LDBT - A Lightweight DDoS Attack Tracing Scheme Based on Blockchain.

DDoS attacks have plagued the Internet for more than 20 years, and it is becoming even violent with the development of IoT. Therefore, it is an essential defense method to trace back DDoS sources. Traditional IP traceback methods have different limitations in a large storage space, increasing marking cost, and low credibility. To solve these problems, a lightweight DDoS attack blockchain-based tracing scheme (LDBT) is proposed, which can deny malicious traffic access to the LAN. First, to avoid secondary DDoS attacks caused by excessive recording information, a digest method is presented and installed on all routers in the LAN. It is used to transfer a huge number of packets to a fixed format, which can keep the scheme lightweight regardless of whether DDoS occurs or not. Second, we present a trusted fuzzy tracing method that searches for DDoS sources efficiently. Under the proposed scheme, the digest data are reliable owing to the decentralization and immutability of the blockchain platform. It also overcomes the problem that edge routers cannot provide precise detection information because the digest is only used to track. Experimental results show that the scheme searches the sources of malicious traffic with high accuracy, and the communication overhead constantly remains at a low level of 80 KB/s. Furthermore, the tracing time of our scheme increases linearly instead of an exponential growth by the hop count.