Identification of DDoS Attack on Application Layer using Blockchain and AI : Another amazing project coming out of Indian engineering ecosystem

June 9, 2018

Written with love by

 

From left to right – Rashmitha Varma, Akshata E R, Shravan N, Rohit Kapoor, Aastha Vardhan, Sulyab Thottungal (Team Lead)

 

I got introduced to Rohit Kapoor over LinkedIn who is a final year student at Krishna Engineering College, Ghaziabad   & he briefed me on his team's project on blockchain involving identification of DDoS attack.

 

This hooked me instantly to know more & i came to know that this project was presented at IEEE Computer Society India Symposium 2018, Kolkata Section at Bodh Gaya, Bihar. 10 teams were selected from all over India. Very impressive indeed.

 

I took time to interact with the team over email & decided to cover them in this interview with the help of Rohit

Project Description:

 

The project revolves around the mitigation of DDoS (distributed denial-of-service) attack on an application level using blockchain technology and Artificial Intelligence. In today’s world, the dependence of people on technology has increased to a great extent.

 

For minor uses like checking the time, to major tasks such as transactions of billions of dollars, technology is used everywhere.

 

An example for an application layer request would be an HTTP GET request, which requests for an image file, let’s say. Now, the attacker(s) would send hundreds or thousands of requests for retrieving the file, which would throttle the server and probably crash it or increase the latency to unusable level.

 

Hence, the security of all the sensitive information and data is of high importance and should be taken care of. Almost everything can be done online these days, like money transactions, transferring confidential documents and information etc.

 

To ensure unauthorized access to sensitive content, high security should be provided to the data. Attacks like DDoS attacks, make the security system vulnerable to information leakage and loss of data.

 

In order to prevent this, we are implementing the blockchain technology which is a highly efficient method of DDoS attack prevention.

 

An example for an application layer request would be an HTTP GET request, which requests for an image file, let’s say.

 

Now, the attacker(s) would send hundreds or thousands of requests for retrieving the file, which would throttle the server and probably crash it or increase the latency to unusable level.

 

 

 

Now, the first question that would arise in such a situation is whether the hundreds of requests for the image file is legitimate traffic or illegitimate traffic.

 

For example, during mega online sales on Amazon, it is normal that lakhs of users will try to access the same page or same image.

 

In that case, it is legitimate. But DDoS attacks look the same way, and it is quite hard to tell which is which.

 

The difficulty of mining the block is so adjusted that in essence, this is similar in complexity as traditional problem-solution model of verifying the legitimacy of a client.

 

Modern network security research has suggested using challenges in the form of mathematical problems to verify the legitimacy of a client.

 

In the model we propose, a client requesting a significant resource such as an image or video, shall have to mine a block that contains information of requests from clients that requested the same resource before.

 

The difficulty of mining the block is so adjusted that in essence, this is similar in complexity as traditional problem-solution model of verifying the legitimacy of a client.

 

The additional advantage is that the complete history of resource requests are publicly available in the form of a blockchain, which can be subjected to AI-based analysis to identify malicious patterns.

 

Thus, the proposed method is at least as good as the existing methods, and furthermore provides access to the reliability of blockchain and possibilities of AI.

 

We were assigned a team of 6 people including the team lead to work on this project and to represent our team in the first version of IEEE Technergize in CSIS’18 at Bodhgaya.

 

What is blockchain and how your project is using blockchain in simple terms?

 

Ans. Blockchain is a continuously growing list of records, called blocks, which are linked and secured using cryptography. Each block typically contains a cryptographic hash of the previous block, a timestamp and transaction data.

 

By design, blockchain is inherently resistant to modification of the data.

 

We are using blockchain in our project to identify the illegitimate user who is trying to block the request of other legitimate users by continuously requesting to the server and not waiting for it to respond.

 

In that case, the request of the legitimate users gets blocked temporarily or for some cases, permanently.

 

In real time, we are applying an algorithm which can detect the user’s request and can verify that it is the legitimate one or not.

 

What motivated you to do this project?

 

Ans. We were assigned a team of 6 people including the team lead to work on this project and to represent our team in the first version of IEEE Technergize in CSIS’18 at Bodhgaya. It was a National Level event, where different teams across the country participated and demonstrated their work.

 

We were motivated throughout the 7 months of preparations till the very end.

 

Challenges have come and went, but we did not lose our hope and now we know how blockchain works.

 

What were the challenges you faced while doing this project?

 

Ans. The very first challenge is to know about blockchain, its concept and the implementation. None of us knew what it was in the beginning, but when the time gradually passed, we were able to explain blockchain even to the non-technical people.

 

Challenges have come and went, but we did not lose our hope and now we know how blockchain works.

 

What is the technical stack of this project?

 

Ans. Technical Stack of this project are as follows:

  • Python 3.5

  • Understanding of Socket Programming (Client-Server Communication)

  • Python Libraries for cryptography etc.

 

What is the road ahead of this project?

 

Ans. We are fortunate that we got an opportunity to demonstrate our project in front of Google and Microsoft in the month of June 2018.

 

What is your view on MieRobot.com?

 

Ans. What we have learnt so far is that, MieRobot.com brings employability to the college campus across the country with Industry 4.0 skills. And we are grateful and thank Mr. Anirban Sir, who liked our project and interviewed us.

Comments from MieRobot: 

 

We personally think that down the line B-tech in CSE would be further split into seperate branches as security, cloud computing, data science & AI just on the same line as B-tech IT took birth in late 90's from CSE to cater to IT services demand then.

 

Considering such aspects this project which deals with security along with blockchain is fundamentally on right time. We sincerely hope that readers would get encouraged to pick such projects in their final year.

 

We also loved the team work involving different engineering college students working together.

 

Amazing job & good wishes from us for the Google and Microsoft presentations. 

 

Great job guys! 

 

 

Did we miss your college?

 

No problem we got you covered. You can also invite MieRobot by an email at hello@mierobot.com

 

About Author: Anirban runs an EduTech startup brand called MieRobot.com which provides on-campus employability solutions in areas of Machine learning, Graph Database,UX,Data Science, Robotics and Product Management. You can say him a hello at hello@mierobot.com

 

 

 

 

 

 

 

Share on Facebook
Share on Twitter
Please reload

Please reload