Blockchain-based Architecture for Secured Cyberattack Signatures and Features Distribution

Abstract

One effective way of detecting malicious traffic in computer networks is intrusion detection systems (IDS). Despite the increased accuracy of IDSs, distributed or coordinated attacks can still go undetected because of the single vantage point of the IDSs. Due to this reason, there is a need for attack characteristics\u27 exchange among different IDS nodes. Another reason for IDS coordination is that a zero-day attack (an attack without a known signature) experienced in organizations located in different regions is not the same. Collaborative efforts of the participating IDS nodes can stop more attack threats if IDS nodes exchange these attack characteristics among each other. Researchers proposed a cooperative intrusion detection system (CoIDS) to share these attack characteristics effectively. Although this solution enhanced IDS node’s ability to respond to attacks previously identified by cooperating IDSs, malicious activities such as fake data injection, data manipulation or deletion, data integrity, and consistency are problems threatening this approach. In this dissertation, we develop a blockchain-based solution that ensures the integrity and consistency of attack characteristics shared in a cooperative intrusion detection system. The developed architecture achieves this result by continuously monitoring blockchain nodes\u27 behavior to detect and prevent malicious activities from both outsider and insider threats. Apart from this, the architecture facilitates scalable attack characteristics’ exchange among IDS nodes and ensures heterogeneous IDS participation. It is also robust to public IDS nodes joining and leaving the network. The security analysis result shows that the architecture can detect and prevent malicious activities from both outsider and insider attackers, while performance analysis shows scalability with low latency

    Similar works

    Full text

    thumbnail-image