Oblivious network intrusion detection systems.
Sci Rep
; 13(1): 22308, 2023 Dec 15.
Article
em En
| MEDLINE
| ID: mdl-38102146
ABSTRACT
A main function of network intrusion detection systems (NIDSs) is to monitor network traffic and match it against rules. Oblivious NIDSs (O-NIDS) perform the same tasks of NIDSs but they use encrypted rules and produce encrypted results without being able to decrypt the rules or the results. Current implementations of O-NIDS suffer from slow searching speeds and/or lack of generality. In this paper, we present a generic approach to implement a privacy-preserving O-NIDS based on hybrid binary gates. We also present two resource-flexible algorithm bundles built upon the hybrid binary gates to perform the NIDS's essential tasks of direct matching and range matching as a proof of concept. Our approach utilizes a Homomorphic Encryption (HE) layer in an abstract fashion, which makes it implementable by many HE schemes compared to the state-of-the-art where the underlying HE scheme is a core part of the approach. This feature allowed the use of already-existing HE libraries that utilize parallelization techniques in GPUs for faster performance. We achieved a rule encryption time as low as 0.012% of the state of the art with only 0.047% of its encrypted rule size. Also, we achieved a rule-matching speed that is almost 20,000 times faster than the state of the art.
Texto completo:
1
Coleções:
01-internacional
Base de dados:
MEDLINE
Idioma:
En
Revista:
Sci Rep
Ano de publicação:
2023
Tipo de documento:
Article