key: cord-0481008-0m5rsqxz authors: Chaganti, Rajasekhar; Bhushan, Bharat; Ravi, Vinayakumar title: The role of Blockchain in DDoS attacks mitigation: techniques, open challenges and future directions date: 2022-02-08 journal: nan DOI: nan sha: c6f5a4e66f8ce77b7aa8ea2109c43a396ad204a1 doc_id: 481008 cord_uid: 0m5rsqxz With the proliferation of new technologies such as Internet of Things (IOT) and Software-Defined Networking(SDN) in the recent years, the distributed denial of service (DDoS)attack vector has broadened and opened new opportunities for more sophisticated DDoS attacks on the targeted victims. The new attack vector includes unsecured and vulnerable IoT devices connected to the internet, denial of service vulnerabilities like southbound channel saturation in the SDN architecture. Given the high-volume and pervasive nature of these attacks, it is beneficial for stakeholders to collaborate in detecting and mitigating the denial of service attacks in a timely manner. The blockchain technology is considered to improve the security aspects owing to the decentralized design, secured distributed storage and privacy. A thorough exploration and classification of blockchain techniques used for DDoS attack mitigation is not explored in the prior art. This paper reviews and categorizes the existed state-of-the-art DDoS mitigation solutions based on blockchain technology. The DDoS mitigation techniques are classified based on the solution deployment location i.e. network based, near attacker location, near victim location and hybrid solutions in the network architecture with emphasis on the IoT and SDN architectures. Additionally, based on our study, the research challenges and future directions to implement the blockchain based DDoS mitigation solutions are discussed. We believe that this paper could serve as a starting point and reference resource for future researchers working on denial of service attacks detection and mitigation using blockchain technology. In the recent years, distributed denial of service (DDoS) attacks has been growing and always seen the upward trend [1] . Work from home and increased use of cloud technologies owing to the Covid pandemic in the first quarter of 2020 has increased the volume and intensity of DDoS attacks in 2020. For example, launching various amplification and UDP-based attacks to flood target networks increased 570 percent for the second quarter of 2020 in comparison with the previous year for the same time period [2] ; the traditional threshold-based mitigation methods are insufficient to detect these attacks and the machine learning models are able to accurately detect as long as the attack pattern follows the trained data model and if any new attack pattern can easily evade these models [2] . Although the DDoS attack vectors existed for years and many solutions proposed for handling the attacks, it is still an Rajasekhar Chaganti was with the Department of Computer Science, UTSA, San Antonio, TX, 78256 USA e-mail: raj.chaganti2@gmail.com Vinayakumar Ravi is with the Center for Artificial Intelligence, Prince Mohammad Bin Fahd University, Khobar, Saudi Arabia. email:(vravi@pmu.edu.sa) important problem to be addressed as the new technologies increases the attack surface and exploitable vulnerabilities. As the number of devices connected to the internet increases and new network protocol vulnerabilities are uncovered, e.g., the UDP Memcached vulnerability [3] , DDoS attack rates have increased exponentially over the last decade, as shown in Figure 1 . A nominal enterprise organization may not be able to effectively handle or mitigate the current terabit rate sized attacks, and it's already late to bring up the network Operators and internet service providers to react and mitigate DDoS attacks when attackers target these enterprises. However, as mentioned in Table II , we can see that the cloud service providing organizations like Amazon Web Services (AWS) and Google Cloud Platform (GCP) were handled approximately more than 2 Tbps attack rate at the edge level and served the public cloud application customers with no performance or service impact in the last two years. In 2016, the IOT devices such as routers and cameras connected to the internet were compromised, and attack code deployed to launch mirai bot reflection attacks to generate attack traffic rates in excess of 1 Tbps targeting DYN (a dynamic DNS service provider), OVH (cloud service provider), and security blogger Brian Krebs's website [4] [5] [6] . The emerging technologies such as cloud Computing, Internet of Things (IoT), Software Defined Networking (SDN) change the internet network architecture and offers new opportunities for the attackers finding the loopholes and perform Denial of service attacks. The challenge of large-scale DDoS attacks is to mitigate them within a short span of time and avoid the loss of business and reputation for the enterprise organizations involved in the attack. Therefore, a rapid coordination and response required between the stakeholders like network operators, edge protection providers, Internet service providers, impacted organizations, third party DDoS mitigation services etc. Authenticating and establishing trust among the parties involved is essential to execute the legitimate actions for stopping the attacks. A blockchain is a distributed ledger that can record the transactions in an efficient and permanent way. It is managed by peer-to-peer (P2P) network nodes with standard protocols designed for internode communication to approve the transaction records and validate the blocks. Owing to the inherent security by design and unalterable transaction records in the chain of blocks, a blockchain can be used for many applications including finance, healthcare, supply chain, cryptocurrency, cybersecurity, smart contacts in particular validating the identity, providing the user anonymity [7] [8] . The blockchain utility for cybersecurity application has been growing with demand to build secured systems and applications. The decentralized consortium blockchain implementation for industrial IoT [9] [10] , credit based consensus mechanism for approving the transactions in industrial IoT [11] and implementing blockchain based data storage and protection mechanism for defending the security attacks in IoT systems [12] [13] are some of the applications of the blockchain in IoT. Additionally, blockchain is leveraged for security in other areas like secured storage of the data in mobile ad hoc networks [14] , decentralized DNS database for DNS attacks mitigation such as cache poisoning attacks [15] , secured data storage in cloud and defend against the keyword guessing attacks [16] . Furthermore, based on the blockchain exhibiting security properties, we could see that the potential to utilize the blockchain for security threat information sharing among the key stakeholders. Figure 1 : DDoS attack rate growth trend in the last decade [17] . Recently, a few researchers proposed blockchain based solutions for threat information sharing like malicious IP address for blocklist, identifying the IOT bots in the network at the network gateway level, enabling content distribution network (CDN) nodes near the victim using private blockchain when denial of service is identified, security operating center threat sharing to users accessed in private blockchain is investigated in several recent works [18] [19] [20] [21] [22] . But there is a knowledge gap between network security experts, who aim to mitigate DDoS attacks in real time and blockchain experts, who develop decentralized applications but may not be experts in network attacks. Our prior art research shows that there