An Architecture for Blockchain-based Collaborative Signature-based Intrusion Detection System

Author

Daniel LaufenbergFollow

Date of Award

Summer 7-9-2019

Degree Type

Thesis

Degree Name

Master of Science in Information Technology (MSIT)

Department

Information Technology

Committee Chair/First Advisor

Dr. Lei Li

Second Advisor

Dr. Hossain Shahriar

Third Advisor

Dr. Meng Han

Abstract

Collaborative intrusion detection system (CIDS), where IDS hosts work with each other and share resources, have been proposed to cope with the increasingly sophisticated cyberattacks. Despite the promising benefits such as expanded signature databases and alert data from multiple sites, trust management and consensus building remain as challenges for a CIDS to work effectively. The blockchain technology with built-in immutability and consensus building capability provides a viable solution to the issues of CIDS. In this paper, we introduce an architecture for a blockchain-enabled signature-based collaborative IDS, discuss the implementation strategy of the proposed architecture and developed a prototype using Hyperledger and Snort. Our preliminary evaluation on a bench mark showed the proposed architecture offers a solution by addressing the issues of trust, data sharing and insider attacks in the network environment of CIDSs. The implications and limitations of this study are also discussed.