Distributed Denial of Service (DDoS) attacks are among the most critical threats to network security. The cross-domain nature of DDoS traffic limits the effectiveness of single-domain detection, necessitating collaborative approaches for improved performance. However, existing implementations (e.g., blockchain-based solutions) require access to raw anomalous IP addresses, which imposes strong inter-party trust assumptions and poses considerable risks to data privacy. To address the tension between collaboration and privacy, we propose CFDetect, a cross-domain DDoS detection system based on Secure Multi-Party Computation (SMPC). The solution enables joint analysis without exposing sensitive data while maintaining computational efficiency. CFDetect operates in two stages. First, each Autonomous System (AS) domain encodes its detected anomalous IP addresses into a Cuckoo Filter to reduce computational overhead during subsequent operations. Second, we leverage SMPC to perform secure union and intersection operations over these filters, enabling detection scope expansion through union and false positive reduction through intersection. Experiments show that CFDetect reduces false positives by over 10 \(\times \) and improves recall by more than 3 \(\times \) compared to single-domain detection.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Towards Privacy-Preserving Collaborative Detection of DDoS with Secure Multi-Party Computation

  • Kun Zhu,
  • Yang Du,
  • He Huang,
  • Yu-E Sun

摘要

Distributed Denial of Service (DDoS) attacks are among the most critical threats to network security. The cross-domain nature of DDoS traffic limits the effectiveness of single-domain detection, necessitating collaborative approaches for improved performance. However, existing implementations (e.g., blockchain-based solutions) require access to raw anomalous IP addresses, which imposes strong inter-party trust assumptions and poses considerable risks to data privacy. To address the tension between collaboration and privacy, we propose CFDetect, a cross-domain DDoS detection system based on Secure Multi-Party Computation (SMPC). The solution enables joint analysis without exposing sensitive data while maintaining computational efficiency. CFDetect operates in two stages. First, each Autonomous System (AS) domain encodes its detected anomalous IP addresses into a Cuckoo Filter to reduce computational overhead during subsequent operations. Second, we leverage SMPC to perform secure union and intersection operations over these filters, enabling detection scope expansion through union and false positive reduction through intersection. Experiments show that CFDetect reduces false positives by over 10 \(\times \) and improves recall by more than 3 \(\times \) compared to single-domain detection.