Cooperative Intrusion Detection System Based On Hybrid Trust Model

With the rapid development of educational big data,the security of educational data has been paid more and more attention.Network attack is a huge threat to the security of educational data.Collaborative Intrusion Detection System(CIDS),as a common network security technology,improves the detection ability of the system through the cooperation between multiple IDS nodes,but CIDS are vulnerable to internal attacks.To defense the internal attack,some scholars put forward on the challenge-based intrusion detection system,in this scheme,each node sends challenge to other nodes,the trust value of the receiving node is calculated according to the comparison between the feedback of the receiving node and the answers stored by its own side.When abnormal network behavior is detected and collaborative detection is required,IDS node aggregate the alerts given by each node according to their trust value ranking,and make decisions according to the aggregate alerts.It is obvious that the challenge-based trust value is only propagated between the two nodes and has no reference to other IDS nodes.Moreover,the trust value is mainly affected by the recent behavior of the node,and it lacks long-term memory for the behavior of the node.In addition,the challenge-feedback records of nodes also lack the authentication of trusted third parties,which makes the challenge feedback data lack reliability.The challenge-feedback process relies on the faithful rating of nodes,and there is no resolution mechanism when there is a rating dispute,and malicious rating behavior is not punished.This paper makes an in-depth analysis of the above problems and puts forward some improvement scheme.The following are the main work contents of this paper:1.In view of the problem that paired trust values only act on the two participants,this paper designs the global reputation model based on challenges.Each challenge-feedback record of a node will have an impact on its global reputation and then affect all nodes.2.Combining the advantages of pair trust value and global reputation,a challengebased trust and reputation hybrid trust model(HRCS)is proposed.The hybrid trust value is used as the only measure to evaluate the trust value of nodes.3.On the basis of the characteristics of chain blocks,openness and transparent,tamper-resistant,blockchain technology is applied in this article,design a set of collaborative intrusion detection algorithm based on HRCS trust model,This algorithm solves the problem of node identity authentication by storing node information and public key on the blockchain,and every challenge and feedback after the sender signed records on blockchain,ensure the reliability of the record.4.The design of the dispute resolution algorithm based on blockchain,when the entire node by score is far less than its global reputation,blockchain uses smart contracts to select expert nodes to analyze the record of this challenge,giving a score to compared with the score given by the evaluated node,if the rating gap is too large,the evaluated node will be deemed as malicious rating,and the rating node will be punished with global reputation reduction..5.In this paper,a collaborative intrusion detection system based on HRCS is designed and implemented,and two experiments are set in the simulated environment and the real environment.The system is compared with the challenge-based collaborative intrusion detection system to prove its ability to resist internal attack and detection.