Network Threat Management System Using Blockchain

Abstract— The Expansion of the Internet has led to adding more and more devices into its pocket having a tremendous flow of traffic between devices which has led to more insecure portable and stationary devices. Successful distributed denial-of-service (DDoS) attacks are those striking web crashes that bring critical enterprise services to their knees. Making DDOS attack a topmost security threat to service provisioning. The current prevention mechanisms have failed to assure mitigation against this threat. There needs to be a Decentralized and automated system to prevent the attack which can be provided by the Blockchain, Smart Contracts, and SDN Technology. In this paper, a peculiar architecture is proposed by combining these technologies introducing new opportunities for efficient DDOS Mitigation. Main Advantage of the System is the deployment of the Private Blockchain network having interconnectivity between nodes which helps to advertise whitelisted and blacklisted IP address and sharing a common register across multiple domains.

Keywords: Blockchain, Soft Defined Network, Smart Contracts, Network threat, Security, DDOS


A. Introduction

Over the last decades Distributed Denial of Service has become a top security threat this is because of its increase in number, size and its impact. The goal of the DDoS attack is to overwhelm the target server so that the resources become inaccessible to the legitimate client. To launch a DDoS attack attacker can build an entire botnet network, once the attacker is ready with their weapons it starts searching for vulnerable sites or hosts or maybe an entire network. To overcome DDoS attack to some extent we propose a blockchain based architecture for collaborative DDoS mitigation with smart contract along with software-defined network. SDN became like a new paradigm in networking. Working on SDN enables us to leverage advanced network functionalities to avoid these attacks. With SDN, flow rules can be applied to block a DDoS attack. As we keep on applying rules, less DDoS traffic occurs since malicious packets are dropped. Once the attacker IP address is reported in the blockchain, it is hard to tamper the data stored. Since blockchain is decentralized in nature all the hosts in the network have an updated copy of ledger. So the proposed solution is going to be the automated and easy to manage DDoS mitigation.

B. Motivation for the project

The rapid growth in the number of portable and stationary devices makes Distributed Denial-of-Service (DDoS) and DNS attacks a top security threat to securely provision services and scale through automation. Existing strategies lack resources and flexibility to cope with attacks by themselves. Emerging technologies such as blockchain, smart contracts, and SDN (Software-Defined Networking) introduce new opportunities for flexible and efficient DDoS defense solutions.

Blockchain withdraws heavy interests of many sectors like finance, health-care and government nowadays. With blockchain, applications run in a decentralized fashion. There is no need of central authority or intermediary body to monitor the transactions among parties. Even in the presence of trustless environment in the network, secure transactions can be made. This was not possible before. Heavy use of cryptography in SDN using blockchain secures the transactions. Also, this makes fast reconciliation among the parties as there is an absence of an intermediary body in each network interactions activities.

The idea to integrate blockchain technology in SDN environment is to provide a detailed description of blockchains, SDN as well as to highlight the ways the blockchains and SDN can be used together. Blockchains allow us to have a distributed peer-to-peer network where the non-trusting member can interact with each other without a trusted intermediary, in a verifiable manner. The idea presents SDN domain and describes how a blockchain and SDN combination facilitates the avoidance of the attack on the network.

C. Problem Definition

An enterprise network is always prone to several outside attacks which can threaten its data confidentiality, integrity. A Distributed Peer to Peer network is to be created using the SDN domain and Blockchain Technology. The incoming threat coming through the network will be detected by the distributed topology established in the network and prevent the system from being vulnerable to the outside world. The IP addresses of the network traffic will be stored in the blockchain ledgers and will be passed on to each node.

Related Works

Various DDoS mitigation strategies have been implemented till date, this section will throw light on few of those strategies and this section will also hint upon the methodology being applied in the proposed system.

Traditional/Conventional DDoS mitigation

The existing technologies make use of a centralized server for DDoS mitigation. This centralized scheme is not full proof as in the case where the centralized server may itself get attacked the list of blacklisted and whitelisted IPs will not be retrieved by the host/client in need. This could be overcome by the decentralized nature of blockchain in which each node in the distributed peer to peer network has the same blockchain ledger.

