Defense Strategies against Byzantine Attacks in a Consensus-Based Network Intrusion Detection System
The purpose of a Network Intrusion Detection System (NIDS) is to monitor network traffic such to detect malicious usages of network facilities. NIDSs can also be part of the affected network facilities and be the subject of attacks aiming at degrading their detection capabilities. The present paper...
Saved in:
| Published in | Informatica (Ljubljana) Vol. 41; no. 2; pp. 193 - 207 |
|---|---|
| Main Authors | , , , |
| Format | Journal Article |
| Language | English |
| Published |
Ljubljana
Slovenian Society Informatika / Slovensko drustvo Informatika
01.06.2017
|
| Subjects | |
| Online Access | Get full text |
| ISSN | 0350-5596 1854-3871 |
Cover
| Abstract | The purpose of a Network Intrusion Detection System (NIDS) is to monitor network traffic such to detect malicious usages of network facilities. NIDSs can also be part of the affected network facilities and be the subject of attacks aiming at degrading their detection capabilities. The present paper investigates such vulnerabilities in a recent consensus-based NIDS proposal [1]. This system uses an average consensus algorithm to share information among the NIDS modules and to develop coordinated responses to network intrusions. It is known however that consensus algorithms are not resilient to compromised nodes sharing falsified information, i.e. they can be the target of Byzantine attacks. Our work proposes two different strategies aiming at identifying compromised NIDS modules sharing falsified information. Also, a simple approach is proposed to isolate compromised modules, returning the NIDS into a non-compromised state. Validations of the defense strategies are provided through several simulations of Distributed Denial of Service attacks using the NSL-KDD data set. The efficiency of the proposed methods at identifying compromised NIDS nodes and maintaining the accuracy of the NIDS is compared. The computational cost for protecting the consensus-based NIDS against Byzantine attacks is evaluated. Finally we analyze the behavior of the consensus-based NIDS once a compromised module has been isolated. |
|---|---|
| AbstractList | The purpose of a Network Intrusion Detection System (NIDS) is to monitor network traffic such to detect malicious usages of network facilities. NIDSs can also be part of the affected network facilities and be the subject of attacks aiming at degrading their detection capabilities. The present paper investigates such vulnerabilities in a recent consensus-based NIDS proposal [1]. This system uses an average consensus algorithm to share information among the NIDS modules and to develop coordinated responses to network intrusions. It is known however that consensus algorithms are not resilient to compromised nodes sharing falsified information, i.e. they can be the target of Byzantine attacks. Our work proposes two different strategies aiming at identifying compromised NIDS modules sharing falsified information. Also, a simple approach is proposed to isolate compromised modules, returning the NIDS into a non-compromised state. Validations of the defense strategies are provided through several simulations of Distributed Denial of Service attacks using the NSL-KDD data set. The efficiency of the proposed methods at identifying compromised NIDS nodes and maintaining the accuracy of the NIDS is compared. The computational cost for protecting the consensus-based NIDS against Byzantine attacks is evaluated. Finally we analyze the behavior of the consensus-based NIDS once a compromised module has been isolated. |
