Improving attack detection in self-organizing networks: A trust-based approach toward alert satisfaction

Cyber security has become a major challenge when detecting and preventing attacks on any self-organizing network. Defining a trust and reputation mechanism is a required feature in these networks to assess whether the alerts shared by their Intrusion Detection Systems (IDS) actually report a true incident. This paper presents a way of measuring the trustworthiness of the alerts issued by the IDSs of a collaborative intrusion detection network, considering the detection skills configured in each IDS to calculate the satisfaction on each interaction (alert sharing) and, consequently, to update the reputation of the alert issuer. Without alert satisfaction, collaborative attack detection cannot be a reality in front of ill-intended IDSs. Conducted experiments demonstrate a better accuracy when detecting attacks.