Orchestrating DDoS mitigation via blockchain-based network provider collaborations

Adam Pavlidis; Marinos Dimolianis; Kostas Giotis; Loukas Anagnostou; Nikolaos Kostopoulos; Theocharis Tsigkritis; Ilias Kotinas; Dimitrios Kalogeras; Vasilis Maglaris; Adam Pavlidis; Marinos Dimolianis; Kostas Giotis; Loukas Anagnostou; Nikolaos Kostopoulos; Theocharis Tsigkritis; Ilias Kotinas; Dimitrios Kalogeras; Vasilis Maglaris

doi:10.1017/S0269888920000259

2020 Volume 35

Article Contents

Next Previous

RESEARCH ARTICLE Open Access

Orchestrating DDoS mitigation via blockchain-based network provider collaborations

¹Network Management and Optimal Design Laboratory (NETMODE), National Technical University of Athens, Athens, Greece, e-mails: apavlidis@netmode.ntua.gr, mdimolianis@netmode.ntua.gr, nkostopoulos@netmode.ntua.gr, dkalo@netmode.ntua.gr, maglaris@netmode.ntua.gr
²Technology R&D, PCCW Global, Athens, Greece, e-mails: kyiotis@pccwglobal.com, lanagnostou@pccwglobal.com, ttsigkritis@pccwglobal.com, ikotinas@pccwglobal.com

More Information

Received: 15 June 2019
Revised: 14 March 2020
Accepted: 17 March 2020
Published online: 14 April 2020
The Knowledge Engineering Review 35, Article number: e16 (2020) | Cite this article

Abstract

Abstract: Network providers either attempt to handle massive distributed denial-of-service attacks themselves or redirect traffic to third-party scrubbing centers. If providers adopt the first option, it is sensible to counter such attacks in their infancy via provider collaborations deploying distributed security mechanisms across multiple domains in an attack path. This motivated our work presented in this paper. Specifically, we investigate the establishment of trusted federations among adjacent and disjoint network domains, that is, autonomous systems (ASes) that collectively mitigate malicious traffic. Our approach is based on Distributed Ledger Technologies for signaling, coordination, and orchestration of a collaborative mitigation schema via appropriate blockchain-based smart contracts. Reputation scores are used to rank ASes based on their mitigation track record. The allocation of defense resources across multiple collaborators is modeled as a combinatorial optimization problem considering reputation scores and network flow weights. Malicious flows are mitigated using programmable network data paths within the eXpress Data Path (XDP) framework; this enables operators with enhanced packet processing throughput and advanced filtering flexibility. Our schema was implemented in a proof-of-concept prototype and tested under realistic network conditions.
Rights and permissions
© Cambridge University Press, 20202020Cambridge University Press

References

3DCoP: DDoS Defense for a Community of Peers. 2016. available at: https://galois.com/project/3dcop-ddos-defense/

Google Scholar

Back , A., Matt , C., Luke , D., Mark , F., Gregory , M., Andrew , M., Andrew , P., Jorge , T. & Pieter , W. 2014. “Enabling blockchain innovations with pegged sidechains”, available at: http://www.opensciencereview.com/papers/123/enablingblockchain-innovations-with-pegged-sidechains

Google Scholar

Bertin , G.2017. “XDP in practice: Integrating XDP into our DDoS Mitigation Pipeline”, https://netdevconf.org/2.1/papers/Gilberto_Bertin_XDP_in_practice.pdf

Google Scholar

Bloom , B.H.1970. “Space/Time Trade-offs in Hash-Coding with Allowable Errors”, in Communications of the ACM13(7), 422–426.

Google Scholar

Broder , A. & Mitzenmacher , M.2004. “Network Applications of Bloom Filters: A Survey”, Internet Mathematics1(4), 485–509.

Google Scholar

Buterin , V.2015. “On Public and Private Blockchains”, available at: https://blog.ethereum.org/2015/08/07/on-public-and-private-blockchains/

Google Scholar

Claise , B., Ed., 2004. “Cisco Systems NetFlow Services Export Version 9”, October.

