Enhancing challenge-based collaborative intrusion detection networks against insider attacks using blockchain

Weizhi Meng*, Wenjuan Li, Laurence T. Yang, Peng Li

*Corresponding author for this work

Research output: Contribution to journalJournal articleResearchpeer-review

Abstract

Due to the rapid growth of computer networks, intrusions have become more complicated and devastating. As an important solution, collaborative intrusion detection networks or systems (CIDNs or CIDSs) are considered and adopted by many organizations to identify cyberattacks. Insider attack is one major threat to such defensive mechanisms. In the literature, challenge-based trust management scheme can help safeguard CIDNs against insider attacks. However, previous studies identified that challenge-based CIDNs may still suffer from advanced insider attacks, like passive message fingerprint attack (PMFA). Motivated by the recent blockchain research, in this work, we propose a blockchain-based approach to help enhance the robustness of challenge-based CIDNs against advanced insider attacks like PMFA, through integrating a type of blockchain-based trust. In the evaluation, we examine our approach in both simulated and real network environments. The results demonstrate that our approach is effective in defeating advanced insider attacks like PMFA and enhancing the robustness of challenge-based CIDNs, as compared with the original scheme.

Original languageEnglish
JournalInternational Journal of Information Security
Number of pages12
ISSN1615-5262
DOIs
Publication statusPublished - 1 Jan 2019

Keywords

  • Blockchain technology
  • Challenge-based mechanism
  • Collaborative intrusion detection
  • Insider attack
  • Trust management

Cite this

@article{b2a8801b0a8c470fa27bc6c59c462c41,
title = "Enhancing challenge-based collaborative intrusion detection networks against insider attacks using blockchain",
abstract = "Due to the rapid growth of computer networks, intrusions have become more complicated and devastating. As an important solution, collaborative intrusion detection networks or systems (CIDNs or CIDSs) are considered and adopted by many organizations to identify cyberattacks. Insider attack is one major threat to such defensive mechanisms. In the literature, challenge-based trust management scheme can help safeguard CIDNs against insider attacks. However, previous studies identified that challenge-based CIDNs may still suffer from advanced insider attacks, like passive message fingerprint attack (PMFA). Motivated by the recent blockchain research, in this work, we propose a blockchain-based approach to help enhance the robustness of challenge-based CIDNs against advanced insider attacks like PMFA, through integrating a type of blockchain-based trust. In the evaluation, we examine our approach in both simulated and real network environments. The results demonstrate that our approach is effective in defeating advanced insider attacks like PMFA and enhancing the robustness of challenge-based CIDNs, as compared with the original scheme.",
keywords = "Blockchain technology, Challenge-based mechanism, Collaborative intrusion detection, Insider attack, Trust management",
author = "Weizhi Meng and Wenjuan Li and Yang, {Laurence T.} and Peng Li",
year = "2019",
month = "1",
day = "1",
doi = "10.1007/s10207-019-00462-x",
language = "English",
journal = "International Journal of Information Security",
issn = "1615-5262",
publisher = "Springer",

}

Enhancing challenge-based collaborative intrusion detection networks against insider attacks using blockchain. / Meng, Weizhi; Li, Wenjuan; Yang, Laurence T.; Li, Peng.

In: International Journal of Information Security, 01.01.2019.

Research output: Contribution to journalJournal articleResearchpeer-review

TY - JOUR

T1 - Enhancing challenge-based collaborative intrusion detection networks against insider attacks using blockchain

AU - Meng, Weizhi

AU - Li, Wenjuan

AU - Yang, Laurence T.

AU - Li, Peng

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Due to the rapid growth of computer networks, intrusions have become more complicated and devastating. As an important solution, collaborative intrusion detection networks or systems (CIDNs or CIDSs) are considered and adopted by many organizations to identify cyberattacks. Insider attack is one major threat to such defensive mechanisms. In the literature, challenge-based trust management scheme can help safeguard CIDNs against insider attacks. However, previous studies identified that challenge-based CIDNs may still suffer from advanced insider attacks, like passive message fingerprint attack (PMFA). Motivated by the recent blockchain research, in this work, we propose a blockchain-based approach to help enhance the robustness of challenge-based CIDNs against advanced insider attacks like PMFA, through integrating a type of blockchain-based trust. In the evaluation, we examine our approach in both simulated and real network environments. The results demonstrate that our approach is effective in defeating advanced insider attacks like PMFA and enhancing the robustness of challenge-based CIDNs, as compared with the original scheme.

AB - Due to the rapid growth of computer networks, intrusions have become more complicated and devastating. As an important solution, collaborative intrusion detection networks or systems (CIDNs or CIDSs) are considered and adopted by many organizations to identify cyberattacks. Insider attack is one major threat to such defensive mechanisms. In the literature, challenge-based trust management scheme can help safeguard CIDNs against insider attacks. However, previous studies identified that challenge-based CIDNs may still suffer from advanced insider attacks, like passive message fingerprint attack (PMFA). Motivated by the recent blockchain research, in this work, we propose a blockchain-based approach to help enhance the robustness of challenge-based CIDNs against advanced insider attacks like PMFA, through integrating a type of blockchain-based trust. In the evaluation, we examine our approach in both simulated and real network environments. The results demonstrate that our approach is effective in defeating advanced insider attacks like PMFA and enhancing the robustness of challenge-based CIDNs, as compared with the original scheme.

KW - Blockchain technology

KW - Challenge-based mechanism

KW - Collaborative intrusion detection

KW - Insider attack

KW - Trust management

U2 - 10.1007/s10207-019-00462-x

DO - 10.1007/s10207-019-00462-x

M3 - Journal article

JO - International Journal of Information Security

JF - International Journal of Information Security

SN - 1615-5262

ER -