A Four-Paradigm Taxonomy and Systematic Survey of Blockchain-Enabled Intrusion Detection Systems for IoT and IIoT

Traditional Intrusion Detection Systems (IDS) are increasingly challenged by the distributed, heterogeneous, and rapidly evolving threat landscape in Internet of Things (IoT) and Industrial IoT (IIoT) environments. Blockchain has been explored as a promising foundation for decentralized and trustworthy security mechanisms; however, the existing literature remains fragmented and lacks a clear organizing lens for comparing design choices and evaluation practices. To address this, this paper presents a problem-driven survey of blockchain-enabled IDS for IoT and IIoT. We organize prior work into four integration paradigms, Trusted Rule, ML, DL, and FL—and relate each paradigm to the recurring design tensions it primarily targets. We further distill three fundamental tensions that frequently shape system design, including distributed architectures vs. centralized security management, collaborative information sharing vs. privacy preservation, and real-time detection requirements vs. resource-constrained devices. In addition, we summarize representative frameworks by consolidating datasets, threat models, and reported performance-related metrics, and we discuss common limitations that hinder cross-paper comparability. Finally, we outline a roadmap toward more standardized benchmarking, suggesting candidate evaluation criteria and blockchain-specific KPIs to encourage more transparent and comparable reporting. Overall, this survey aims to provide a structured lens for navigating the design space of blockchain-enabled IDS and to highlight open challenges for future research.