Google Scholar

ConsenSys – Harness the power of Ethereum. 2014. available at: https://new.consensys.net/

Google Scholar

Decentralized CDN, WAF, and DDoS protection. 2018. available at: https://gladius.io

Google Scholar

Dimolianis , M., Pavlidis , A., Kalogeras , D. & Maglaris , V.2019. “Mitigation of Multi-vector Network Attacks via Orchestration of Distributed Rule Placement”, in proc. of the IFIP/IEEE International Symposium on Integrated Network Management (IM 2019), Washington D.C., USA, pp. 162–170, April.

Google Scholar

Ethereum Network Intelligence API.2016. available at: https://github.com/cubedro/eth-net-intelligence-api

Google Scholar

Ethereum Network Stats. 2016. available at: https://github.com/cubedro/eth-netstats

Google Scholar

Ethereum Project. 2015. available at: https://github.com/ethereum/

Google Scholar

Giotis , K., Androulidakis , G. & Maglaris , V.2015. “A Scalable Anomaly Detection and Mitigation Architecture for Legacy Networks via an OpenFlow Middlebox”, in Security and Communication Networks, pp. 1958–1970.

Google Scholar

Giotis , K., Apostolaki , M. & Maglaris , V.2016. “A Reputation-based Collaborative Schema for the Mitigation of Distributed Attacks in SDN domains”, in proc. of the IEEE/IFIP Network Operations and Management Symposium, pp. 495–501, April.

Google Scholar

Giotis , K., Pavlidis , A., Anagnostou , L., Dimolianis , M., Tsigkritis , T., Kalogeras , D., Kostopoulos , N., Kotinas , I. & Maglaris , V.2018. “Blockchain-based Federation of Network Providers for Collaborative DDoS Mitigation”, 3rd Symposium on Distributed Ledger Technology, Gold Coast, Australia, November.

Google Scholar

Go Ethereum.2019. available at: https://github.com/ethereum/go-ethereum

Google Scholar

Gruhler , A., Rodrigues , B. & Stiller , B.2019. “A Reputation Scheme for a Blockchain-based Network Cooperative Defense” in proc. of the IFIP/IEEE International Symposium on Integrated Network Management (IM 2019), Washington D.C., USA, pp. 71–79, April.

Google Scholar

Høiland-jørgensen , T., Borkmann , D., Fastabend , J., Herbert , T., Ahern , D. & Miller , D.2018. “The eXpress Data Path: Fast Programmable Packet Processing in the Operating System Kernel”, in proc. of the 14th ACM International Conference on emerging Network Experiments and Technologies (CoNEXT ’18), pp. 54–66, December.

Google Scholar

InterPlanetary File System (IPFS). 2015. available at: https://ipfs.io/

Google Scholar

Josang ,A. & Ismail , R. 2002. “The Beta Reputation System”, in proc. of the 15th Bled Electronic Commerce Conference. 5, 2502–2511, June.

Google Scholar

Kim , K., You , Y., Park , M. & Lee , K.2018. “DDoS Mitigation: Decentralized CDN Using Private Blockchain” in Tenth International Conference on Ubiquitous and Future Networks (ICUFN), July.

Google Scholar

Konečný , J., McMahan , H. B., Yu , F. X., Richtárik , P., Suresh , A. T. & Bacon , D., 2016. “Federated Learning: Strategies for Improving Communication Efficiency”, available at: https://arxiv.org/pdf/1610.05492.

Google Scholar

Malomo , O. O., Rawat , D. & Garuba , M.2018. “Next-generation cybersecurity through a blockchain-enabled federated cloud framework”, The Journal of Supercomputing1–28, May.

Google Scholar

Mannhart , S., Rodrigues , B., Scheid , E., Kanhere , S. S., & Stiller , B.2018. “Toward Mitigation-as-a-Service in Cooperative Network Defenses,” in 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th International Conference on Pervasive Intelligence and Computing, 4th International Conference on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech), pp. 362–367, August.

Google Scholar

Marques , P., Sheth , N., Raszuk , R., Greene , B., Mauch , J. & McPherson , D.2009. “Dissemination of Flow Specification Rules”, RFC 5575, available at: http://www.ietf.org/rfc/rfc5575.txt

Google Scholar

McKeown , N., Anderson , T., Balakrishnan , H., Parulkar , G., Peterson , L., Rexford , J., Shrenker , S. and Turner , J.2008. “OpenFlow: enabling Innovation in Campus Networks”, in ACM SIGCOMM Computer Communication Review38(2), 69–74.

