Skip to main content
SpringerLink
Log in

Enhancing challenge-based collaborative intrusion detection networks against insider attacks using blockchain

  • Special Issue Paper
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Due to the rapid growth of computer networks, intrusions have become more complicated and devastating. As an important solution, collaborative intrusion detection networks or systems (CIDNs or CIDSs) are considered and adopted by many organizations to identify cyberattacks. Insider attack is one major threat to such defensive mechanisms. In the literature, challenge-based trust management scheme can help safeguard CIDNs against insider attacks. However, previous studies identified that challenge-based CIDNs may still suffer from advanced insider attacks, like passive message fingerprint attack (PMFA). Motivated by the recent blockchain research, in this work, we propose a blockchain-based approach to help enhance the robustness of challenge-based CIDNs against advanced insider attacks like PMFA, through integrating a type of blockchain-based trust. In the evaluation, we examine our approach in both simulated and real network environments. The results demonstrate that our approach is effective in defeating advanced insider attacks like PMFA and enhancing the robustness of challenge-based CIDNs, as compared with the original scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Abdelghani, W., Zayani, C.A., Amous, I., Sedes, F.: Trust evaluation model for attack detection in social internet of things. In: Proceedings of CRiSIS, pp. 48–64 (2018)

  2. Alexopoulos, N., Vasilomanolakis, E., Ivanko, N.R., Muhlhauser, M.: Towards blockchain-based collaborative intrusion detection systems. In: Proceedings of the 12th International Conference on Critical Information Infrastructures Security, pp. 1–12 (2017)

  3. Benkhelifa, E., Welsh, T., Hamouda, W.: A critical review of practices and challenges in intrusion detection systems for IoT: toward universal and resilient systems. IEEE Commun. Surv. Tutor. 20(4), 3496–3509 (2018)

    Google Scholar 

  4. Deloitte, IoT innovation report, 2018. https://www2.deloitte.com/content/dam/Deloitte/de/Documents/Innovation/Internet-of-Things-Innovation-Report-2018-Deloitte.pdf. Access on 10 March 2019

  5. Duma, C., Karresand, M., Shahmehri, N., Caronni, G.: A trust-aware, P2P-based overlay for intrusion detection. In: DEXA Workshop, pp. 692–697 (2006)

  6. Fadlullah, Z.M., Taleb, T., Vasilakos, A.V., Guizani, M., Kato, N.: DTRAB: combating against attacks on encrypted protocols through traffic-feature analysis. IEEE/ACM Trans. Netw. 18(4), 1234–1247 (2010)

    Google Scholar 

  7. Friedberg, I., Skopik, F., Settanni, G., Fiedler, R.: Combating advanced persistent threats: from network event correlation to incident detection. Comput. Secur. 48, 35–47 (2015)

    Google Scholar 

  8. Fung, C.J.; Zhu, Q., Boutaba, R., Basar, T.: Bayesian decision aggregation in collaborative intrusion detection networks. In: NOMS, pp. 349–356 (2010)

  9. Fung, C.J., Boutaba, R.: Design and management of collaborative intrusion detection networks. In: Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 955–961 (2013)

  10. Gartner Says 8.4 Billion Connected “Things” Will Be in Use in 2017, Up 31 Percent From 2016. https://www.gartner.com/newsroom/id/3598917. Accessed 10 Feb 2019

  11. Golomb, T., Mirsky, Y., Elovici, Y.: CIoTA: collaborative IoT anomaly detection via blockchain. In: Proceedings of Workshop on Decentralized IoT Security and Standards (DISS), pp. 1–6 (2018)

  12. Hallman, R., Bryan, J., Palavicini, G., Divita, J., Romero-Mariona, J.: IoDDoS–the internet of distributed denial of sevice attacks—a case study of the Mirai Malware and IoT-based botnets. In: Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security (IoTBDS), pp. 47–58 (2017)

  13. Janakiraman, R.,Zhang, M.: Indra: a peer-to-peer approach to network intrusion detection and prevention. In: Proceedings of the 12th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 226–231 (2003)

  14. Li, W., Meng, Y., Kwok, L.-F.: Enhancing trust evaluation using intrusion sensitivity in collaborative intrusion detection networks: feasibility and challenges. In: Proceedings of the 9th International Conference on Computational Intelligence and Security (CIS), pp. 518–522, IEEE (2013)

  15. Li, W., Meng, Y., Kwok, L.-F.: Design of intrusion sensitivity-based trust management model for collaborative intrusion detection networks. In: Proceedings of the 8th IFIP WG 11.11 International Conference on Trust Management (IFIPTM), Springer, Berlin, pp. 61–76 (2014)

  16. Li, Z.,Chen, Y., Beach, A.: Towards scalable and robust distributed intrusion alert fusion with good load balancing. In: Proceedings of the 2006 SIGCOMM Workshop on Large-Scale Attack Defense (LSAD), pp. 115–122 (2006)

  17. Li, W., Meng, W., Kwok, L.-F., Ip, H.H.S.: PMFA: toward passive message fingerprint attacks on challenge-based collaborative intrusion detection networks. In: Proceedings of 10th International Conference on Network and System Security (NSS), pp. 433–449 (2016)

  18. Li, W., Meng, W.: Enhancing collaborative intrusion detection networks using intrusion sensitivity in detecting pollution attacks. Inf. Comput. Secur. 24(3), 265–276 (2016)

    Google Scholar 

  19. Li, W., Meng, W., Kwok, L.-F., Ip, H.H.S.: Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model. J. Netw. Comput. Appl. 77, 135–145 (2017)

