Blockchain-enabled collaborative intrusion detection in software defined networks

Authors

Wenjun Fan, University of Colorado at Colorado Springs
Younghee Park, San Jose State UniversityFollow
Shubham Kumar, San Jose State University
Priyatham Ganta, San Jose State University
Xiaobo Zhou, University of Colorado at Colorado Springs
Sang Yoon Chang, University of Colorado at Colorado Springs

Publication Date

12-1-2020

Document Type

Conference Proceeding

Publication Title

2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

DOI

10.1109/TrustCom50675.2020.00129

First Page

967

Last Page

974

Abstract

Collaborative intrusion detection system (CIDS) shares the critical detection-control information across the nodes for improved and coordinated defense. Software-defined network (SDN) introduces the controllers for the networking control, including for the networks spanning across multiple autonomous systems, and therefore provides a prime platform for CIDS application. Although previous research studies have focused on CIDS in SDN, the real-time secure exchange of the detection-relevant information (e.g., the detection signature) remains a critical challenge. In particular, the CIDS research still lacks robust trust management of the SDN controllers and the integrity protection of the collaborative defense information to resist against the insider attacks transmitting untruthful and malicious detection signatures to other participating controllers. In this paper, we propose a blockchain-enabled collaborative intrusion detection in SDN, taking advantage of the blockchain's security properties. Our scheme achieves three important security goals: to establish the trust of the participating controllers by using the permissioned blockchain to register the controller and manage digital certificates, to protect the integrity of the detection signatures against malicious detection signature injection, and to attest the delivery/update of the detection signature to other controllers. Our experiments in CloudLab based on a prototype built on Ethereum, Smart Contract, and IPFS demonstrates that our approach efficiently shares and distributes detection signatures in real-time through the trustworthy distributed platform.

Funding Number

18-086

Funding Sponsor

National Science Foundation

Keywords

Blockchain, Detection Signature, Ethereum, IDS, Intrusion Detection, SDN, Smart Contract, Snort

Department

Computer Engineering

Recommended Citation

Wenjun Fan, Younghee Park, Shubham Kumar, Priyatham Ganta, Xiaobo Zhou, and Sang Yoon Chang. "Blockchain-enabled collaborative intrusion detection in software defined networks" 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (2020): 967-974. https://doi.org/10.1109/TrustCom50675.2020.00129