Blockchain based intrusion detection in agent-driven flight operations

Abstract

Security and protection of the data is the core objective of every organization, but since cyber-attacks got more advanced than ever before, the data is compromised more often, resulting in financial loss, life loss, or privacy breaches as its consequences. There must be a system that can deal with the increasing number of cyber-attacks in flight operations, which are increasing in numbers and sophistication. Since we know that the traditional intrusion detection system is not capable enough to protect the data and as many human lives are at stake in flight operations, an unfortunate data corruption attack could give rise to a catastrophe. In this paper, we proposed a blockchain-based intrusion detection system for flight operations framework to protect the data’s privacy and avoid data corruption in flight operations. Blockchain not only protects data from corruption but also circumvents the challenges faced by intrusion detection systems which include trust and consensus building between different nodes in a network that can enhance the capability of the intrusion detection system.

Keywords

Intrusion detection blockchain intelligent agent-based flight operations multi-agent systems

1. Introduction

The flight operations system is responsible for the 3E’s in flight management, which are Efficiency, Efficacy and Effectiveness. Communication and coordination between the ground and travel crew are also carried out through the flight operations system. One of the significant concerns of flight operations system is providing customer safety and security and protecting their data. The struggle to protect consumer data has been going on for years and new systems are being developed for the same purpose. As the system contains critical data about the flight and the customers, any vulnerability in the system can lead to severe and fatal consequences. Therefore, the system must be equipped with susceptible security measures like intrusion detection, firewalls and attack prevention systems to secure the data and life of the customers. Several studies and models have been presented in the past that give rise to new advancements in the security system of flight operations system. The advancement in technology is growing at a tremendous rate. It is expected to grow further in the future, with multi-agent systems installed in flight operations systems to handle tasks that were once impossible for humans.

In this paper, the proposed agent-based flight operations system keeps the redundant data task and communication flowing throughout the system without interruption. Multi-agent systems are used to collaborate, negotiate and coordinate with different agents to solve system problems because cooperation between multiple agents is necessary to deal with large data sets and system challenges [1, 2]. However, in flight operations system, humans can’t handle such massive data. Therefore a system needs to be designed with multi-agent systems without affecting the performance [3]. In this study, we demonstrate the application of blockchain technology in intrusion detection systems to overcome the insufficiency of traditional Intrusion Detection Systems (IDS) to detect attacks efficiently. It also provides a decentralized nature to our flight operations system. The essential aspects of the flight operations system considered in every flight operation model can be categorized as air resources, ground resources and maintenance.

Cyber-attacks are the breach of the system with malicious and ulterior motives to damage the data and to steal it [4]. There are different types of attacks that can be executed on flight operations system including Man-in-the-middle (MITM) attack, Data Injection attack, Spoofing attack, Denial of Services attack and Insider threat. There are different types of methods that we can use to prevent these attacks like using encrypted algorithms, use of IDS, special keys update, traffic analysis surveys, security awareness programs

The flight operations system has used Security Management Systems (SEMS) to deal with these attacks. But despite all efforts, many attacks have been successful and a lot of data has been stolen over the past few years [5, 6, 7]. Some attacks are IT operator SITA – 2021, Easyjet – 2020, Cathy Pacific Airways – 2018, British Airways – 2018 and Air Canada – 2018. The most common types of IDS are network-based, host-based protocol-based IDS, namely NIDS, HIDS and PIDS. A NIDS monitors the network and detects any unusual activity or unwanted traffic entering the system. It is mostly added at the entrance point of the system where the data comes in through the network so that the intrusion can be detected at the ear. A HIDS detects and monitors the systems’ internals for abnormalities and unusual behavior. This type of IDS is installed to check the system from the inside. It is used when for an unknown reason, the attacker manages to trespass the firewalls of the system and is not detected by the NIDS. A PIDS monitors the protocols that are followed by the system to send messages. This type of IDS is also installed at the far end of the system to verify the proposals as soon as it enters the system [8].

There are two types of IDS methods that use two different techniques for dealing with intrusions. These include Signature-based methods that works on the principle of pattern creation. As it encounters any attack, it creates a signature of that attack depending upon the indicators of compromise and stores them in the system’s database for future reference. The second method is called Anomaly-based that works by developing an ideal condition model of our system and store that in the database. Upon detection of the attack, it directly matches the system’s condition with that of the model stored in the database and acts accordingly [9].

Flight operation systems are critically sensitive as they involve a human life at risk or the safety and secrecy of personal data. flight operations system has been using SEMS [10] in the past, which despite all functionalities of data protection, couldn’t resist the attacks which resulted in money and data corruption. Our objective is to prevent all attacks from happening without affecting system performance. What technology can provide adequate data security and how to integrate that technology into the flight operations system? To deal with this situation, we have used an IDS that works together with blockchain to detect cyber-attacks and protect data and its integrity.

