Abstract
To protect network assets from various cyber intrusions and fit the distributed environments like Internet of Things (IoTs), collaborative intrusion detection systems (CIDSs) are widely implemented allowing each detection node to exchange required data and information. This aims to improve the detection performance against some complicated attacks. In recent years, software defined networking (SDN) is developing rapidly, which can simplify the network complexity by separating the controller plane from the forwarding plane. In this way, the controller can manage the whole network without knowing the underlying structure and devices. To identify underlying malicious nodes or devices, CIDSs are still an important solution to secure SDN, but might be vulnerable to insider threats, in which an attacker can behave maliciously insider the network. In this work, we focus on this issue and advocate the merit on combining trust management and blockchain technology. Trust management can help evaluate the trustworthiness of each node, and blockchain technology can allow communication without a trusted party while ensuring the integrity of shared data. We then introduce a general framework of blockchain-based collaborative intrusion detection in SDN. In the study, we take challenge-based CIDS as a case, and evaluate our framework performance under both external and internal attacks. Our results indicate the viability and effectiveness of our framework.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alexopoulos, N., Vasilomanolakis, E., Ivanko, N.R., Muhlhauser, M.: Towards blockchain-based collaborative intrusion detection systems. In: Proceedings of the 12th International Conference on Critical Information Infrastructures Security, pp. 1–12 (2017)
Alsmadi, I., Xu, D.: Security of software defined networks: a survey. Comput. Secur. 53, 79–108 (2015)
Chen, X.F., Yu, S.Z.: CIPA: a collaborative intrusion prevention architecture for programmable network and SDN. Comput. Secur. 58, 1–19 (2016)
Chin, T., Xiong, K., Rahouti, M.: SDN-based kernel modular countermeasure for intrusion detection. SecureComm 2017, 270–290 (2017)
Chiu, W.-Y., Meng, W., Jensen, C.D.: NoPKI - a point-to-point trusted third party service based on bockchain consensus algorithm. In: Xu, G., Liang, K., Su, C. (eds.) FCS 2020. CCIS, vol. 1286, pp. 197–214. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-9739-8_16
Duma, C., Karresand, M., Shahmehri, N., Caronni, G.: A Trust-aware, P2P-based overlay for intrusion detection. In: DEXA Workshop, pp. 692–697 (2006)
Eskandari, M., Janjua, Z.H., Vecchio, M., Antonelli, F.: Passban IDS: an intelligent anomaly-based intrusion detection system for IoT edge devices. IEEE Internet Things J. 7(8), 6882–6897 (2020)
Fung, C.J., Baysal, O., Zhang, J., Aib, I., Boutaba, R.: Trust management for host-based collaborative intrusion detection. In: De Turck, F., Kellerer, W. Kormentzas, G. (eds.): DSOM 2008, LNCS 5273, pp. 109–122 (2008)
Golomb, T., Mirsky, Y., Elovici, Y.: CIoTA: Collaborative IoT anomaly detection via blockchain. In: Proceedings of workshop on Decentralized IoT Security and Standards (DISS), pp. 1–6 (2018)
Hu, B., Zhou, C., Tian, Y.-C., Qin, Y., Junping, X.: A collaborative intrusion detection approach using blockchain for multimicrogrid systems. IEEE Trans. Syst. Man Cybern. Syst. 49(8), 1720–1730 (2019)
Hyperledger C Open Source Blockchain Technologies. https://www.hyperledger.org/
Kalodner, H., Goldfeder, S., Chen, X., Weinberg, S., Felten, E.W.: Arbitrum: scalable, private smart contracts. In: Proceedings of 27th USENIX Security Symposium (USENIX Security), August 15C17 (2018)
Kanth, V., McAbee, A., Tummala, M., McEachen, J.C.: Collaborative Intrusion Detection leveraging Blockchain and Pluggable Authentication Modules. In: Proceedings of HICSS, pp. 1–7 (2020)