| Author | Phung, Cao Vien Toulouse, Michel Le, Hai Hock, Denis |
| Author_xml | – sequence: 1 givenname: Michel surname: Toulouse fullname: Toulouse, Michel – sequence: 2 givenname: Hai surname: Le fullname: Le, Hai – sequence: 3 givenname: Cao surname: Phung middlename: Vien fullname: Phung, Cao Vien – sequence: 4 givenname: Denis surname: Hock fullname: Hock, Denis |
| BookMark | eNotkM1uwjAQhK2KSgXad7DUcyQ7jhPnCKE_SKg9wB1t4jUKtA7NblTRp28qepo5jL7RzExMYhfxRky1s1liXKEnYqqMVYm1ZX4nZkRHpTKjXToVfoUBI6Hccg-MhxZJwgHaSCyXlx-I3EaUC2ZoTiTbKEFW3ZiPNFCyBEIv35C_u_4k15H7gdouyhUyNvznthdi_LwXtwE-CB_-dS52z0-76jXZvL-sq8UmOZeOk6bOmjTo1AflXNH4UNc2mNJ5yIOxoGwAjXUBxhc2BHC19loh1ikqpcw4aC4er9hz330NSLw_dkMfx8a9Lm2emXw8wfwC1R1Wlg |
| ContentType | Journal Article |
| Copyright | Copyright Slovenian Society Informatika / Slovensko drustvo Informatika Jun 2017 |
| Copyright_xml | – notice: Copyright Slovenian Society Informatika / Slovensko drustvo Informatika Jun 2017 |
| DBID | 3V. 7SC 7XB 8AL 8FD 8FE 8FG 8FK ABUWG AFKRA ARAPS AZQEC BENPR BGLVJ BYOGL CCPQU DWQXO GNUQQ HCIFZ JQ2 K7- L7M L~C L~D M0N P5Z P62 PHGZM PHGZT PIMPY PKEHL PQEST PQGLB PQQKQ PQUKI PRINS Q9U |
| DatabaseName | ProQuest Central (Corporate) Computer and Information Systems Abstracts ProQuest Central (purchase pre-March 2016) Computing Database (Alumni Edition) Technology Research Database ProQuest SciTech Collection ProQuest Technology Collection ProQuest Central (Alumni) (purchase pre-March 2016) ProQuest Central (Alumni) ProQuest Central UK/Ireland Advanced Technologies & Computer Science Collection ProQuest Central Essentials - QC ProQuest Central ProQuest Technology Collection (LUT) East Europe, Central Europe Database ProQuest One Community College ProQuest Central ProQuest Central Student SciTech Premium Collection ProQuest Computer Science Collection Computer Science Database Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional Computing Database Advanced Technologies & Aerospace Database ProQuest Advanced Technologies & Aerospace Collection Proquest Central Premium ProQuest One Academic (New) ProQuest Publicly Available Content Database ProQuest One Academic Middle East (New) ProQuest One Academic Eastern Edition (DO NOT USE) ProQuest One Applied & Life Sciences ProQuest One Academic ProQuest One Academic UKI Edition ProQuest Central China ProQuest Central Basic |
| DatabaseTitle | Publicly Available Content Database Computer Science Database ProQuest Central Student Technology Collection Technology Research Database Computer and Information Systems Abstracts – Academic ProQuest One Academic Middle East (New) ProQuest Advanced Technologies & Aerospace Collection ProQuest Central Essentials ProQuest Computer Science Collection Computer and Information Systems Abstracts ProQuest Central (Alumni Edition) SciTech Premium Collection ProQuest One Community College ProQuest Central China ProQuest Central ProQuest One Applied & Life Sciences ProQuest Central Korea