Surveying Trust-Based Collaborative Intrusion Detection: State-of-the-Art, Challenges and Future Directions

Owing to the swift growth in cyber attacks, intrusion detection systems (IDSs) have become a necessity to help safeguard personal and organizational assets. However, with the increasing size of computer networks, it becomes difficult for a stand-alone IDS to identify sophisticated and advanced threats, such as DDoS attack, due to the lack of contextual information and knowledge regarding the deployed environments. To tackle this issue, distributed and collaborative IDSs (DIDSs and CIDSs) are developed, which enable a set of IDS nodes to operate in a collaborative way through exchanging required information. In this survey, we first summarize the state-of-the-art for traditional DIDSs according to the collaboration topology, e.g., centralized, decentralized, and distributed, and discuss major external and internal threats. Because of the distributed nature and various threats, trust is often enforced among various IDS nodes. We then summarize the relevant research on trust-based DIDSs/CIDSs in a chronological order. Also, we highlight challenges and future directions in this field. The main purpose of this survey is to stimulate more research efforts in developing robust and practical trust-based collaborative intrusion detection.