CBSigIDS: Towards Collaborative Blockchained Signature-based Intrusion Detection

Intrusion detection systems (IDSs) are one of the most important security mechanisms that help identify various attacks. To enhance the detection performance of a single IDS, collaborative intrusion detection systems or networks (CIDSs or CIDNs) are often implemented in practical organizations, which encourage a set of IDS nodes to exchange information like alarms and signatures with each other. However, due to the distributed nature, malicious nodes within such collaborative network are able to generate untruthful signatures and share to others. This may significantly degrade the effectiveness and efficiency of detection. Recently, blockchain technology has received much attention from both academia and industry, which can provide a verifiable manner for distributed architectures without the need of a trusted intermediary. In this work, our motivation is thus to develop CBSigIDS, a generic framework of collaborative blockchained signature-based IDSs, which utilizes blockchains to help incrementally update a trusted signature database for different IDS nodes in a collaborative network. In the evaluation, our results show that blockchain technology can indeed help enhance the robustness and effectiveness of signature-based IDSs under adversarial scenarios via building a trusted signature database.