Krupp, J., Rossow, C.: teEther: gnawing at ethereum to automatically exploit smart contracts. In: Proceedings of 27th USENIX Security Symposium (USENIX Security), Baltimore, MD, USA, August 15C17 (2018)
Lamb, C.C., Heileman, G.L.: Towards robust trust in software defined networks. GLOBECOM Workshops, pp. 166–171 (2014)
Lee, W., Cabrera, J.B.D., Thomas, A., Balwalli, N., Saluja, S., Zhang, Y.: Performance Adaptation in Real-Time Intrusion Detection Systems. RAID 2002, 252–273 (2002)
Li, W., Meng, W., Kwok, L.F.: A survey on openflow-based software defined networks: security challenges and countermeasures. J. Netw. Comput. Appl. 68, 126–139 (2016)
Li, W., Meng, Y., Kwok, L.-F.: Enhancing trust evaluation using intrusion sensitivity in collaborative intrusion detection networks: feasibility and challenges. In: Proceedings of the 9th International Conference on Computational Intelligence and Security (CIS), pp. 518–522. IEEE (2013)
Li, W., Meng, W., Kwok, L.-F.: Design of intrusion sensitivity-based trust management model for collaborative intrusion detection networks. In: Zhou, J., Gal-Oz, N., Zhang, J., Gudes, E. (eds.) IFIPTM 2014. IAICT, vol. 430, pp. 61–76. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43813-8_5
Li, W., Meng, W.: Enhancing collaborative intrusion detection networks using intrusion sensitivity in detecting pollution attacks. Inf. Comput. Secur. 24(3), 265–276 (2016)
Li, W., Tug, S., Meng, W., Wang, Y.: Designing collaborative blockchained signature-based intrusion detection in IoT environments. Future Gen. Comput. Syst. 96, 481–489 (2019)
Li, W., Wang, Y., Jin, Z., Yu, K., Li, J., Xiang, Y.: Challenge-based collaborative intrusion detection in software defined networking: an evaluation. Digit. Commun. Netw. In press, Elsevier
Li, W., Meng, W., Liu, Z., Au, M.H.: Towards blockchain-based software-defined networking: security challenges and solutions. IEICE Trans. Inf. Syst. 103(2), 196–203 (2020)
Liu, L., Yang, J., Meng, W.: Detecting malicious nodes via gradient descent and support vector machine in Internet of Things. Comput. Electr. Eng. 77, 339–353 (2019)
Meng, Y.: The practice on using machine learning for network anomaly intrusion detection. In: Proceedings of the 2011 International Conference on Machine Learning and Cybernetics (ICMLC 2011), pp. 576–581. IEEE (2011)
Meng, W., Li, W., Kwok, L.-F.: Design of intelligent KNN-based alarm filter using knowledge-based alert verification in intrusion detection. Secur. Commun. Netw. 8(18), 3883–3895 (2015)
Meng, W., Raymond Choo, K.K., Furnell, S., Vasilakos, A.V., Probst, C.W.: Towards bayesian-based trust management for insider attacks in healthcare software-defined networks. IEEE Trans. Netw. Serv. Manage. 15(2), 761–773 (2018)
Meng, W., et al.: Position paper on blockchain technology: smart contract and applications. The 12th International Conference on Network and System Security (NSS), pp. 474–483 (2018)
Meng, W., Tischhauser, E.W., Wang, Q., Wang, Y., Han, J.: When intrusion detection meets blockchain technology: a review. IEEE Access 6(1), 10179–10188 (2018)
Meng, W., Li, W., Yang, L.T., Li, P.: Enhancing challenge-based collaborative intrusion detection networks against insider attacks using blockchain. Int. J. Inf. Secur. 19(3), 279–290 (2019). https://doi.org/10.1007/s10207-019-00462-x
Meng, W., Li, W., Zhu, L.: Enhancing medical smartphone networks via blockchain-based trust management against insider attacks. IEEE Trans. Eng. Manage. 67(4), 1377–1386 (2020)
Meng, Y., Li, W.: Adaptive character frequency-based exclusive signature matching scheme in distributed intrusion detection environment. In: Proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 223–230 (2012)
Meng, W., Li, W., Tug, S., Tan, J.: Towards blockchain-enabled single character frequency-based exclusive signature matching in IoT-assisted smart cities. J. Parallel Distrib. Comput. 144, 268–277 (2020)
