Snort based collaborative intrusion detection system using blockchain in SDN

Due to the rapid increment of the cyber attacks, intrusion detection system (IDS) is shifting towards collaborative approaches. There is a huge demand for securing larger networking environments for providing a safeguard against threats. In order to optimize the feasible detection performance, Collaborative Intrusion Detection Networks (CIDN) approaches have been adopted in practical scenarios, which enables a group of IDS nodes to mutually share and exchange mandatory information with each other, for example, IDS-signatures, attacks alarms. However, CIDN networks are distributed in nature, such networks still face plenty of implementation problems, especially, insider intruder can easily dominate any of security node and leave the entire security system vulnerable. To achieve the trust-based communication between each of IDS node, the recent advancement in blockchain applications is considered as a good fit to create trust-based communication in CIDN networks. This work converges CIDN network and blockchain in SDN context. Firstly, we investigated existing related work and highlighted challenges and research gap towards blockchain in CIDN networks. Secondly, we utilised three collaborated Snort IDS to receive the latest signature update from Ryu and then to securely share such signatures updates to all other Snort nodes within test-bed. Our work is motivated to detect seven types of common attacks with collaborated signature-based IDS, which feasibly processes more packets to achieve satisfactory detection results. Overall the evaluation results show that with the adoption of blockchain protocols, the proposed CIDN network achieves 96% of TP rate detection rate for TCP, UDP and ICMP packets.