Robust Consensus-Based Network Intrusion Detection in Presence of Byzantine Attacks
This work addresses security vulnerabilities in distributed network intrusion detection for applications like IoT and wireless networks, but it is incremental as it builds on existing solutions.
The paper tackles the problem of Byzantine attacks compromising consensus-based network intrusion detection systems by proposing two mitigation techniques, analyzing their computational overhead, parameter tuning, convergence impact, and detection accuracy.
Consensus algorithms provide strategies to solve problems in a distributed system with the added constraint that data can only be shared between adjacent computing nodes. We find these algorithms in applications for wireless and sensor networks, spectrum sensing for cognitive radio, even for some IoT services. However, consensus-based applications are not resilient to compromised nodes sending falsified data to their neighbors, i.e. they can be the target of Byzantine attacks. Several solutions have been proposed in the literature inspired from reputation based systems, outlier detection or model-based fault detection techniques in process control. We have reviewed some of these solutions, and propose two mitigation techniques to protect the consensus-based Network Intrusion Detection System in \cite{toulouse2015consensus}. We analyze several implementation issues such as computational overhead, fine tuning of the solution parameters, impacts on the convergence of the consensus phase, accuracy of the intrusion detection system.