Toward a blockchain-based framework for challenge-based collaborative intrusion detection

Network intrusions are a big threat to network and system assets, which have become more complex to date. To enhance the detection performance, collaborative intrusion detection networks (CIDNs) are adopted by many organizations to protect their resources. However, such detection systems or networks are typically vulnerable to insider attacks, so that there is a need to implement suitable trust mechanisms. In the literature, challenge-based trust mechanisms are able to measure the trustworthiness of a node by evaluating the relationship between the sent challenges and the received responses. In practice, challenge-based CIDNs have shown to be robust against common insider attacks, whereas it may still be susceptible to advanced insider attacks. How to enhance the robustness of such challenge-based CIDNs remains an issue. Motivated by the recent development of blockchains, in this work, our purpose is to design a blockchained challenge-based CIDN framework that aims to combine blockchains with challenge-based trust mechanism. Our evaluation demonstrates that blockchain technology has the potential to enhance the robustness of challenge-based CIDNs in the aspects of trust management (i.e., enhancing the detection of insider nodes) and alarm aggregation (i.e., identifying untruthful inputs) under adversary scenarios.

Automated summary

Network intrusions pose a significant threat to network and system assets, leading many organizations to adopt collaborative intrusion detection networks for protection. Challenge-based trust mechanisms can evaluate the trustworthiness of nodes, but vulnerability to insider attacks remains a concern. Research suggests that blockchain technology has the potential to enhance the robustness and trust management of challenge-based CIDNs.