An Architecture for Blockchain-based Collaborative Signature-based Intrusion Detection System

Collaborative intrusion detection system (CIDS), where IDS hosts work with each other and share resources, have been proposed to cope with the increasingly sophisticated cyberattacks. Despite the promising benefits such as expanded signature databases and alert data from multiple sites, trust management and consensus building remain as challenges for a CIDS to work effectively. The blockchain technology with built-in immutability and consensus building capability provides a viable solution to the issues of CIDS. In this paper, we introduce an architecture for a blockchain-enabled signature-based collaborative IDS, discuss the implementation strategy of the proposed architecture and developed a prototype using Hyperledger and Snort. Our preliminary evaluation on a bench mark showed the proposed architecture offers a solution by addressing the issues of trust, data sharing and insider attacks in the network environment of CIDSs. The implications and limitations of this study are also discussed