Developing a Blockchain-Enabled Collaborative Intrusion Detection System: An Exploratory Study

  • Daniel Laufenberg
  • Lei LiEmail author
  • Hossain ShahriarEmail author
  • Meng HanEmail author
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1129)


A Collaborative Intrusion Detection System (CIDS) is a system which a set of IDS work together to defend the computer networks against increasingly sophisticated cyber-attacks. Despite more than decade of research on CIDS, trust management and consensus building among IDS hosts remain as challenging problems. In this paper, we conducted an exploratory study to tackle those two challenges by leveraging the inherent immutability and consensus building capability of blockchain technology. We proposed an architecture for a blockchain-enabled CIDs and implemented a preliminary prototype system using open-source projects such as Hyperledger and Snort. Our initial evaluation on a benchmark testing showed the proposed architecture offers a feasible solution by addressing the issues of trust management, data sharing and consensus building, as well as insider attacks in the network environment of CIDSs.


Blockchain Collaborative Intrusion Detection Systems HyperLedger Snort 


  1. 1.
    Ranganthan, V.P., Dantu, R., Paul, A., Mears, P., Morozov, K.: A decentralized marketplace application on the ethereum blockchain. In: 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC), Philadelphia, PA, pp. 90–97 (2018)Google Scholar
  2. 2.
    Kim, J.-T., Jin, J., Kim, K.: A study on an energy-effective and secure consensus algorithm for private blockchain systems (PoM: Proof of Majority). In: 2018 International Conference on Information and Communication Technology Convergence (ICTC), Jeju, pp. 932–935 (2018)Google Scholar
  3. 3.
    Xu, J.J.: Are blockchains immune to all malicious attacks? Financ. Innovation 2, 1 (2016).
  4. 4.
    Sagirlar, G., Carminati, B., Ferrari, E.: AutoBotCatcher: blockchain-based P2P botnet detection for the internet of things. In: 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC), Philadelphia, PA, pp. 1–8 (2018)Google Scholar
  5. 5.
    Singla, A., Bertino, E.: Blockchain-based PKI solutions for IoT. In: 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC), Philadelphia, PA, October 2018, pp. 9–15 (2018)Google Scholar
  6. 6.
    Dannen, C.: Bridging the blockchain knowledge gap. In: Dannen, C. (ed.) Introducing Ethereum and Solidity, pp. 1–20. Apress, New York (2017)CrossRefGoogle Scholar
  7. 7.
    Golomb, T., Mirsky, Y., Elovici, Y.: CIoTA: collaborative anomaly detection via blockchain. In: Proceedings 2018 Workshop on Decentralized IoT Security and Standards, San Diego, CA (2018)Google Scholar
  8. 8.
    Pop, C.: Decentralizing the stock exchange using blockchain an ethereum-based implementation of the Bucharest Stock Exchange. In: 2018 IEEE 14th International Conference on Intelligent Computer Communication and Processing (ICCP), Cluj-Napoca, pp. 459–466 (2018)Google Scholar
  9. 9.
    Hyperledger - Open Source Blockchain Technologies, Hyperledger. Accessed 20 Feb 2019
  10. 10.
    Hong, J., Liu, C.-C.: Intelligent electronic devices with collaborative intrusion detection systems. IEEE Trans. Smart Grid 10(1), 271–281 (2019)CrossRefGoogle Scholar
  11. 11.
    Al-Utaibi, K.A., El-Alfy, E.-S.M.: Intrusion detection taxonomy and data preprocessing mechanisms. J. Intell. Fuzzy Syst. 34(3), 1369–1383 (2018)CrossRefGoogle Scholar
  12. 12.
    Xin, W., Zhang, T., Hu, C., Tang, C., Liu, C., Chen, Z.: On scaling and accelerating decentralized private blockchains. In: 2017 IEEE 3rd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing, (HPSC) and IEEE International Conference on Intelligent Data and Security (IDS), Beijing, China, pp. 267–271 (2017)Google Scholar
  13. 13.
    Czirkos, Z., Hosszú, G.: P2P based intrusion detection. In: Encyclopedia of Information Communication Technology (2019)Google Scholar
  14. 14.
    Ngamsuriyaroj, S.: Package delivery system based on blockchain infrastructure. In: 2018 Seventh ICT International Student Project Conference (ICT-ISPC), Nakhonpathom, July 2018, pp. 1–6 (2018)Google Scholar
  15. 15.
    Junjoewong, L., Sangnapachai, S., Sunetnanta, T.: ProCircle: a promotion platform using crowdsourcing and web data scraping technique. In: 2018 Seventh ICT International Student Project Conference (ICT-ISPC), pp. 1–5 (2018)Google Scholar
  16. 16.
    Malik, S., Kanhere, S.S., Jurdak, R.: ProductChain: scalable blockchain framework to support provenance in supply chains. In: 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA), Cambridge, MA, pp. 1–10 (2018)Google Scholar
  17. 17.
    Wanjun, Y., Yuan, W.: Research on network trading system using blockchain technology. In: 2018 International Conference on Intelligent Informatics and Biomedical Sciences (ICIIBMS), Bangkok, October 2018, pp. 93–97 (2018)Google Scholar
