Toward a blockchain-based framework for challenge-based collaborative intrusion detection


Network intrusions are a big threat to network and system assets, which have become more complex to date. To enhance the detection performance, collaborative intrusion detection networks (CIDNs) are adopted by many organizations to protect their resources. However, such detection systems or networks are typically vulnerable to insider attacks, so that there is a need to implement suitable trust mechanisms. In the literature, challenge-based trust mechanisms are able to measure the trustworthiness of a node by evaluating the relationship between the sent challenges and the received responses. In practice, challenge-based CIDNs have shown to be robust against common insider attacks, whereas it may still be susceptible to advanced insider attacks. How to enhance the robustness of such challenge-based CIDNs remains an issue. Motivated by the recent development of blockchains, in this work, our purpose is to design a blockchained challenge-based CIDN framework that aims to combine blockchains with challenge-based trust mechanism. Our evaluation demonstrates that blockchain technology has the potential to enhance the robustness of challenge-based CIDNs in the aspects of trust management (i.e., enhancing the detection of insider nodes) and alarm aggregation (i.e., identifying untruthful inputs) under adversary scenarios.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8


  1. 1.

    Alexopoulos, N., Vasilomanolakis, E., Ivanko, N.R., Muhlhauser, M.: Towards blockchain-based collaborative intrusion detection systems. In: Proceedings of the 12th International Conference on Critical Information Infrastructures Security, pp. 1–12 (2017)

  2. 2.

    Almost half of companies still can’t detect IoT device breaches, reveals Gemalto study. Accessed 10 Apr 2019

  3. 3.

    Amazon Managed Blockchain: easily create and manage scalable blockchain networks. Accessed 10 Apr 2019

  4. 4.

    Badertscher, C., Gazi, P., Kiayias, A., Russell, A., Zikas, V.: Ouroboros genesis: composable proof-of-stake blockchains with dynamic availability. In: Proceedings of ACM Conference on Computer and Communications Security (CCS), pp. 913–930 (2018)

  5. 5.

    Daian, P., Pass, R., Shi, E.: Snow white: robustly reconfigurable consensus and applications to provably secure proofs of stake. In: Financial Cryptography and Data Security (FC) (2019)

  6. 6.

    Duma, C., Karresand, M., Shahmehri, N., Caronni, G.: A trust-aware, P2P-based overlay for intrusion detection. In: DEXA Workshop, pp. 692–697 (2006)

  7. 7.

    Fadlullah, Z.M., Taleb, T., Vasilakos, A.V., Guizani, M., Kato, N.: DTRAB: combating against attacks on encrypted protocols through traffic-feature analysis. IEEE/ACM Trans. Netw. 18(4), 1234–1247 (2010)

    Article  Google Scholar 

  8. 8.

    Friedberg, I., Skopik, F., Settanni, G., Fiedler, R.: Combating advanced persistent threats: from network event correlation to incident detection. Comput. Secur. 48, 35–47 (2015)

    Article  Google Scholar 

  9. 9.

    Fung, C.J., Baysal, O., Zhang, J., Aib, I., Boutaba, R.: Trust management for host-based collaborative intrusion detection. In: De Turck, F., Kellerer, W., Kormentzas, G. (eds.) DSOM 2008, LNCS 5273, pp. 109–122 (2008)

  10. 10.

    Fung, C.J., Zhu, Q., Boutaba, R., Basar, T.: Bayesian decision aggregation in collaborative intrusion detection networks. In: NOMS, pp. 349–356 (2010)

  11. 11.

    Gartner identifies top 10 strategic IoT technologies and trends. Accessed 22 Mar 2019

  12. 12.

    Golomb, T., Mirsky, Y., Elovici, Y.: CIoTA: collaborative IoT anomaly detection via blockchain. In: Proceedings of Workshop on Decentralized IoT Security and Standards (DISS), pp. 1–6 (2018)

  13. 13.

    Huebsch, R., Chun, B.N., Hellerstein, J.M., Loo, B.T., Maniatis, P., Roscoe, T., Shenker, S., Stoica, I., Yumerefendi, A.R.: The architecture of PIER: an internet-scale query processor. In: Proceedings of the 2005 Conference on Innovative Data Systems Research (CIDR), pp. 28–43 (2005)

  14. 14.

