Author:
Sayed Mahmoud AbdelHafeez,Taha Mostafa
Abstract
AbstractA main function of network intrusion detection systems (NIDSs) is to monitor network traffic and match it against rules. Oblivious NIDSs (O-NIDS) perform the same tasks of NIDSs but they use encrypted rules and produce encrypted results without being able to decrypt the rules or the results. Current implementations of O-NIDS suffer from slow searching speeds and/or lack of generality. In this paper, we present a generic approach to implement a privacy-preserving O-NIDS based on hybrid binary gates. We also present two resource-flexible algorithm bundles built upon the hybrid binary gates to perform the NIDS’s essential tasks of direct matching and range matching as a proof of concept. Our approach utilizes a Homomorphic Encryption (HE) layer in an abstract fashion, which makes it implementable by many HE schemes compared to the state-of-the-art where the underlying HE scheme is a core part of the approach. This feature allowed the use of already-existing HE libraries that utilize parallelization techniques in GPUs for faster performance. We achieved a rule encryption time as low as 0.012% of the state of the art with only 0.047% of its encrypted rule size. Also, we achieved a rule-matching speed that is almost 20,000 times faster than the state of the art.
Funder
MITACS Accelerate, Canada
MITACS Accelerate, CANADA
Natural Sciences and Engineering Research Council of Canada
Publisher
Springer Science and Business Media LLC
Reference54 articles.
1. Bace, R. G. et al. Intrusion detection systems. In US Department of Commerce, Technology Administration, National Institute of.., (2001).
2. Google Cloud Inrusion Detection System. Google. https://cloud.google.com/intrusion-detection-system (2022).
3. Vhorne: What is azure firewall? https://docs.microsoft.com/en-us/azure/firewall/overview (2022).
4. Gentry, C. Fully homomorphic encryption using ideal lattices. In Proceedings of the Forty-first Annual ACM Symposium on Theory of Computing 169–178 (2009).
5. Chillotti, I., Gama, N., Georgieva, M. & Izabachène, M. Tfhe: fast fully homomorphic encryption over the torus. J. Cryptol. 33(1), 34–91 (2020).