  18. 18.
    Marteau, P.-F.: Sequence covering for efficient host-based intrusion detection. IEEE Trans. Inf. Forensics Secur. 14(4), 994–1006 (2019)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Czirkos, Z., Hosszú, G.: Solution for the broadcasting in the Kademlia peer-to-peer overlay. Comput. Netw. 57(8), 1853–1862 (2013). Scholar
  20. 20.
    State of the DApps A list of 2,551 blockchainˇ apps for Ethereum, Steem, EOS, and more. Accessed 20 Feb 2019
  21. 21.
    Anceaume, E., Guellier, A., Ludinard, R., Sericola, B.: Sycomore: a permissionless distributed ledger that self-adapts to transactions demand. In: 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA), pp. 1–8 (2018)Google Scholar
  22. 22.
    Corsi, P., Giovanni, L., Marina, R.: TickEth, a ticketing system built on ethereum. In: SAC, April 2019Google Scholar
  23. 23.
    Alexopoulos, N., Vasilomanolakis, E., Ivánkó, N.R., Mühlhäuser, M.: Towards blockchain-based collaborative intrusion detection systems. In: Critical Information Infrastructures Security, pp. 107–118 (2018)Google Scholar
  24. 24.
    Carmen, H.: Understanding blockchain opportunities and challenges. eLearn. Softw. Educ. 4, 275–283 (2018). 9pGoogle Scholar
  25. 25.
    Rilee, K.: Understanding Hyperledger Sawtooth — Proof of Elapsed Time. Medium (2018)Google Scholar
  26. 26.
    Meng, W., Tischhauser, E.W., Wang, Q., Wang, Y., Han, J.: When intrusion detection meets blockchain technology: a review. IEEE Access 6, 10179–10188 (2018)CrossRefGoogle Scholar
  27. 27.
    Yli-Huumo, J.: Where is current research on blockchain technology?—A systematic review. PLoS ONE 11(10), e0163477 (2016). Scholar
  28. 28.
    Warzynski, A., Kolaczek, G.: Intrusion detection systems vulnerability on adversarial examples. In: 2018 Innovations in Intelligent Systems and Applications (INISTA), Thessaloniki, pp. 1–4 (2018)Google Scholar
  29. 29.
    Intrusion Detection Systems - Techotopia. Accessed 04 Mar 2019
  30. 30.
    Vasilomanolakis, E., Stahn, M., Cordero, C.G., Muhlhauser, M.: On probe-response attacks in collaborative intrusion detection systems. In: 2016 IEEE Conference on Communications and Network Security (CNS), Philadelphia, PA, pp. 279–286 (2016)Google Scholar
  31. 31.
    Jin, R., He, X., Dai, H.: Collaborative IDS configuration: a two-layer game-theoretic approach. IEEE Trans. Cogn. Commun. Netw. 4(4), 803–815 (2018)CrossRefGoogle Scholar
  32. 32.
    Ficke, E., Schweitzer, K.M., Bateman, R.M., Xu, S.: Characterizing the effectiveness of network-based intrusion detection systems. In: MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), Los Angeles, CA, pp. 76–81 (2018)Google Scholar
  33. 33.
    Massicotte, F., Labiche, Y.: On the verification and validation of signature-based, network intrusion detection systems. In: 2012 IEEE 23rd International Symposium on Software Reliability Engineering, Dallas, TX, USA, pp. 61–70 (2012)Google Scholar
  34. 34.
    Vigna, G., Robertson, W., Balzarotti, D.: Testing network-based intrusion detection signatures using mutant exploits. In: Proceedings of the 11th ACM Conference on Computer and Communications Security - CCS 2004, Washington DC, USA, p. 21 (2004)Google Scholar
  35. 35.
    Accorsi, R., Stocker, T., Müller, G.: On the exploitation of process mining for security audits: the process discovery case. In: ACM Symposium of Applied Computing (SAC), Coimbra, Portugal, pp. 1462–1468 (2013)Google Scholar
  36. 36.
    King, J., Williams, L.: Log your CRUD: design principles for software logging mechanisms. In: Proceedings of the 2014 Symposium and Bootcamp on the Science of Security - HotSoS 2014, Raleigh, North Carolina, pp. 1–10 (2014)Google Scholar
  37. 37.
    Sekar, R.: Specification-based anomaly detection: a new approach for detecting network intrusions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security - CCS 2002, Washington, DC, USA, p. 265 (2002)Google Scholar
  38. 38.
    Mashima D., Ahamad, M.: Using identity credential usage logs to detect anomalous service accesses. In: Proceedings of the 5th ACM Workshop on Digital Identity Management (DIM), Chicago, Illinois, USA, pp. 73–79 (2009)Google Scholar
  39. 39.
    Liu, Y., Zhang, L., Guan, Y.: A distributed data streaming algorithm for network-wide traffic anomaly detection. ACM SIGMETRICS Perform. Eval. Rev. 37(2), 81–82 (2009)CrossRefGoogle Scholar
  40. 40.
    de Vries, A.: Bitcoin’s growing energy problem. Joule 2(5), 801–805 (2018)CrossRefGoogle Scholar
  41. 41.
    Hyperledger Caliper: Architecture (2019). Accessed 16 June 2019

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Kennesaw State UniversityMariettaUSA

Personalised recommendations