Towards Blockchain-Based Collaborative Intrusion Detection Systems

  • Nikolaos AlexopoulosEmail author
  • Emmanouil VasilomanolakisEmail author
  • Natália Réka Ivánkó
  • Max Mühlhäuser
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10707)


In an attempt to cope with the increased number of cyber-attacks, research in Intrusion Detection System IDSs is moving towards more collaborative mechanisms. Collaborative IDSs (CIDSs) are such an approach; they combine the knowledge of a plethora of monitors to generate a holistic picture of the monitored network. Despite the research done in this field, CIDSs still face a number of fundamental challenges, especially regarding maintaining trust among the collaborating parties. Recent advances in distributed ledger technologies, e.g. various implementations of blockchain protocols, are a good fit to the problem of enhancing trust in collaborative environments. This paper touches the intersection of CIDSs and blockchains. Particularly, it introduces the idea of utilizing blockchain technologies as a mechanism for improving CIDSs. We argue that certain properties of blockchains can be of significant benefit for CIDSs; namely for the improvement of trust between monitors, and for providing accountability and consensus. For this, we study the related work and highlight the research gaps and challenges towards such a task. Finally, we propose a generic architecture for the incorporation of blockchains into the field of CIDSs and an analysis of the design decisions that need to be made to implement such an architecture.



This work has received funding from the European Union’s Horizon 2020 Research and Innovation Program, PROTECTIVE, under Grant Agreement No 700071. This work has also been funded by the DFG within the RTG 2050 “Privacy and Trust for Mobile Users” and within the CRC 1119 CROSSING.