is no significant work on investigating blockchain's role to mitigate the DDoS attacks. Therefore, we believe that there is a need for a systematic thorough review of the blockchain technology to handle the denial of service attacks. In addition, the blockchain based solutions are categorized based on the DDoS mitigation deployment location in internet. To the end, the main contributions of this paper are as follows: • We performed systematic review and classification of the role of blockchain technology in DDoS attack detection and blockchain based DDoS mitigation solutions. • We discussed the open challenges and future directions to implement and propose new solutions for handling DDoS attacks using blockchain. • We categorized and described the existing blockchain related DDoS solutions based on the solution deployment location in the internet architecture. • Our findings show that secured collaboration among the stakeholders to share the DDoS threat indicators with blockchain is achievable while addressing the limitations. The abbreviations used in the paper are given in Table I . The remainder of this paper is organized as follows: Section II discusses the key concepts such as DDoS attacks, Blockchains and Emerging technology network architecture paradigms and related work in association with our topic in the paper. Section III presents the Blockchain based solutions to mitigate the DDoS attacks. Section IV presents the current open challenges to utilize the blockchain in the context of DDoS attacks. Section V depicts the future directions in accordance with advancement with Blockchain technology. Section VI concludes the paper. In this section, we review DDoS attack types and the solutions proposed to mitigate them, describe the main fundamental and terminology of blockchain technology, and describe the emerging technologies such as internet of things and software defined networking paradigm. These are essential and play a significant role in the understanding of recent DDoS attack variants and their mitigation solutions using blockchain. Distributed Denial of Service (DDoS) Attack is a wellknown and major concern in cybersecurity area violating the security principle "Availability" of services. DDoS attack vectors exploit various features of the internet protocols, most of which were designed decades ago when security was not a concern. The relationship between an attacker exploiting the protocol features such as TCP connection setup using 3way handshake and its victim is asymmetric in nature. DDoS attacks are mainly classified into two categories: bandwidth depletion and resources depletion attacks [23] . In the former attack, high volumes of traffic that looks legitimate but not intended for communication is directed to a victim. In the latter attack, the victim is inundated with bogus service requests that deplete its resources and prevent it from serving legitimate requests. Multiple bots (network nodes compromised and controlled by an attacker) are often used to launch DDoS attacks. Direct attacks on a victim typically use flooding in which many packets are sent from multiple bots to the victim; examples include TCP SYN floods, UDP floods, ICMP floods, and HTTP floods [24] . Another tactic used in DDoS attacks is amplification: the attacker sends requests to network service providers such as Domain Name System (DNS) servers or network time providers (NTP) spoofing victim's IP address as the source IP address so that the responses, which are typically several times larger than the queries/requests, are sent to the victim [24] . In addition, protocol exploitation attacks like TCP SYN flooding can be performed on the victim infrastructure by taking advantage of TCP connection establishment mechanism and sending the flood of TCP SYN packets with no ACK responses to consume the victim machine resources [25] . The adversary may also use automated scripts to send TCP flags ACK, PUSH, RST, FIN packet floods to saturate the communication channel along the victim infrastructure. Another category of DDoS attack are ping of death and land attack. Ping of death attack focused on sending Ping command with packet size greater than maximum packet size 65536 bytes to crash the victim the system. In land attack, An attacker may send forged packets with same sender and destination IP address to target the victim to send the packet to itself forming an infinite loop and crashing the victim machine [25] . A zero-day can vulnerability also be leveraged to compromise the legit machines and successfully lunch the denial of service attack [26] . Significant research work is done on the detection and mitigation of DDoS attacks for the last two decades. The proposed mitigation solutions differ in the location and timing of deployment [27] . The deployment location-based solutions are categorized into four types Although the source-based defenses aim to detect and mitigate the attacks in early stages of the attack, it is very difficult to distinguish the legitimate and malicious DDoS traffic at the source level owing to the use of bots to distribute the attack traffic generation. The destination-based defense mechanisms are easier and cheaper to implement since the attack traffic will be concentrated closer to the victim. However, before they are detected; the attack traffic consumes the resources on the paths leading to the victim. The network-based defense solutions detects and mitigate the DDoS attacks at the Autonomous System (AS) or Internet Service Provider (ISP) levels, which are closer to the attack sources. But they incur storage and processing overhead at the network infrastructure level, for example, by the edge or ISP routers, or might need additional DDoS protection devices like middle boxes to process the traffic. Also, the attack detection will be difficult owing to lack of aggregation of traffic destined to the victim. However, attack mitigation in the internet core has the advantage of not passing the traffic till the victim network and preventing congestion of communication channel with attack network traffic as well as saving the victim's computing and network resources. The hybrid defense approach promises to be more robust since it allows to use the combination of defensive mechanism to defend against DDoS attacks. Furthermore, detection and mitigation can be implemented more efficiently. For instance, the detection can occur at the destination or network level and the mitigation technique can be applied near the source to effectively handle the DDoS attacks. However, its implementation is more challenging because it requires collaboration and cooperation between different entities to exchange attack information without receiving sufficient incentives for some of the participants like service providers [27] and there needs to be trust between the stakeholders, given the fact that the service providers are diverse and not easy to trust the entities. For descriptions of various DDoS mitigation techniques such as anomaly or signature-based detection, machine learning algorithms to attack detection, scrubbing, rerouting, and filtering/blocking techniques, see Zargar et al. [27] . A blockchain is a digital, public ledger that records list of transactions and maintains the integrity of the transactions by encrypting, validating and permanently recording transactions [33] . Blockchain technology has emerged as a potential digital technology disrupting many areas including financial sector, security, data storage, internet of things and more. One of the best known uses of blockchains is the design of cryptocurrencies such as Bitcoin [34] , [34] , [35] . A blockchain is typically managed