Cooperative Detection Method for DDoS Attacks Based on Blockchain br

【Author】 Cheng, Jieren; Yao, Xinzhi; Li, Hui; Lu, Hao; Xiong, Naixue; Luo, Ping; Liu, Le; Guo, Hao; Feng, Wen

【Source】COMPUTER SYSTEMS SCIENCE AND ENGINEERING

【影响因子】4.397

【Abstract】Distributed Denial of Service (DDoS) attacks is always one of themajor problems for service providers. Using blockchain to detect DDoS attacksis one of the current popular methods. However, the problems of high time over-head and cost exist in the most of the blockchain methods for detecting DDoSattacks. This paper proposes a blockchain-based collaborative detection methodfor DDoS attacks. First, the trained DDoSattack detection model is encryptedby the Intel Software Guard Extensions (SGX), which provides high securityfor uploading the DDoS attack detection model to the blockchain. Secondly,the service provider uploads the encrypted model to Inter Planetary File System(IPFS) and then a corresponding Content-ID (CID) is generated by IPFS whichgreatly saves the cost of uploading encrypted models to the blockchain. In addi-tion, due to the small amount of model data, the time cost of uploading the DDoSattack detection model is greatly reduced. Finally, through the blockchain andsmart contracts, the CID is distributedto other service providers, who can usethe CID to download the corresponding DDoS attack detection model from IPFS.Blockchain provides a decentralized, trusted and tamper-proof environment forservice providers. Besides, smart contracts and IPFS greatly improve the distribu-tion efficiency of the model, while the distribution of CID greatly improves theefficiency of the transmission on the blockchain. In this way, the purpose of col-laborative detection can be achieved, and the time cost of transmission on block-chain and IPFS can be considerably saved. We designed a blockchain-basedDDoS attack collaborative detection framework to improve the data transmissionefficiency on the blockchain, and use IPFS to greatly reduce the cost of the dis-tribution model. In the experiment, compared with most blockchain-based methodfor DDoS attack detection, the proposed model using blockchain distributionshows the advantages of low cost and latency. The remote authentication mechan-ism of Intel SGX provides high security and integrity, and ensures the availabilityof distributed models.

【Keywords】Blockchain; smart contract; IPFS;   DDoS attack

【发表时间】2022

【收录时间】2022-04-28

【文献类型】理论性文章

【主题类别】

区块链技术-协同技术-其他