null
(Ed.)
Collaborative intrusion detection system (CIDS)
shares the critical detection-control information across the nodes
for improved and coordinated defense. Software-defined network
(SDN) introduces the controllers for the networking control,
including for the networks spanning across multiple autonomous
systems, and therefore provides a prime platform for CIDS
application. Although previous research studies have focused on
CIDS in SDN, the real-time secure exchange of the detection relevant
information (e.g., the detection signature) remains a
critical challenge. In particular, the CIDS research still lacks
robust trust management of the SDN controllers and the integrity
protection of the collaborative defense information to resist
against the insider attacks transmitting untruthful and malicious
detection signatures to other participating controllers. In this
paper, we propose a blockchain-enabled collaborative intrusion
detection in SDN, taking advantage of the blockchain’s security
properties. Our scheme achieves three important security goals:
to establish the trust of the participating controllers by using the
permissioned blockchain to register the controller and manage
digital certificates, to protect the integrity of the detection signatures
against malicious detection signature injection, and to attest
the delivery/update of the detection signature to other controllers.
Our experiments in CloudLab based on a prototype built on
Ethereum, Smart Contract, and IPFS demonstrates that our
approach efficiently shares and distributes detection signatures
in real-time through the trustworthy distributed platform.
more »
« less