Cochain-SC: An Intra- and Inter-Domain Ddos Mitigation Scheme Based on Blockchain Using SDN and Smart Contract

Abstract

With the exponential growth in the number of insecure devices, the impact of Distributed Denial-of-Service (DDoS) attacks is growing rapidly. Existing DDoS mitigation schemes are facing obstacles due to low flexibility, lack of resources, and high cost. The new emerging technologies, such as blockchain, introduce new opportunities for low-cost, efficient and flexible DDoS attacks mitigation across multiple domains. In this paper, we propose a blockchain-based approach, called Cochain-SC, which combines two levels of mitigation, intra-domain and inter-domain DDoS mitigation. For intra-domain, we propose an effective DDoS mitigation method in the context of software defined networks (SDN); it consists of three schemes: (1) Intra Entropy-based scheme (I-ES) to measure, using sFlow, the randomness of data inside the domain; (2) Intra Bayes-based scheme (I-BS) to classify, based on entropy values, illegitimate flows; and (3) Intra-domain Mitigation (I-DM) scheme to effectively mitigate illegitimate flows inside the domain. For inter-domain, we propose a collaborative DDoS mitigation scheme based on blockchain; it uses the concept of smart contracts (i.e., Ethereum’s smart contracts) to facilitate the collaboration among SDN-based domains (i.e., Autonomous System: AS) to mitigate DDoS attacks. For this aim, we design a novel and secure scheme that allows multiple SDN-based domains to securely collaborate and transfer attack information in a decentralized manner. Combining intra- and inter-domain DDoS mitigation, Cochain-SC allows an efficient mitigation along the path of an ongoing attack and an effective mitigation near the origin of the attack. This allows reducing the enormous cost of forwarding packets, across multiple domains, which consist mostly of useless amplified attack traffic. To the best of our knowledge, Cochain-SC is the first scheme that proposes to deal with both intra-domain and inter-domain DDoS attacks mitigation combining SDN, blockchain and smart contract. The implementation of Cochain-SC is deployed on Ethereum official test network Ropsten. Moreover, we conducted extensive experiments to evaluate our proposed approach; the experimental results show that Cochain-SC achieves flexibility, efficiency, security, cost effectiveness, and high accuracy in detecting illegitimate flows, making it a promising approach to mitigate DDoS attacks.