Network intrusions are a big threat to network and system assets, which have become more complex to date. To enhance the detection performance, collaborative intrusion detection networks (CIDNs) are adopted by many organizations to protect their resources. However, such detection systems or networks are typically vulnerable to insider attacks, so that there is a need to implement suitable trust mechanisms. In the literature, challenge-based trust mechanisms are able to measure the trustworthiness of a node by evaluating the relationship between the sent challenges and the received responses. In practice, challenge-based CIDNs have shown to be robust against common insider attacks, whereas it may still be susceptible to advanced insider attacks. How to enhance the robustness of such challenge-based CIDNs remains an issue. Motivated by the recent development of blockchains, in this work, our purpose is to design a blockchained challenge-based CIDN framework that aims to combine blockchains with challenge-based trust mechanism. Our evaluation demonstrates that blockchain technology has the potential to enhance the robustness of challenge-based CIDNs in the aspects of trust management (i.e., enhancing the detection of insider nodes) and alarm aggregation (i.e., identifying untruthful inputs) under adversary scenarios.

网络入侵是对网络和系统资产的巨大威胁，迄今为止，网络和系统资产已经变得更加复杂。为了提高检测性能，许多组织采用了协作入侵检测网络（CIDN）来保护其资源。但是，这种检测系统或网络通常容易受到内部攻击，因此需要实现合适的信任机制。在文献中，基于挑战的信任机制能够通过评估已发送的挑战和已接收的响应之间的关系来衡量节点的可信度。在实践中，基于挑战的CIDN已显示出对常见内部人员攻击的鲁棒性，而它仍可能易于遭受高级内部人员攻击。如何增强这种基于挑战的CIDN的健壮性仍然是一个问题。受区块链最新发展的推动，在这项工作中，我们的目的是设计一个基于区块链的基于挑战的CIDN框架，该框架旨在将区块链与基于挑战的信任机制相结合。我们的评估表明，在敌对情况下，区块链技术具有在信任管理（即增强内部节点的检测）和警报聚合（即识别不真实的输入）方面增强基于挑战的CIDN的能力。