Skip to main content
SpringerLink
Log in

Towards Blockchain-Based Collaborative Intrusion Detection Systems

  • Conference paper
  • First Online:
Critical Information Infrastructures Security (CRITIS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10707))

Abstract

In an attempt to cope with the increased number of cyber-attacks, research in Intrusion Detection System IDSs is moving towards more collaborative mechanisms. Collaborative IDSs (CIDSs) are such an approach; they combine the knowledge of a plethora of monitors to generate a holistic picture of the monitored network. Despite the research done in this field, CIDSs still face a number of fundamental challenges, especially regarding maintaining trust among the collaborating parties. Recent advances in distributed ledger technologies, e.g. various implementations of blockchain protocols, are a good fit to the problem of enhancing trust in collaborative environments. This paper touches the intersection of CIDSs and blockchains. Particularly, it introduces the idea of utilizing blockchain technologies as a mechanism for improving CIDSs. We argue that certain properties of blockchains can be of significant benefit for CIDSs; namely for the improvement of trust between monitors, and for providing accountability and consensus. For this, we study the related work and highlight the research gaps and challenges towards such a task. Finally, we propose a generic architecture for the incorporation of blockchains into the field of CIDSs and an analysis of the design decisions that need to be made to implement such an architecture.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.hyperledger.org.

  2. 2.

    https://monax.io.

  3. 3.

    This refers to the case where a monitor, which is part of the CIDS, turns malicious and attempts to attack or misguide other monitors of the system.

  4. 4.

    An asymmetric approach, e.g., with a Public Key Infrastructure (PKI), is also possible, however a lot of overhead would be expected in the key distribution and maintenance process.

References

  1. Antonopoulos, A.M.: Mastering Bitcoin: Unlocking Digital Cryptocurrencies. O’Reilly Media, Inc., Sebastopol (2014)

    Google Scholar 

  2. Azaria, A., Ekblaw, A., Vieira, T., Lippman, A.: Medrec: using blockchain for medical data access and permission management. In: International Conference on Open and Big Data (OBD), pp. 25–30. IEEE (2016)

    Google Scholar 

  3. Baliga, A.: Understanding Blockchain Consensus Models. Technical report. Persistent Systems Ltd. (2017)

    Google Scholar 

  4. Bartoš, V., Kořenek, J.: Evaluating reputation of internet entities. In: Badonnel, R., Koch, R., Pras, A., Drašar, M., Stiller, B. (eds.) AIMS 2016. LNCS, vol. 9701, pp. 132–136. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39814-3_13

    Chapter  Google Scholar 

  5. bitcoinwiki: OP\_RETURN (2017). https://en.bitcoin.it/wiki/OP_RETURN

  6. Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970)

    Article  Google Scholar 

  7. Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: Sok: research perspectives and challenges for bitcoin and cryptocurrencies. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 104–121. IEEE (2015)

    Google Scholar 

  8. Cachin, C.: Architecture of the hyperledger blockchain fabric. In: Workshop on Distributed Cryptocurrencies and Consensus Ledgers (2016)

    Google Scholar 

  9. Cachin, C., Schubert, S., Vukolić, M.: Non-determinism in byzantine fault-tolerant replication. arXiv preprint arXiv:1603.07351 (2016)

  10. Castro, M., Liskov, B., et al.: Practical byzantine fault tolerance. In: OSDI, vol. 99, pp. 173–186 (1999)

    Google Scholar 

  11. Christidis, K., Devetsikiotis, M.: Blockchains and smart contracts for the internet of things. IEEE Access 4, 2292–2303 (2016)

    Article  Google Scholar 

  12. Coindesk: Seven asian banks investigating bitcoin and blockchain tech. http://www.coindesk.com/7-asian-banks-investigating-bitcoin-and-blockchain-tech/

  13. Demers, A., et al.: Epidemic algorithms for replicated database maintenance. In: Proceedings of the sixth annual ACM Symposium on Principles of distributed computing, pp. 1–12. ACM (1987)

    Google Scholar 

  14. Duma, C., Karresand, M., Shahmehri, N., Caronni, G.: A trust-aware, P2P-based overlay for intrusion detection. In: International Conference on Database and Expert Systems Applications (DEXA 2006), pp. 692–697. IEEE (2006)

    Google Scholar 

  15. Ehrenfeld, J.M.: Wannacry, cybersecurity and health information technology: a time to act. J. Med. Syst. 41(7), 104 (2017)

    Article  Google Scholar 

  16. Fung, C.J., Zhang, J., Aib, I., Boutaba, R.: Dirichlet-based trust management for effective collaborative intrusion detection networks. IEEE Trans. Netw. Serv. Manage. 8(2), 79–91 (2011)

    Article  Google Scholar 

  17. Grid, T.: http://transactivegrid.net/

  18. Halamka, J.D., Lippman, A., Ekblaw, A.: The potential for blockchain to transform electronic health records (2017). https://hbr.org/2017/03/the-potential-for-blockchain-to-transform-electronic-health-records

  19. Lamport, L., Shostak, R., Pease, M.: The Byzantine generals problem. ACM Trans. Program. Lang. Syst. (TOPLAS) 4(3), 382–401 (1982)

    Article  Google Scholar 

  20. Lantmäteriet, Landshypotek Bank: SBAB, Telia company, ChromaWay, Kairos Future: The land registry in the blockchain - testbed. Technical report (2017)

    Google Scholar 

  21. Locasto, M.E., Parekh, J.J., Keromytis, A.D., Stolfo, S.J.: Towards collaborative security and P2P intrusion detection. In: IEEE Workshop on Information Assurance and Security, pp. 333–339. IEEE (2005)