2. Literature review

Previously, none of the approaches has used blockchain for intrusion detection in flight operation systems. [11] talks about the security of cryptocurrencies and how blockchain technology ensures their data integrity and secrecy. It talks about the emergence of blockchain and, through different systematic examinations, checks its robustness and credibility to stand against different possibilities of data invasion. [12] focusses on online payment transactions through a digital signature to provide extra security to the owner but despite all the work, the problem of double-spending without the intervention of the third party could not be solved. blockchain timestamps the transactions, thus solving the problem. [13] have used a social approach making the agents’ actions an obligation to solve the problem of agents having limited resources or a higher degree of dependability. $\mu$ -calculus with TAPA (Tool for the Analysis of Process Algebras) model checker is used for formal specification providing future direction for proper modeling. [14] works with the promise of replacing the traditional grid with a smart one. In doing so, the system becomes sensitive and is prone to threats and forces the power grid to collapse. Using blockchain technology with this system improves intrusion detection and strengthens its reliability and robustness against attacks. [15] concentrates on a multi-agent management system that uses blockchain technology to deal with threats and enable trust between different agents while simultaneously maintaining privacy. In [16], it is demonstrated that the Collaborative IDS (CIDS) performs better when compared to single IDS and also improves its credibility and overall efficiency. The system that uses CIDS has blocked more unwanted intrusions compared with the traditional IDS. [17] have worked at their best to provide the solution to the 51% attack on the blockchain during the consensus mechanism. Five different techniques have been discussed in this paper that prevents this attack from happening. [18] shows how blockchain could be used in many other fields unrelated to cryptocurrencies and to prove this fact implements blockchain technology with smart vehicles to provide security to the users while driving a smart vehicle. In [19], blockchain is being used with IDS to resolve the problem of forming trust between different components of the system and to check it against the sending and the receiving nodes between inner cyber systems.

In [20] the problem of false alarms with IDS has been taken care of through the use of the verification method of the blockchain and also prevents the outflow problem of information to a third party. [21] uses the signature method for recording information about the attacks in the form of patterns of 0 s and 1 s. [22] the uses signature-based IDS method for recording information about the attacks. A Signature-based method works on the principle of storing patterns of the attacks in the form of 0 s and 1 s and storing them for future reference. [23] proposes a blockchain anomaly detection to eliminate the single point of failure in a system. It uses blockchain meta-data to control malicious activities and thus prevent them. The distributed nature also helps in avoiding any failure of the system. [24] uses IDS for vehicular networks against threats on the network. As a large number of data is exchanged between carrier and network, it needs to be protected from cyber-attacks, for this it uses distributed algorithm-based IDS. [25] introduces Selp-adaptive Multi-Agent Real-Time Systems (SMARTS) to enable real-time decisions and self-adaptation in the agents as systems are becoming complex and resources were being drained because of no proper method present to cope with the situation. The TAPAAL model checker is used for the verification of the model and it showed promising steps to enhance the decision of the system. In [26], the centralized system for UAVs has been replaced with a decentralized one as the earlier one was susceptible to many cyber-attacks. This new decentralized approach uses a machine learning framework with blockchain to enable the system to take a rational decision without any alien intervention. In [27] applications of blockchain have been discussed like smart contracts, bitcoin, the internet of things (IoT), smart grids, cybersecurity, etc. along with blockchain’s functions including hash-chained databases, mixing protocols, anonymous signatures, consensus algorithms, etc. In [28] the decentralized power of the blockchain in the field of healthcare, insurance, real estate and the voting system has been discussed. It also demonstrates how the use of blockchain could revolutionize these fields in the future and could help protect them from attacks like Eclipse attacks, selfish mining attacks, liveness attacks, etc. [29] describes CIDS as a promising offering for the identification of collective and coordinated cyber-attacks. CIDS despite all the advantages over the traditional one, faces huge problems in coordination with every IDSs in the system. Blockchain builds consensus and compliments CIDS for better performance. In [30], an architecture for signature-based IDS that solves problems like exchanging information without the hesitation of data loss or manipulation is used. It also resolves trust issues as blockchain is a trustless technology. A study [31] proposed a collaborative model using Federated Learning for passenger demand forecasting in smart city transportation to protect user privacy by enabling autonomous taxis to improve their demand forecasting models without sharing passenger data directly. A study [32] introduced an agent-based security risk management approach that includes risk assessment, scope selection, agent-based model and risk mitigation. These four steps use Monte Carlo simulation to perform better. [33] strengthens the defense of IDS using Blockchain-enabled collaboration with intrusion detection. Blockchain along with SDN benefits each other to create an intrusion-free system achieving security-related objectives. In [34], security, multi-agent systems, blockchain and deep learning algorithms have been discussed. These work together to enhance the environment, protect the system from intrusion and secure the data.

