Developing a Blockchain-Enabled Collaborative Intrusion Detection System: An Exploratory Study

Abstract

A Collaborative Intrusion Detection System (CIDS) is a system which a set of IDS work together to defend the computer networks against increasingly sophisticated cyber-attacks. Despite more than decade of research on CIDS, trust management and consensus building among IDS hosts remain as challenging problems. In this paper, we conducted an exploratory study to tackle those two challenges by leveraging the inherent immutability and consensus building capability of blockchain technology. We proposed an architecture for a blockchain-enabled CIDs and implemented a preliminary prototype system using open-source projects such as Hyperledger and Snort. Our initial evaluation on a benchmark testing showed the proposed architecture offers a feasible solution by addressing the issues of trust management, data sharing and consensus building, as well as insider attacks in the network environment of CIDSs.