With the increasing viability of Internet of Things (IoT), more devices are expected to be connected in a smart city environment. It can provide many benefits for people’s daily life, but is also susceptible to many security threats in practice. Intrusion detection systems (IDSs), especially signature-based IDSs, are one of the most commonly adopted security mechanisms to safeguard various network environments like IoT-assisted smart city against cyber attacks. The process of signature matching is a key limiting factor for a signature-based IDS, and the exclusive signature matching (ESM) was designed based on the observation that most network packets would not match any IDS signatures. However, exclusive signature matching like the single character frequency-based ESM may be vulnerable to some attacks in a hostile environment. To mitigate this issue, in this work, we propose a blockchain-enabled single character frequency-based ESM, which can build a verifiable database of malicious payloads via blockchains. In the evaluation, we investigate the performance of our approach under flooding and character padding attacks in both a simulated and a real IoT network environment. The results demonstrate the effectiveness of our approach in enhancing the robustness of single character frequency-based ESM against malicious traffic.

随着物联网（IoT）可行性的提高，在智能城市环境中有望连接更多设备。它可以为人们的日常生活提供许多好处，但在实践中也容易受到许多安全威胁的影响。入侵检测系统（IDS），尤其是基于签名的IDS，是最常用的安全机制之一，可保护各种网络环境（如IoT辅助的智能城市）免受网络攻击。签名匹配的过程是基于签名的IDS的关键限制因素，而排他签名匹配（ESM）是基于以下观察而设计的：大多数网络数据包都不会匹配任何IDS签名。但是，排他签名匹配（如基于单字符频率的ESM）可能容易受到敌对环境中某些攻击的攻击。为了缓解这个问题，在这项工作中，我们提出了一种基于区块链的基于单字符频率的ESM，它可以通过区块链构建一个可验证的恶意有效载荷数据库。在评估中，我们研究了在模拟和真实物联网网络环境下，我们的方法在洪水和字符填充攻击下的性能。结果证明了我们的方法在增强基于单字符频率的ESM抵御恶意流量的鲁棒性方面的有效性。