A Blockchain-Based Cross-Domain DDoS Mitigation in Consumer Networks

Distributed Denial of Service (DDoS) attacks pose significant threats to the availability and security of consumer networks and Internet service providers (ISPs). This is a significant concern due to the potential vulnerabilities and security risks associated with the rapid increase in the number of insecure Internet of Things (IoT) devices. Adopting an inter-domain DDoS collaboration strategy is a promising solution to address this issue. However, manual configuration and management of resources across multiple domains can be time-consuming, error-prone, and inefficient. Moreover, the existing inter-domain DDoS mitigation mechanisms ( $i.e$ ., Cooperative Defense mechanisms) are facing obstacles due to the lack of incentives for cooperation, low flexibility, and high cost. Most importantly, many of them are centralized, which risks single points of failure, hampering collaboration and resource sharing among Autonomous Systems (ASs). The new emerging techniques, such as Digital-Twin (DT) empowered by Network Function Virtualization (NFV), Software-Defined Networking (SDN), and Blockchain introduce new opportunities for efficient and flexible inter-domain DDoS collaboration $i.e$ ., resources sharing among multiple SDN-based domains. In this context, we propose SecureShare, a novel digital twin-enabled inter-domain DDoS mitigation framework that allows for an efficient, fair, and secure dynamic resource-sharing among SDN-based domains to deal with large-scale DDoS attacks through resource sharing. The deployment of SecureShare is executed within Ethereum’s test network, Sepolia. Furthermore, we performed extensive experiments employing Microsoft Azure Digital Twins (ADT), a platform-as-a-service tool for generating twin graphs of physical objects. The experimental results show that SecureShare achieves promising results in terms of efficiency, security, and flexibility.