Block Chain -Integrated IDS: A Decentralized Approach to Threat Detection and Logging

Nowadays, the propagation of cyber threats has increased in both scale and complexity, rendering Intrusion Detection Systems (IDS) a common target for evasive attacks. Historical IDS software frequently used a Great Wall of China approach that created central points of failure. In this paper, we propose a Block chain -enabled Intrusion Detection System (BIDS) which employs Block chain to improve security, transparency and resilience in the context of IDS frameworks. BIDS incorporates distributed ledger techniques for tamper-evident log storage, relies on smart contracts for automatic threat interceptions and adopts the Practical BFT (Practical Byzantine Fault Tolerance) consensus algorithm to provide efficient and verifiable event validation. To explore BIDS, we implement and evaluate it using the Suricata IDS, Hyperledger Fabric Block chain platform for authorization mechanisms, we use public intrusion datasets (CICIDS2017 and NSL-KDD) within a simulated enterprise network. From the empirical results, we prove that BIDS could provide detection accuracy as high as conventional IDS systems, yet substantially enhances the integrity of logs under abuse and recourse to log reading facilities: counter indication towards manipulation is more effective with less effort compared with OPSA, while it defeats all pre-inspection on assurance (see Sect. 4.5), due to structural alterations in data space and accommodation to incremental computation.