IEEE Access (Jan 2023)

SecFedIDM-V1: A Secure Federated Intrusion Detection Model With Blockchain and Deep Bidirectional Long Short-Term Memory Network

  • Emmanuel Baldwin Mbaya,
  • Emmanuel Adetiba,
  • Joke A. Badejo,
  • John Simon Wejin,
  • Oluwadamilola Oshin,
  • Olisaemeka Isife,
  • Surendra Colin Thakur,
  • Sibusiso Moyo,
  • Ezekiel F. Adebiyi

DOI
https://doi.org/10.1109/ACCESS.2023.3325992
Journal volume & issue
Vol. 11
pp. 116011 – 116025

Abstract

Read online

Cloud computing is a technology for efficiently using computing infrastructures and a business model for selling computing resources and services. However, intruders find such complex and distributed infrastructures appealing targets for cyber-attacks. Cyber-attacks are severe threats that can jeopardize the quality of service provided to clients and compromise data integrity, confidentiality, and availability. Cyber-attacks are becoming more complex, making it more challenging to detect intrusions effectively. Due to the high traffic and increased malicious activities on the Internet, a single Intrusion Detection System (IDS) can be overwhelmed. Despite the various Deep Learning (DL) approaches that have been proposed as alternative solutions, there are still pertinent security issues to be addressed especially in federated cloud computing domains. This work proposes a Secure Federated Intrusion Detection Model Version 1 (SecFedIDM-V1) using blockchain technology and Bidirectional Long Short-Term Memory (BiLSTM) Recurrent Neural Network (RNN). The Cobourg Intrusion Detection Dataset (CIDDS) was acquired, pre-processed and split into 60:20:20, 70:15:15, and 80:10:10 for training, testing, and validation respectively to develop the proposed intrusion traffic classification component of the proposed model. The developed SecFedIDM-V1 was later deployed as a Python-based web application that captures network packets for classifying attacks into normal or an attack type. The attack packets are recorded in a Hyperledger Fabric (a private blockchain technology) to serve as a signature database to be used by other nodes in the network. From the evaluation results of the intrusion classifier, the 80:10:10 BiLSTM network performed better than GRU with a Precision of 0.99624, Recall of 0.99906, F1 Score of 0.99614, False Positive Rate (FPR) of 0.00094, False Negative Rate (FNR) of 0.00395 and True Positive Rate (TPR) of 0.99605. The SecFedIDM-V1 can be deployed alongside Firewalls in a federated cloud computing environment to reinforce the security of the infrastructure.

Keywords