by a peer-to-peer network and uses peer-to-peer protocol such as the Distributed Hash Table ( DHT) for internode communication as well as validating new transactions. Figure 2 illustrates the typical structure of a block: a linked list of blocks with a header block. Each block comprises a set of transactions, a count of the transactions in the block, and a header. The block header includes block version, which tells the current version of block structure, a merkle tree root hash to incorporate the uniqueness of the transaction set in the block by determining the final hash value achieved from all the transactions in the block as well as maintain the integrity between the transactions in the block. Therefore, the transactions secured in a blockchain and cannot be tampered. The block header also contains Timestamp, i.e. the time at which the block is created and it plays an important role in extending a blockchain to record new transactions. There is a special data structure that points to the most recent block in a chain. Using the back pointers other blocks in the chain can be accessed. Blockchain exhibits properties like decentralization, persistency, anonymity, and auditability. The essential property of anonymity is achieved using asymmetric cryptography like RSA algorithm and digital signature [36] . Each user has a private and public key pair for applying an asymmetric cryptography algorithm. The hash values obtained from the Figure 2: Blockchain Internal Components existing transactions will be utilized to get the digital signature and validate the user's authenticity. The user validation is a two-step process: signing and verification. Figure 3 shows the asymmetric cryptography and digital signature calculation steps during the validation process [37] . The peer-to-peer blockchain system has no centralized node and uses consensus algorithms, which typically require participating entities to win a computing challenge, to authorize an entity to create the next block of verified transactions and append to the exiting blockchain. A consensus algorithm, as indicated above, is used to select nodes in peer-to-peer blockchains to add a block of new transactions to the existing blockchain. Some of the widely used algorithms are proof of work (POW), proof of stake (POS), practical Byzantine fault tolerance (PBFT), ripple consensus algorithm and delegated proof of stake (DPOS) [38] . In POW, used by Bitcoin, every node computes the hash value of the block header and the computed value should be less than the specific value, according to the algorithm. The successfully computed node will be verified by the other nodes and selected as an authorized node to add the transaction in the block; the update is propagated to all other nodes of the blockchain. Computation of the hash value within the constraints requires requires extensive computing, which is called mining. In POS, the users that have more currency can get an authority to add the transactions in the blockchain. So, richer entities will become richer, and, potentially, a few participants dominate the blockchain management and extension; on the other hand, this method does not require extensive computing power, and is likely to more efficient. The consensus algorithm based on PBFT requires that a significant majority of the nodes participating in the blockchain should approve the transaction to be appended in the network and can tolerate 1/3rd of the node failures. The consensus process starts by choosing a primary node to process all the transactions in a block. It is a three-step process i.e. pre-prepare, prepare and commit; If 2/3rds of the nodes accept the request, then the transaction is appended to the block. Hyperledger's fabric is an example of using PBFT as a consensus mechanism to complete the transactions in the network. In Delegated Proof of Stake(DPOS), the delegated maximum currency stakeholder is chosen for adding the transactions. Some platforms like Tendermint operates on the combination of the algorithms (DPoS+PBFT) [38] . With decentralized consensus methods such as POW, branching, in which competing entities may propose different sets of transactions to create a new block and extend a current blockchain, can occur due to the decentralized nature for mining to approve the transaction as well as having a delay to validate the 51% of the blockchain nodes or participants prior to adding the transaction to blockchain; nBits, which signifies the difficulty level that is being used for miner computations to add the transactions to the block; nonce, which represents a random number created by the creator of the block and can be used only once; parent block hash, which is a cryptographic hash value of the parent block to maintain the integrity between the two consecutive blocks and maintain the non-tampered chain of blocks [38] [7] . In general, blockchain platforms are typically classified into three types. Public blockchain, in which the existing transactions can be read by anyone in public and open to join for public. But the transactions cannot be tampered and provide high level security, even though its computation delay is high. Bitcoin is a classic example of public blockchain. Anyone can read the user account balance and the transactions that the user account involved, given the fact that the user bitcoin wallet address is known. In consortium Blockchain, only selected nodes are participated in transactional operations and a good example multiple organization in a particular sector want to use the blockchain for business applications. Each node represents a member from the organization. The consensus process is fast, and only privileged users can read the information from the blockchain. Private Blockchain requires permission to join the network and usually maintained within the organization. The nodes can be the participants from the same organization to share the data within the organization or storing the data records securely and more. The private blockchain usually becomes centralized in nature and the transaction can be tampered if untrustworthy nodes participate in the mining process. The detailed comparison of the blockchain types is described in Table III . Since the existence of the Bitcoin, there are number of coins developed by the blockchain community focusing on specific industry application. Some of the major notable coins are Ethereum, Litecoin and Ripple [39] . The second popular and largest market capitalization cryptocurrency is Ethereum, which works on smart contract functionality. Ethereum has been proposed to address some limitations in Bitcoin scripting language. Ethereum supports the turing complete programming language meaning that we can perform all computations including the loops. This is achieved by smart contracts functionality, which runs cryptographic rules when certain conditions are met. The smart contracts in the nodes are translated into EVM code and then the nodes execute the code to complete the transaction (can be creating a user account, the result of code execution). There has been a lot of attention on Hyperledger recently owing to the applicability of enterprise standard version blockchain deployment capabilities and known to be rigorously used in academic research community for research activities. Hyperledger is an open source community contributed suite, which comprises tools, frameworks, and libraries for enterprise blockchain application deployments. One of the notable tool is the Hyperledger fabric [40] , a distributed ledger user for developing blockchain applications and can have private blockchain for serving the applications to specific services. The fabric consists of model file, script file, access file and query file and all zipped together to form business network archive. Fabric has a concept called "Chaincode", which is similar to Ethereum smart contract for performing secured blockchain transactions. We can also include the distributed file storage i.e. Interplanetary File System (IPFS), which store the data and the data can be shared across the nodes in the blockchain. For example, A decentralized web application can be hosted with content stored in IPFS for serving web content to users. Overall, Hyperledger is very useful platform for blockchain technology and have been widely using for developing the applications including DDoS mitigation. Some of the notable recent technologies such as IoT, SDN and cloud computing essentially changed network paradigm. It is important to review these advanced network architectures to study the advanced DDoS attacks exploiting the architecture limitations and propose the new solutions to mitigate these attacks using blockchain technology. 1) IOT Architecture: IoT is a system of computing devices including the physical objects with network connectivity to connect to internet and transfer the data over the network with or without requiring the human interaction. The tremendous progress towards smart homes, smart cities, smart transportation, and smart grid applications in recent years shows that rapid advancements in Internet of Things (IOT) technology. Gartner predicted that there will be 65 billion IOT devices connected to the internet by 2025 and the current statistics show that around 31 billion IOT devices deployed and connected to internet [41] . Figure 4 depicts a typical IoT architecture with main components. The IoT devices can be sensors, actuators or other appliance installed in home, industry, person body, vehicle, farming platform to monitor or sense the current state or activity and pass the information to the nearest IoT gateway through wireless communication like Bluetooth, Wi-Fi, NFC and ZigBee. The IoT gateways connected to the public internet for sending the information to IoT service provider for data analytics, tracking the status, display in user console etc. Using IoT network protocols such as MQTT, AMP, HTTP and CoAP but not limited. Owing to the limited CPU, memory, and power capabilities of IoT devices and the existence of the multivendor IoT platforms, conventional security solutions are not compatible in IoT environment and securing IoT devices is challenging. 2) SDN Architecture: Recent advances in wide area networks (WAN) and data center networks are the culmination of the SDN paradigm. SDN enable logically the centralized management of network layer 2 and layer 3 devices such as Switches and Routers, including the management of wide area networks of the organizations where the network devices located from multiple sites are monitored/controlled using an SDN controller [42] . As depicted in Figure 5 , the central controller monitors manage all the network device in data plane layer and communicated through southbound API like Openflow standard. A network administrator can develop the applications on top of the control layers to perform network management operations. SDN technology can be used at the autonomous system level, internet service provider level or data center level for network monitoring and management. Although SDN provides lot of advantages including programmability, centralized control, and security, it also inherits security vulnerabilities due to the new architecture paradigm. For instance, an adversary may target the controller with TCP SYN flooding attack and other protocol exploitation techniques to saturate the controller and shutdown the whole network [43] . Leveraging the blockchain technology open up new research possibilities to secure the Software defined network itself from malicious denial of service attempts [44] as well as mitigation of the denial of service attacks in conventional networks. Technologies such as machine learning (ML), blockchain, IoT, and SDN are well suited to improve the security in digital world but also exhibit new security concerns and issues [ [53] . Some researchers also used combinations of these technologies to address security challenges ranging from malware analysis, DNS Security, to network security as well as privacy issues [54] [55] [56] [57] [58] . Our focus in this paper is specific to DDoS-attack detection and mitigation techniques in conventional networks, software defined networks, cloud environments and internet A recent advancement in peer to peer networks with blockchain technology enabled utilization of decentralized network concepts for multiple application areas like finance, healthcare, real estate, supply chain management, security [62] . Although blockchain mainly provides the anonymity, privacy and secured data storage in security applications, researchers also explored the applicability of blockchain technology in DDoS attack information sharing, threat intelligence information sharing to quickly respond to the DDoS attacks. Singh et al. [63] present a survey of DDoS mitigation techniques using blockchain technology. The authors considered four known blockchain based DDoS mitigation approaches for comparison; highlighted the operation of these mitigation mechanisms and assessed the practical applicability of these implementations [64] [65] [66] [67] . Wani et al. [68] discussed the prior art distributed denial of service attack mitigation using blockchain by describing the methodology on how the related papers are collected and proposing the taxonomy based on the technologies like artificial intelligence, information sharing capability and blockchain types. However, a comprehensive and systematic review of the state-of-the-art work with classification based on the solution implementation location by leveraging the blockchain technology to detect and mitigate the DDoS attacks in digital world and also detail description of DDoS attacks targeting Blockchain platforms to protect decentralized networks is not covered in the prior art. Our motivation for this work is to bridge the knowledge gap between network security researchers and the blockchain developing community, and enable the researchers to access this article as a reference point to continue the research of using blockchain technology in network security. In this section, the existing research works on solving the DDoS attack detection and mitigation problem using blockchain technology is presented and discussed. In addition to blockchain, the role of technologies such as SDN, IoT and ML/DL in addressing DDoS attacks near the attacker domain location, the internet core, or near the victim network domain are reviewed. We discuss the existing DDoS mitigation blockchain solutions based on the location of solution deployment in internet architecture. The network level mitigation DDoS mitigation schemes using blockchain technology is deployed at the Internet service provider (ISP) level on the internet, which may be far from attacker or victim location. The Table V illustrates the blockchain key concepts used, technologies involved in the research works proposed for DDoS mitigation using blockchain. We can clearly see that smart contract based Ethereum network is used for implementing the DDoS mitigation solutions for most of the previous contributions, as shown in the Table IV . The blockchain access level policy is controlled by the owners to make the transactions accessible for public or private. Tayyab et al. [69] take the approach that each IDS in the network acts as a blockchain node and collaborate with other blockchain IDS nodes to share the attack information like correlated alarms. This decentralized correlated information sharing is used for the detection of ICMP6 based DDoS attacks. Although IDS collaboration improves DDoS attack detection capability, the practical implementation of collaboration can may have difficulties. For example, the IDS vendor interoperability to support the blockchain technology is needed in enterprise environment. Denial of service attacks detection at the IDS level is too late and might already congest the edge network communication channels or the content delivery network communications. [18] focused on utilizing the SDN and blockchain technologies in the autonomous system (AS) level to detect the denial of service attempts and activating the DDoS mitigation mechanisms at the network level. The authors considered the autonomous system consists of SDN architecture, controlled by SDN controller. The core concept in these papers include leveraging the centralized controller application of the SDN to manage how the network devices in the autonomous system should handle the traffic (whitelist/blocklist) originating from malicious IP addresses, which are used to launch the DDoS attacks on the autonomous system. The SDN controller node also acts as a blockchain node running decentralized application like Ethereum to store or validate the attack IP address list, and their blocklist/whitelist status as a transaction in the blockchain, and distribute the added transactions to all the nodes (SDN controller in other autonomous systems) in the blockchain. Ethereum smart contracts were used to store the IP addresses with malicious flag status as a transaction. The DDoS detection/mitigation mechanism was tested in Ethereum testing platform Rapsten testing network and also used Ganache for testing in local blockchain network [76] . Yeh et al. [21] , Yeh et al. [72] , Shafi et al. [79] and Hajizadeh et al. [77] discussed the threat information sharing including DDoS threat data among the collaborators for secure data sharing using blockchain based smart contracts technology and decentralized data storage. The Security operation centers can be upload the threat data and ISP act as verifier to confirm the illegitimacy of the threat data prior to adding to the blockchain transaction in [21] , [72] . The Ethereum based smart contract implementation for DDoS data sharing is performed for evaluation. But, in [77] and [79] , the Hyperledger caliper is used to implement the threat information sharing among the organizations. Each organization may have the SDN controller to run the blockchain application and act as a blockchain node for updating the threat information in other nodes. Rodrigues et al. [75] [64] [18] proposed the Ethereum based architecture for DDoS mitigation and their hardware implementation to allow or block the malicious IP addresses in the ISP level. Each transaction may include the IP address and their status to detect the malicious IP address performing the denial of service attacks. The main limitation of the IP address data storage in the transactions may have limitations. But, Burger et al. [65] discussed that Ethereum is not an ideal technology for DDoS attack IP based signaling using blockchain due to the scalability issue. The authors also mention that Ethereum smart contracts can be applicable for small number of IP addresses space related applications. They recommend that storing the list of IP address in a file storage like IPFS, and the URL of the storage location can be pointed to the blockchain transactions, and the location integrity is verified using hash value. Pavlidis et al. [70] proposed a blockchain based network provider collaboration for DDoS mitigation. The AS's are selected based on the reputation scores to participate in the DDoS mitigation plan. The programmable data planes are used to implement the mitigation mechanism for DDoS attacks, which is in contrast to most of the works using SDN Openflow protocol. In the papers [81] [73], the machine learning algorithms such as K-nearest neighbors (KNN), decision tree and random forest as well as deep learning technique long short-term memory (LSTM) are applied to the network traffic to determine the DDoS attack and considered blockchain technology to whitelist/blocklist the IP addresses at the autonomous system level of the network. But, the machine learning application on the network traffic requires infrastructure and computation capabilities, and ownership responsibility to allocate the resources need to be addressed. Any specific entity like ISP, security service providers will not be interested to perform data analytics unless they have any monetary benefits or business advantages. Overall, we can clearly see that the combination of SDN in AS level and Ethereum smart contract can be implemented to track the IP addresses status and update all the nodes across the internet to mitigate the DDoS attacks. However, there are some limitations like blockchain integration with legacy networks, handling spoofed IP addresses need to be solved for adopting the blockchain based DDoS mitigation in the network level. The DDoS attacks mitigation at the attacker network is an effective way to handle DDoS attacks, as the attack traffic will not be propagated to the internet network. Most of the latest DDoS botnets are formed by compromising the legitimate IoT devices located all over the internet and target the victims to send malicious network traffic. So, detection and mitigation of IoT botnets at the source network in essential. Chen et al. [82] focused on detecting and mitigating IoT based DDoS attacks or botnets in IoT environment using blockchain. The edge devices or IoT gateways acts as a blockchain node to perform transactions when a network anomaly or attack detected in the IoT environment. The techniques used for network traffic analysis in the paper include statistical analysis, conventional bot detection techniques like community detection. The smart contracts are used to write attack alerts data in transactions and Ethereum network distribute the data across the IoT nodes. But, the IoT gateway nodes are not usually customercentric and deploying the blockchain client application in the gateway is challenging for real-time production environment. Javaid et al. [66] discussed the blockchain based DDoS attack detection on the servers connected to the IoT devices. The IoT devices sending data to the server is approved by the Ethereum network with an expense of gas cost. When a rogue IoT device trying to send the malicious network traffic, the IoT device is penalized with high gas cost and only trusted devices are approved for connecting to the network. The integration of the IoT with Ethereum enables the denial of service mitigation on the IoT device connected servers. Sagirlar et al. [83] proposed a blockchain solution for detecting the IoT related peer to peer botnets. The assumption is that botnets frequently communicate to each other to perform malicious activity. The authors mentioned that the network traffic between the botnet nodes are considered as blockchain transactions in permissioned Byzantine Fault Tolerant (BFT) and use these transactions to identify the botnet IoT devices. The proposal method may not be a viable solution, as the network traffic flows are enormous and blockchain may not accommodate the transaction capacity needed for storing in blockchain nodes. Spathoulas et al. [84] presented an outbound network traffic sharing among the blockchain enabled IoT gateways [21] Ethereum Consortium Proof of Work Smart contracts, Swarm, DOS, Bloom filter Yang et al. [74] Ethereum Permission Proof of work Smart Contract Yeh et