-Jan-2024
https://dl.acm.org/doi/10.1109/TNSM.2024.3355698
Zhu RBoukerche ALong LYang Q(2024)Design Guidelines on Trust Management for Underwater Wireless Sensor NetworksIEEE Communications Surveys & Tutorials10.1109/COMST.2024.338972826:4(2547-2576)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1109/COMST.2024.3389728
Al-Mhiqani MAlsboui TAl-Shehari TAbdulkareem KAhmad RMohammed M(2024)Insider threat detection in cyber-physical systemsComputers and Electrical Engineering10.1016/j.compeleceng.2024.109489119:PAOnline publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1016/j.compeleceng.2024.109489
López Martínez AGil Pérez MRuiz-Martínez A(2023)A Comprehensive Review of the State-of-the-Art on Security and Privacy Issues in HealthcareACM Computing Surveys10.1145/357115655:12(1-38)Online publication date: 28-Mar-2023
https://dl.acm.org/doi/10.1145/3571156
Khan TSingh K(2023)RTM: Realistic Weight-Based Reliable Trust Model for Large Scale WSNsWireless Personal Communications: An International Journal10.1007/s11277-022-10165-7129:2(953-991)Online publication date: 11-Jan-2023
https://dl.acm.org/doi/10.1007/s11277-022-10165-7
Li WWang YLi J(2023)A blockchain-enabled collaborative intrusion detection framework for SDN-assisted cyber-physical systemsInternational Journal of Information Security10.1007/s10207-023-00687-x22:5(1219-1230)Online publication date: 6-Apr-2023
https://dl.acm.org/doi/10.1007/s10207-023-00687-x
Adam RMeng W(2023)Securing 5G Positioning via Zero Trust ArchitectureArtificial Intelligence Security and Privacy10.1007/978-981-99-9785-5_39(563-578)Online publication date: 3-Dec-2023
https://dl.acm.org/doi/10.1007/978-981-99-9785-5_39
Meng WLi WHan JSu C(2022)Security, Trust, and Privacy in Machine Learning-Based Internet of ThingsSecurity and Communication Networks10.1155/2022/98514632022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/9851463
Bampatsikos MPolitis IXenakis CC. A. Thomopoulos S(2021)Solving the cold start problem in Trust Management in IoTProceedings of the 16th International Conference on Availability, Reliability and Security10.1145/3465481.3469208(1-9)Online publication date: 17-Aug-2021
https://dl.acm.org/doi/10.1145/3465481.3469208
Le DZincir-Heywood NHeywood M(2020)Analyzing Data Granularity Levels for Insider Threat Detection Using Machine LearningIEEE Transactions on Network and Service Management10.1109/TNSM.2020.296772117:1(30-44)Online publication date: 1-Mar-2020
https://dl.acm.org/doi/10.1109/TNSM.2020.2967721
Show More Cited By

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents