In order to evaluate network trust, different intrusion detection methods have been proposed. However, it is difficult for a single detection node to collect massive data and perform detection and evaluation in a large-scale network. In addition, disclosure of security-related data and detection pattern might weaken data provision incentives due to privacy concern, which could result in deliberately forging data to evade detection. Current literature still lacks a general framework to conduct decentralized intrusion detection towards network trust evaluation with privacy preservation. In this paper, we propose SeDID, a Software Guard Extension (SGX)-enabled decentralized intrusion detection framework for network trust evaluation based on blockchain. We design a novel consensus mechanism to avoid forking and guarantee high efficiency and real decentralization, where block creation is uniquely consented by miners and block creation difficulty is determined by the number of blocks previously created by a relative miner within a time window. The smaller the number, the easier the miner creates a new block. SeDID also offers incentives according to node contributions for motivating security-related data collection, intrusion detection and network trust evaluation. Additional employment of Intel SGX makes SeDID preserve both data and pattern privacy. We analyze SeDID’s efficacy in terms of incentive, privacy preservation and security. Its performance is further evaluated through simulations. In specific settings, its block creation time, task completion time and throughput are 19.61s, 44.55s and 224.47 transactions/s, respectively. Compared with state-of-the-art systems, SeDID offers better performance, which implies its potential to be applied in practice.

为了评估网络信任，已经提出了不同的入侵检测方法。但是，单个检测节点很难在大规模网络中收集大量数据并执行检测和评估。此外，与安全相关的数据和检测模式的披露可能会由于隐私问题而削弱数据提供的诱因，这可能导致故意伪造数据以逃避检测。当前文献仍然缺乏用于对具有隐私保护的网络信任评估进行分散式入侵检测的通用框架。在本文中，我们提出了SeDID，这是一种基于软件保护扩展（SGX）的分散式入侵检测框架，用于基于区块链的网络信任评估。我们设计了一种新颖的共识机制来避免分叉并确保高效和真正的去中心化，在这种机制中，矿工唯一地同意区块创建，而区块创建难度由某个时间段内相对矿工先前创建的区块数量决定。数字越小，矿工就越容易创建新的区块。SeDID还根据节点贡献提供激励措施，以激励与安全相关的数据收集，入侵检测和网络信任评估。额外使用Intel SGX，可使SeDID保留数据和模式隐私。我们从激励，隐私保护和安全性方面分析SeDID的功效。通过模拟进一步评估其性能。在特定设置下，其块创建时间，任务完成时间和吞吐量为19.61s，44。55s和224.47事务/ s。与最先进的系统相比，SeDID提供了更好的性能，这意味着它有可能在实践中应用。