Enhancing challenge-based collaborative intrusion detection networks against insider attacks using blockchain

Due to the rapid growth of computer networks, intrusions have become more complicated and devastating. As an important solution, collaborative intrusion detection networks or systems (CIDNs or CIDSs) are considered and adopted by many organizations to identify cyberattacks. Insider attack is one major threat to such defensive mechanisms. In the literature, challenge-based trust management scheme can help safeguard CIDNs against insider attacks. However, previous studies identified that challenge-based CIDNs may still suffer from advanced insider attacks, like passive message fingerprint attack (PMFA). Motivated by the recent blockchain research, in this work, we propose a blockchain-based approach to help enhance the robustness of challenge-based CIDNs against advanced insider attacks like PMFA, through integrating a type of blockchain-based trust. In the evaluation, we examine our approach in both simulated and real network environments. The results demonstrate that our approach is effective in defeating advanced insider attacks like PMFA and enhancing the robustness of challenge-based CIDNs, as compared with the original scheme.