    Hyperledger—Open Source Blockchain Technologies.

  15. 15.

    Kiffer, L., Rajaraman, R., Shelat, A.: A better method to analyze blockchain consistency. In: Proceedings of ACM Conference on Computer and Communications Security (CCS), pp. 729–744 (2018)

  16. 16.

    Leading the IoT: gartner insights on how to lead in a connected world. Accessed 22 Mar 2019

  17. 17.

    Lei, A., Cruickshank, H.S., Cao, Y., Asuquo, P.M., Ogah, C.P.A., Sun, Z.: Blockchain-based dynamic key management for heterogeneous intelligent transportation systems. IEEE Internet Things J. 4(6), 1832–1843 (2017)

    Article  Google Scholar 

  18. 18.

    Li, Z., Chen, Y., Beach, A.: Towards scalable and robust distributed intrusion alert fusion with good load balancing. In: Proceedings of the 2006 SIGCOMM Workshop on Large-Scale Attack Defense (LSAD), pp. 115–122 (2006)

  19. 19.

    Li, W., Meng, W., Kwok, L.F., Ip, H.H.S.: PMFA: toward passive message fingerprint attacks on challenge-based collaborative intrusion detection networks. In: Proceedings of the 10th International Conference on Network and System Security (NSS 2016), pp. 433–449 (2016)

  20. 20.

    Li, W., Meng, Y., Kwok, L.-F.: Design of intrusion sensitivity-based trust management model for collaborative intrusion detection networks. In: Proceedings of the 8th IFIP WG 11.11 International Conference on Trust Management (IFIPTM), Springer, pp. 61–76 (2014)

  21. 21.

    Li, W., Meng, Y., Kwok, L.-F.: Enhancing trust evaluation using intrusion sensitivity in collaborative intrusion detection networks: feasibility and challenges. In: Proceedings of the 9th International Conference on Computational Intelligence and Security (CIS), pp. 518–522. IEEE (2013)

  22. 22.

    Li, W., Meng, W., Kwok, L.-F.: Evaluating intrusion sensitivity allocation with support vector machine for collaborative intrusion detection. In: Proceedings of the 15th International Conference on Information Security Practice and Experience (ISPEC), pp. 1–12 (2019)

  23. 23.

    Li, W., Meng, W., Kwok, L.F.: SOOA: exploring special on-off attacks on challenge-based collaborative intrusion detection networks. In: Proceedings of GPC, pp. 402–415 (2017)

  24. 24.

    Li, W., Tug, S., Meng, W., Wang, Y.: Designing collaborative blockchained signature-based intrusion detection in IoT environments. Future Gener. Comput. Syst. 96, 481–489 (2019)

    Article  Google Scholar 

  25. 25.

    Li, W., Wang, Y., Li, J., Au, M.H.: Towards blockchained challenge-based collaborative intrusion detection. In: Proceedings of the 1st International Workshop on Application Intelligence and Blockchain Security (AIBlock), in Conjunction with ACNS 2019, pp. 122–139 (2019)

  26. 26.

    Li, W., Kwok, L.E.: Challenge-based collaborative intrusion detection networks under passive message fingerprint attack: a further analysis. J. Inf. Secur. Appl. 47, 1–7 (2019)

    Google Scholar 

  27. 27.

    Li, W., Meng, W.: Enhancing collaborative intrusion detection networks using intrusion sensitivity in detecting pollution attacks. Inf. Comput. Secur. 24(3), 265–276 (2016)

    Article  Google Scholar 

  28. 28.

    Li, L., Liu, J., Cheng, L., Qiu, S., Wang, W., Zhang, X., Zhang, Z.: CreditCoin: a privacy-preserving blockchain-based incentive announcement network for communications of smart vehicles. IEEE Trans. Intell. Transp. Syst. 19(7), 2204–2220 (2018)

    Article  Google Scholar 

  29. 29.

    Li, W., Meng, W., Kwok, L.-F.: Investigating the influence of special on–off attacks on challenge-based collaborative intrusion detection networks. Future Internet 10(1), 1–16 (2018)

    Article  Google Scholar 

  30. 30.