    Google Scholar 

  22. Locasto, M.E., Parekh, J.J., Stolfo, S., Misra, V.: Collaborative distributed intrusion detection. Technical report, Columbia University (2004)

    Google Scholar 

  23. Mihaylov, M., et al.: Virtual currency for trading of renewable energy in smart grids. In: European Energy Market (EEM), 11th International Conference on the, pp. 1–6. IEEE (2014)

    Google Scholar 

  24. Mihaylov, M., Jurado, S., Van Moffaert, K., Avellana, N., Nowé, A.: Nrg-x-change-a novel mechanism for trading of renewable energy in smart grids. In: SMARTGREENS, pp. 101–106 (2014)

    Google Scholar 

  25. Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008)

    Google Scholar 

  26. Okada, H., Yamasaki, S., Bracamonte, V.: Proposed classification of blockchains based on authority and incentive dimensions. In: Advanced Communication Technology (ICACT), 2017 19th International Conference on, pp. 593–597. IEEE (2017)

    Google Scholar 

  27. Rutkin, A.: Blockchain-based microgrid gives power to consumers in new york. New Scientist (2016). https://www.newscientist.com/article

  28. Shrier, D., Wu, W., Pentland, A.: Blockchain & infrastructure (identity, data security). Technical report, (2016). http://cdn.resources.getsmarter.ac/wp-content/uploads/2016/05/MIT_Blockchain_Infrastructure_Report_Part_Three_May_2016.pdf

  29. Suberg, W.: Factom’s latest partnership takes on us healthcare (2015). https://cointelegraph.com/news/factoms-latest-partnership-takes-on-us-healthcare

  30. Ullrich, J.: Dshield internet storm center (2000). https://www.dshield.org/

  31. Vasilomanolakis, E., Habib, S.M., Milaszewicz, P., Malik, R.S., Mühlhäuser, M.: Towards trust-aware collaborative intrusion detection: challenges and solutions. In: Steghöfer, J.-P., Esfandiari, B. (eds.) IFIPTM 2017. IAICT, vol. 505, pp. 94–109. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59171-1_8

    Chapter  Google Scholar 

  32. Vasilomanolakis, E., Karuppayah, S., Kikiras, P., Mühlhäuser, M.: A honeypot-driven cyber incident monitor: lessons learned and steps ahead. In: International Conference on Security of Information and Networks, pp. 158–164. ACM (2015)

    Google Scholar 

  33. Vasilomanolakis, E., Karuppayah, S., Mühlhäuser, M., Fischer, M.: Taxonomy and survey of collaborative intrusion detection. ACM Comput. Surv. 47(4), 33 (2015)

    Article  Google Scholar 

  34. Vasilomanolakis, E., Krügl, M., Cordero, C.G., Mühlhäuser, M., Fischer, M.: Skipmon: A locality-aware collaborative intrusion detection system. In: Computing and Communications Conference (IPCCC), IEEE 34th International Performance, pp. 1–8. IEEE (2015)

    Google Scholar 

  35. Vukolić, M.: The quest for scalable blockchain fabric: Proof-of-work vs. BFT replication. In: Camenisch, J., Kesdoğan, D. (eds.) iNetSec 2015. LNCS, vol. 9591, pp. 112–125. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39028-4_9

    Chapter  Google Scholar 

  36. Walport, M.: Distributed ledger technology: beyond blockchain. UK Government Office for Science (2016)

    Google Scholar 

  37. Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151 (2014)

    Google Scholar 

  38. Zhou, C.V., Karunasekera, S., Leckie, C.: A peer-to-peer collaborative intrusion detection system. In: International Conference on Networks, pp. 118–123. IEEE (2005)

    Google Scholar 

  39. Zyskind, G., Nathan, O., Pentland, A.: Enigma: decentralized computation platform with guaranteed privacy. arXiv preprint arXiv:1506.03471 (2015)

Download references

Acknowledgments

This work has received funding from the European Union’s Horizon 2020 Research and Innovation Program, PROTECTIVE, under Grant Agreement No 700071. This work has also been funded by the DFG within the RTG 2050 “Privacy and Trust for Mobile Users” and within the CRC 1119 CROSSING.

Author information

Authors and Affiliations

  1. Telecooperation Group, Technische Universität Darmstadt, Darmstadt, Germany

    Nikolaos Alexopoulos, Emmanouil Vasilomanolakis, Natália Réka Ivánkó & Max Mühlhäuser

Authors
  1. Nikolaos Alexopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emmanouil Vasilomanolakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Natália Réka Ivánkó
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Max Mühlhäuser
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Nikolaos Alexopoulos or Emmanouil Vasilomanolakis .

Editor information

Editors and Affiliations

  1. ENEA “Casaccia” and Network of Networks - Netonets, Rome, Italy

    Gregorio D'Agostino

  2. CNR - Institute for Complex Systems (ISC), Rome, Italy

    Antonio Scala

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alexopoulos, N., Vasilomanolakis, E., Ivánkó, N.R., Mühlhäuser, M. (2018). Towards Blockchain-Based Collaborative Intrusion Detection Systems. In: D'Agostino, G., Scala, A. (eds) Critical Information Infrastructures Security. CRITIS 2017. Lecture Notes in Computer Science(), vol 10707. Springer, Cham. https://doi.org/10.1007/978-3-319-99843-5_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-99843-5_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-99842-8

  • Online ISBN: 978-3-319-99843-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation