OTI-IoT: A Blockchain-based Operational Threat Intelligence Framework for Multi-vector DDoS Attacks

Abstract

The Internet of Things (IoT) refers to a complex network comprising interconnected devices that transmit their data via the Internet. Due to their open environment, limited computation power, and absence of built-in security, IoT environments are susceptible to various cyberattacks. Denial of service (DDoS) attacks are among the most destructive types of threats. The Multi-vector DDoS attack is a contemporary and formidable form of DDoS wherein the attacker employs a collection of compromised IoT devices as zombies to initiate numerous DDoS attacks against a target server. A Blockchain-based Operational Threat Intelligence framework, OTI-IoT, is proposed in this article to counter multi-vector DDoS attacks in IoT networks. A “Prevent-then-Detect” methodology was utilized to deploy the OTI-IoT framework in two distinct stages. During Phase 1, the consortium Blockchain network validators employ the IPS module, composed of a smart contract for attack prevention and access control, and Proof of Voting consensus, to thwart attacks. Validators are outfitted with deep learning-based IDS instances to detect multi-vector DDoS attacks during Phase 2. Alert messages are generated by the IDS module’s alert generation and propagation smart contract in response to identifying malicious IoT sources. The feedback loop from the IDS module to the IPS module prevents incoming traffic from malicious sources. The proposed OTI framework capabilities are realized as an outcome of combining and storing the outcomes of the IDS and IPS modules on the consortium Blockchain. Each validator maintains a shared ledger containing information regarding threat sources to ensure robust security, transparency, and integrity. The operational execution of OTI-IoT occurs on an individual Ethereum Blockchain. The empirical findings indicate that our proposed framework is most suitable for real-time applications due to its ability to lower attack detection time, decreased block validation time, and higher attack prevention rate.