However, none of these approaches have used blockchain for efficient intrusion detection in agent-driven flight operations. The majority of the work either focuses on forming trust between different components of an intrusion detection system through consensus protocol or eliminating false alarms in intrusion detection through blockchain verification. What if we want an autonomous entity to handle all the intrusion-related activities like its detection and secure storage for the future? How can we ensure that our attack signatures, including signature and anomaly-based, will themselves be kept safe from an attack? How can we ensure that multiple agents can develop trust in each other while working in a multi-agent system? This is where our proposed approach becomes useful. Blockchain can provide a reliable audit trail for incident investigations by ensuring that logs are immutable and tamper-proof. Additionally, blockchain-based consensus mechanisms can facilitate real-time anomaly detection by enabling multiple nodes to validate and cross-check data, thereby reducing the risk of false positives and enhancing the robustness of the IDS.

3. Proposed blockchain-based intrusion detection system for flight operations framework

The proposed Blockchain-based Intrusion Detection System for Flight Operations (BIDFO) framework is presented in Fig. 1. It combines blockchain with an IDS to secure the data and information of flight operations and a few other components to record data and communicate it throughout the network. There are two types of nodes in this network the control room and the aircraft. Messages from all the nodes are generated through a data-transmitting component and then communicated into the network through a communication module. The data thus transmitted is sent to the proposal generation component, which decides the authenticity of the data and generates an alarm if any abnormal behavior is found.

The next component of our framework is the CIDS component which includes a consensus module, incentive module and blockchain. Once the data is entered into the blockchain, it cannot be changed or altered. The consensus module ensures that there is no different copy of the blockchain as its distributed through the network.

3.1 Data transmission

The nodes aircraft and the control room transmit the data into the network through this module. The data-transmitting component is designed to enable communication between these two nodes. This component includes the agents that take care of the data and messages transmitted through the communication module.

3.1.1 Data generation

This module is responsible for data generation and messages. The quality and authenticity of the data are controlled in this module. The data generated by the control room is mainly about navigation, warnings, vertical positions, etc., while the information provided by the aircraft is controller information, engine health, etc.

Figure 1.

The proposed blockchain-based intrusion detection system for flight operations (BIDFO) framework.

3.1.2 Communicative module

Messages generated by the transmission component are then transmitted to other framework components through the communication module. This module is responsible for starting the conversation and also receives messages from other components and nodes.

3.2 Warning generation

It generates warning alerts and depending on the data received from the Data Transmission Component, it finds out that the data coming into the system does not follow the protocols, addresses, semantics, etc. Therefore, the input given to this component is deemed as a proposal for this component. It contains two types of patterns that are triggered and periodic.

3.2.1 Triggered pattern

This pattern works if an unusual behavior or data is entered into the system through any node. It consists of a whitelist of all the addresses like IP, MAC and ports and also of protocols used by the proposed system. If the addresses and protocols do not match with that whitelist, it generates an alert.

3.2.2 Periodic pattern

Some attacks do not trigger this component and can silently trespass into the system and the data could be stored in the blockchain as genuine and authentic data. A periodic pattern is used to deal with these types of attacks as it regularly checks the system for any abnormality. If $T_{\textit{runtime}}$ is a multiple of $T_{\textit{periodic}}$ , an equation can be presented:

$\displaystyle n=(\textit{Time}_{\textit{runtime}}/\textit{Time}_{\textit{% periodic}})\textit{mod }M$ (1)

3.2.3 Algorithm designed for the warning-generating module

The working of the proposal & warning generation component is demonstrated in Algorithm 1.

Algorithm 1: Propose algorithm for warning generation
Input: Detected proposal $Q^{\prime}$
Output: Proposal $Q$ after processing
1. $Q\leftarrow\theta$
2. while $\textit{Time}_{\textit{runtime}}/\textit{Time}_{\textit{periodic}}\notin Z$
3. for $n\epsilon\{1,2,\ldots,N\}$
4. $a\leftarrow\nsubseteq AD$
5. $b\leftarrow\nsubseteq PR$
6. if $a\&({P\neq{P}^{\prime}})$ then
7. $Q=$ At node m: address flow abnormally
8. else if $b\&({P\neq{P}^{\prime}})$ then
9. $Q=$ At node m: protocol flow abnormally
10. end if
11. end for
12. end while
13. $n\leftarrow(\textit{Time}_{\textit{run}}/\textit{Time}_{\textit{periodic}})% \textit{mod }M$
14. $P=$ At node m: normal flow

3.2.4 Intrusion detection system methods with independent detection

The flight operations system is a complex system and contains many data dependencies. The independent detection ensures the data is being shared with proper syntax and the exact same semantics specified in the system. We use signature and anomaly-based methods IDS in the proposed framework that complement each other through their functionalities, as shown in Fig. 2.

Figure 2.

Integration of intrusion detection system methods with blockchain.

Figure 3.

Recording nodes and detector nodes.

3.3 Collaborative intrusion detection system component

It contains the consensus algorithm initially to keep the blockchain neutral. The following module is the incentive mechanism that rewards and punishes the network’s miners. And lastly, the data is stored inside the blockchain permanently.

3.3.1 Consensus creation

It builds consensus and keeps it between every node of the network. As blockchain is distributed all over the network, keeping it the same at each node is necessary. Furthermore, as there is no central authority in the blockchain and each node can act arbitrarily, it is essential to build consensus to maintain the blockchain and the decentralized nature of this technology.

Suppose a situation exists in which two different copies of the blockchain are found. Then, the consensus is run to decide between both copies of the blockchain and selection will depend upon the number of copies against every node in the network. A different copy of the blockchain is created when one of the nodes rejects a valid and authentic block and does not add it to its copy of the blockchain, thus creating an orphan chain. The node currently adding the block to the blockchain is called the recording node, while all the other nodes are called the detecting nodes. The detecting nodes can accept and reject the newly created block. Figure 3 shows both recording and detecting nodes. The block is dismissed by one of the detecting nodes and received by most other detecting nodes.

In Fig. 3 only one node has rejected the copy of the recording node and that particular node would not make this specific block part of the blockchain, thus making its copy the orphan copy of the blockchain. As soon as an orphan chain is created in the blockchain, a consensus algorithm runs and the orphan chain formed previously gets rejected. Figure 4 shows a copy B5 being rejected as it has become an orphan chain and every other copy contains the same copy.

Figure 4.

Blockchain network with orphan chain.

3.4 Introducing blockchain to the proposed framework

In the proposed model, we implemented blockchain instead of a traditional database because blockchain provides security and secrecy. The process is shown in Fig. 5. It presents how a block is added to the blockchain and what steps are necessary for a successful transaction.

Figure 5.

Steps on how a block is entered into the blockchain.

3.4.1 Storing attack patterns into blockchain

Our framework allows us to save two different types of data in it. The responsibility of blockchain in our framework is to store information about the attacks. Signature-based IDS, after encountering any cyber-attack, creates a signature of that attack in the form of patterns and stores them in the blockchain for future use. While the Anomaly-based IDS stores in the blockchain the system’s expected behavior and use that as a reference against new attacks. Script 1 shows the attributes of the class AttackInfo received via the constructor. Figure 6 shows the block containing information about the attacks.

Script 1: Class for storing attacks information 1. class AttackInfo { 2. constructor (Activities, System_Ip, irregularities, Signature) { 3. this.activities $=$ Activities; 4. this.systems IP $=$ System_IP; 5. this.irregularities $=$ Irregularities; 6. this.signature $=$ Signature; 7. } 8. }

Figure 6.

Block containing IOC of cyber-attack.

3.4.2 Storing communication data into the blockchain

Blockchain also stores communication between different nodes of the network. The data is critically important to protect; therefore, we have used blockchain to store them to prevent any misuse and manipulation of the data. Script 2 shows the attributes of the class AircraftInfo received via constructor. Figure 7 shows the block containing information about the control room and the aircraft.

Figure 7.

Block containing aircraft information.

Script 2: Class for storing aircraft information 1. class AircraftInfo { 2. constructor (Air_id, velocity, height, warning_signs, control_panel, airfoils) { 3. this.Aircraft_id $=$ Air_id; 4. this.velocity $=$ velocity; 5. this.height $=$ height; 6. this.warnings_signs $=$ warning_signs; 7. this.airfoils $=$ airfoils; 8. this.control_panel $=$ control_panel; 9. } 10. }

3.4.3 Calculating the hash value of the block

Hash is a function that maps or converts the data into bits of an array of fixed length. The hash calculated for each block depends on all the block’s attributes. Miners have to calculate the nonce value until the hash comes within the targeted value selected by the system. Figure 8 shows a flowchart that explains the procedure of calculating hash.

Figure 8.

Hash value calculator.

3.4.4 Implementing blockchain

Implemented blockchain is divided into two main sections. The first one contains the code for creating the block, adding its information and storing the data inside that block, while the second section creates the chain between these blocks created in section one and thus forms the blockchain. The coding is done using Node.js language and Visual Studio code is used for compilation. Script 3 shows the code of a single block that will be added in a blockchain. Script 4 shows the code for complete blockchain.

Script 3: Class for storing aircraft information 1. class SingleBlock { 2. constructor (blockData) { 3. if (blockData $==$ “Genesis_Block”) { 4. block_id $=$ 1; 5. time $=$ new Date.now (); 6. data_of_block $=$ data_of_block; 7. prev_hash $=$ 0; 8. nonce_value $=$ 0; 9. hash_value $=$ 10. calculateHashGenesis (); } 11. else { 12. block_id $=$ “”; 13. time $=$ new Date.now (); 14. blockData $=$ data_of_block; 15. prev_hash $=$ ”; 16. nonce_value $=$ 0; 17. hash_value $=$ 18. calculateHashGenesis (); } 19. } 20. calculateHashGenesis () { 21. let m $=$ SHA256 (id $+$ nonce_value 22. prev_hash $+$ data_of_block $+$ time); 23. return mineGenesis (m, 3); 24. } 25. mineGenesis (hash_value, difficulty_level) { 26. while (h_value.substring (0, d_level) 27. $!==$ Array (d $+$ 1).join (“0”)) { 28. n_value $++$ ; 29. h_value $=$ this.calculateHashOther (); } 30. } 31. calculateHashOther () { 32. return SHA256 (block_id $+$ nonce_value 33. prev_hash $+$ data_of_block $+$ time); 34. } 35. mineOther (d) { 36. while (h_value.substring (0, d) 37. $!==$ Array (d $+$ 1).join (“0”)) { 38. n_value) $++$ ; } 39. console.log (“Block mined: ” $+$ hash_value); 40. } 41. }

Script 4: Class for complete blockchain 1. class OurBlockchain { 2. constructor () { 3. id $=$ 1; 4. difficulty $=$ 3; 5. our_blockchain $=$ [createBlockGenesis ()]; 6. } 7. createBlockGenesis () { 8. return new SingleBlock (“Genesis”); 9. } 10. getLatestBlock () { 11. return our_blockchain 12. [our_blockchain.length $-$ 1]; 13. } 14. addBlock (n_Block) { 15. this.block_id $=$ no $++$ ; 16. newBlock.prev_hash $=$ 17. this.getLatestBlock().hash_value; 18. newBlock.block_id $=$ this.block_id; 19. n_Block.mineOther (this.difficulty_value); 20. this.our_blockchain. push(n_Block); 21. } 22. isOurBlockchainValid() { 23. for (j $=$ 1; j $<$ this. 24. our_blockchain.length; j $++$ ) { 25. cblock $=$ ourblockchain [j]; 26. prev_block $=$ ourblockchain [j-1]; 27. if (cblock.h_value $!==$ 28. cblock.calculateHashOther ()) { 29. return false; } 30. if (curret_block.prev_hash { 31. $!==$ prev_block.hash) { 32. return false; } 33. } 34. return true; 35. } 36. }

Figure 9.

Representation of blockchain.

The code demonstrated above creates a fully functional blockchain with each block connected to the surrounding blocks with the help of their hash values. A slight change in the data would change the hash value altogether and the connection between these blocks would break. Figure 9 shows a complete consolidated view of the blockchain containing actual data of the flight operations system.

4. Application of the blockchain-based intrusion detection system for flight operations framework

We considered a flight operation in Fig. 10. To check the robustness and credibility of our BIDFO framework against a challenging scenario containing control rooms, aircraft, an antenna and other communications like Air-to-Air, Ground-to-Ground and Air-to-Ground, communications like Air-to-Air, Ground-to-Ground and Air-to-Ground, denoting communication between the aircraft, control rooms and aircraft to control room respectively.

Figure 10.

Flight operations system.

4.1 Scenario – unauthorized person attempts to add a new block to the blockchain

We will use the flight operations which has been discussed in Fig. 10. It consists of two control rooms and let’s suppose that the attacker blocks the communication of ground with any of the aircraft and sends his data by taking control of one any control room. The attacker now has the chance to manipulate and change the aircraft’s communication, misleading the aircraft for any ulterior motive. The attacker can now change the blockchain’s data or add a new block of data. The black arrows in Fig. 11 clearly show the path attacker can travel or have access to. The attacker can affect every node connected through the blockchain as the same copy of the blockchain is distributed to each node. The attacker now has illegal and unauthorized access to our flight operations and can damage the aircraft’s data.

Figure 11.

Flight operations system attacked by an unauthorized person.

The scenario depicts that an attacker entered the system through the network. It has an ulterior motive of hijacking an aircraft A1 by changing its landing location. The attacker does this by adding a new block containing the data of aircraft A1 in the blockchain. Now, as the attacker gets all the access, it transmits data into the blockchain which first passes through the IDS. Figure 12 demonstrates an attempt to add the data through IDS.

The data sent by the attacker is passed through the IDS, which checks its source for any abnormalities. If the source does not match that of the sources present in the whitelist, the IDS generates an alert and appends that alert with the block’s data. The figure demonstrates how a warning message is appended to the data.

Figure 12.

Steps of how block enters into the blockchain.

After the data is passed with a warning attached, it becomes part of the attacker’s copy of the blockchain. Figure 13 shows three copies of the blockchain that denotes a grey-colored block as the attacker’s block, which has not yet become part of other nodes. A block must be verified by miners and can be part of every other copy of the blockchain.

Figure 13.

Newly entered block which is not yet become part of the blockchain.

When miners are presented with a block for validation, they check for any warning messages with the original data before calculating the has via Proof of Work (PoW). In case any miner receives any notice, it rejects the block and does not initiate PoW for that particular block. The miner’s procedure is shown in Fig. 14.

Figure 14.

Operation of verification by a miner.

As the miner rejects the block and none of the detecting nodes agree to make the rejected node part of the blockchain, the specified block is rejected and removed from the attacker’s copy of the blockchain. Figure 15 shows the scenario when an intruder try to add a block in blockchain without the consensus of others. Figure 16 presents the rejection of block by miners.

Figure 15.

Intruder trying to add a block 4.

Figure 16.

Rejection of block added by an unauthorized person.

The above scenario proves how blockchain can save data from manipulation and alteration. In addition, the scenario demonstrates two significant pros of using blockchain: verifying the data before entering and ensuring that the data must follow the semantics and protocols set by the organization.

4.2 Discussion

The above scenario indicates that blockchain technology is taking over any traditional data storage and transmission system as it provides many features beyond just data storage, including data retrieval, data security, consensus building in case of conflict and decentralization of powers and authorities. Therefore, we can now compare a traditional system with databases or IDSs without Blockchain so that it can prove why blockchain is emerging as a path toward web 3.0.

From the above scenario, if any intruder sends its data into the blockchain, it will be rejected by the miners during the verification method. However, if this attack is carried out on a system without blockchain, all data and information will be lost and the attacker will succeed in his nefarious purposes. Miners calculate a hash, perform PoW and verify the authenticity and rightness of the data being sent into the system from its nodes. As blockchain is distributed throughout the network, if any of the blockchain data is manipulated or damaged, it will be impossible for an attacker to change it across all nodes and copies of the blockchain due to a concept called PoW. The PoW algorithm delays the time to recalculate hash values of each block, whereas there is no such concept in traditional database. Figure 17 compares the time required to manipulate the data in the blockchain and the traditional database.

Figure 17.

Time required recalculating hash of a single block after data manipulation.

The graph above shows that it would take around 32 minutes for four nodes to be manipulated, while only three minutes in any database. Figure 18 shows the combined time needed by the attacker to alter the data of four nodes.

Table 1

Comparison of flight operation system with and without blockchain

Functionality	System with BIDFO	System without blockchain
Does it detect intruders?	Yes	Yes
Does it support risk manage functions?	Yes	Yes
Does it store the attack’s signature?	Yes	Yes
Does it match anomalies?	Yes	Yes
Does it support collaborative IDS?	Yes	No
Does it help to build consensus?	Yes	No
Does it verify the data before insertion?	Yes	No
Does it offer latency in modification (PoW)?	Yes	No
Does it secure the data through private keys?	Yes	No
Does it have a single point of failure?	No	Yes
Is data recovery possible?	Yes	No
Does it offer decentralization?	Yes	No

Figure 18.

Time to recalculate Proof of Work (PoW) for every node.

The graph presented above clearly shows that the time needed for data manipulation in all the copies is exponentially larger than the required time in a Blockchain-less system. The total time for all four nodes would be more than 100 minutes, even larger than a single node. The time mentioned here is for just four nodes; each had four blocks in its blockchain, which is impractical in a fully working flight operations system. The greater the number of blocks in a Blockchain and nodes in the network, the more time would be required by the attacker to calculate the hash value for each block, thus taking thousands of minutes to do so and even computers with huge computational capabilities could not calculate it in less time than that. The other algorithm like Proof of Stake (PoS) helps to maintain the integrity of the blockchain through proper consensus-building capabilities. Data recovery is also one of the most important benefits that come with using blockchain, as it is distributed in nature and a system failure at any node does not bring down the entire blockchain, rather any node can request a copy of the blockchain from another node.

Table 1 shows the comparison between a blockchain-based and a blockchain-less system. It indicates that blockchain wins in all conditions and aspects of the flight operations system.

5. Conclusion

Blockchain and Collaborative IDS are the two main highlights of this research. IDS provides the necessities to the framework as detecting intruders and recording their patterns into the system for future use. Blockchain deals with the challenges such as building consensus, providing a trustless environment and protecting the data of both the IDS and the communicating nodes. Other benefits that one may get include immutability, add-only behavior, key-protected, etc. All these blockchain functionalities defy any catastrophe event from happening in flight operations system. Our blockchain based intrusion detection for flight operations (BIDFO) framework enables communication of the data between all the nodes connected in the network while detecting unwanted intrusions into the system. Our IDS system in the framework is trained to detect these intrusions through signature-based and anomaly-based methods, thus strengthening the flight operations system from every perspective.

