Abstract
A Collaborative Intrusion Detection System (CIDS) is a system which a set of IDS work together to defend the computer networks against increasingly sophisticated cyber-attacks. Despite more than decade of research on CIDS, trust management and consensus building among IDS hosts remain as challenging problems. In this paper, we conducted an exploratory study to tackle those two challenges by leveraging the inherent immutability and consensus building capability of blockchain technology. We proposed an architecture for a blockchain-enabled CIDs and implemented a preliminary prototype system using open-source projects such as Hyperledger and Snort. Our initial evaluation on a benchmark testing showed the proposed architecture offers a feasible solution by addressing the issues of trust management, data sharing and consensus building, as well as insider attacks in the network environment of CIDSs.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ranganthan, V.P., Dantu, R., Paul, A., Mears, P., Morozov, K.: A decentralized marketplace application on the ethereum blockchain. In: 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC), Philadelphia, PA, pp. 90–97 (2018)
Kim, J.-T., Jin, J., Kim, K.: A study on an energy-effective and secure consensus algorithm for private blockchain systems (PoM: Proof of Majority). In: 2018 International Conference on Information and Communication Technology Convergence (ICTC), Jeju, pp. 932–935 (2018)
Xu, J.J.: Are blockchains immune to all malicious attacks? Financ. Innovation 2, 1 (2016). https://doi.org/10.1186/s40854-016-0046-5
Sagirlar, G., Carminati, B., Ferrari, E.: AutoBotCatcher: blockchain-based P2P botnet detection for the internet of things. In: 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC), Philadelphia, PA, pp. 1–8 (2018)
Singla, A., Bertino, E.: Blockchain-based PKI solutions for IoT. In: 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC), Philadelphia, PA, October 2018, pp. 9–15 (2018)
Dannen, C.: Bridging the blockchain knowledge gap. In: Dannen, C. (ed.) Introducing Ethereum and Solidity, pp. 1–20. Apress, New York (2017)
Golomb, T., Mirsky, Y., Elovici, Y.: CIoTA: collaborative anomaly detection via blockchain. In: Proceedings 2018 Workshop on Decentralized IoT Security and Standards, San Diego, CA (2018)
Pop, C.: Decentralizing the stock exchange using blockchain an ethereum-based implementation of the Bucharest Stock Exchange. In: 2018 IEEE 14th International Conference on Intelligent Computer Communication and Processing (ICCP), Cluj-Napoca, pp. 459–466 (2018)
Hyperledger - Open Source Blockchain Technologies, Hyperledger. https://www.hyperledger.org/. Accessed 20 Feb 2019
Hong, J., Liu, C.-C.: Intelligent electronic devices with collaborative intrusion detection systems. IEEE Trans. Smart Grid 10(1), 271–281 (2019)
Al-Utaibi, K.A., El-Alfy, E.-S.M.: Intrusion detection taxonomy and data preprocessing mechanisms. J. Intell. Fuzzy Syst. 34(3), 1369–1383 (2018)
Xin, W., Zhang, T., Hu, C., Tang, C., Liu, C., Chen, Z.: On scaling and accelerating decentralized private blockchains. In: 2017 IEEE 3rd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing, (HPSC) and IEEE International Conference on Intelligent Data and Security (IDS), Beijing, China, pp. 267–271 (2017)
Czirkos, Z., Hosszú, G.: P2P based intrusion detection. In: Encyclopedia of Information Communication Technology (2019)
Ngamsuriyaroj, S.: Package delivery system based on blockchain infrastructure. In: 2018 Seventh ICT International Student Project Conference (ICT-ISPC), Nakhonpathom, July 2018, pp. 1–6 (2018)
Junjoewong, L., Sangnapachai, S., Sunetnanta, T.: ProCircle: a promotion platform using crowdsourcing and web data scraping technique. In: 2018 Seventh ICT International Student Project Conference (ICT-ISPC), pp. 1–5 (2018)
Malik, S., Kanhere, S.S., Jurdak, R.: ProductChain: scalable blockchain framework to support provenance in supply chains. In: 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA), Cambridge, MA, pp. 1–10 (2018)
Wanjun, Y., Yuan, W.: Research on network trading system using blockchain technology. In: 2018 International Conference on Intelligent Informatics and Biomedical Sciences (ICIIBMS), Bangkok, October 2018, pp. 93–97 (2018)
Marteau, P.-F.: Sequence covering for efficient host-based intrusion detection. IEEE Trans. Inf. Forensics Secur. 14(4), 994–1006 (2019)
Czirkos, Z., Hosszú, G.: Solution for the broadcasting in the Kademlia peer-to-peer overlay. Comput. Netw. 57(8), 1853–1862 (2013). https://doi.org/10.1016/j.comnet.2013.02.021
