A Blockchain Based Link-Flooding Attack Detection Scheme

Distributed Denial-of-Service (DDoS) attack is a long-lived attack that is hugely harmful to the Internet. In particular, the emergence of a new type of DDoS called Link Flooding Attack (LFA) makes the detection and defense more difficult. In LFA, the attacker cuts off a specific area by controlling large numbers of bots to send low-rate traffic to congest selected links. Since the attack flows are similar to the legitimate ones, traditional schemes like anomaly detection and intrusion detection are no longer applicable. Blockchain provides a new solution to address this issue. In this paper, we propose a blockchain-based LFA detection scheme, which is deployed on routers and servers in and around the area that we want to protect. Blockchain technology is used to record and share the traceroute information, which enables the hosts in the protected region to easily trace the flow paths. We implement our scheme in Ethereum and conduct simulation experiments to evaluate its performance. The results show that our scheme can achieve timely detection of LFA with a high detection rate and a low false positive rate, as well as a low overhead.