RuleChain: A Novel Intrusion Rules Distribution Method Based on Blockchain

Intrusion detection systems (IDSs) have been widely employed to deal with cyber threats and attacks. In order to detect a new type of intrusion, traditional IDSs need either operators to add rules manually or IDS itself to periodically obtain the latest intrusion feature information (rules) from a central online server. However, these two methods are difficult to distribute new intrusion rules on a large scale quickly. It causes IDS to lag in response to new intrusion threats, leaving the network into intrusion risks. In addition, the traditional centralized rules distribution method is also vulnerable to advanced cyber-attacks or nature disasters. This paper proposes a new private blockchain-based intrusion rules distribution method: RuleChain. The management nodes are employed to pack the new rules into a new RuleBlock, and broadcasting it to the entire network. All nodes received the broadcast message will update the local RuleChain with the new RuleBlock to obtain the latest intrusion rules. In this way, the newly released intrusion rules can be quickly transmitted to all nodes of the entire network, thus the proposed method ensures the rapid detection capability of IDS for new intrusion threats. Moreover, the proposed method can accomplish almost all functions of traditional centralized paradigm at very low hardware cost. Theories and experiments show that the proposed method supports fast and efficient distribution of rules across the entire network anywhere.

[1]  Wenjuan Li,et al.  EFM: Enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism , 2014, Comput. Secur..

[2]  Vipul Goyal,et al.  Overcoming Cryptographic Impossibility Results Using Blockchains , 2017, TCC.

[3]  Yuval Elovici,et al.  Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection , 2018, NDSS.

[4]  Sooyong Park,et al.  Where Is Current Research on Blockchain Technology?—A Systematic Review , 2016, PloS one.

[5]  Chase Qishi Wu,et al.  An Effective Deep Learning Based Scheme for Network Intrusion Detection , 2018, 2018 24th International Conference on Pattern Recognition (ICPR).

[6]  Qingju Wang,et al.  When Intrusion Detection Meets Blockchain Technology: A Review , 2018, IEEE Access.

[7]  Hui Zhao,et al.  Hybrid-chain: An Innovative and Efficient Mixed Blockchain Architecture , 2018 .

[8]  Michael Devetsikiotis,et al.  Blockchains and Smart Contracts for the Internet of Things , 2016, IEEE Access.

[9]  Peng Jiang,et al.  A Survey on the Security of Blockchain Systems , 2017, Future Gener. Comput. Syst..

[10]  R. K. Challa,et al.  Novel intrusion detection system integrating layered framework with neural network , 2013, 2013 3rd IEEE International Advance Computing Conference (IACC).

[11]  Christian Decker,et al.  Information propagation in the Bitcoin network , 2013, IEEE P2P 2013 Proceedings.

[12]  Marshall A. Kuypers,et al.  An Empirical Analysis of Cyber Security Incidents at a Large Organization , 2016 .

[13]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[14]  Jesse M. Ehrenfeld WannaCry, Cybersecurity and Health Information Technology: A Time to Act , 2017, Journal of Medical Systems.