Oblivious network intrusion detection systems

Abstract

AbstractA main function of network intrusion detection systems (NIDSs) is to monitor network traffic and match it against rules. Oblivious NIDSs (O-NIDS) perform the same tasks of NIDSs but they use encrypted rules and produce encrypted results without being able to decrypt the rules or the results. Current implementations of O-NIDS suffer from slow searching speeds and/or lack of generality. In this paper, we present a generic approach to implement a privacy-preserving O-NIDS based on hybrid binary gates. We also present two resource-flexible algorithm bundles built upon the hybrid binary gates to perform the NIDS’s essential tasks of direct matching and range matching as a proof of concept. Our approach utilizes a Homomorphic Encryption (HE) layer in an abstract fashion, which makes it implementable by many HE schemes compared to the state-of-the-art where the underlying HE scheme is a core part of the approach. This feature allowed the use of already-existing HE libraries that utilize parallelization techniques in GPUs for faster performance. We achieved a rule encryption time as low as 0.012% of the state of the art with only 0.047% of its encrypted rule size. Also, we achieved a rule-matching speed that is almost 20,000 times faster than the state of the art.