State of the DApps A list of 2,551 blockchainˇ apps for Ethereum, Steem, EOS, and more. https://www.stateofthedapps.com/. Accessed 20 Feb 2019
Anceaume, E., Guellier, A., Ludinard, R., Sericola, B.: Sycomore: a permissionless distributed ledger that self-adapts to transactions demand. In: 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA), pp. 1–8 (2018)
Corsi, P., Giovanni, L., Marina, R.: TickEth, a ticketing system built on ethereum. In: SAC, April 2019
Alexopoulos, N., Vasilomanolakis, E., Ivánkó, N.R., Mühlhäuser, M.: Towards blockchain-based collaborative intrusion detection systems. In: Critical Information Infrastructures Security, pp. 107–118 (2018)
Carmen, H.: Understanding blockchain opportunities and challenges. eLearn. Softw. Educ. 4, 275–283 (2018). 9p
Rilee, K.: Understanding Hyperledger Sawtooth — Proof of Elapsed Time. Medium (2018)
Meng, W., Tischhauser, E.W., Wang, Q., Wang, Y., Han, J.: When intrusion detection meets blockchain technology: a review. IEEE Access 6, 10179–10188 (2018)
Yli-Huumo, J.: Where is current research on blockchain technology?—A systematic review. PLoS ONE 11(10), e0163477 (2016). https://doi.org/10.1371/journal.pone.0163477
Warzynski, A., Kolaczek, G.: Intrusion detection systems vulnerability on adversarial examples. In: 2018 Innovations in Intelligent Systems and Applications (INISTA), Thessaloniki, pp. 1–4 (2018)
Intrusion Detection Systems - Techotopia. https://www.techotopia.com/index.php/IntrusionDetectionSystems. Accessed 04 Mar 2019
Vasilomanolakis, E., Stahn, M., Cordero, C.G., Muhlhauser, M.: On probe-response attacks in collaborative intrusion detection systems. In: 2016 IEEE Conference on Communications and Network Security (CNS), Philadelphia, PA, pp. 279–286 (2016)
Jin, R., He, X., Dai, H.: Collaborative IDS configuration: a two-layer game-theoretic approach. IEEE Trans. Cogn. Commun. Netw. 4(4), 803–815 (2018)
Ficke, E., Schweitzer, K.M., Bateman, R.M., Xu, S.: Characterizing the effectiveness of network-based intrusion detection systems. In: MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), Los Angeles, CA, pp. 76–81 (2018)
Massicotte, F., Labiche, Y.: On the verification and validation of signature-based, network intrusion detection systems. In: 2012 IEEE 23rd International Symposium on Software Reliability Engineering, Dallas, TX, USA, pp. 61–70 (2012)
Vigna, G., Robertson, W., Balzarotti, D.: Testing network-based intrusion detection signatures using mutant exploits. In: Proceedings of the 11th ACM Conference on Computer and Communications Security - CCS 2004, Washington DC, USA, p. 21 (2004)
Accorsi, R., Stocker, T., Müller, G.: On the exploitation of process mining for security audits: the process discovery case. In: ACM Symposium of Applied Computing (SAC), Coimbra, Portugal, pp. 1462–1468 (2013)
King, J., Williams, L.: Log your CRUD: design principles for software logging mechanisms. In: Proceedings of the 2014 Symposium and Bootcamp on the Science of Security - HotSoS 2014, Raleigh, North Carolina, pp. 1–10 (2014)
Sekar, R.: Specification-based anomaly detection: a new approach for detecting network intrusions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security - CCS 2002, Washington, DC, USA, p. 265 (2002)
Mashima D., Ahamad, M.: Using identity credential usage logs to detect anomalous service accesses. In: Proceedings of the 5th ACM Workshop on Digital Identity Management (DIM), Chicago, Illinois, USA, pp. 73–79 (2009)
Liu, Y., Zhang, L., Guan, Y.: A distributed data streaming algorithm for network-wide traffic anomaly detection. ACM SIGMETRICS Perform. Eval. Rev. 37(2), 81–82 (2009)
de Vries, A.: Bitcoin’s growing energy problem. Joule 2(5), 801–805 (2018)
Hyperledger Caliper: Architecture (2019). https://hyperledger.github.io/caliper/docs/2_Architecture.html. Accessed 16 June 2019
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Laufenberg, D., Li, L., Shahriar, H., Han, M. (2020). Developing a Blockchain-Enabled Collaborative Intrusion Detection System: An Exploratory Study. In: Arai, K., Kapoor, S., Bhatia, R. (eds) Advances in Information and Communication. FICC 2020. Advances in Intelligent Systems and Computing, vol 1129. Springer, Cham. https://doi.org/10.1007/978-3-030-39445-5_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-39445-5_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-39444-8
Online ISBN: 978-3-030-39445-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)