When we see the reverse gas model in Dfinity, we think it will keep consuming Canister's cycles balance if it suffers malicious calls from attackers. So based on this thought, we consider developers have the need to monitor Cycles balance and prevent from DDoS attack. Inspired by this, we decided to develop the product.

What it does

The purpose of this product is to protect developers from DDoS attacks and notify them when DDoS attack happened.

How we built it

A DDoS attack's feature is that a rapid decrease in the cycle balance of the canister. If this feature is detected, we will trigger improve diffculty of target canister, and then request have to do prove of work to enter that canister. User can import rust library to build prove of work part.

IC provides the [canister_inspect_message] C interface, which will let the request do some judgment before entering the canister, accepting the request into the canister if it meets the conditions, discarding the request if it does not, which not consuming the cycle. we generate a random number on chain, user generate a random number off chain, and then we require Hash(random_on_chain,random_off_chain) to meet certain conditions. Once they meet the conditoin, [canister_inspect_message] will accept this request. otherwise, it will discard it.

Challenges we ran into

It is hard to distinguish between users and attackers when DDoS attacks occur, the developer's front-end should also implement the logic to produce random numbers to request again when the call fails, otherwise it will reduce the user experience to let users request the front-end interface multiple times.

Accomplishments that we're proud of

We are glad to find out the solution that establish the connection between DDoS attack and prove of work.

What we learned

By participating in the hackathon, we learned the advantages of IC's blockchain architecture over previous generations of blockchains. It makes us more confident to build new projects on IC.

What's next for Dfinity DDoS Defender

We will integrate our notification service with Dmail.

Built With

Share this project: