Abstract
In a recent work Toulouse et al. [1] introduced a fully distributed network intrusion detection system (NIDS) based on an average consensus algorithm. In this initial work, modules of the NIDS repeatedly average their state with the state of their neighbors to converge asymptotically to a same value, which in turn is used as measurement of some relevant state of the network wide monitored traffic. In the present work, local averaging is used to implement a finite convergence procedure for the consensus-based NIDS in [1]. We call this implementation exact consensus as local averaging computes exactly in a finite number of steps a function of the initial NIDS states. Furthermore, unlike asymptotic consensus which computed only the average sum function, this new distributed protocol can compute almost any function of the initial NIDS states. Tests are performed that compare the asymptotic consensus with this new exact consensus protocol. In particular, we compare the convergence speed of the two methods given a same pre-defined level of accuracy in the decisions computed by the intrusion detection system.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Toulouse, M., Minh, B.Q., Curtis, P.: A consensus based network intrusion detection system. In: 2015 5th International Conference on IT Convergence and Security (ICITCS), pp. 1–6. IEEE (2015)
Sundaram, S., Hadjicostis, C.N.: Distributed consensus and linear functional calculation in networks: an observability perspective. In: Proceedings of the 6th International Conference on Information Processing in Sensor Networks. IPSN 2007, pp. 99–108. ACM, New York (2007). http://doi.acm.org/10.1145/1236360.1236374
Sundaram, S., Hadjicostis, C.N.: Distributed function calculation and consensus using linear iterative strategies. IEEE J. Sel. Areas Commun. 26(4), 650–660 (2008). https://doi.org/10.1109/JSAC.2008.080507
Wu, F.F., Monticelli, A.: Network observability: theory. IEEE Trans. Power Appar. Syst. PAS–104(5), 1042–1048 (1985)
Pasqualetti, F., Bicchi, A., Bullo, F.: Consensus computation in unreliable networks: a system theoretic approach. IEEE Trans. Autom. Control 57(1), 90–104 (2012)
Pasqualetti, F., Bicchi, A., Bullo, F.: Distributed intrusion detection for secure consensus computations. In: 46th IEEE Conference on Decision and Control, pp. 5594–5599, December 2007
Sundaram, S., Hadjicostis, C.N.: Distributed function calculation via linear iterative strategies in the presence of malicious agents. IEEE Trans. Autom. Control 56(7), 1495–1508 (2011)
Sardellitti, S., Giona, M., Barbarossa, S.: Fast distributed average consensus algorithms based on advection-diffusion processes. IEEE Trans. Signal Process. 58(2), 826–842 (2010)
Xiao, L., Boyd, S., Lall, S.: A scheme for robust distributed sensor fusion based on average consensus. In: Proceedings of the 4th International Symposium on Information Processing in Sensor Networks. IPSN 2005. IEEE Press, Piscataway (2005). http://dl.acm.org/citation.cfm?id=1147685.1147698
Lynch, N.A.: Distributed Algorithms. Morgan Kaufmann Publishers Inc., San Francisco (1996)
Vicsek, T., Czirók, A., Ben-Jacob, E., Cohen, I., Shochet, O.: Novel type of phase transition in a system of self-driven particles. Phys. Rev. Lett. 75, 1226–1229 (1995). http://link.aps.org/doi/10.1103/PhysRevLett.75.1226
Saber, R., Murray, R.: Consensus protocols for networks of dynamic agents. In: Proceedings of the 2003 American Control Conference, vol. 2, pp. 951–956, June 2003
Fagiolini, A., Pellinacci, M., Valenti, M., Dini, G., Bicchi, A.: Consensus-based distributed intrusion detection for multi-robot systems. In: Proceedings of IEEE International Conference on Robotics and Automation, pp. 120–127 (2008)
Tsitsiklis, J., Bertsekas, D., Athans, M.: Distributed asynchronous deterministic and stochastic gradient optimization algorithms. IEEE Trans. Autom. Control 31(9), 803–812 (1986)
Li, S., Oikonomou, G., Tryfonas, T., Chen, T., Xu, L.: A distributed consensus algorithm for decision-making in service-oriented internet of things. Trans. Ind. Inform. 10(2), 1461–1468 (2014). http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6740862
Narayanan, A., Bonneau, J., Felten, E., Miller, A., Goldfeder, S.: Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction. Princeton University Press, Princeton (2016)
Xiao, L., Boyd, S., Kim, S.-J.: Distributed average consensus with least-mean-square deviation. J. Parallel Distrib. Comput. 67(1), 33–46 (2007). http://dx.doi.org/10.1016/j.jpdc.2006.08.010
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.: A detailed analysis of the KDD CUP 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications. CISDA 2009, pp. 1–6, July 2009
Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: Analysis and results of the 1999 DARPA off-line intrusion detection evaluation. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 162–182. Springer, Heidelberg (2000). doi:10.1007/3-540-39945-3_11
Lippmann, R., Fried, D., Graf, I., Haines, J., Kendall, K., McClung, D., Weber, D., Webster, S., Wyschogrod, D., Cunningham, R., Zissman, M.: Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In: Proceedings of DARPA Information Survivability Conference and Exposition. DISCEX 2000, vol. 2, pp. 12–26 (2000)
Pasqualetti, F., Drfler, F., Bullo, F.: Attack detection and identification in cyber-physical systems. IEEE Trans. Autom. Control 58(11), 2715–2729 (2013)
Stepanova, T.V., Zegzhda, D.P.: Large-scale systems security evolution: control theory approach. In: Proceedings of the 8th International Conference on Security of Information and Networks. SIN 2015, pp. 135–141. ACM, New York (2015). http://doi.acm.org/10.1145/2799979.2799993
Acknowledgments
Funding for this project comes from the Professorship Start-Up Support Grant VGU-PSSG-02 of the Vietnamese-German University. The authors thank this institution for supporting this research.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Toulouse, M., Minh, Q.T., Nguyen, T. (2017). An Exact Consensus-Based Network Intrusion Detection System. In: Dang, T., Wagner, R., Küng, J., Thoai, N., Takizawa, M., Neuhold, E. (eds) Future Data and Security Engineering. FDSE 2017. Lecture Notes in Computer Science(), vol 10646. Springer, Cham. https://doi.org/10.1007/978-3-319-70004-5_25
Download citation
DOI: https://doi.org/10.1007/978-3-319-70004-5_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70003-8
Online ISBN: 978-3-319-70004-5
eBook Packages: Computer ScienceComputer Science (R0)