ProQuest Central (New) Advanced Technologies Database with Aerospace Advanced Technologies & Aerospace Collection ProQuest Computing ProQuest Central Basic ProQuest Computing (Alumni Edition) ProQuest One Academic Eastern Edition East Europe, Central Europe Database ProQuest Technology Collection ProQuest SciTech Collection Computer and Information Systems Abstracts Professional Advanced Technologies & Aerospace Database ProQuest One Academic UKI Edition ProQuest One Academic ProQuest One Academic (New) ProQuest Central (Alumni) |
| DatabaseTitleList | Publicly Available Content Database |
| Database_xml | – sequence: 1 dbid: 8FG name: ProQuest Technology Collection url: https://search.proquest.com/technologycollection1 sourceTypes: Aggregation Database |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISSN | 1854-3871 |
| EndPage | 207 |
| GroupedDBID | .4S .DC 29I 2WC 3V. 5GY 7SC 7XB 8AL 8FD 8FE 8FG 8FK AAKPC ABUWG AFKRA ALMA_UNASSIGNED_HOLDINGS ARAPS ARCSS AZQEC BENPR BGLVJ BPHCQ BYOGL CCPQU DWQXO E3Z EDO EN8 GNUQQ HCIFZ I-F JQ2 K6V K7- L7M L~C L~D M0N MK~ ML~ OK1 OVT P62 PHGZM PHGZT PIMPY PKEHL PQEST PQGLB PQQKQ PQUKI PRINS PROAC PUEGO PV9 Q9U RNS RZL TR2 TUS |
| ID | FETCH-LOGICAL-p98t-cb4c2f12df0887cdfbb5f398da6f35a05fa1eb7a3d75ffa8b1d10eeb2e0003043 |
| IEDL.DBID | BENPR |
| ISSN | 0350-5596 |
| IngestDate | Sun Sep 07 03:51:18 EDT 2025 |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 2 |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-p98t-cb4c2f12df0887cdfbb5f398da6f35a05fa1eb7a3d75ffa8b1d10eeb2e0003043 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| OpenAccessLink | https://www.proquest.com/docview/1956436350?pq-origsite=%requestingapplication%&accountid=15518 |
| PQID | 1956436350 |
| PQPubID | 1616336 |
| PageCount | 15 |
| ParticipantIDs | proquest_journals_1956436350 |
| PublicationCentury | 2000 |
| PublicationDate | 20170601 |
| PublicationDateYYYYMMDD | 2017-06-01 |
| PublicationDate_xml | – month: 06 year: 2017 text: 20170601 day: 01 |
| PublicationDecade | 2010 |
| PublicationPlace | Ljubljana |
| PublicationPlace_xml | – name: Ljubljana |
| PublicationTitle | Informatica (Ljubljana) |
| PublicationYear | 2017 |
| Publisher | Slovenian Society Informatika / Slovensko drustvo Informatika |
| Publisher_xml | – name: Slovenian Society Informatika / Slovensko drustvo Informatika |
| SSID | ssj0043182 |
| Score | 2.095471 |
| Snippet | The purpose of a Network Intrusion Detection System (NIDS) is to monitor network traffic such to detect malicious usages of network facilities. NIDSs can also... |
| SourceID | proquest |
| SourceType | Aggregation Database |
| StartPage | 193 |
| SubjectTerms | Communications traffic Computer simulation Cybersecurity Denial of service attacks Identification methods Intrusion detection systems Modules Traffic information |
| Title | Defense Strategies against Byzantine Attacks in a Consensus-Based Network Intrusion Detection System |
| URI | https://www.proquest.com/docview/1956436350 |
