Blockchain and Machine Learning-Based Hybrid IDS: Comparison
Please note this is a comparison between Version 1 by SHAILENDRA MISHRA and Version 2 by Rita Xu.

The cyberspace is a convenient platform for creative, intellectual, and accessible works that provide a medium for expression and communication. Malware, phishing, ransomware, and distributed denial-of-service attacks pose a threat to individuals and organisations. To detect and predict cyber threats effectively and accurately, an intelligent system must be developed. Cybercriminals can exploit Internet of Things devices and endpoints because they are not intelligent and have limited resources.

  • cyber security
  • machine learning
  • blockchain

1. Introduction

The potential of the cyberspace to transform our lives is tremendous, but our access to and use of this powerful tool must be carefully measured and managed to leverage its most advantageous benefits and protect individuals from potential misuse and abuse [1]. Due to the continuous growth of communication and networking technologies, a massive number of devices are connected to the Internet, which introduces the concept of the Internet of Things (IoT). In the past few decades, the IoT has witnessed a similar spike in interest due to the automation benefits that it provides [2]. Because the IoT is connected via the Internet, it has seen good growth over the years. Due to this growth, some crucial security issues can help intruders gain access to network resources [3]. There has been an increase in the number of IoT devices as IoT networks have been implemented in various systems. The number of IoT devices is predicted to increase from 7.74 billion in 2019 to 25.44 billion in 2030 [4]. IoT endpoints are not smart and have limited resources, allowing cyber threats to be exploited [5].
Blockchains, cybersecurity, AI, and ML are closely intertwined and are essential components of a comprehensive digital transformation strategy. A blockchain provides a secure data storage and sharing system, while cybersecurity enables secure data protection from malicious activities. Using blockchain (BC) technology, cybersecurity, AI, and ML together, organisations can enhance security, harness the power of data, reduce costly operational expenses, and optimise their operations [6]. The majority of cyberattacks target dark web data theft, damaging brands’ reputations and exploiting e-commerce sites and the stack market [7]. The use of machine learning (ML) techniques can improve both the effectiveness of the IoT infrastructure and the performance of cybersecurity systems [8]. Blockchain technology and artificial intelligence have the potential to create smarter, safer, more efficient, and more secure systems. Quantum technology, however, has made most existing blockchain systems vulnerable to quantum attacks. Quantum cryptography can be used to protect personal information and protect privacy in blockchain, artificial intelligence, and big data applications [9].
Implementing BCs in IoT systems has numerous advantages, such as decentralisation to eliminate a single point of failure, proof of security, traceability, and immutability [10].
A blockchain can be used to generate insights based on shared data and then to make predictions using artificial intelligence. Via mutual agreements between nodes, blockchains form chains that link existing blocks stored in nodes chronologically with the new blocks. Artificial intelligence and blockchain power can be combined to provide a strong defence against attacks [11]. Many existing approaches have developed the concept of efficient data communication between devices and the storage of these communicated data on either a cloud or blockchain network [12]. However, numerous obstacles exist to effectively communicating and storing data in a smart network, and significant challenges for smart networks have been discussed [13]. One vulnerability is the corruption of the data stored in a BC. The immutability of BCs is the root cause of this problem; therefore, corrupted data must be detected before they are transferred to and stored in a BC [14].