al. [72] Ethereum Consortium Proof of work Smart contract, Swarm, Oracle Rodrigues et al. [75] Ethereum Public Proof of Work Smart Contract, SDN and VNF. Burger et al. [65] Ethereum Public Proof of Work Smart Contract, Bloom filter Rodrigues et al. [64] Ethereum Public Proof of Work SmartContract, SDN Rodrigues et al. [18] Ethereum Consortium Proof of Work Smart Contract, IPFS, SDN Hajizadeh et al. [77] Hyperledger Fabric Private Kafka Chain code, SDN, Threat Platform Essaid et al. [73] Ethereum Public Proof of work Smart Contract, Deep learning(LSTM), SDN Aujla et al. [78] Generic Private -SDN Shafi et al. [79] Hyperledger -Kafka SDN, IoT Pavlidis et al. [70] Ethereum Public, Private Proof-of-Authority Smart Contract Abou et al. [71] Ethereum Public Proof of work Smart Contract, Software Defined Networking [21] Decentralized DDoS info sharing SOC may use DDoS data among peers Selecting the data certifier is challenging Yang et al. [74] Blockchain based DDoS mitigation services [70] collaborative DDoS mitigation at the AS level Network level DDoS mitigation Difficult to identify slow DDoS attacks Abou et al. [80] Intra-domain and inter-domain DDoS mitigation Effective DDoS mitigation Spoofed IP's are ignored [82] Ethereum Public Proof of work Smart contract, IOT Javaud et al. [66] Ethereum Public Proof of work Smart Contract, IoT Sagirlar et al. [83] Hyperledger (Future work) permission BFT IoT, Chaincode Spathoulas et al. [84] Ethereum (Future work) Public Proof of work IoT, Smart Contract Abou et al. [71] Ethereum Permission Proof of work SDN, IOT Kataoka et al. [67] Ethereum Public, Private Proof of work Smart Contract, SDN, IoT to detect the IoT botnet. The authors performed simulations on the proposed solution and showed the promising results using detection efficiency parameter. But, the solution is not tested in the real blockchain nodes installed in the gateway and mentioned that Ethereum smart implementation is one of their future work. But, in general, the IoT gateways are multivendor devices and interoperability among the devices is an issue. Abou et al. [71] discussed collaboration among the autonomous systems to detect the DDoS attacks. Each AS contain SDN controller, in which blockchain application like Ethereum client is installed to distribute the malicious IP addresses among other AS's. Whenever a malicious IP address is identified in the AS, the SDN controller updates to the Ethereum client and then Ethereum clients update to all the SDN controller in the AS's for DDoS detection and mitigation. To implement this solution, the AS's should support the same SDN controller and agree to collaboratively work for DDoS mitigation. Kataoka et al. [67] presented a similar [71] blockchain and SDN based architecture for whitelisting the IoT devices in the network. The trusted profile consist of IoT devices will be stored in smart contract based blockchain transaction and the SDN controller will update all the switches and routers in the SDN network. This implementation enable the malicious or IoT botnets will be blocked in the attack network itself and protect the networks. Considering there is a huge number of IoT devices connected to internet approximately 31 billion devices as of 2020, the implementation of the blockchain for each gateway in IoT environment is challenging and practically impossible. In addition, the IoT gateway vendors interoperability and supporting the blockchain nodes just for the sake of DDoS detection and mitigation may not seem to be reasonable with the current state-of-the-art technology. Yang et al. [74] proposed a real-time DDoS mitigation service leveraging a consortium based or permissioned blockchain. Each DDoS service provider has an account in the permission blockchain to provide DDoS mitigation service. The victim looks for the attacker IP-AS mapping in the blockchain, and the trusted service provider IP tagged with AS is authorized to provide the DDoS mitigation service. The authors also proposed the reputation or credibility validation mechanism of the service providers. However, if the attack IP is spoofed, the author's proposed blockchain based DDoS mitigation service is not applicable. Kyoungmin Kim et al. [19] proposed a decentralized CDN service to mitigate the DDoS attacks with the help of private blockchain and particularly used by government and military agencies to protect their service. The victims usually the service providers hosting the web content servers. They can protect the servers using the decentralized the CDN services. The context of the attacker and victim location may be changed based on the attack type and how the attack is conducted. For example, an attacker may use their infrastructure to send the malicious traffic. In this case, the blockchain based solutions proposed in the attacker domain can be considered as near attacker based solutions. Additionally, the attacker compromise the legitimate IoT devices and use them as a botnet to attack another victim. Here, the solutions deployed in the IoT device locations also comes under near attacker based solutions. The solutions solely implemented in the main victim (not the legitimate IoT bot owner victim) are considered under the Near victim location based solutions. We can say that near the victim based solution research articles are far too less than the network based and near attacker based solutions. It is too late to mitigate the DDoS attacks near the victim. So, the existing solutions mainly focused on the network level or near attacker. The hybrid DDoS detection and mitigation solution can be the combination of the network based, near attacker location and the near victim location based solution. For effective mitigation of the DDoS attacks, the multi level mitigation solutions are needed. But, the implementation of these solutions require the collaboration among stakeholders. Abou et al. [80] proposed intra domain and inter domain DDoS detection and mitigation solution using blockchain. The intra-domain detection include near the victim based solution and inter domain detection meaning that network based solution. The Ethereum smart contract is deployed in each AS to distribute the DDoS threat information and the SDN controller is used to update the AS network traffic filtering rule to block the malicious traffic for inter domain DDoS mitigation. On the other hand, the traffic from switches and routers in the same domains are monitored using SDN controller applications and apply the flow control rules in switches/routers using open flow switch protocol. This mechanism mitigate the internal attacks originating from the same domain. Based on our research, there is limited work done on proposing solutions in multi levels of internet architecture and scope for new research contributions in this area. In this section, we discuss the research challenges to leverage the blockchain technology for DDoS attack detection and mitigation solutions. The detail description of the decentralized technologies adoption in conventional network issues are presented to handle the DDoS attacks. Distributed denial of service attacks mitigation involves the network operators, internet service providers and edge network service providers to respond and block the malicious actor traffic. These stakeholders run the network services in legacy platforms and has been providing services for decades and adapting to the decentralized blockchain technology is a major concern. The reasons could be the lack of memory and computation requirements for blockchain in legacy networks [77] , trust on the technology, unavailability of blockchain professional workforce, fear of failure to protect customers while