Snort based collaborative intrusion detection system using blockchain in SDN

Research output: Chapter in Book/Report/Conference proceedingConference contribution

22 Citations (Scopus)
305 Downloads (Pure)

Abstract

Due to the rapid increment of the cyber attacks, intrusion detection system (IDS) is shifting towards collaborative approaches. There is a huge demand for securing larger networking environments for providing a safeguard against threats. In order to optimize the feasible detection performance, Collaborative Intrusion Detection Networks (CIDN) approaches have been adopted in practical scenarios, which enables a group of IDS nodes to mutually share and exchange mandatory information with each other, for example, IDS-signatures, attacks alarms. However, CIDN networks are distributed in nature, such networks still face plenty of implementation problems, especially, insider intruder can easily dominate any of security node and leave the entire security system vulnerable. To achieve the trust-based communication between each of IDS node, the recent advancement in blockchain applications is considered as a good fit to create trust-based communication in CIDN networks. This work converges CIDN network and blockchain in SDN context. Firstly, we investigated existing related work and highlighted challenges and research gap towards blockchain in CIDN networks. Secondly, we utilised three collaborated Snort IDS to receive the latest signature update from Ryu and then to securely share such signatures updates to all other Snort nodes within test-bed. Our work is motivated to detect seven types of common attacks with collaborated signature-based IDS, which feasibly processes more packets to achieve satisfactory detection results. Overall the evaluation results show that with the adoption of blockchain protocols, the proposed CIDN network achieves 96% of TP rate detection rate for TCP, UDP and ICMP packets.
Original languageEnglish
Title of host publicationProceedings of the 2019 13th International Conference on Software, Knowledge, Information Management and Applications (SKIMA)
Place of PublicationPiscataway, NJ
PublisherIEEE
Number of pages8
ISBN (Electronic)9781728127415, 9781728127408
ISBN (Print)9781728127422
DOIs
Publication statusPublished - 6 Feb 2020
Event13th International Conference on Software, Knowledge, Information Management and Applications - Ulkulhas, Maldives
Duration: 26 Aug 201928 Aug 2019
http://skimanetwork.info/

Publication series

NameIEEE Proceedings
PublisherIEEE
ISSN (Print)2373-082X
ISSN (Electronic)2573-3214

Conference

Conference13th International Conference on Software, Knowledge, Information Management and Applications
Abbreviated titleSKIMA 2019
Country/TerritoryMaldives
CityUlkulhas
Period26/08/1928/08/19
Internet address

Keywords

  • Software defined networks
  • Open vSwitch
  • Snort
  • Blockchain
  • Collaborative Intrusion Detection Networks (CIDN)

Fingerprint

Dive into the research topics of 'Snort based collaborative intrusion detection system using blockchain in SDN'. Together they form a unique fingerprint.

Cite this