    Google Scholar 

  20. Li, W., Meng, W., Kwok, L.-F.: SOOA: exploring special on-off attacks on challenge-based collaborative intrusion detection networks. In: Proceedings of GPC, pp. 402–415 (2017)

  21. Li, W., Meng, W., Kwok, L.-F.: Investigating the influence of special on–off attacks on challenge-based collaborative intrusion detection networks. Future Internet 10(1), 1–16 (2018)

    Google Scholar 

  22. Li, W., Meng, W., Wang, Y., Kwok, L.F., Lu, R.: Identifying passive message fingerprint attacks via honey challenge in collaborative intrusion detection networks. In: Proceedings of TrustCom, pp. 1208–1213 (2018)

  23. Li, W., Tug, S., Meng, W., Wang, Y.: Designing collaborative blockchained signature-based intrusion detection in IoT environments. In: Future generation computer systems, Elsevier (in press)

  24. Li, W., Kwok, L.-F.: Challenge-based collaborative intrusion detection networks under passive message fingerprint attack: a further analysis. J. Inf. Secur. Appl. (2019)

  25. Mattern, F., Floerkemeier, C.: From the internet of computers to the internet of things, in from active data management to event-based systems and more. In: Sachs, K., Petrov, I., Guerrero, P. (eds) Springer, Berlin, pp. 242–259 (2010)

  26. Madsen, D., Li, W., Meng, W., Wang, Y.: Evaluating the impact of intrusion sensitivity on securing collaborative intrusion detection networks against SOOA. In: Proceedings of the 18th International Conference on Algorithms and Architectures for Parallel Processing (ICA3PP), pp. 481–494 (2018)

  27. Meng, W., Li, W., Kwok, L.F.: Design of intelligent KNN-based alarm filter using knowledge-based alert verification in intrusion detection. Secur. Commun. Netw. 8(18), 3883–3895 (2015)

    Google Scholar 

  28. Meng, W., Luo, X., Li, W., Li, Y.: Design and evaluation of advanced collusion attacks on collaborative intrusion detection networks in practice. In: Proceedings of Trustcom/BigDataSE/ISPA, pp. 1061–1068 (2016)

  29. Meng, W., Tischhauser, E.W., Wang, Q., Wang, Y., Han, J.: When intrusion detection meets blockchain technology: a review. IEEE Access 6(1), 10179–10188 (2018)

    Google Scholar 

  30. Meng, W., Li, W., Jiang, L., Choo, K.K.R., Su, C.: Practical Bayesian poisoning attacks on challenge-based collaborative intrusion detection networks. In: Proceedings of ESORICS (2019)

  31. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. http://bitcoin.org/bitcoin.pdf (2008)

  32. Novo, O.: Blockchain meets IoT: an architecture for scalable access management in IoT. IEEE Internet Things J. 5(2), 1184–1195 (2018)

    Google Scholar 

  33. Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. EIP-150 Revision (2016)

  34. Wüst, K., Gervais, A.: Do you need a blockchain? In: CVCBT, pp. 45–54 (2018)

  35. Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems (IDPS). NIST Special Publication 800–894 (2007)

  36. Singh, S., Ra, I.H., Meng, W., Kaur, M., Cho, G.H.: SH-BlockCC: a secure and efficient IoT smart home architecture based on cloud computing and blockchain technology. Int. J. Distrib. Sens. Netw. in press, SAGE

  37. Snort: An open source network intrusion prevention and detection system (IDS/IPS). Homepage: http://www.snort.org/

  38. Sun, Y.L., Yu, W., Han, Z., Liu, K.: Information theoretic framework of trust modelling and evaluation for ad hoc networks. IEEE J. Sel. Areas Commun. 24(2), 305–317 (2006)

    Google Scholar 

  39. Tuan, T.A.: A game-theoretic analysis of trust management in P2P systems. In: Proceedings of ICCE, pp. 130–134 (2006)

  40. Xu, X., et al.: The blockchain as a software connector. In: Proceedings of the 13th Working IEEE/IFIP Conference on Software Architecture, pp. 1–10 (2016)

  41. Yu, B., Wright, J., Nepal, S., Zhu, L., Liu, J.K., Ranjan, R.: IoTChain: establishing trust in the internet of things ecosystem using blockchain. IEEE Cloud Comput. 5(4), 12–23 (2018)

    Google Scholar 

  42. Zhou, C.V., Leckie, C., Karunasekera, S.: Decentralized multi-dimensional alert correlation for collaborative intrusion detection. J. Netw. Comput. Appl. 32(5), 1106–1123 (2009)

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank the participating IT administrators and managers for their great support regarding our mechanism implementation. Weizhi Meng is supported by H2020-SU-ICT-2018-2 with No. 830929: CyberSec4Europe.

Author information

Authors and Affiliations

  1. DTU Compute, Technical University of Denmark, Anker Engelunds Vej 1, Lyngby, Denmark

    Weizhi Meng

  2. Department of Computer Science, City University of Hong Kong, Tat Chee Avenue, Kowloon, Hong Kong SAR

    Wenjuan Li

  3. Department of Computer Science, St. Francis Xavier University, Antigonish, NS, B2G 2W5, Canada

    Laurence T. Yang

  4. School of Software Technology, Dalian University of Technology, Dalian City, Liaoning Province, China

    Peng Li

Authors
  1. Weizhi Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wenjuan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Laurence T. Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Peng Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Weizhi Meng.

Ethics declarations

Conflict of interest

All authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Meng, W., Li, W., Yang, L.T. et al. Enhancing challenge-based collaborative intrusion detection networks against insider attacks using blockchain. Int. J. Inf. Secur. 19, 279–290 (2020). https://doi.org/10.1007/s10207-019-00462-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-019-00462-x

Keywords

Search

Navigation