using blockchain. In addition, a collaboration between the ISP's is required to share the malicious data indicators among the ISP's and all the stakeholder's may not be comfortable, as there is no monetization aspect for the internet service providers and usually only benefited by the attack victims. So, a responsible organization or service provider should be stepped up to coordinate among the stakeholders and make sure the involved stakeholders get benefited. The Blockchain transactions process include the network traffic passing through the internet from one node and other nodes in the network; the cryptocurrency exchanges can also act as a blockchain node on behalf of the client and perform the transactions in the exchange conventional network. The attack vector for the blockchain is quite broader and the cost of a single vulnerability in the applications is in millions of dollars. For instance, a parity check vulnerability in Ethereum causes lost $300 million dollars [85] and a small bug found in cryptocurrencies has a huge impact on the decentralized network. It is also important to note that the cryptocurrency exchanges having conventional network will have a major consequence to impact the P2P applications. We envision that there is a scope to progress for developing the flawless applications and monitoring the traffic for illegitimate activity detection. [67] IoT botnets detection using SDN and blockchain Attacker location based detection Not applicable to non SDN based IoT Monitoring the anomalous behavior of the blockchain network traffic and transactions dataset using machine learning and deep learning techniques is one of the solutions for detecting the DDoS attacks proposed in the prior art [69] [53] . But there are very few datasets available in public for continuing research and improving the detection metrics. Mt.Gox exchange trading activity data from 2011 to 2013 is available for public to use for research purpose [86] . The quality of the data and how older the data is questionable for testing and detecting the real time attacks. We believe that having standard datasets and application of big data analytics in the future is a must requirement for research progress in DDoS detection in cryptocurrency networks. The proposed solutions for DDoS attacks detection mainly identifies the source IP address and use blockchain technology to store the transactions and share the IP address among the stakeholders to block/whitelist the IP address with trust and validation at the network level [ [65] . These solutions assume that the originating malicious IP addresses are not spoofed, and this condition is not always true. In most of the scenarios, as seen in Table II , the attacker performs a reflection attack, in which the spoofed traffic is being sent to the victim to consume the communication capacity or saturating the CPU or memory resources for successful DDoS attack. The researchers also not addressed the IPv6 traffic and can be critical storing the IP version 6 data in blockchain in terms of memory consumption. The existing state-of-art essentially utilized the software defined networks and internet of things technology to address the denial of service attacks either at the victim level or network level. Even though those solutions prove that the attacks can be mitigated, there is a real challenge when trying to adopt the techniques in industry. The IoT device or gateway vendors are quite diversified and there are multitude of SDN supporting network device providers for enterprise solution. We tend to see incompatibility issue and also supporting blockchain node issues in these network paradigms and deploying a decentralized application across their stakeholder network is impractical. It is desirable to depend on the Blockchain based DDoS mitigation as a service solution like Gladius [87] . In this section, the future directions of dealing with DDoS attacks using blockchain technology is explored. We have presented the research directions in terms of the advancements in blockchain and how these advancements can be used to address the DDoS attacks. The current blockchain technologies like Bitcoin or Ethereum smart contracts transaction process is sequential and hence, it is very slow to add the transactions in the blockchain. To solve the scalability and interoperability issue between blockchain nodes, internet connected blockchain has been proposed and can concurrently process the transactions from different blockchains. Paralism [88] built the blockchain infrastructure with unlimited scalability and digital economy platform supported by parallel blockchain. Customized script and chain virtualization make paralism support any amount of sub-chains and independently operated chain-based applications and also become the backbone of the internet in decentralized world. This technology is in the early stages of the development and lot of scope to work on utilizing parallel blockchain to share the threat data across the blockchain applications and protect denial of service attacks. We also think that the parallel blockchain surfaces new security issues including leaking the information between the blockchain applications and will be the topic to focus for researchers while building the blockchain internet backbone. Another notable advancement in the blockchain is Xrouter, which acts as blockchain router to communicate one blockchain like bitcoin to smart contracts, supporting interchain and multichain services [89] . The network paradigms keep changing as the new technology trends emerged in the enterprises. The Internet of Things supports IP protocol and IoT application protocols MQTT, XMPP, AMQP etc. The denial of service attacks can be carried by leveraging the weaknesses in the protocol and flooding the traffic on the victim machine. The combination of Programmable data planes at the gateway level and the blockchain technology for sharing the attack data is effective for mitigation of the attacks. The P4 device in the switch level that can parse any type of network protocol and makes easy for applying the blockchain technology. We envision that the future work would be proposing new architecture with P4 for mitigation of attacks, developing smart contracts for the gateway level device to monitor and mitigate the attacks using Programmable data planes. Consortium or private based blockchains are most compatible for sharing the threat information among the Blockchain participants. Numerous Ethereum based techniques has applied to share the information with integrity and anonymity. Leveraging the decentralized file storage such as swarm, IPFS enables to store the information rather than keeping the data in transactions and causing time delay to process the sequential transactions. We believe that the information sharing field using blockchain requires improvement and architecture changes to implement secured information sharing network. DDoS solutions implemented using Ethereum network [72] [71]faces scalability, speed challenges, in particular transactions refer to allow or block attack IP addresses. Ethereum 2.0 has been proposed and implemented for the last few years [90] . From August 2020, the upgradation to Ethereum 2.0 is initiated with three phases to complete the process. ETH 2.0 works-based proof of stake (POS) rather than POW, which is a major change and the upgradation supports the drastic increase in network bandwidth, Lower Gas Costs and benefit for scalability of the network. We envision implementing the DDoS mitigation scheme in Ethereum 2.0 in the near future. Blockchain is emerged as a disruptive technology in recent times and the blockchain application capabilities