Blockchain-based DDoS mitigation

Gladius a security company has developed a system in which each node in the public blockchain network can share/donate/provide its bandwidth with/to the node under attack [3]. A small token, Gladius is given to the nodes participating in bandwidth sharing. Since it uses public blockchain network it may face several problems like requiring an algorithm of agreement with untrusted nodes. These limitations are addressed in [1] and a system is proposed in which similar methodology is applied but in the private blockchain network thus overcoming some of the limitations of Gladius. This system can also fail if the number of participating nodes in the network are not enough to cope up with large DDoS attacks of which bandwidth can range more than shared bandwidth.

SDN based DDoS mitigation

In SDN the control plane is separated from data plane thereby bringing programmability in networking and also providing better network visibility. OpenFlow protocol is used to ease the network management by providing a standardized and programmable interface between the control plane and data plane. SDN based solutions to deal with DDoS attack have been discussed in [2,4]. These solutions may cause an overhead in the SDN controller and flow tables. Also, they do not provide any solution to the security issues of SDN as discussed in [8]. Thus these issues of SDN can be overcome by combining the SDN capabilities and capabilities of blockchain and smart contracts.

Proposed System Architecture

Architectural Design

The Proposed architecture of NTM is divided into 3 parts

1) SDN-Software Defined Network:

It is network architecture approach enabling the network to be intelligently and centrally controlled, or programmed, through software applications using open APIs. DDos, Dos are Low Resolution Attacks.For such attacks, it does not necessarily require access to all the, sflow with sdn is used to prevent limitation of sampling (i.e.flow shortening) by delegating detection logic to SDN controllers.

SDN Architecture

a) OpenDayLight:OpenDaylight is a popular open-source SDN controller framework that uses open protocols to give automatic control and manages network devices. It supply OpenFlow and other southbound APIs, (like sFlow) and introduces network solutions of its platform

b) Mininet Custom Topology:Mininet a Linux kernel based network emulator which tracks pool of end-hosts, switches, routers and links, where these switches have to support OpenFlow protocol so as to test or implement SDN concepts. A Python script is used to generate custom topology, and node types: switch, controller, host, or other. A small network (9 hosts, 3 switches, 12 links) is created when we run the script called present in the custom folder of mininet

Custom Topology view using OpenDaylight (ODL) SDN Controller

Testing the working of OpenDaylight controller by pinging all nodes. Every host should be able to reach every other host

Pingall Command for testing ping availability


Ethereum-based private blockchain, decentralized and provide a trusted consensus in which data of DDoS attacks can be advertised and accessed between the collaborative hosts. In the private blockchain, the application listening to the blockchain may see new white and blacklisted addresses reported.

3)Smart Contracts:

A contract based on Solidity implementing the logic of the collaborative approach, advertising of white or blacklisted IP addresses of customers, as well as information on the reporting entity and attack characteristics. Security policies and thresholds may be defined based on historical records directly obtained from southbound protocols such as OpenFlow.

SDNs enhance the management of flows in response to attacks by enabling the deployment of traffic analysis based on global network awareness given by an OpenDayLight controller, followed by filtering, packet inspection, or black-holing malicious traffic.

Blockchain DDoS Mitigation services running on each domain/host are used to broadcast DDoS attack information and broadcast black or whitelisted addresses.

The domain/host participating in the private blockchain will run a smart contract written in Solidity by executing a script, which is used to store references(To know who is reporting) to the advertised addresses. The contracts are further processed checking if the entity reporting addresses are certified and is the one under attack, and to enforce the necessary countermeasures by the security policies implemented in the Autonomous Systems(ASes).

Proposed System Architecture


1) To deploy the enterprise on SDN

The Enterprise Network is deployed in SDN

Inside a Virtual Machine, run the OpenDaylight controller and Mininet emulated network

Now, using the OpenDaylight controller, Mininet emulated network VirtualBox to run Mininet VM

Start the Network topology using a Python Script and test that the OpenDaylight controller is working by pinging all nodes. Every host should be able to reach every other host

2) DDoS Detection and Mitigation

Traffic analysis is assisted by SDN

Different techniques can be used upon the detection by ASes or customers, which typically involves analyzing Internet traffic with sophisticated attack detection algorithms, followed by filtering

Blockchain DDoS Mitigation application is installed both on the customer and Autonomous Systems(ASes) which can be used to perform widespread and rapid DDoS attack advertisement using smart contracts. Challenge/Response authentication services can be utilized by an ASes to make sure that the IP address of the customer reporting the attack is the customer under attack and to enforce the necessary countermeasures by the security policies implemented in the domain.

To integrate SDN with Blockchain and build the NTM architecture

The architecture is built considering the following principles:

DDoS detection and mitigation are provided as a service by the Autonomous systems(ASes).

Blockchain DDoS Mitigation modules are running on the entities writing IP addresses and listening to the blockchain are used to efficiently aid coordinated attack responses.

Storing IP addresses in Blockchain

Blockchain/Smart Contract: The private Ethereum blockchain (Ethereum Virtual Machine nodes) running Solidity smart contracts, which comprises the logic to report IP addresses in the private blockchain.

To integrate smart contract as Access Control List and Policy List for Network Threat mitigation

As DDoS attacks are increasing continuously and may vary in their patterns, the need for coordinated responses also increases to efficiently detour the attacks.

ASes or Hosts may report DDoS attacks and retrieve lists containing reported IP addresses and implement their own DDoS mitigation mechanisms.

3) Testing

A.Testing Environment

The machine used for this experiment runs Ubuntu 16.04 LTS, with an Intel Core i7, and 16GB of RAM.

For generating network topologies, Mininet , a network emulator that uses process-based virtualization was installed on a VirtualBox

The Network Monitor (i.e., sFlow) and the SDN controllers (i.e., Opendaylight)were installed on the system

B.Attack and Mitigation

Python Scripts will be written for packet generation and sending large no. of ICMP/UDP request to the host/Server

Attackers can be chosen some host from the topology or some hosts from outside environment

We would be using random valid IP addresses for the packet source addresses.

To mitigate against the DDoS attack, A DDoS security application and a smart contract are running parallely

A DDoS security application which works by monitoring the network traffic and when amount of responses monitored by sFlow exceeds a maximum-responses count, controller is informed and packets are sent for further inspection

Repeat the process setting different threshold values for mitigation till the server is providing the service. This is done to reduce False Alarms.

Once a DDos attack is detected, attacker traffic is rate-limited using OpenFlow and the IP address is added to blacklisted Ip list in the ledger

Parallely when the packet coming from the Internet will arrive at the host. This module through smart contract checks if the source address of the incoming packet is in white list or black list from blockchain. The packet will be dropped immediately if its source address is in black list

Since the Blockchain application can be deployed as an additional security feature to the system, the system is tested with and without Blockchain to find the difference in efficiencies.


This paper proposes a blockchain and smart contracts based collaborative architecture for DDoS mitigation along with SDN. The capability of SDN to make a network programmable and decentralized or distributed nature of blockchain provides an effective approach towards collaborative DDoS mitigation. The consensus protocol implemented in the system can be used to prevent false alarms, which is not present in the traditional DDoS mitigation strategies. To check the significance of system the system, it can be tested with and without blockchain application since the blockchain is any way applied as an additional security feature.


  1. Kyoungmin K., Youngin Y., Mookyu P., Kyungho L., “DDoS Mitigation: Decentralized CDN Using Private Blockchain”, 10.1109/ICUFN.2018.8436643
  2. Bruno R., Thomas B., Andri L., David H., Sina R., and Burkhard S., “A Blockchain-Based Architecture for Collaborative DDoS Mitigation with Smart Contracts”, 10.1007/978-3-319-60774-0_2
  3. “Gladius-Whitepaper_Tech”, Technical Paper, Gladius, December 2017.
  4. Lawal B. H. and Nuray AT., “Real-Time Detection and Mitigation of Distributed Denial of Service (DDoS) Attacks in Software Defined Networking (SDN)”, 10.1109/SIU.2018.8404674
  5. Rajneesh, G. 2018. Hands-On Cybersecurity with Blockchain: Implement DDoS protection, PKI-based identity, 2FA, and DNS security using Blockchain. Packt Publishing Ltd., Birmingham. 216 pp.
  6. Performance and Scalability of Blockchain Networks and Smart Contracts by Matthias Scherer, 2017.
  7. Castro, Miguel, and Barbara Liskov. “Practical Byzantine fault tolerance.” OSDI. Vol. 99. 1999.
  8. Sandra Scott-H., Gemma O’C., Sakir S., “SDN Security: A Survey”, November 2013.
Did you like this example?