A False Positive Resilient Distributed Trust Management Framework for Collaborative Intrusion Detection Systems

Author First name, Last name, Institution

Kadhim Hayawi, Zayed University
Imran Makhdoom, National University of Sciences and Technology
Saifullah Khalid, National University of Sciences and Technology
Richard Adeyemi Ikuesan, Zayed University
Mohammed Kaosar, Murdoch University
Ishfaq Ahmad, College of Engineering

Document Type

Article

Source of Publication

IEEE Transactions on Services Computing

Publication Date

1-1-2025

Abstract

Collaborative Intrusion Detection System (CIDS) protect large networks against distributed attacks. However, a CIDS is vulnerable to insider attacks that decrease the mutual trust among the CIDS nodes. Most existing trust management approaches rely on a central authority, trusted third parties or network peers for managing trust. The current techniques are prone to high false positives and vulnerable to various reputation attacks. For instance, device attestation manages trust among CIDS nodes by verifying the integrity of a node’s hardware and software configuration. However, it lacks real-time monitoring of the dynamic state, limiting its effectiveness against ongoing attacks and malware. Therefore, incorporating the system’s dynamic state in the trust framework is crucial, but it causes false positives requiring corrective mechanisms. To address these challenges, this paper proposes a blockchain-based integrated trust management framework for CIDS, incorporating the device’s genome attestation, the system’s dynamic parameters, and a false positive resilient reputation mechanism. By storing the reputation scores on the blockchain, the framework alleviates the need for a third party for trust management and thus mitigates attacks applicable to reputation-based systems. The paper performs a comprehensive security and performance analysis of the proposed framework to gauge its efficiency and study the effects of a penalty on a node’s reputation during the recovery and rally phases. We also study the impact of false positives on the reputation of a node. The results show that Hyperledger Fabric offers lower transaction latency and low CPU utilization compared to Ethereum Blockchain.

DOI Link

10.1109/tsc.2025.3539202

ISSN

1939-1374

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

Volume

18

Issue

2

First Page

513

Last Page

526

Disciplines

Computer Sciences

Keywords

blockchain, collaborative intrusion detection system, device genome, device integrity, device security, Insider attacks, internet of Things, trust management

Scopus ID

05003028185

Recommended Citation

Hayawi, Kadhim; Makhdoom, Imran; Khalid, Saifullah; Ikuesan, Richard Adeyemi; Kaosar, Mohammed; and Ahmad, Ishfaq, "A False Positive Resilient Distributed Trust Management Framework for Collaborative Intrusion Detection Systems" (2025). All Works. 7250.
https://zuscholars.zu.ac.ae/works/7250

Indexed in Scopus

yes

Open Access

no