| Summary: | 碩士 === 國立交通大學 === 網路工程研究所 === 106 === With the widespread of Internet, threats of distributed denial of service (DDoS) attacks have been increasing. Those malicious behaviors aim to exhaust network bandwidth and resources, causing catastrophic damage of compromised machines. Although many prevention and detection mechanisms for DDoS attacks have been proposed, most of them take the previous network traffic information or abnormal behavior collected by the host machine to mitigate those invasions. Moreover, the major DDoS attacks are always with large-scale botnet, posing serious threats to more than just one victim. Therefore, cross-organizational collaboration is undoubtedly necessary. In this paper, we propose and implement a consortium blockchain-based system sharing malicious IP to prevent another hosts to be attacked. In our scheme, every security operation center serving as a blockchain-node uploads their lists of suspicious IPs which are automatically compared by smart contract without human interference. If IPs in different lists are matched with certain degree, this system will respond by giving the whole list of malicious IP. By means of these steps, shares of IP lists are achieved and attacks are prevented in advance. Besides, when uploading and sharing, we utilize elliptic curve cryptography to ensure data confidentiality and integrity.
|
|---|