| Volume | 41 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVPQU databaseName: East Europe, Central Europe Database customDbUrl: eissn: 1854-3871 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0043182 issn: 0350-5596 databaseCode: BYOGL dateStart: 20120301 isFulltext: true titleUrlDefault: https://search.proquest.com/eastcentraleurope providerName: ProQuest – providerCode: PRVPQU databaseName: ProQuest Central customDbUrl: http://www.proquest.com/pqcentral?accountid=15518 eissn: 1854-3871 dateEnd: 99991231 omitProxy: true ssIdentifier: ssj0043182 issn: 0350-5596 databaseCode: BENPR dateStart: 20120301 isFulltext: true titleUrlDefault: https://www.proquest.com/central providerName: ProQuest – providerCode: PRVPQU databaseName: ProQuest Technology Collection customDbUrl: eissn: 1854-3871 dateEnd: 99991231 omitProxy: true ssIdentifier: ssj0043182 issn: 0350-5596 databaseCode: 8FG dateStart: 20120301 isFulltext: true titleUrlDefault: https://search.proquest.com/technologycollection1 providerName: ProQuest |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV07T8MwED71sbDwRjxK5YHVIontNBkQamlLQSJCqEjdKj8RS9oqWeDX48tDDEjMnuJzvs_f-e4-gBsPejJMjVeqxp9gbnhMlYdK6mKdJDEXQmtM6L9k8eKdP6_EqgNZ2wuDZZUtJlZAbTYac-S32NfGmafH4H67o-gaha-rrYWGbKwVzF01YqwL_QgnY_WgP5llr28tNnu2TOp3BRFQf5eO_yBwRSvzQ9hv7oNkXAfwCDo2P4aD1muBNL_eCZipdV5xWtKOk7UFkR9e1hclmXx9SzR8sGRcltgzTz5zIgl6caKRRUEnnqoMyeqKb_KUY6OFjweZ2rKqxMpJPbj8FJbz2fJhQRuHBLpNk5JqxXXkwsg4xAptnFLCsTQxMnZMyEA4GVo1ksyMhHMyUaEJA-u1tK2kEGdn0Ms3uT0HkkrnUqkijuPeIyaljmLLdciscMIweQGDdqPWzSkv1r8xufx_-Qr2IqTDKnsxgJ7_THvtybxUQ-gm88dhE6cfHe2lfg |
| linkProvider | ProQuest |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1LT8JAEN4gHPTi2_hA3YMeN9LubmkPxIBAQKAxBhNuzXYfhkvBtInB_-Z_c7aPeDDxxrnJJt15fDOzM_MhdAdOTziBgkxVgQYzxTwSg6skxpO-7zHOpbQF_Vnojd7Y84Ivaui7moWxbZWVT8wdtVpJWyN_sHNtjAI8th7XH8SyRtnX1YpCQ5TUCqqTrxgrBzsmevMJKVzaGfdB3veuOxzMn0akZBkg68DPiIyZdI3jKmPtTSoTx9zQwFfCM5SLFjfC0XFbUNXmxgg_dpTT0pCP6jydYBSO3UENRlkAuV-jNwhfXisoAHD2i2cM3iIQunt_HH6OYsNDtF-Gn7hb6MsRqunkGB1U1A64tPQTpPraQIKrcbW9VqdYvIslBJO4t_kSll9C426W2RF9vEywwJb60_JmpKQHyKhwWDSY43Fi5zpA_Livs7zxK8HFnvRTNN_GVZ2herJK9DnCgTAmELHL7HZ5lwohXU8z6VDNDVdUXKBmdVFRaVRp9KsCl_9_vkW7o_lsGk3H4eQK7bkWifPCSRPV4Zf1NcQRWXxTSgujaMv68QOi1eN- |
| linkToPdf | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMw1V1LS8NAEB60gnixPvHtHvSYtkl2Y3IQsdbaWq0eKuip7FOKkCqJSP1n_hV_jbN5ICh468FzIDA7s988dmY-gAMEPe5GCjNVhRZMFQ0cgVDpmECGYUAZk9IW9K_7QeeOXt6z-xn4KGdhbFtliYkZUKuxtDXyup1roz66x0bdFG0Rt632yfOLYxmk7EtrSaeRm0hPT94wfUuOuy3U9aHntc8HZx2nYBhwnqMwdaSg0jOup4y9a1IZIZjxo1DxwPiMN5jhrhZH3FdHzBgeCle5DY25qM5SCerjb2dhLgzwmlRgrvlwc3FVugF0zGH-hMEaDobtwS-wzzxYuwqfpex548pT7TUVNfn-Yy3kvzycJVgs4mpyml-EZZjR8QpUS84KUkDYKqiWNpi5a1Ku5dUJ4Y98hFEyaU7euSXO0OQ0Te3uATKKCSeW09QSgiROE12-Iv28c550YzuwgnZNWjrNOtpiki-AX4PBNERdh0o8jvUGkIgbE3HhUbs23_M5l16gqXR9zQxTPt-EnVKDwwItkuG3-rb-_rwP86jX4VW339uGBc9GGFlBaAcqKLHexfgoFXuFJRIYTlm9X5cEKw0 |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Defense+Strategies+against+Byzantine+Attacks+in+a+Consensus-Based+Network+Intrusion+Detection+System&rft.jtitle=Informatica+%28Ljubljana%29&rft.au=Toulouse%2C+Michel&rft.au=Le%2C+Hai&rft.au=Phung%2C+Cao+Vien&rft.au=Hock%2C+Denis&rft.date=2017-06-01&rft.pub=Slovenian+Society+Informatika+%2F+Slovensko+drustvo+Informatika&rft.issn=0350-5596&rft.eissn=1854-3871&rft.volume=41&rft.issue=2&rft.spage=193&rft.epage=207&rft.externalDBID=HAS_PDF_LINK |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0350-5596&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0350-5596&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0350-5596&client=summon |