View article

The rapid development of network function virtualization (NFV) technology on a large scale and the explosive growth of network traffic in enterprises has made it necessary to move to the paradigm of middlebox services (MB) in the cloud. Intrusion detection system (IDS) is one of these middlebox services that needs to be deployed in the cloud. However, with the growth of network attacks, redirecting enterprise traffic to external middleboxes inevitably raises new concerns related to packet content security and unauthorized access to the ruleset used for detection. To address these concerns, many research efforts targeted the design and development of IDS that operate over encrypted traffic (secure IDS) by looking for ways to make matching possible over encrypted data (aka secure/encrypted pattern matching) without any leakage while maintaining the same level of efficiency. However, most of the existing designs …