Defense Strategies against Byzantine Attacks in a Consensus-Based Network Intrusion Detection System

Michel Toulouse, Hai Le, Cao Vien Phung, Denis Hock

Abstract


The purpose of a Network Intrusion Detection System (NIDS) is to monitor network trac such to detect malicious usages of network facilities. NIDSs can also be part of the a ected network facilities and be the subject of attacks aiming at degrading their detection capabilities. The present paper investigates such vulnerabilities in a recent consensus-based NIDS proposal [1]. This system uses an average consensus algorithm to share information among the NIDS modules and to develop coordinated responses to network intrusions. It is known however that consensus algorithms are not resilient to compromised nodes sharing falsied information, i.e. they can be the target of Byzantine attacks. Our work proposes two di erent strategies aiming at identifying compromised NIDS modules sharing falsied information. Also, a simple approach is proposed to isolate compromised modules, returning the NIDS into a non-compromised state. Validations of the defense strategies are provided through several simulations of Distributed Denial of Service attacks using the NSL-KDD data set. The eciency of the proposed methods at identifying compromised NIDS nodes and maintaining the accuracy of the NIDS is compared. The computational cost for protecting the consensus-based NIDS against Byzantine attacks is evaluated. Finally we analyze the behavior of the consensus-based NIDS once a compromised module has been isolated.


Full Text:

PDF


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.