A private blockchain-based decentralized content distributed network for distributed denial of service mitigation

Abstract

Distributed Denial of Service attacks ranging as huge as 2 TB per second has enormously increased with malicious and illegitimate requests since August 2020. It is estimated that these attacks will double, reaching over 15 million, in the next two years. The centralized DDoS mitigation methods such as network-based, signature-based, and anomaly-based take a significant amount of time to detect and mitigate DDoS attacks. On the other hand, decentralized methods require trusted communication to cooperate among different distributed components against these attacks. Since its origin, many mitigation schemes have been designed and developed, but the growing complexity calls for advanced solutions based on emerging technologies. Over the past two decades, Blockchain has emerged as a promising and viable technology for DDoS mitigation. Blockchain combines open confidence with decentralization, distributed storage, smart contracts, consensus, and encryption. Public blockchains are unable to mitigate DDoS attack efficiently due to less reliable nodes and a lack of hash power with an unsystematic network. Private Blockchain provides a fast and secure network base with trusted communication among the nodes to fully mitigate DDoS attacks. In order to achieve complete DDoS mitigation, the privacy of the users’ available network service needs to be secured using a private Blockchain. A private blockchain with a closed access system allows more efficient and privacy-preserving data sharing among pre-approved groups of nodes/participants. This study aimed to design and evaluate various DDoS mitigation scenarios leveraging the inherent characteristics of Blockchain technology. The experimental testbeds were designed using an open-source platform on the Ethereum network manager in an Ubuntu ecosystem. Hping3, which floods the CDN-based blockchain network with TCP packets, was used as a DDoS attack tool. Traffic and network analysis were carried out using Puppeth, Prometheus, and grafana. In this thesis work, we aim to expand the current research on private blockchain-based decentralized CDN, by implementing a private structure that relies on blockchain technology to gather and mitigate DDoS attacks as a proposed solution. A private blockchain-based decentralized CDN of DDoS mitigation framework was built to demonstrate the resilience of the proposed solution against DDoS attacks that could compromise the users’ privacy while still allowing the information to be consumed and exploited for network traffic management. Results indicate a private Blockchain-based content delivery network based on a closed and sealed node model. The private closed sealed node model outperforms other Blockchain-based models such as public, hybrid, and private open sealed node models, providing average mitigation of 99%. Based on these results, emerging solutions can be designed and enhanced for efficient threat mitigation using private blockchains.