are promising to use in the field of cybersecurity. DDoS attacks are well known and still considered as a major threat to disrupt the businesses. We have performed a detailed review of the blockchain based solutions for DDoS attacks detection and mitigation including the consideration of the different network environments such as SDN, IoT, cloud or conventional network. The solutions are categorized based on the solution deployment location such as network based, near attack location, near victim location and hybrid solutions. We determined that most of the existing solutions focused on storing the malicious IP addresses in blockchain transactions implemented using smart contract and distribute the IP addresses across the AS's in the network level. However, limited research is performed to propose near victim location and hybrid solutions. Finally, we described the open challenges based on the existing research contributions and the future directions based on the advancements in blockchain technologies like parallel blockchain, Xroute, Ethereum 2.0 to effectively handle the DDoS attacks. We believe that our review will be a great reference resource for readers and the future researchers interested to pursue the research in the combination of Blockchain and DDoS attacks domain. Evolution of DDoS in the last decade -REAL security A 1.3-Tbs DDoS Hit GitHub, the Largest Yet Recorded KrebsOnSecurity Hit With Record DDoS -Krebs on Security OVH suffers 1.5Tbps DDoS attack via 145,000 webcams The Dyn report: What we know so far about the world's biggest DDoS attack A survey on challenges and progresses in blockchain technologies: A performance and security perspective Consortium blockchain for secure energy trading in industrial internet of things A blockchainbased solution for enhancing security and privacy in smart factory Towards secure industrial iot: Blockchain system with credit-based consensus mechanism Distributed Blockchain-Based Data Protection Framework for Modern Power Systems Against Cyber Attacks Blockchain for Large-Scale Internet of Things Data Storage and Protection An Energy-Efficient SDN Controller Architecture for IoT Networks with Blockchain-Based Security B-DNS: A Secure and Efficient DNS Based on the Blockchain Technology Blockchain-assisted Public-key Encryption with Keyword Search against Keyword Guessing Attacks for Cloud Storage Identifying and protecting against the largest DDoS attacks Enabling a Cooperative, Multi-domain DDoS Defense by a Blockchain Signaling System (BloSS) DDoS Mitigation: Decentralized CDN Using Private Blockchain Integrating DOTS with blockchain can secure massive IoT sensors SOChain: A Privacy-Preserving DDoS Data Exchange Service Over SOC Consortium Blockchain The security of big data in fog-enabled iot applications including blockchain: A survey DDoS attacks and defense mechanisms: A classification Software Defined Networking Based DDoS Defense Mechanisms. 1(1) A Recent Survey on DDoS Attacks and Defense Mechanisms DDoS botnets have abused three zero-days in LILIN video recorders for months A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks DDoS Attacks Against US Banks Peaked At 60 Gbps -CIO Group Battles Huge DDoS Attack Update: Spamhaus hit by biggest-ever DDoS attacks Record-breaking DDoS attack strikes CloudFlareś network Bitcoin: A Peer-to-Peer Electronic Cash System Public Key Cryptography and Digital Signatures The advantages and disadvantages of the blockchain technology An Overview of Blockchain Technology: Architecture, Consensus, and Future Trends The 10 Most Important Cryptocurrencies Other Than Bitcoin Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. Its modular and versatile design satisfies a broad range of industry use cases The IoT Rundown For 2020: Stats, Risks, and Solutions -Security Today A literature review on Software-Defined Networking (SDN) research topics, challenges and solutions Analyzing the vulnerabilities introduced by ddos mitigation techniques for software-defined networks A Blockchain-Based Security Traffic Measurement Approach to Software Defined Networking. Mobile Networks and Applications A Survey of Blockchain Security Issues and Challenges A review of current security issues in internet of things Secure and reliable IoT networks using fog computing with software-defined networking and blockchain The security of machine learning in an adversarial setting: A survey Security Threats in the Data Plane of Software-Defined Networks A hypergraph-based blockchain model and application in internet of things-enabled smart homes A taxonomy of DDoS attack mitigation approaches featured by SDN technologies in IoT scenarios A decentralized privacy-preserving healthcare blockchain for IoT BlockDeepNet: A blockchain-based secure deep learning for IoT network Syed Ali Hassan, and Ekram Hossain. Machine Learning in IoT Security: Current Solutions and Future Challenges Internet of Things: A survey on machine learning-based intrusion detection approaches A Survey on Distributed Denial of Service (DDoS) Attacks in SDN and Cloud Computing Environments A Review of Android Malware Detection Approaches Based on Machine Learning Andrei Levakov, and Ilya Belozertsev. Blockchain behavioral traffic model as a tool to influence service IT security Detection of DDoS Attack Using SDN in IoT: A Survey A Survey: DDOS Attack on Internet of Things Blockchain security in cloud computing: Use cases, challenges, and solutions. Symmetry Blockchain Technology Applications & Use Cases in 2020 -Business Insider Utilization of blockchain for mitigating the distributed denial of service attacks A blockchain-based architecture for collaborative DDoS mitigation with smart contracts Collaborative DDoS Mitigation Based on Blockchains Mitigating loT Device based DDoS Attacks using Blockchain Trust list: Internet-wide and distributed IoT traffic management using blockchain and SDN Distributed Denial of Service ( DDoS ) Mitigation Using Blockchain -A Comprehensive Insight ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review Orchestrating DDoS mitigation via blockchain-based network provider collaborations Co-IoT: A Collaborative DDoS mitigation scheme in IoT environment based on blockchain using SDN A Collaborative DDoS Defense Platform Based on Blockchain Technology A Collaborative DDoS Mitigation Solution Based on Ethereum Smart Contract and RNN-LSTM A blockchain based online trading system for DDoS mitigation services Multi-domain DDoS mitigation based on blockchains Deploy Smart Contracts on Ropsten Testnet through Ethereum Remix Collaborative cyber attack defense in SDN networks using blockchain technology BlockSDN: Blockchain as a Service for Software Defined Networking in Smart City Applications DDoS Botnet Prevention using Blockchain in Software Defined Internet of Things Cochain-SC: An Intra-and Inter-Domain Ddos Mitigation Scheme Based on Blockchain Using SDN and Smart Contract Blockchain Based DDoS Mitigation Using Machine Learning Techniques A DDoS Attack Defense Method Based on Blockchain for IoTs Devices AutoBotCatcher: Blockchain-based P2P botnet detection for the internet of things Georgios Paraskevas Damiris, and Georgios Theodoridis. Collaborative blockchain-based detection of distributed denial of service attacks based on internet of things botnets How Ethereum lost $300 Million Dollars -Hacker Noon Replication data for: Empirical Analysis of Denial-of-Service Attacks in the Bitcoin Ecosystem Gladius: CDN Decentralized And DDoS Protection On The Blockchain Introducing XRouter: Developers Can Now Mix And Match Any Blockchain Via The World's First Blockchain Router What is Ethereum 2.0 and Why Does It Matter? -Decrypt