Consensus-driven Intrusion Detection Systems: Enhancing Performance and Fault-tolerance using Approximate Consensus
Neupane, Kritee Tseng, Lewis Aloqaily, Moayad
Neupane, Kritee
Tseng, Lewis
Aloqaily, Moayad
Supervisor
Department
Machine Learning
Embargo End Date
Type
Conference proceeding
Date
2025
License
Language
English
Collections
Research Projects
Organizational Units
Journal Issue
Abstract
In this paper, we explore the integration of fault-tolerant consensus mechanisms into Intrusion Detection Systems (IDS), proposing a novel approach that leverages approximate consensus to enhance both performance and fault-tolerance, namely "consensus-driven IDS." IDS are critical in modern cybersecurity for detecting malicious activities across distributed networks, such as smart grids, industrial control systems, and Internet of Things networks, where the need for rapid, accurate, and resilient detection is paramount. As IDS are often deployed in distributed environments with multiple sensors and nodes, ensuring reliable and fast detection in the presence of faulty or compromised nodes becomes increasingly challenging. Our contributions are two-fold: (i) We introduce the concept of consensus-driven IDS, identifying the significant benefits of applying approximate consensus to improve the robustness and performance of IDS, particularly for practical deployment in distributed and fault-prone environments; and (ii) We identify properties for approximate consensus to be useful for IDS. Especially, we focus on the early-stopping property, which allows nodes to terminate early with "conformant" state values (i.e., when states are close with each other). We then design a new approximate consensus algorithm, Early-DAC, which optimally balances the trade-offs between early-stopping property and fault-tolerance for consensus-driven IDS. Through extensive simulation, we demonstrate that Early-DAC offers over a 50% improvement in convergence speed compared to state-of-the-art algorithms, significantly enhancing IDS response times and reliability. We also discuss how to extend the results to Byzantine faults.
Citation
K. Neupane, L. Tseng and M. Aloqaily, "Consensus-driven Intrusion Detection Systems: Enhancing Performance and Fault-tolerance using Approximate Consensus," 2025 5th Intelligent Cybersecurity Conference (ICSC), Tampa, FL, USA, 2025, pp. 256-263, doi: 10.1109/ICSC65596.2025.11140282.
Source
Proceedings of the Intelligent Cybersecurity Conference (ICSC)
Conference
2025 5th Intelligent Cybersecurity Conference (ICSC)
Keywords
Approximate Consensus, Impossibility, Convergence, Simulation, Hybrid Fault, IDS, Early-Stopping
Subjects
Source
2025 5th Intelligent Cybersecurity Conference (ICSC)
Publisher
IEEE