On Blockchain Architectures for Trust-Based Collaborative Intrusion Detection

TL;DR

This paper proposes a trust-based blockchain architecture, called trust-chain, for collaborative intrusion detection networks to improve security, accountability, and resilience against insider attacks using a novel consensus protocol.

Contribution

It introduces a new trust-chain architecture and a combined proof-of-stake and proof-of-work consensus protocol for CIDNs, enhancing trust and security.

Findings

Trust-chain protects shared information integrity.

The consensus protocol resists tampering and insider threats.

Enhanced accountability in collaborative intrusion detection.

Abstract

This paper considers the use of novel technologies for mitigating attacks that aim at compromising intrusion detection systems (IDSs). Solutions based on collaborative intrusion detection networks (CIDNs) could increase the resilience against such attacks as they allow IDS nodes to gain knowledge from each other by sharing information. However, despite the vast research in this area, trust management issues still pose significant challenges and recent works investigate whether these could be addressed by relying on blockchain and related distributed ledger technologies. Towards that direction, the paper proposes the use of a trust-based blockchain in CIDNs, referred to as trust-chain, to protect the integrity of the information shared among the CIDN peers, enhance their accountability, and secure their collaboration by thwarting insider attacks. A consensus protocol is proposed for CIDNs, which is a combination of a proof-of-stake and proof-of-work protocols, to enable collaborative IDS nodes to maintain a reliable and tampered-resistant trust-chain.