Dissertations and Theses

Date of Award

2021

Document Type

Dissertation

Department

Engineering

First Advisor

Tarek Saadawi

Keywords

Blockchain, Cybersecurity, Cooperative intrusion detection system, Latency, Healthcare, Electronic Health Records, Cyberattacks, Features, Signatures

Abstract

One effective way of detecting malicious traffic in computer networks is intrusion detection systems (IDS). Despite the increased accuracy of IDSs, distributed or coordinated attacks can still go undetected because of the single vantage point of the IDSs. Due to this reason, there is a need for attack characteristics' exchange among different IDS nodes. Another reason for IDS coordination is that a zero-day attack (an attack without a known signature) experienced in organizations located in different regions is not the same. Collaborative efforts of the participating IDS nodes can stop more attack threats if IDS nodes exchange these attack characteristics among each other. Researchers proposed a cooperative intrusion detection system (CoIDS) to share these attack characteristics effectively. Although this solution enhanced IDS node’s ability to respond to attacks previously identified by cooperating IDSs, malicious activities such as fake data injection, data manipulation or deletion, data integrity, and consistency are problems threatening this approach.

In this dissertation, we develop a blockchain-based solution that ensures the integrity and consistency of attack characteristics shared in a cooperative intrusion detection system. The developed architecture achieves this result by continuously monitoring blockchain nodes' behavior to detect and prevent malicious activities from both outsider and insider threats. Apart from this, the architecture facilitates scalable attack characteristics’ exchange among IDS nodes and ensures heterogeneous IDS participation. It is also robust to public IDS nodes joining and leaving the network. The security analysis result shows that the architecture can detect and prevent malicious activities from both outsider and insider attackers, while performance analysis shows scalability with low latency.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.