    Makhdoom, I., Abolhasan, M., Abbas, H., Ni, W.: Blockchain’s adoption in IoT: the challenges, and a way forward. J. Netw. Comput. Appl. 125, 251–279 (2019)

    Article  Google Scholar 

  31. 31.

    Marr, B.: 5 blockchain trends everyone should know about. Accessed 10 Apr 2019

  32. 32.

    Meng, W., Li, W., Kwok, L.-F.: An evaluation of single character frequency-based exclusive signature matching in distinct IDS environments. In: Proceedings of the 17th International Conference on Information Security (ISC), pp. 465–476 (2014)

  33. 33.

    Meng, W., Li, W., Yang, L.T., Li, P.: Enhancing challenge-based collaborative intrusion detection networks against insider attacks using blockchain. Int. J. Inf. Secur. (2019).

    Article  Google Scholar 

  34. 34.

    Meng, W., Li, W., Zhu, L.: Enhancing medical smartphone networks via blockchain-based trust management against insider attacks. IEEE Trans. Eng, Manag (2019).

  35. 35.

    Meng, W., Luo, X., Li, W., Li, Y.: Design and evaluation of advanced collusion attacks on collaborative intrusion detection networks in practice. In: Proceedings of the 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2016), pp. 1061–1068 (2016)

  36. 36.

    Meng, Y., Kwok, L.F.: Enhancing false alarm reduction using voted ensemble selection in intrusion detection. Int. J. Comput. Intell. Syst. 6(4), 626–638 (2013)

    Article  Google Scholar 

  37. 37.

    Meng, Y., Li, W., Kwok, L.F.: Towards adaptive character frequency-based exclusive signature matching scheme and its applications in distributed intrusion detection. Comput. Netw. 57(17), 3630–3640 (2013)

    Article  Google Scholar 

  38. 38.

    Meng, W., Li, W., Kwok, L.F.: EFM: enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism. Comput. Secur. 43, 189–204 (2014)

    Article  Google Scholar 

  39. 39.

    Meng, W., Li, W., Kwok, L.F.: Design of intelligent KNN-based alarm filter using knowledge-based alert verification in intrusion detection. Secur. Commun. Netw. 8(18), 3883–3895 (2015)

    Article  Google Scholar 

  40. 40.

    Meng, W., Li, W., Xiang, Y., Choo, K.K.R.: A Bayesian inference-based detection mechanism to defend medical smartphone networks against insider attacks. J. Netw. Comput. Appl. 78, 162–169 (2017)

    Article  Google Scholar 

  41. 41.

    Meng, W., Li, W., Kwok, L.-F.: Towards effective trust-based packet filtering in collaborative network environments. IEEE Trans. Netw. Serv. Manag. 14(1), 233–245 (2017)

    Article  Google Scholar 

  42. 42.

    Meng, W., Tischhauser, E.W., Wang, Q., Wang, Y., Han, J.: When intrusion detection meets blockchain technology: a review. IEEE Access 6(1), 10179–10188 (2018)

    Article  Google Scholar 

  43. 43.

    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). Accessed 7 July 2019

  44. 44.

    Orcutt, M.: How secure is blockchain really? Accessed 22 Mar 2019

  45. 45.

    Papadopoulos, C., Lindell, R., Mehringer, J., Hussain, A., Govindan, R.: COSSACK: coordinated suppression of simultaneous attacks. In: Proceedings of the 2003 DARPA Information Survivability Conference and Exposition (DISCEX), pp. 94–96 (2003)

  46. 46.

    Pass, R., Shi, E.: Thunderella: blockchains with optimistic instant confirmation. In: Proceedings of the 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), pp. 3–33 (2018)

  47. 47.

    Petrov, C.: Internet of things statistics 2019 [the rise of IoT]. Accessed 5 Aug 2019

  48. 48.

    Porras, P.A., Neumann, P.G.: Emerald: event monitoring enabling responses to anomalous live disturbances. In: Proceedings of the 20th National Information Systems Security Conference, pp. 353–365 (1997)

  49. 49.