In the future, the proposed model can be integrated with various consensus algorithms such as Delegated Proof of Stake (DPoS), Proof of Activity (PoA), Raft and Practical Byzantine Fault Tolerance (PBFT) to test the capabilities of our BIDFO framework and how these algorithms help in improving and enhance the framework. Furthermore, our framework can also be used as a risk estimation system with some alterations and modifications.

Footnotes

Author’s Bios

Awais Qasim received his M.S. degree in Computer Science from Lahore University of Management Sciences (LUMS), Lahore, Pakistan, in 2011. Following this, he worked as a Software Engineer in the industry, where he developed several iPhone and Android applications. He is currently an Assistant Professor in the Computer Science Department at Government College University. His research interests include model checking, multi-agent systems, real-time systems, self-adaptive systems and robotics for disaster resilience. ORCID ID: 0000-0001-8677-9569.

	Muhammad Bilal received his B.S. degree in Computer Science from Government College University (GCU), Lahore, Pakistan, in 2017 and his L.L.B degree from the University of the Punjab (PU), Lahore, Pakistan, in 2020. He completed his M.S. degree in Computer Science from GCU in 2022. He began his career as an Android app developer and later worked as a Website developer. Currently, he teaches at the University of Management and Technology (UMT), Lahore, Pakistan. His research interests include blockchain, multi-agent systems and formal methods. Google scholar: https://scholar.google. com/citations?hl=en&user=-taAdn8AAAAJ.
	Adeel Munawar received his M.S. degree in Computer Science from Government College University (GCU), Lahore, Pakistan, in 2018. His research interests encompass multi-agent systems, artificial intelligence, real-time systems, machine learning and reinforcement learning. He is currently a senior lecturer in Computer Science at Lahore Garrison University, where he actively engages in research activities to promote advancements in the field. His scholarly contributions have been featured in numerous reputable journals and international conferences. Additionally, he is pursuing a Ph.D. degree from Sirindhorn International Institute of Technology (SIIT), Thammasat University, Thailand. ORCID ID: 0000-0003-3315-3348.
	Shuja ur Rehman Baig is an Assistant Professor at Punjab University College of Information Technology. He received his Ph.D. from the Department of Computer Architecture at Universitat Politècnica de Catalunya (UPC), Barcelona, Spain. His research focuses on machine learning, time series data reduction and prediction and data center performance enhancement. Shuja has extensive teaching and industry experience, having lectured on various subjects and worked on business intelligence and big data applications. ORCID ID: 0000-0001-8961-5631.

References

Qasim

Ghouri

and Munawar

, An effective approach for reducing data redundancy in multi-agent system communication, Multiagent and Grid Systems 20(1) (2024), 69–88.

Munawar

Qasim

and Piantanakulchai

, A Multi-Agent System Approach for Emergency Services using QoS-Assured Cloud Computing Architecture in the Metropolitan Transportation System, International Journal of Computing and Digital Systems 14(1) (2023), 10169–10182.

Janssen

Sharpanskykh

and Curran

, Agent-based modelling and analysis of security and efficiency in airport terminals, Transportation Research Part C: Emerging Technologies 100 (2019), 142–160.

Yuan

and Wang

F.Y.

, Blockchain and cryptocurrencies: Model, techniques and applications, IEEE Transactions on Systems, Man and Cybernetics: Systems 48(9) (2018), 1421–1428.

Bhardwaj

and Goundar

, Keyloggers: Silent cyber security weapons, Network Security 2020(2) (2020), 14–19.

Asish

M.S.

and Aishwarya

, Cyber security at a glance, in: 2019 Fifth International Conference on Science Technology Engineering and Mathematics (ICONSTEM), vol. 1, IEEE, 2019, pp. 240–245.

Singh

K.D.P.

and Loura

, Impact of Covid-19 on Operations And Cyber-Vulnerability of Civil Aviation, Amity Journal of Computational Sciences 5(2) (2022).

Pradhan

Nayak

C.K.

and Pradhan

S.K.

, Intrusion detection system (IDS) and their types, in: Securing the Internet of Things: Concepts, Methodologies, Tools and Applications, IGI Global, 2020, pp. 481–497.

Garcia-Teodoro

Diaz-Verdejo

Maciá-Fernández

and Vázquez

, Anomaly-based network intrusion detection: Techniques, systems and challenges, Computers & Security 28(1–2) (2009), 18–28.

10.

Dave

Choudhary

Sihag

You

and Choo

K.K.R.

, Cyber security challenges in aviation communication, navigation and surveillance, Computers & Security 112 (2022), 102516.

11.

Alexopoulos

Vasilomanolakis

Ivánkó

N.R.

and Mühlhäuser

, Towards blockchain-based collaborative intrusion detection systems, in: Critical Information Infrastructures Security: 12th International Conference, CRITIS 2017, Lucca, Italy, October 8–13, 2017, Revised Selected Papers 12, Springer International Publishing, 2018, pp. 107–118.

