طراحی تشخیص نفوذ مبتنی بر امضا بلاک چینی مشارکتی
ترجمه نشده

طراحی تشخیص نفوذ مبتنی بر امضا بلاک چینی مشارکتی

عنوان فارسی مقاله: طراحی تشخیص نفوذ مبتنی بر امضا بلاک چینی مشارکتی در محیط های اینترنت اشیا (IoT)
عنوان انگلیسی مقاله: Designing collaborative blockchained signature-based intrusion detection in IoT environments
مجله/کنفرانس: سیستم های کیمپیوتری نسل آینده-Future Generation Computer Systems
رشته های تحصیلی مرتبط: مهندسی کامپیوتر
گرایش های تحصیلی مرتبط: هوش مصنوعی، امنیت اطلاعات
کلمات کلیدی فارسی: سیستم تشخیص نفوذ، اینترنت اشیا، تشخیص مبتنی بر امضا، شبکه مشارکتی، تکنولوژی بلاک چین، حملات خودی
کلمات کلیدی انگلیسی: Intrusion Detection System, Internet-of-Things, Signature-based Detection, Collaborative Network, Blockchain Technology, Insider Attacks
نوع نگارش مقاله: مقاله پژوهشی (Research Article)
شناسه دیجیتال (DOI): https://doi.org/10.1016/j.future.2019.02.064
دانشگاه: Department of Applied Mathematics and Computer Science, Technical University of Denmark, Denmark
صفحات مقاله انگلیسی: 15
ناشر: الزویر - Elsevier
نوع ارائه مقاله: ژورنال
نوع مقاله: ISI
سال انتشار مقاله: 2019
ایمپکت فاکتور: 7.007 در سال 2018
شاخص H_index: 93 در سال 2019
شاخص SJR: 0.835 در سال 2018
شناسه ISSN: 0167-739X
شاخص Quartile (چارک): Q1 در سال 2018
فرمت مقاله انگلیسی: PDF
وضعیت ترجمه: ترجمه نشده است
قیمت مقاله انگلیسی: رایگان
آیا این مقاله بیس است: خیر
کد محصول: E12066
فهرست مطالب (انگلیسی)

Abstract

1. Introduction

2. Related work

3. Our approach

4. Evaluation

5. Discussion and limitations

6. Conclusion

Acknowledgments

References

بخشی از مقاله (انگلیسی)

Abstract

With the rapid development of Internet-of-Things (IoT), there is an increasing demand for securing the IoT environments. For such purpose, intrusion detection systems (IDSs) are one of the most important security mechanisms, which can help defend computer networks including IoT against various threats. In order to achieve better detection performance, collaborative intrusion detection systems or networks (CIDSs or CIDNs) are often adopted in a practical scenario, allowing a set of IDS nodes to exchange required information with each other, e.g., alarms, signatures. However, due to the distributed nature, such kind of collaborative network is vulnerable to insider attacks, i.e., malicious nodes can generate untruthful signatures and share to normal peers. This may cause intruders to be undetected and greatly degrade the effectiveness of IDSs. With the advent of blockchain technology, it provides a way to verify shared signatures (rules). In this work, our motivation is to develop CBSigIDS, a generic framework of collaborative blockchained signature-based IDSs, which can incrementally build and update a trusted signature database in a collaborative IoT environment. CBSigIDS can provide a verifiable manner in distributed architectures without the need of a trusted intermediary. In the evaluation, our results demonstrate that CBSigIDS can enhance the robustness and effectiveness of signature-based IDSs under adversarial scenarios.

Introduction

The Internet-of-Things (IoT) refers to a system of internet-enabled computing devices, mechanical and digital machines, and objects that have the capability to transfer data over a network without requiring humanto-human or human-to-computer interaction [14]. More and more organizations are using IoT to improve their performance, i.e., operating more efficiently, better understanding, improving decision-making, etc. While the interrelated IoT devices are also threatened by many attacks, i.e., the threat-trend starts moving from manipulating information to controlling actuations [2]. To safeguard various IoT devices and critical infrastructures, intrusion detection systems (IDSs) are one of the most essential and important tools that can help identify potential anomalies and policy violations [37, 42]. Based on the deployment, an IDS can be classified as either host-based IDS (HIDS) that focuses on local system logs, or network-based IDS (NIDS) that monitors network state and traffic. Further, there are two typical detection approaches: signature-based detection and anomaly-based detection. The former like [50, 40] (also known as misuse detection) uses a signature matching process to compare the stored signatures and the observed events like payload and system record. The latter like [49, 12] identifies a potential threat by discovering a significant deviation between its pre-defined normal profile and the observed events for a period of time. If any security violations are found, an alarm would be sent to notify security administrators. Figure 1 depicts the high-level detection workflow of both signature-based and anomaly-based approach.one of the most essential and important tools that can help identify potential anomalies and policy violations [37, 42]. Based on the deployment, an IDS can be classified as either host-based IDS (HIDS) that focuses on local system logs, or network-based IDS (NIDS) that monitors network state and traffic. Further, there are two typical detection approaches: signature-based detection and anomaly-based detection. The former like [50, 40] (also known as misuse detection) uses a signature matching process to compare the stored signatures and the observed events like payload and system record. The latter like [49, 12] identifies a potential threat by discovering a significant deviation between its pre-defined normal profile and the observed events for a period of time. If any security violations are found, an alarm would be sent to notify security administrators. Figure 1 depicts the high-level detection workflow of both signature-based and anomaly-based approach.