Blockchain-Enabled Intrusion Detection and Prevention System of APTs Within Zero Trust Architecture
نویسندگان
چکیده
In a world where organisations are embracing new IT working models such as Bring Your Own Device (BYOD) and remote working, the traditional mindset of defending network perimeter is no longer sufficient. Zero Trust Architecture (ZTA) has recently emerged security model in which breach dominates threat model. By default, ZTA considers any endpoint (i.e., device), user, or application to be untrusted until proven otherwise. Nonetheless, once by endpoint, using Advanced Persistent Threats (APT), attackers can still take over an authenticated authorised session via that endpoint. Therefore, they perform several user/device centric malicious activities addition lateral movement rendering Achilles heel ZTA. To effectively deter APT attack capabilities on endpoints, this work proposes Blockchain-enabled Intrusion Detection Prevention System (BIDPS) augments onto endpoints. The BIDPS aims achieve two core outcomes: first, detect prevent attackers’ techniques tactics per MITRE’s ATT&CK enterprise matrix earlier than stage, secondly, strip trust out itself place it on-chain, thus creating immutable system explicit trust. evaluate effectiveness BIDPS, testbed was built ten APTs attacks were launched against high rate success owing its Blockchain’s immutability, fortifying detection/prevention processes.
منابع مشابه
Intrusion Detection System and Intrusion Prevention System: a Comparative Study
Intrusions in computing environment are a very common undesired malicious activity that is going on since the inception of computing resources. A number of security measures have taken place for the last three decades, but as Technology has grown up, so as the security threats. With the whole world depending on computers, being directly or indirectly, it is a very important issue to prevent the...
متن کاملIntrusion Detection System- Types and Prevention
Intrusion detection is the act of detecting unwanted traffic on a network or a device. An IDS can be a piece of installed software or a physical appliance that monitors network traffic in order to detect unwanted activity and events such as illegal and malicious traffic, traffic that violates security policy, and traffic that violates acceptable use policies. This article aims at providing (i) ...
متن کاملAn Architecture of Hybrid Intrusion Detection System
Received Nov 4 th , 2012 Revised Dec 19 th , 2012 Accepted Dec 22 th , 2012 Intrusion Detection System (IDS) is renowned and widely-deployed security tool to detect attacks and malicious activities in information system. It is an essential element of any contemporary information system. There are mainly two techniques for intrusion detection: i) misuse (signature-based) detection and ii) anomal...
متن کاملAdvanced Intrusion Detection System with Prevention Capabilities
Today, with the advent of internet, everyone can do information exchange and resource sharing. Even business organization and government agencies are not behind in this move to reach users for their decision making and for business strategies. But at the same time, with ease of use and availability of various software tools, breaching and penetrating into other's network and confidential c...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Access
سال: 2022
ISSN: ['2169-3536']
DOI: https://doi.org/10.1109/access.2022.3200165