Indonesian Journal of Electrical Engineering and Computer Science Vol. 22, No. 1, April 2021, pp. 485~496 ISSN: 2502-4752, DOI: 10.11591/ijeecs.v22.i1.pp485-496  485 Journal homepage: http://ijeecs.iaescore.com Designing consensus algorithm for collaborative signature- based intrusion detection system Eko Arip Winanto 1 , Mohd Yazid Idris 2 , Deris Stiawan 3 ,Mohammad Sulkhan Nurfatih 4 1,2,4 School of Computing, Faculty of Engineering, Universiti Teknologi Malaysia, Malaysia 3 Department of Computer Science, Universitas Sriwijaya, Indonesia Article Info ABSTRACT Article history: Received Mar 5, 2020 Revised Dec 5, 2020 Accepted Jan 11, 2021 Signature-based collaborative intrusion detection system (CIDS) is highly depends on the reliability of nodes to provide IDS attack signatures. Each node in the network is responsible to provide new attack signature to be shared with other node. There are two problems exist in CIDS highlighted in this paper, first is to provide data consistency and second is to maintain trust among the nodes while sharing the attack signatures. Recently, researcher find that blockchain has a great potential to solve those problems. Consensus algorithm in blockchain is able to increase trusts among the node and allows data to be inserted from a single source of truth. In this paper, we are investigating three blockchain consensus algorithms: proof of work (PoW), proof of stake (PoS), and hybrid PoW-PoS chain-based consensus algorithm which are possibly to be implemented in CIDS. Finally, we design an extension of hybrid PoW-PoS chain-based consensus algorithm to fulfill the requirement. This extension we name it as proof of attack signature (PoAS). Keywords: Blockchain CIDS Consensus algorithm IDS Signature-based This is an open access article under the CC BY-SA license. Corresponding Author: Mohd Yazid Idris, School of Computing, Faculty of Engineering Universiti Teknologi Malaysia Email: yazid@utm.my Deris Stiawan School of Computing, Faculty of Engineering Universiti Teknologi Malaysia Email: deris@unsri.ac.id 1. INTRODUCTION Collaborative intrusion detection system (CIDS) has been designed to enhance the detection capability of IDS. CIDS allows IDS nodes to collect and exchange required information among the nodes [1]. Collecting traffic characteristics and attack signatures from different nodes create more sensitive detection capability compared to a single node IDS. CIDS framework is widely adopted and deployed in various organizations due to its detection capability. However, there are two major issues remain in CIDS which are consistency on data sharing and trust among the nodes [2-3]. Maintaining data consistency is a big challenge in CIDS [4]. Nodes are required to identify in which peer to collect the latest update of attack signatures. In some cases, several nodes provide different version of attack signatures that can lead the data inconsistency issue. This problem occurs due to lack of data versioning control such as in a centralized IDS system. The second issue in CIDS is to manage trust among the nodes [5]. Trust management is important to prevent false or malicious data to be used in CIDS. Research in trust management has been discussed in [6- 9]. In order to maintain the trust, all the data contributes by each node shall be validated by the other nodes. All these nodes can contribute data in a network where each node is considered benign. In actual case each node is exposed to malicious activities such as insider attacks. This attack can cause CIDS getting an invalid data and greatly degrade the security.