Research On Blockchain-based Collaborative Intrusion Detection Scheme

With the rapid development of network techniques such as blockchain and Internet of Things,the Internet has promoted the transformation of social production and lifestyle through diversified network services.However,the complex network structure of the Internet has also led to many security threats.To this end,using intrusion detection technique to detect and defend against potential malicious attacks and security threats has became an effective solution,and it can improve the security of network systems.However,the existing intrusion detection schemes still have some security challenges and performance bottlenecks.The existing single intrusion detection system cannot provide real-time and comprehensive network protection due to its limited resources.Although multiple intrusion detection systems can achieve collaborative intrusion detection by sharing attack instances,it faces security threats brought by single point of failure and trust management.Blockchain-based collaborative intrusion detection can realize decentralized attack instance sharing and effectively solve the threat of single point of failure.However,because the traditional blockchain consensuses only evaluate the consistency of attack instances,it cannot accurately assess the credibility of attack instances,and due to the lack of a reputation adjustment mechanism,the traditional scheme still faces the problem of trust management between nodes.At the same time,the immutability of the blockchain limits the effective real-time update of attack instances.The cumulative update of transactions on the chain will not only waste storage space,but also risk misleading users and reducing detection efficiency.In order to solve the above problems,this paper mainly studies the blockchain-based collaborative intrusion detection schemes,and designs a reputation-based blockchain collaborative intrusion detection scheme.On the basis of this scheme,a prototype system is implemented for cross-site scripting attack,which reflects the practicability,efficiency and scalability of the scheme.The main contributions include the following two aspects:1.We propose a reputation-based blockchain collaborative intrusion detection scheme(RB-CIDS).Firstly,we propose a reputation-based consensus protocol.To ensure the system has good robustness,a reputation management mechanism is used in this protocol to motivate service providers to conduct credible assessment of attack instances,and at the same time,to effectively punish malicious providers.Secondly,for traditional blockchain-based collaborative intrusion detection schemes,due to the high storage cost and misleading nature of the cumulative update,this scheme introduces the redactable blockchain technique,which can realize the replacement update of attack instance,and provide users with accurate and efficient collaborative intrusion detection services.Finally,the security and feasibility of the scheme are evaluated through security and theoretical analysis.2.The RBCIDS scheme is simulated and implemented towards XSS(cross-site scripting)attacks.In order to evaluate the functionality,feasibility and practicability of the scheme,it is simulated by taking the cross-site scripting attack in the Web system as an example.There are five modules involved: cross-site scripting attack simulation module,initialization module,intrusion information submission and transaction generation module,consensus module,transaction update module.On the one hand,the system functions are tested through the implementation of the scheme,and the results show that the implementation achieves the expected design goals,implements functions such as user authority management,attack instance transaction generation and replacement update,and reputation consensus.On the other hand,a series of simulation experiments are set up to measure the block generation time and system throughput,the efficiency and scalability of RBCIDS are evaluated.The simulated implementation of RBCIDS provides an exemplary framework for blockchain-based collaborative intrusion detection schemes.