Meng, W., Li, W., Yang, L.T., Li, P.: Enhancing challenge-based collaborative intrusion detection networks against insider attacks using blockchain. Int. J. Inf. Sec. 19(3), 279–290 (2020)
Mu, Y., Rezaeibagha, F., Huang, K.: Policy-driven blockchain and its applications for transport systems. IEEE Trans. Serv. Comput. 13(2), 230–240 (2020)
Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008). http://bitcoin.org/bitcoin.pdf
NetScanTools. (access on July 2020) https://www.netscantools.com/nstpro_packet_generator.html
OpenFlow Switch Specification - Open Networking Foundation. https://www.opennetworking.org/wp-content/uploads/2014/10/openflow-switch-v1.5.1.pdf
Open vSwitch, an open virtual switch. http://openvswitch.org/. Accessed June 2020
Veeraiah, N., Krishna, B.T.: Trust-aware FuzzyClus-Fuzzy NB: intrusion detection scheme based on fuzzy clustering and Bayesian rule. Wirel. Netw. 25(7), 4021–4035 (2019)
The POX Controller. https://github.com/noxrepo/pox/>. Accessed March 2020
Paladi, N., Gehrmann, C.: Bootstrapping trust in software defined networks. EAI Endorsed Trans. Secur. Safe. 4(11), e5 (2017)
Pirtle, C., Ehrenfeld, J.M.: Blockchain for healthcare: the next generation of medical records? J. Medical Syst. 42(9), 1–3 (2018)
Ujjan, R.M.A., Pervez, Z., Dahal, K.P.: Snort based collaborative intrusion detection system using Blockchain in SDN. In: Proceedings of SKIMA, pp. 1–8 (2019)
Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). NISTSpecial Publication, 800-894 (2007)
Sahay, R., Meng, W., Jensen, C.D.: The application of software defined networking on securing computer networks: a survey. J. Netw. Comput. Appl. 131, 89–108 (2019)
What is SDN and where software-defined networking is going. https://www.networkworld.com/article/3209131/what-sdn-is-and-where-its-going.html. Accessed 1 Sept 2020
Snort: An an open source network intrusion prevention and detection system (IDS/IPS). Homepage: http://www.snort.org/
Steichen, M., Hommes, S., State, R.: ChainGuard - A firewall for blockchain applications using SDN with openflow. In: Proceedings of International Conference on Principles, Systems and Applications of IP Telecommunications (IPTComm), pp. 1–8 (2017)
Tan, K.M.C., Killourhy, K.S., Maxion, R.A.: Undermining an anomaly-based intrusion detection system using common exploits. Proc. RAID 2002, 54–73 (2002)
Tug, S., Meng, W., Wang, Y.: CBSigIDS: towards collaborative blockchained signature-based intrusion detection. In: Proceedings of The 1st IEEE International Conference on Blockchain (Blockchain), pp. 1228–1235 (2018)
Wood, G.: Ethereum: A secure decentralised generalised transaction ledger. EIP-150 Revision (2016)
Wüst, K., Gervais, A.: Do you need a blockchain? In: CVCBT, pp. 45–54 (2018)
Yan, Z., Zhang, P., Vasilakos, A.V.: A security and trust framework for virtualized networks and software-defined networking. Secur. Commun. Netw. 9(16), 3059–3069 (2016)
Zhang, D., Yu, F.R., Yang, R., Tang, H.: A deep reinforcement learning-based trust management scheme for software-defined vehicular networks. DIVANet@MSWiM, pp. 1–7 (2018)
Acknowledgments
This work was partially supported by National Natural Science Foundation of China (No. 61802080 and 61802077).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Li, W., Tan, J., Wang, Y. (2020). A Framework of Blockchain-Based Collaborative Intrusion Detection in Software Defined Networking. In: Kutyłowski, M., Zhang, J., Chen, C. (eds) Network and System Security. NSS 2020. Lecture Notes in Computer Science(), vol 12570. Springer, Cham. https://doi.org/10.1007/978-3-030-65745-1_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-65745-1_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65744-4
Online ISBN: 978-3-030-65745-1
eBook Packages: Computer ScienceComputer Science (R0)