SOChain: A Privacy-Preserving DDoS Data Exchange Service over SOC Consortium Blockchain

IoT devices provide a significant medium for distributed denial-of-service (DDoS) attacks. In 2016, a large-scale DDoS attack, named Dyn, caused massive damage to several well-known companies. One effective countermeasure is observing previous network traffic information or abnormal behavior determined by the host machines and determining the latest DDoS-attack IP addresses. Because of the lack of a fair exchange mechanism, most security operation centers (SOCs) are unwilling to share their real-time DDoS data. In this article, we propose a decentralized DDoS data exchange platform, namely SOChain, using blockchain technology to overcome the trust and fairness issues. The platform incentivizes SOCs through the DDoS_coin token. The more DDoS information an SOC contributes, the more coins it earns. To confirm the validity of uploaded information, we enlist a content verifier to examine uploaded abnormal IP addresses. Moreover, the verifier is incentivized by the DDoS_coin. To decrease the management effort, the entire flow is automatically executed in smart contract deployed onto the blockchain system. To address the issue of privacy in smart contracts, we devise a novel dual-level Bloom filter to enable efficient searches with privacy protection. Herein, a verifiable method is designed without revealing the information to public.