2. Blockchain and Machine Learning-Based Hybrid IDS

In a rapidly evolving network environment, there is not much time to develop new statistical models, so they are not well suited to the new workload. By integrating concepts from edge computing, machine learning, and artificial intelligence, a cognitive engine can be developed [15][21]. Machine learning is capable of learning without much human assistance. Therefore, paying more attention to security issues and related defences in machine learning is important. With the development of machine learning (ML) and deep learning (DL) models, security in the IoT cloud environment has been enhanced [16][22]. The use of AI in user access authentication, network situation detection, malicious behaviour monitoring, and abnormal traffic identification is discussed in [17][23]. In [18][24], the authors proposed an intrusion detection system based on neural network clustering (IDS) that can help administrators detect and reduce the risk of early-stage attacks, thereby reducing power consumption. Dong and Sarem [19][15] proposed a detection algorithm called DDAML. This study aimed to identify DDoS attacks by applying machine learning algorithms and MLP. The DDAML algorithm outperformed all the other algorithms (SVM, RF, KNN, and LR) with the same ROC curve. The DDAML algorithm has an AUC of 0.912, as do the NB, SVM, CIC-SVM, and DDADA algorithms. The NB algorithm has an AUC of 0.891, the SVM algorithm has an AUC of 0.893, the CIC-SVM algorithm has an AUC of 0.895, and the DDADA algorithm has an AUC of 0.899 [19][15]. Gradient-boosted machine (GBM) technology is proposed in [20][16] as a means of improving the detection performance of anomaly-based intrusion detection systems (IDSs). The effectiveness of the GBM technology is then evaluated in terms of performance metrics and contrasted with well-known classifiers. The NSL-KDD, UNSW-NB15, and GPRS datasets’ full features were applied to yield the highest results to date using either the hold-out approach or tenfold cross-validation. A detection approach named OGBDT, which combines genetic algorithms (GAs) with optimised gradient boost decision trees (OGBDTs), was proposed in [21][18]. Enhanced African buffalo optimisations (EABOs) were used to increase categorisation. The proposed IDS (OGBDT) was used to compare conventional MLTs. To evaluate the performance of these approaches, accuracy, precision, recall, and F-score were compared across the UNBS-NB 15, KDD 99, and CICIDS2018 datasets. The suggested IDS has the fastest attack prediction speeds across all datasets and the highest attack detection rates. By replicating message queuing telemetry transport (MQTT) via a virtual network, IoT anomalies were found and discussed in [22][19]. To detect and stop DDoS attacks, a few machine learning algorithms, including the multilayer perceptron (MLP), naive Bayes (NB), and decision tree (DT) algorithms, as well as an artificial neural network, were analysed. A dataset comprising 4998 records, 34 characteristics, and eight kinds of network traffic was used in the suggested method. With an accuracy rate of 99.94%, the classifier RF displayed the best performance. The three primary technologies for addressing security issues in the Internet of Things (IoT)—machine learning (ML), (AI), and BCs—were the subject of a thorough analysis. A study describing the IoT architecture and its supporting technology presented issues [23][25]. In [24][26], Derhab et al. proposed the RSL-KNN intrusion detection system, a method of detecting forgeries intended to manipulate industrial control systems that uses random subspace learning (RSL) and the K-nearest neighbour (KNN) algorithm. A blockchain-based integrity checking system (BICS) protects industrial IoT systems with SDN capabilities from misrouting attacks that alter OpenFlow rules. As a means of improving and securing the overall security of a system and evaluating its performance in terms of its end-to-end delay, routing overhead, packet delivery ratio, throughput, and confusion matrix, Malik et al. (2022) proposed a solution called the detection and prevention of a BHA (DPBHA) [25][20]. The proposed model was tested on the benchmark dataset KDD99 (NSL-KDD). The KDD99 (NSL-KDD) dataset [26][27] includes 494021 records in its training dataset, while its testing dataset contains 311 029 records. A study of the UNSW-NB15 dataset [27][28] revealed 42 features divided into ten classes (normal, fuzzers, analysis, backdoors, DoS, exploits, generic, reconnaissance, shellcode, and worms). In [28][29], the authors described a state-of-the-art technique for assessing database damage after a hostile attack on a healthcare system; healthcare systems require fast recovery to minimise downtime, and such an algorithm can also be used to protect healthcare systems [28][29]. Systems using blockchains are susceptible to quantum assaults. For initiatives including blockchains, artificial intelligence, large data, and privacy protection, quantum cryptography offers a potent security tool [9]. A vast number of complicated operations can be computed using quantum computing in an exponentially short amount of time for its quick, effective, and scalable computing resources. To protect against arbitrary source defects when using current technology, such as state preparation flaws, side channels caused by mode dependencies, Trojan horse attacks, and pulse correlations, a major framework known as a reference technique has been developed [29][30]. The potential uses of BC technology and its drawbacks in fields like human rights have direct societal effects. SMEs, corporations, organisations, businesses, government institutions, and the general public confront a variety of hurdles while adopting, promoting, and using blockchain technology. The security of decentralised networks is a major challenge because the nodes are not physically protected. Without centralised management and collaboration between nodes, data security is compromised across the network. The current decentralised system has multiple nodes, all of which function properly. However, if one of the nodes fails to complete the user authentication process, a denial-of-service (DoS) attack can occur. In this type of attack, spoofed traffic and data requests are sent to the attacked resource to flood it with requests and prevent real users from accessing it. The attacker exploits the vulnerability in the resource’s network by constantly sending information packets that require authentication. If the system shares a spoofed address, it can prevent resources from authenticating and thus shut down without further interaction. This leads to an increase in traffic on the routing path, which is filled with spoofed data requests. The authentication process has no benefit, and malware activity is recorded during network transmission. A decentralised ledger system should restrict user access. Each user should be verified before accessing the network. Integrated approaches should be developed in conjunction with tactics and techniques used to close these gaps. Security for the Internet of Things (IoT) is becoming increasingly concerned with machine learning (ML) and blockchain technology. These technologies can be applied specifically to intrusion detection systems (IDSs). Despite this, there are still some gaps in the existing research. Previous research has shown that ML algorithms can effectively detect anomalous behaviour in IoT devices, making them suitable for IDS applications. However, one challenge is that ML algorithms require large amounts of data to for effective training. This can be a problem in the context of the IoT as devices may have limited processing and storage capabilities. Additionally, ML algorithms may be vulnerable to attacks such as adversarial attacks, which can be used to fool the algorithm into making incorrect predictions. Blockchain technology has also been proposed as a way to enhance the security of IoT devices. One approach is to use a blockchain to create a decentralised and tamper-proof ledger of all device transactions, which can help prevent unauthorised access to IoT devices. However, there are still some challenges that need to be addressed. For example, the overhead of using blockchain can be significant, which can be a problem in the context of resource-constrained IoT devices. The existing research on combining ML and blockchain technology for IoT IDS applications has some gaps as well. One challenge is to develop a system that can efficiently and securely store the large amounts of data required for ML algorithms to work effectively. Additionally, there is a need for further research on how to effectively integrate ML algorithms with blockchain technology in the context of the IoT. While there has been some promising research on using ML and blockchain technology for IDS in the IoT, there are still some gaps that must be addressed. Future research should focus on developing efficient and secure systems for storing data, as well as exploring ways to integrate ML algorithms with blockchain technology in the context of the IoT.
ScholarVision Creations