  1. 1.
    Antonopoulos, A.M.: Mastering Bitcoin: Unlocking Digital Cryptocurrencies. O’Reilly Media, Inc., Sebastopol (2014)Google Scholar
  2. 2.
    Azaria, A., Ekblaw, A., Vieira, T., Lippman, A.: Medrec: using blockchain for medical data access and permission management. In: International Conference on Open and Big Data (OBD), pp. 25–30. IEEE (2016)Google Scholar
  3. 3.
    Baliga, A.: Understanding Blockchain Consensus Models. Technical report. Persistent Systems Ltd. (2017)Google Scholar
  4. 4.
    Bartoš, V., Kořenek, J.: Evaluating reputation of internet entities. In: Badonnel, R., Koch, R., Pras, A., Drašar, M., Stiller, B. (eds.) AIMS 2016. LNCS, vol. 9701, pp. 132–136. Springer, Cham (2016). Scholar
  5. 5.
    bitcoinwiki: OP\_RETURN (2017).
  6. 6.
    Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970)CrossRefGoogle Scholar
  7. 7.
    Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: Sok: research perspectives and challenges for bitcoin and cryptocurrencies. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 104–121. IEEE (2015)Google Scholar
  8. 8.
    Cachin, C.: Architecture of the hyperledger blockchain fabric. In: Workshop on Distributed Cryptocurrencies and Consensus Ledgers (2016)Google Scholar
  9. 9.
    Cachin, C., Schubert, S., Vukolić, M.: Non-determinism in byzantine fault-tolerant replication. arXiv preprint arXiv:1603.07351 (2016)
  10. 10.
    Castro, M., Liskov, B., et al.: Practical byzantine fault tolerance. In: OSDI, vol. 99, pp. 173–186 (1999)Google Scholar
  11. 11.
    Christidis, K., Devetsikiotis, M.: Blockchains and smart contracts for the internet of things. IEEE Access 4, 2292–2303 (2016)CrossRefGoogle Scholar
  12. 12.
    Coindesk: Seven asian banks investigating bitcoin and blockchain tech.
  13. 13.
    Demers, A., et al.: Epidemic algorithms for replicated database maintenance. In: Proceedings of the sixth annual ACM Symposium on Principles of distributed computing, pp. 1–12. ACM (1987)Google Scholar
  14. 14.
    Duma, C., Karresand, M., Shahmehri, N., Caronni, G.: A trust-aware, P2P-based overlay for intrusion detection. In: International Conference on Database and Expert Systems Applications (DEXA 2006), pp. 692–697. IEEE (2006)Google Scholar
  15. 15.
    Ehrenfeld, J.M.: Wannacry, cybersecurity and health information technology: a time to act. J. Med. Syst. 41(7), 104 (2017)CrossRefGoogle Scholar
  16. 16.
    Fung, C.J., Zhang, J., Aib, I., Boutaba, R.: Dirichlet-based trust management for effective collaborative intrusion detection networks. IEEE Trans. Netw. Serv. Manage. 8(2), 79–91 (2011)CrossRefGoogle Scholar
  17. 17.
  18. 18.
    Halamka, J.D., Lippman, A., Ekblaw, A.: The potential for blockchain to transform electronic health records (2017).
  19. 19.
    Lamport, L., Shostak, R., Pease, M.: The Byzantine generals problem. ACM Trans. Program. Lang. Syst. (TOPLAS) 4(3), 382–401 (1982)CrossRefGoogle Scholar
  20. 20.
    Lantmäteriet, Landshypotek Bank: SBAB, Telia company, ChromaWay, Kairos Future: The land registry in the blockchain - testbed. Technical report (2017)Google Scholar
  21. 21.
    Locasto, M.E., Parekh, J.J., Keromytis, A.D., Stolfo, S.J.: Towards collaborative security and P2P intrusion detection. In: IEEE Workshop on Information Assurance and Security, pp. 333–339. IEEE (2005)Google Scholar
  22. 22.
    Locasto, M.E., Parekh, J.J., Stolfo, S., Misra, V.: Collaborative distributed intrusion detection. Technical report, Columbia University (2004)Google Scholar
  23. 23.
    Mihaylov, M., et al.: Virtual currency for trading of renewable energy in smart grids. In: European Energy Market (EEM), 11th International Conference on the, pp. 1–6. IEEE (2014)Google Scholar
  24. 24.
    Mihaylov, M., Jurado, S., Van Moffaert, K., Avellana, N., Nowé, A.: Nrg-x-change-a novel mechanism for trading of renewable energy in smart grids. In: SMARTGREENS, pp. 101–106 (2014)Google Scholar
  25. 25.
    Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008)Google Scholar
  26. 26.
    Okada, H., Yamasaki, S., Bracamonte, V.: Proposed classification of blockchains based on authority and incentive dimensions. In: Advanced Communication Technology (ICACT), 2017 19th International Conference on, pp. 593–597. IEEE (2017)Google Scholar
  27. 27.
    Rutkin, A.: Blockchain-based microgrid gives power to consumers in new york. New Scientist (2016).
  28. 28.
    Shrier, D., Wu, W., Pentland, A.: Blockchain & infrastructure (identity, data security). Technical report, (2016).
  29. 29.
    Suberg, W.: Factom’s latest partnership takes on us healthcare (2015).
  30. 30.
    Ullrich, J.: Dshield internet storm center (2000).
  31. 31.
    Vasilomanolakis, E., Habib, S.M., Milaszewicz, P., Malik, R.S., Mühlhäuser, M.: Towards trust-aware collaborative intrusion detection: challenges and solutions. In: Steghöfer, J.-P., Esfandiari, B. (eds.) IFIPTM 2017. IAICT, vol. 505, pp. 94–109. Springer, Cham (2017). Scholar
  32. 32.
    Vasilomanolakis, E., Karuppayah, S., Kikiras, P., Mühlhäuser, M.: A honeypot-driven cyber incident monitor: lessons learned and steps ahead. In: International Conference on Security of Information and Networks, pp. 158–164. ACM (2015)Google Scholar
  33. 33.
    Vasilomanolakis, E., Karuppayah, S., Mühlhäuser, M., Fischer, M.: Taxonomy and survey of collaborative intrusion detection. ACM Comput. Surv. 47(4), 33 (2015)CrossRefGoogle Scholar
  34. 34.
    Vasilomanolakis, E., Krügl, M., Cordero, C.G., Mühlhäuser, M., Fischer, M.: Skipmon: A locality-aware collaborative intrusion detection system. In: Computing and Communications Conference (IPCCC), IEEE 34th International Performance, pp. 1–8. IEEE (2015)Google Scholar
  35. 35.
    Vukolić, M.: The quest for scalable blockchain fabric: Proof-of-work vs. BFT replication. In: Camenisch, J., Kesdoğan, D. (eds.) iNetSec 2015. LNCS, vol. 9591, pp. 112–125. Springer, Cham (2016). Scholar
  36. 36.
    Walport, M.: Distributed ledger technology: beyond blockchain. UK Government Office for Science (2016)Google Scholar
  37. 37.
    Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151 (2014)Google Scholar
  38. 38.
    Zhou, C.V., Karunasekera, S., Leckie, C.: A peer-to-peer collaborative intrusion detection system. In: International Conference on Networks, pp. 118–123. IEEE (2005)Google Scholar
  39. 39.
    Zyskind, G., Nathan, O., Pentland, A.: Enigma: decentralized computation platform with guaranteed privacy. arXiv preprint arXiv:1506.03471 (2015)

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Telecooperation GroupTechnische Universität DarmstadtDarmstadtGermany

Personalised recommendations