A fog-based privacy-preserving approach for distributed signature-based intrusion detection

Abstract

Intrusion detection systems (IDSs) are the frontier of defense against transmissible cyber threats that spread across distributed systems. Modern IDSs overcome the limitation of hardware processing power by offloading computation extensive operations such as signature matching to the cloud. Moreover, in order to prevent the rapid spread of transmissible cyber threats, collaborative intrusion detection schemes are widely deployed to allow distributed IDS nodes to exchange information with each other. However, no party wants to disclose their own data during the detection process, especially sensitive user data to others, even the cloud providers for privacy concerns. In this background, privacy-preserving technology has been researched in the field of intrusion detection, whereas a collaborative intrusion detection network (CIDN) environment still lacks of appropriate solutions due to its geographical distribution. With the advent of fog computing, in this paper, we propose a privacy-preserving framework for signature-based intrusion detection in a distributed network based on fog devices. The results in both simulated and real environments demonstrate that our proposed framework can help reserve the privacy of shared data, reduce the workload on the cloud side, and offer less detection delay as compared to similar approaches.