A False Positive Resilient Distributed Trust Management Framework for Collaborative Intrusion Detection Systems

Collaborative Intrusion Detection System (CIDS) protect large networks against distributed attacks. However, a CIDS is vulnerable to insider attacks that decrease the mutual trust among the CIDS nodes. Most existing trust management approaches rely on a central authority, trusted third parties or network peers for managing trust. The current techniques are prone to high false positives and vulnerable to various reputation attacks. For instance, device attestation manages trust among CIDS nodes by verifying the integrity of a node’s hardware and software configuration. However, it lacks real-time monitoring of the dynamic state, limiting its effectiveness against ongoing attacks and malware. Therefore, incorporating the system’s dynamic state in the trust framework is crucial, but it causes false positives requiring corrective mechanisms. To address these challenges, this paper proposes a blockchain-based integrated trust management framework for CIDS, incorporating the device’s genome attestation, the system’s dynamic parameters, and a false positive resilient reputation mechanism. By storing the reputation scores on the blockchain, the framework alleviates the need for a third party for trust management and thus mitigates attacks applicable to reputation-based systems. The paper performs a comprehensive security and performance analysis of the proposed framework to gauge its efficiency and study the effects of a penalty on a node’s reputation during the recovery and rally phases. We also study the impact of false positives on the reputation of a node. The results show that Hyperledger Fabric offers lower transaction latency and low CPU utilization compared to Ethereum Blockchain.