{"title":"OTI-IoT: A Blockchain-based Operational Threat Intelligence Framework for Multi-vector DDoS Attacks","authors":"Aswani Aguru, Suresh Erukala","doi":"10.1145/3664287","DOIUrl":null,"url":null,"abstract":"<p>The <b>Internet of Things (IoT)</b> refers to a complex network comprising interconnected devices that transmit their data via the Internet. Due to their open environment, limited computation power, and absence of built-in security, IoT environments are susceptible to various cyberattacks. Denial of service (DDoS) attacks are among the most destructive types of threats. The <b>Multi-vector DDoS attack</b> is a contemporary and formidable form of DDoS wherein the attacker employs a collection of compromised IoT devices as zombies to initiate numerous DDoS attacks against a target server. A Blockchain-based Operational Threat Intelligence framework, OTI-IoT, is proposed in this paper to counter multi-vector DDoS attacks in IoT networks. A <b>”Prevent-then-Detect”</b> methodology was utilized to deploy the OTI-IoT framework in two distinct stages. During Phase 1, the <b>consortium Blockchain network</b> validators employ the IPS module, composed of a smart contract for attack prevention & access control, and Proof of Voting consensus, to thwart attacks. Validators are outfitted with deep learning-based IDS instances to detect multi-vector DDoS attacks during Phase 2. Alert messages are generated by the IDS module’s alert generation & propagation smart contract in response to identifying malicious IoT sources. The feedback loop from the IDS module to the IPS module prevents incoming traffic from malicious sources. The proposed OTI framework capabilities are realized as an outcome of combining and storing the outcomes of the IDS and IPS modules on the consortium Blockchain. Each validator maintains a shared ledger containing information regarding threat sources to ensure robust security, transparency, and integrity. The operational execution of OTI-IoT occurs on an individual Ethereum Blockchain. The empirical findings indicate that our proposed framework is most suitable for real-time applications due to its ability to lower attack detection time, decreased block validation time, and higher attack prevention rate.</p>","PeriodicalId":50911,"journal":{"name":"ACM Transactions on Internet Technology","volume":"138 1","pages":""},"PeriodicalIF":3.9000,"publicationDate":"2024-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Internet Technology","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3664287","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
The Internet of Things (IoT) refers to a complex network comprising interconnected devices that transmit their data via the Internet. Due to their open environment, limited computation power, and absence of built-in security, IoT environments are susceptible to various cyberattacks. Denial of service (DDoS) attacks are among the most destructive types of threats. The Multi-vector DDoS attack is a contemporary and formidable form of DDoS wherein the attacker employs a collection of compromised IoT devices as zombies to initiate numerous DDoS attacks against a target server. A Blockchain-based Operational Threat Intelligence framework, OTI-IoT, is proposed in this paper to counter multi-vector DDoS attacks in IoT networks. A ”Prevent-then-Detect” methodology was utilized to deploy the OTI-IoT framework in two distinct stages. During Phase 1, the consortium Blockchain network validators employ the IPS module, composed of a smart contract for attack prevention & access control, and Proof of Voting consensus, to thwart attacks. Validators are outfitted with deep learning-based IDS instances to detect multi-vector DDoS attacks during Phase 2. Alert messages are generated by the IDS module’s alert generation & propagation smart contract in response to identifying malicious IoT sources. The feedback loop from the IDS module to the IPS module prevents incoming traffic from malicious sources. The proposed OTI framework capabilities are realized as an outcome of combining and storing the outcomes of the IDS and IPS modules on the consortium Blockchain. Each validator maintains a shared ledger containing information regarding threat sources to ensure robust security, transparency, and integrity. The operational execution of OTI-IoT occurs on an individual Ethereum Blockchain. The empirical findings indicate that our proposed framework is most suitable for real-time applications due to its ability to lower attack detection time, decreased block validation time, and higher attack prevention rate.
期刊介绍:
ACM Transactions on Internet Technology (TOIT) brings together many computing disciplines including computer software engineering, computer programming languages, middleware, database management, security, knowledge discovery and data mining, networking and distributed systems, communications, performance and scalability etc. TOIT will cover the results and roles of the individual disciplines and the relationshipsamong them.