12.

Nakamoto

, Bitcoin: A peer-to-peer electronic cash system, Decentralized Business Review, 2008, 21260.

13.

Qasim

Kazmi

S.A.R.

and Fakhir

, Executable semantics for the formal specification and verification of E-agents, Indian Journal of Science and Technology 8(16) (2015), 1–8.

14.

Zhou

Tian

Y.C.

Qin

and Junping

, A collaborative intrusion detection approach using blockchain for multimicrogrid systems, IEEE Transactions on Systems, Man and Cybernetics: Systems 49(8) (2019), 1720–1730.

15.

Khalid

Samuel

Javaid

Aldegheishem

Shafiq

and Alrajeh

, A secure trust method for multi-agent system in smart grids using blockchain, IEEE Access 9 (2021), 59848–59859.

16.

Fung

C.J.

Baysal

Zhang

Aib

and Boutaba

, Trust management for host-based collaborative intrusion detection, in: Managing Large-Scale Service Deployment: 19th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, DSOM 2008, Samos Island, Greece, September 22–26, 2008. Proceedings 19, Springer Berlin Heidelberg, 2008, pp. 109–122.

17.

Sayeed

and Marco-Gisbert

, Assessing blockchain consensus and security mechanisms against the 51% attack, Applied Sciences 9(9) (2019), 1788.

18.

Dorri

Steger

Kanhere

S.S.

and Jurdak

, Blockchain: A distributed solution to automotive security and privacy, IEEE Communications Magazine 55(12) (2017), 119–125.

19.

Wang

and Au

M.H.

, Toward a blockchain-based framework for challenge-based collaborative intrusion detection, International Journal of Information Security 20 (2021), 127–139.

20.

Kanupriya

, A multi-agent reinforcement learning approach for flight speed control systems, Final Year Project (FYP), Nanyang Technological University, Singapore, 2022. Available at: https://hdl.handle.net/10356/159164.

21.

Tug

Meng

and Wang

, CBSigIDS: towards collaborative blockchained signature-based intrusion detection, in: 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), IEEE, 2018, pp. 1228–1235.

22.

Tanrıverdi

and Tekerek

, Implementation of blockchain based distributed web attack detection application, in: 2019 1st International Informatics and Software Engineering Conference (UBMYK), IEEE, 2019, pp. 1–6.

23.

Signorini

Pontecorvi

Kanoun

and Di Pietro

, BAD: A blockchain anomaly detection solution, IEEE Access 8 (2020), 173481–173490.

24.

Zhang

and Zhu

, Distributed privacy-preserving collaborative intrusion detection systems for VANETs, IEEE Transactions on Signal and Information Processing over Networks 4(1) (2018), 148–161.

25.

Qasim

and Kazmi

S.A.R.

, Formal modelling of real-time self-adaptive multi-agent systems, Intell. Autom. Soft Comput 25(1) (2019), 49–63.

26.

Khan

A.A.

Khan

M.M.

Khan

K.M.

Arshad

and Ahmad

, A blockchain-based decentralized machine learning framework for collaborative intrusion detection within UAVs, Computer Networks 196 (2021), 108217.

27.

Zhang

Xue

and Liu

, Security and privacy on blockchain, ACM Computing Surveys (CSUR) 52(3) (2019), 1–34.

28.

Bhadoria

R.S.

and Agasti

, The paradigms of blockchain technology: Myths, facts & future, International Journal of Information Systems and Social Change (IJISSC) 10(2) (2019), 1–14.

29.

Kanth

McAbee

Tummala

and McEachen

J.C.

, Collaborative Intrusion Detection leveraging Blockchain and Pluggable Authentication Modules, in: HICSS, 2020, pp. 1–7.

30.

Laufenberg

Shahriar

and Han

, An architecture for blockchain-enabled collaborative signature-based intrusion detection system, in: Proceedings of the 20th Annual SIG Conference on Information Technology Education, 2019, 169–169.

31.

Munawar

and Piantanakulchai

, A collaborative privacy-preserving approach for passenger demand forecasting of autonomous taxis empowered by federated learning in smart cities, Scientific Reports 14(1) (2024), 2046.

32.

Janssen

Sharpanskykh

and Curran

, AbSRiM: An agent-based security risk management approach for airport operations, Risk Analysis 39(7) (2019), 1582–1596.

33.

Fan

Park

Kumar

Ganta

Zhou

and Chang

S.Y.

, Blockchain-enabled collaborative intrusion detection in software defined networks, in: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), IEEE, 2020, pp. 967–974.

34.

Liang

Shanmugam

Azam

Karim

Islam

Zamani

Kavianpour

and Idris

N.B.

, Intrusion detection system for the Internet of Things based on blockchain and multi-agent systems, Electronics 9(7) (2020), 1120.