Snort Based Collaborative Intrusion Detection System Using Blockchain in SDN

Due to the rapid increment of the cyber attacks, intrusion detection system (IDS) is shifting towards collaborative approaches. There is a huge demand for securing larger networking environments for providing a safeguard against threats. In order to optimize the feasible detection performance, Collaborative Intrusion Detection Networks (CIDN) approaches have been adopted in practical scenarios, which enables a group of IDS nodes to mutually share and exchange mandatory information with each other, for example, IDS-signatures, attacks alarms. However, CIDN networks are distributed in nature, such networks still face plenty of implementation problems, especially, insider intruder can easily dominate any of security node and leave the entire security system vulnerable. To achieve the trust-based communication between each of IDS node, the recent advancement in blockchain applications is considered as a good fit to create trust-based communication in CIDN networks. This work converges CIDN network and blockchain in SDN context. Firstly, we investigated existing related work and highlighted challenges and research gap towards blockchain in CIDN networks. Secondly, we utilised three collaborated Snort IDS to receive the latest signature update from Ryu and then to securely share such signatures updates to all other Snort nodes within test-bed. Our work is motivated to detect seven types of common attacks with collaborated signature-based IDS, which feasibly processes more packets to achieve satisfactory detection results. Overall the evaluation results show that with the adoption of blockchain protocols, the proposed CIDN network achieves 96% of TP rate detection rate for TCP, UDP and ICMP packets.

[1]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[2]  Qingju Wang,et al.  When Intrusion Detection Meets Blockchain Technology: A Review , 2018, IEEE Access.

[3]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[4]  Young-Sik Jeong,et al.  DistBlockNet: A Distributed Blockchains-Based Secure SDN Architecture for IoT Networks , 2017, IEEE Communications Magazine.

[5]  Alex Pentland,et al.  Enigma: Decentralized Computation Platform with Guaranteed Privacy , 2015, ArXiv.

[6]  Raouf Boutaba,et al.  Trust Management for Host-Based Collaborative Intrusion Detection , 2008, DSOM.

[7]  Chunhua Su,et al.  Towards False Alarm Reduction Using Fuzzy If-Then Rules for Medical Cyber Physical Systems , 2018, IEEE Access.

[8]  Saurabh Bagchi,et al.  Collaborative intrusion detection system (CIDS): a framework for accurate and efficient IDS , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[9]  Radu State,et al.  ChainGuard — A firewall for blockchain applications using SDN with OpenFlow , 2017, 2017 Principles, Systems and Applications of IP Telecommunications (IPTComm).

[10]  Wenjuan Li,et al.  Intelligent Alarm Filter Using Knowledge-Based Alert Verification in Network Intrusion Detection , 2012, ISMIS.

[11]  Yan Chen,et al.  Towards scalable and robust distributed intrusion alert fusion with good load balancing , 2006, LSAD '06.

[12]  Nahid Shahmehri,et al.  A Trust-Aware, P2P-Based Overlay for Intrusion Detection , 2006, 17th International Workshop on Database and Expert Systems Applications (DEXA'06).

[13]  Cesare Pautasso,et al.  The Blockchain as a Software Connector , 2016, 2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA).

[14]  Trinh Anh Tuan A Game-Theoretic Analysis of Trust Management in P2P Systems , 2006, 2006 First International Conference on Communications and Electronics.

[15]  Wenjuan Li,et al.  Enhancing Trust Evaluation Using Intrusion Sensitivity in Collaborative Intrusion Detection Networks: Feasibility and Challenges , 2013, 2013 Ninth International Conference on Computational Intelligence and Security.

[16]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[17]  Lam-for Kwok,et al.  Enhancing False Alarm Reduction Using Voted Ensemble Selection in Intrusion Detection , 2013, Int. J. Comput. Intell. Syst..

[18]  Fernando M. V. Ramos,et al.  Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[19]  Yuval Elovici,et al.  CIoTA: Collaborative IoT Anomaly Detection via Blockchain , 2018, ArXiv.