Multi-domain DDoS Mitigation Based on Blockchains
نویسندگان
چکیده
The exponential increase of the traffic volume makes Distributed Denial-of-Service (DDoS) attacks a top security threat to service providers. Existing DDoS defense mechanisms lack resources and flexibility to cope with attacks by themselves, and by utilizing other’s companies resources, the burden of the mitigation can be shared. Technologies as blockchain and smart contracts allow distributing attack information across multiple domains, while SDN (Software-Defined Networking) and NFV (Network Function Virtualization) enables to scale defense capabilities on demand for a single network domain. This proposal presents the design of a novel architecture combining these elements and introducing novel opportunities for flexible and efficient DDoS mitigation solutions across multiple domains.
منابع مشابه
DDoS Attacks in Cloud Computing: Issues, Taxonomy, and Future Directions
Security issues related to the cloud computing are relevant to various stakeholders for an informed cloud adoption decision. Apart from data breaches, the cyber security research community is revisiting the attack space for cloud-specific solutions as these issues affect budget, resource management, and service quality. Distributed Denial of Service (DDoS) attack is one such serious attack in t...
متن کاملService resizing for quick DDoS mitigation in cloud computing environment
Current trends in distributed denial of service (DDoS) attacks show variations in terms of attack motivation, planning, infrastructure, and scale. “DDoS-for-Hire” and “DDoS mitigation as a Service” are the two services, which are available to attackers and victims, respectively. In this work, we provide a fundamental difference between a “regular” DDoS attack and an “extreme” DDoS attack. We co...
متن کاملBlackholing at IXPs: On the Effectiveness of DDoS Mitigation in the Wild
DDoS attacks remain a serious threat not only to the edge of the Internet but also to the core peering links at Internet Exchange Points (IXPs). Currently, the main mitigation technique is to blackhole traffic to a specific IP prefix at upstream providers. Blackholing is an operational technique that allows a peer to announce a prefix via BGP to another peer, which then discards traffic destine...
متن کاملRouter Based Mechanism for Mitigation of DDoS Attack- A Survey
Today most of the activities like trade, e-commerce are dependent on the availability of Internet. The growing use of internet services in the past few years have facilitated increase in distributed denial of service attack. Due to DDos attacks, caused by malicious hosts secured data communication over the internet is very difficult to achieve and is the need of the hour. DDos attacks are one o...
متن کاملMitigating DDoS Attacks Using OpenFlow-Based Software Defined Networking
Over the last years, Distributed Denial-of-Service (DDoS) attacks have become an increasing threat on the Internet, with recent attacks reaching traffic volumes of up to 500 Gbps. To make matters worse, web-based facilities that offer “DDoS-as-a-service” (i.e., Booters) allow for the layman to launch attacks in the order of tens of Gbps in exchange for only a few euros. A recent development in ...
متن کامل