Google Scholar

Memcached DDoS Attacks: 95,000 Servers Vulnerable to Abuse. 2018. available at: https://www.bankinfosecurity.com/memcached-ddos-attacks-95000-servers-vulnerable-to-abuse-a-10705

Google Scholar

Mortensen , A., Andreasen , F., Reddy , T., Gray , C., Compton , R. & Teague , N.2019. “DDoS Open Threat Signaling (dots)”, available at: https://datatracker.ietf.org/wg/dots/

Google Scholar

Mutually Agreed Norms for Routing Security. 2016. available at: https://www.manrs.org/

Google Scholar

Netflow Processing Tools – nfdump. 2018. https://github.com/phaag/nfdump

Google Scholar

O’Sullivan , M., Lim , Q. S., Walker , C., Dunning , I. & Mitchell , S. 2011. “Dippy: A Simplified Interface for Advanced Mixed-integer Programming”, Report 685, University of Auckland Faculty of Engineering.

Google Scholar

Phaal , P. & Lavine , M.2004. “sFlow Version 5”, available at: https://sflow.org/sflow_version_5.txt

Google Scholar

Proof-of-Authority Chains. 2017. available at: https://wiki.parity.io/Proof-of-Authority-Chains

Google Scholar

Rashidi , B., Fung , C. & Bertino , E.2017. “A Collaborative DDoS Defence Framework Using Network Function Virtualization,” IEEE Transactions on Information Forensics and Security12(10), 2483–2497.

Google Scholar

Rodrigues , B., Bocek , T., Lareida , A., Hausheer , D., Rafati , S. & Stiller , B. 2017. “A Blockchain-Based Architecture for Collaborative DDoS Mitigation with Smart Contracts”, in IFIP International Conference on Autonomous Infrastructure, Management and Security, pp. 16–29, June.

Google Scholar

Santanna , J. J., van Rijswijk-Deij , R., Hofstede , R., Sperotto , A., Wierbosch , M., Granville , L. Z, & Pras , A.2015. “Booters—An Analysis of DDoS-as-a-Service Attacks”, Integrated Network Management (IM), in proc. of the 2015 IFIP/IEEE International Symposium, pp. 243–251.

Google Scholar

Solidity Programming Language. 2019. available at: https://github.com/ethereum/solidity

Google Scholar

The CAIDA UCSD Anonymized Internet Traces2016. available at: http://www.caida.org/data/passive/passive_2016_dataset.xml

Google Scholar

The Incident Object Description Exchange Format2007. https://tools.ietf.org/html/rfc5070

Google Scholar

Van Rijswijk-Deij , R., Rijnders , G., Bomhoff , M. & Allodi , L.2019. “Privacy-Conscious Threat Intelligence Using DNSBLOOM”, in proc. of the IFIP/IEEE International Symposium on Integrated Network Management (IM 2019), Washington D.C., USA, pp. 98–106, April.

Google Scholar

About this article

Cite this article

Adam Pavlidis, Marinos Dimolianis, Kostas Giotis, Loukas Anagnostou, Nikolaos Kostopoulos, Theocharis Tsigkritis, Ilias Kotinas, Dimitrios Kalogeras, Vasilis Maglaris. 2020. Orchestrating DDoS mitigation via blockchain-based network provider collaborations. The Knowledge Engineering Review 35(1), doi: 10.1017/S0269888920000259

Adam Pavlidis, Marinos Dimolianis, Kostas Giotis, Loukas Anagnostou, Nikolaos Kostopoulos, Theocharis Tsigkritis, Ilias Kotinas, Dimitrios Kalogeras, Vasilis Maglaris. 2020. Orchestrating DDoS mitigation via blockchain-based network provider collaborations. The Knowledge Engineering Review 35(1), doi: 10.1017/S0269888920000259

Download PDF

Article Metrics

Article views(92) PDF downloads(86)

{{lists.name}}

Orchestrating DDoS mitigation via blockchain-based network provider collaborations

Abstract

Rights and permissions

References

About this article

Cite this article

Article Metrics

Access History

Other Articles By Authors