Defense Strategies against Byzantine Attacks in a Consensus-Based Network Intrusion Detection System
Abstract
The purpose of a Network Intrusion Detection System (NIDS) is to monitor network trac such to detect malicious usages of network facilities. NIDSs can also be part of the a ected network facilities and be the subject of attacks aiming at degrading their detection capabilities. The present paper investigates such vulnerabilities in a recent consensus-based NIDS proposal [1]. This system uses an average consensus algorithm to share information among the NIDS modules and to develop coordinated responses to network intrusions. It is known however that consensus algorithms are not resilient to compromised nodes sharing falsied information, i.e. they can be the target of Byzantine attacks. Our work proposes two di erent strategies aiming at identifying compromised NIDS modules sharing falsied information. Also, a simple approach is proposed to isolate compromised modules, returning the NIDS into a non-compromised state. Validations of the defense strategies are provided through several simulations of Distributed Denial of Service attacks using the NSL-KDD data set. The eciency of the proposed methods at identifying compromised NIDS nodes and maintaining the accuracy of the NIDS is compared. The computational cost for protecting the consensus-based NIDS against Byzantine attacks is evaluated. Finally we analyze the behavior of the consensus-based NIDS once a compromised module has been isolated.
Downloads
Published
06/06/2017
How to Cite
Toulouse, M., Le, H., Phung, C. V., & Hock, D. (2017). Defense Strategies against Byzantine Attacks in a Consensus-Based Network Intrusion Detection System. Informatica, 41(2). Retrieved from https://www.informatica.si/index.php/informatica/article/view/1665
Issue
Section
Special issue papers
License
Authors retain copyright in their work. By submitting to and publishing with Informatica, authors grant the publisher (Slovene Society Informatika) the non-exclusive right to publish, reproduce, and distribute the article and to identify itself as the original publisher.
All articles are published under the Creative Commons Attribution license CC BY 3.0. Under this license, others may share and adapt the work for any purpose, provided appropriate credit is given and changes (if any) are indicated.
Authors may deposit and share the submitted version, accepted manuscript, and published version, provided the original publication in Informatica is properly cited.