    Roesch, M.: Snort: lightweight intrusion detection for networks. In: Proceedings of Usenix Lisa Conference, pp. 229–238 (1999)

  50. 50.

    Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Special Publication 800–94 (2007)

  51. 51.

    Sharma, V.: An energy-efficient transaction model for the blockchain-enabled internet of vehicles (IoV). IEEE Commun. Lett. 23(2), 246–249 (2019)

    Article  Google Scholar 

  52. 52.

    Singh, S., Ra, I.H., Meng, W., Kaur, M., Cho, G.H.: SH-BlockCC: a secure and efficient IoT smart home architecture based on cloud computing and blockchain technology. Int. J. Distrib. Sensor Netw. (2019).

    Article  Google Scholar 

  53. 53.

    Snapp, S.R., et al.: DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype. In: Proceedings of the 14th National Computer Security Conference, pp. 167–176 (1991)

  54. 54.

    Snort: an an open source network intrusion prevention and detection system (IDS/IPS).

  55. 55.

    Steichen, M., Hommes, S., State, R.: ChainGuard—a firewall for blockchain applications using SDN with OpenFlow. In: Proceedings of International Conference on Principles, Systems and Applications of IP Telecommunications (IPTComm), pp. 1–8 (2017)

  56. 56.

    Symantec 2019 internet security threat report. Accessed 22 Mar 2019

  57. 57.

    The Zeek Network Security Monitor.

  58. 58.

    Tuan, T.A.: A game-theoretic analysis of trust management in P2P systems. In: Proceedings of ICCE, pp. 130–134 (2006)

  59. 59.

    Tug, S., Meng, W., Wang, Y.: CBSigIDS: towards collaborative blockchained signature-based intrusion detection. In: Proceedings of The 1st IEEE International Conference on Blockchain (Blockchain) (2018)

  60. 60.

    Vasilomanolakis, E., Karuppayah, S., Muhlhauser, M., Fischer, M.: Taxonomy and survey of collaborative intrusion detection. ACM Comput. Surv. 47(4), 55:1–55:33 (2015)

    Article  Google Scholar 

  61. 61.

    Vigna, G.,Kemmerer, R.A.: NetSTAT: a network-based intrusion detection approach. In: Proceedings of Annual Computer Security Applications Conference (ACSAC), pp. 25–34 (1998)

  62. 62.

    Wan, C., Tang, S., Zhang, Y., Pan, C., Liu, Z., Long, Y., Liu, Z., Yu, Y.: Goshawk: a novel efficient, robust and flexible blockchain protocol. In: Proceedings of Inscrypt, pp. 49–69 (2018)

  63. 63.

    Wang, Y., Meng, W., Li, W., Liu, Z., Liu, Y., Xue, H.: Adaptive machine learning-based alarm reduction via edge computing for distributed intrusion detection systems. Concurr. Comput. Pract. Exp. 31(19), e5101 (2019)

    Article  Google Scholar 

  64. 64.

    Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. EIP-150 Revision (2016)

  65. 65.

    Wu, Y.-S., Foo, B., Mei, Y., Bagchi, S.: Collaborative intrusion detection system (CIDS): a framework for accurate and efficient IDS. In: Proceedings of the 2003 Annual Computer Security Applications Conference (ACSAC), pp. 234–244 (2003)

  66. 66.

    Wüst, K., Gervais, A.: Do you need a blockchain? In: CVCBT, pp. 45–54 (2018)

  67. 67.

    Yegneswaran, V., Barford, P., Jha, S.: Global intrusion detection in the DOMINO overlay system. In: Proceedings of the 2004 Network and Distributed System Security Symposium (NDSS), pp. 1–17 (2004)

Download references


This work was funded by the National Natural Science Foundation of China (NSFC) under Grant Nos. 61772148, 61802080 and 61802077.

Author information



Corresponding author

Correspondence to Yu Wang.

Ethics declarations

Conflict of interest

All authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Li, W., Wang, Y., Li, J. et al. Toward a blockchain-based framework for challenge-based collaborative intrusion detection. Int. J. Inf. Secur. 20, 127–139 (2021).

Download citation


  • Intrusion detection
  • Collaborative network
  • Insider attack
  • Blockchain technology
  • Challenge-based trust mechanism