Facial reconstruction

Search LJMU Research Online

Browse Repository | Browse E-Theses

Blockchain-enabled Intrusion Detection and Prevention System of APTs within Zero Trust Architecture

Alevizos, L, Eiza, MH, Ta, VT, Shi, Q and Read, J (2022) Blockchain-enabled Intrusion Detection and Prevention System of APTs within Zero Trust Architecture. IEEE Access, 10. pp. 89270-89288.

[img]
Preview
Text
Blockchain-Enabled_Intrusion_Detection_and_Prevention_System_of_APTs_Within_Zero_Trust_Architecture.pdf - Published Version
Available under License Creative Commons Attribution.

Download (2MB) | Preview

Abstract

In a world where organisations are embracing new IT working models such as Bring Your Own Device (BYOD) and remote working, the traditional mindset of defending the network perimeter is no longer sufficient. Zero Trust Architecture (ZTA) has recently emerged as a new security model in which the breach mindset dominates the threat model. By default, the ZTA considers any endpoint (i.e., device), user, or application to be untrusted until proven otherwise. Nonetheless, once proven by the endpoint, using Advanced Persistent Threats (APT), attackers can still take over an authenticated and authorised session via that endpoint. Therefore, they can perform several user/device centric malicious activities in addition to lateral movement rendering the endpoint the Achilles heel of ZTA. To effectively deter APT attack capabilities on the endpoints, this work proposes a Blockchain-enabled Intrusion Detection and Prevention System (BIDPS) that augments ZTA onto endpoints. The BIDPS aims to achieve two core outcomes: first, detect and prevent attackers’ techniques and tactics as per MITRE’s ATT&CK enterprise matrix earlier than the lateral movement stage, and secondly, strip trust out of the endpoint itself and place it on-chain, thus creating an immutable system of explicit trust. To evaluate the effectiveness of the BIDPS, a testbed was built where techniques of over ten APTs attacks were launched against the endpoint. BIDPS has a high rate of success defending against the launched attacks owing to its Blockchain’s immutability, fortifying the detection/prevention processes.

Item Type: Article
Uncontrolled Keywords: 08 Information and Computing Sciences; 09 Engineering; 10 Technology
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
T Technology > T Technology (General)
Divisions: Computer Science & Mathematics
Publisher: Institute of Electrical and Electronics Engineers (IEEE)
SWORD Depositor: A Symplectic
Date Deposited: 23 Aug 2022 09:09
Last Modified: 12 Sep 2022 10:30
DOI or ID number: 10.1109/ACCESS.2022.3200165
URI: https://researchonline.ljmu.ac.uk/id/eprint/17431
View Item View Item