A Blockchain Approach to Identifying Compromised Nodes in Collaborative Intrusion Detection Systems

• Published in: 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech) pp. 87 - 93
• Main Authors: Yenugunti, Chandralekha, Yau, Stephen S.
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.08.2020
• Subjects: collaborative intrusion detection systems; insider attacks; private blockchain; trust score
• DOI: 10.1109/DASC-PICom-CBDCom-CyberSciTech49142.2020.00029

Large organizations have multiple networks that are subject to attacks which can be detected by Intrusion Detection Systems. Collaborative Intrusion Detection Systems (CIDS) are used for efficient detection of distributed attacks in large networks by having a global view of the attacks in the networks. However, CIDS are vulnerable to various attacks, which compromise some of the nodes of CIDS. The major challenge caused by these attacks on CIDS is due to insider attacks. These insider attacks decrease the mutual trust among the nodes in CIDS, which is required for sharing critical and sensitive alert data. The compromised nodes will further decrease the accuracy of CIDS by generating false positives and false negatives of the traffic classifications. In this paper, an approach based on trust score system is presented to identify and suspend the compromised nodes in CIDS to improve the trust among the nodes for collaboration. This approach is implemented on a private blockchain because private blockchain provides the features to satisfy the accountability, integrity and privacy requirements of CIDS.