Cochain-SC: An Intra- and Inter-Domain Ddos Mitigation Scheme Based on Blockchain Using SDN and Smart Contract

Zakaria Abou El Houda; Abdelhakim Senhaji Hafid; Lyes Khoukhi

doi:10.1109/ACCESS.2019.2930715

IEEE Access (Jan 2019)

Cochain-SC: An Intra- and Inter-Domain Ddos Mitigation Scheme Based on Blockchain Using SDN and Smart Contract

Zakaria Abou El Houda,
Abdelhakim Senhaji Hafid,
Lyes Khoukhi

Affiliations

Zakaria Abou El Houda: ORCiD; Department of Computer Science and Operational Research, University of Montreal, Montreal, QC, Canada
Abdelhakim Senhaji Hafid: Department of Computer Science and Operational Research, University of Montreal, Montreal, QC, Canada
Lyes Khoukhi: ICD/ERA, University of Technology of Troyes, Troyes, France

DOI: https://doi.org/10.1109/ACCESS.2019.2930715
Journal volume & issue: Vol. 7
pp. 98893 – 98907

Abstract

Read online

With the exponential growth in the number of insecure devices, the impact of Distributed Denial-of-Service (DDoS) attacks is growing rapidly. Existing DDoS mitigation schemes are facing obstacles due to low flexibility, lack of resources, and high cost. The new emerging technologies, such as blockchain, introduce new opportunities for low-cost, efficient and flexible DDoS attacks mitigation across multiple domains. In this paper, we propose a blockchain-based approach, called Cochain-SC, which combines two levels of mitigation, intra-domain and inter-domain DDoS mitigation. For intra-domain, we propose an effective DDoS mitigation method in the context of software defined networks (SDN); it consists of three schemes: (1) Intra Entropy-based scheme (I-ES) to measure, using sFlow, the randomness of data inside the domain; (2) Intra Bayes-based scheme (I-BS) to classify, based on entropy values, illegitimate flows; and (3) Intra-domain Mitigation (I-DM) scheme to effectively mitigate illegitimate flows inside the domain. For inter-domain, we propose a collaborative DDoS mitigation scheme based on blockchain; it uses the concept of smart contracts (i.e., Ethereum's smart contracts) to facilitate the collaboration among SDN-based domains (i.e., Autonomous System: AS) to mitigate DDoS attacks. For this aim, we design a novel and secure scheme that allows multiple SDN-based domains to securely collaborate and transfer attack information in a decentralized manner. Combining intra- and inter-domain DDoS mitigation, Cochain-SC allows an efficient mitigation along the path of an ongoing attack and an effective mitigation near the origin of the attack. This allows reducing the enormous cost of forwarding packets, across multiple domains, which consist mostly of useless amplified attack traffic. To the best of our knowledge, Cochain-SC is the first scheme that proposes to deal with both intra-domain and inter-domain DDoS attacks mitigation combining SDN, blockchain and smart contract. The implementation of Cochain-SC is deployed on Ethereum official test network Ropsten. Moreover, we conducted extensive experiments to evaluate our proposed approach; the experimental results show that Cochain-SC achieves flexibility, efficiency, security, cost effectiveness, and high accuracy in detecting illegitimate flows, making it a promising approach to mitigate DDoS attacks.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords