Robust Consensus-Based Network Intrusion Detection in Presence of Byzantine Attacks

TL;DR

This paper addresses the vulnerability of consensus-based network intrusion detection systems to Byzantine attacks and proposes mitigation techniques to enhance their robustness, analyzing implementation challenges and system performance impacts.

Contribution

It introduces two novel mitigation techniques to defend consensus-based intrusion detection systems against Byzantine attacks, with analysis of their implementation and effectiveness.

Findings

Mitigation techniques improve resilience to Byzantine attacks.

Analysis of computational overhead and convergence impacts.

Enhanced accuracy of intrusion detection in adversarial settings.

Abstract

Consensus algorithms provide strategies to solve problems in a distributed system with the added constraint that data can only be shared between adjacent computing nodes. We find these algorithms in applications for wireless and sensor networks, spectrum sensing for cognitive radio, even for some IoT services. However, consensus-based applications are not resilient to compromised nodes sending falsified data to their neighbors, i.e. they can be the target of Byzantine attacks. Several solutions have been proposed in the literature inspired from reputation based systems, outlier detection or model-based fault detection techniques in process control. We have reviewed some of these solutions, and propose two mitigation techniques to protect the consensus-based Network Intrusion Detection System in \cite{toulouse2015consensus}. We analyze several implementation issues such as computational overhead, fine tuning of the solution parameters, impacts on the convergence of the consensus phase, accuracy of the intrusion detection system.