Alevizos, L, Eiza, MH, Ta, VT, Shi, Q and Read, J (2022) Blockchain-enabled Intrusion Detection and Prevention System of APTs within Zero Trust Architecture. IEEE Access, 10. pp. 89270-89288.
|
Text
Blockchain-Enabled_Intrusion_Detection_and_Prevention_System_of_APTs_Within_Zero_Trust_Architecture.pdf - Published Version Available under License Creative Commons Attribution. Download (2MB) | Preview |
Abstract
In a world where organisations are embracing new IT working models such as Bring Your Own Device (BYOD) and remote working, the traditional mindset of defending the network perimeter is no longer sufficient. Zero Trust Architecture (ZTA) has recently emerged as a new security model in which the breach mindset dominates the threat model. By default, the ZTA considers any endpoint (i.e., device), user, or application to be untrusted until proven otherwise. Nonetheless, once proven by the endpoint, using Advanced Persistent Threats (APT), attackers can still take over an authenticated and authorised session via that endpoint. Therefore, they can perform several user/device centric malicious activities in addition to lateral movement rendering the endpoint the Achilles heel of ZTA. To effectively deter APT attack capabilities on the endpoints, this work proposes a Blockchain-enabled Intrusion Detection and Prevention System (BIDPS) that augments ZTA onto endpoints. The BIDPS aims to achieve two core outcomes: first, detect and prevent attackers’ techniques and tactics as per MITRE’s ATT&CK enterprise matrix earlier than the lateral movement stage, and secondly, strip trust out of the endpoint itself and place it on-chain, thus creating an immutable system of explicit trust. To evaluate the effectiveness of the BIDPS, a testbed was built where techniques of over ten APTs attacks were launched against the endpoint. BIDPS has a high rate of success defending against the launched attacks owing to its Blockchain’s immutability, fortifying the detection/prevention processes.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | 08 Information and Computing Sciences; 09 Engineering; 10 Technology |
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science T Technology > T Technology (General) |
Divisions: | Computer Science & Mathematics |
Publisher: | Institute of Electrical and Electronics Engineers (IEEE) |
SWORD Depositor: | A Symplectic |
Date Deposited: | 23 Aug 2022 09:09 |
Last Modified: | 12 Sep 2022 10:30 |
DOI or ID number: | 10.1109/ACCESS.2022.3200165 |
URI: | https://researchonline.ljmu.ac.uk/id/eprint/17431 |
View Item |