Smart contract based DDoS attack traceability audit mechanism in intelligent IoT

IF 3.1 3区计算机科学 Q2 TELECOMMUNICATIONS

China Communications Pub Date : 2023-08-01 DOI:10.23919/JCC.fa.2023-0020.202308

Zhuohao Wang, Weiting Zhang, Runhu Wang, Y. Liu, Chenyang Xu, Chengxiao Yu

{"title":"Smart contract based DDoS attack traceability audit mechanism in intelligent IoT","authors":"Zhuohao Wang, Weiting Zhang, Runhu Wang, Y. Liu, Chenyang Xu, Chengxiao Yu","doi":"10.23919/JCC.fa.2023-0020.202308","DOIUrl":null,"url":null,"abstract":"In this paper, we focus on providing data provenance auditing schemes for distributed denial of service (DDoS) defense in intelligent internet of things (IoT). To achieve effective DDoS defense, we introduce a two-layer collaborative blockchain framework to support data auditing. Specifically, using data scattered among intelligent IoT devices, switch gateways self-assemble a layer of blockchain in the local autonomous system (AS), and the main chain with controller participation can be aggregated by its associated layer of blocks once a cycle, to obtain a global security model. To optimize the processing delay of the security model, we propose a process of data pre-validation with the goal of ensuring data consistency while satisfying overhead requirements. Since the flood of identity spoofing packets, it is difficult to solve the identity consistency of data with traditional detection methods, and accountability cannot be pursued afterwards. Thus, we proposed a Packet Traceback Telemetry (PTT) scheme, based on in-band telemetry, to solve the problem. Specifically, the PTT scheme is executed on the distributed switch side, the controller to schedule and select routing policies. Moreover, a tracing probabilistic optimization is embedded into the PTT scheme to accelerate path reconstruction and save device resources. Simulation results show that the PTT scheme can reconstruct address spoofing packet forward path, reduce the resource consumption compared with existing tracing scheme. Data tracing audit method has fine-grained detection and feasible performance.","PeriodicalId":9814,"journal":{"name":"China Communications","volume":"20 1","pages":"54-64"},"PeriodicalIF":3.1000,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"China Communications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.23919/JCC.fa.2023-0020.202308","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

In this paper, we focus on providing data provenance auditing schemes for distributed denial of service (DDoS) defense in intelligent internet of things (IoT). To achieve effective DDoS defense, we introduce a two-layer collaborative blockchain framework to support data auditing. Specifically, using data scattered among intelligent IoT devices, switch gateways self-assemble a layer of blockchain in the local autonomous system (AS), and the main chain with controller participation can be aggregated by its associated layer of blocks once a cycle, to obtain a global security model. To optimize the processing delay of the security model, we propose a process of data pre-validation with the goal of ensuring data consistency while satisfying overhead requirements. Since the flood of identity spoofing packets, it is difficult to solve the identity consistency of data with traditional detection methods, and accountability cannot be pursued afterwards. Thus, we proposed a Packet Traceback Telemetry (PTT) scheme, based on in-band telemetry, to solve the problem. Specifically, the PTT scheme is executed on the distributed switch side, the controller to schedule and select routing policies. Moreover, a tracing probabilistic optimization is embedded into the PTT scheme to accelerate path reconstruction and save device resources. Simulation results show that the PTT scheme can reconstruct address spoofing packet forward path, reduce the resource consumption compared with existing tracing scheme. Data tracing audit method has fine-grained detection and feasible performance.

查看原文本刊更多论文

智能物联网中基于智能合约的DDoS攻击溯源审计机制

在本文中，我们专注于为智能物联网中的分布式拒绝服务（DDoS）防御提供数据来源审计方案。为了实现有效的DDoS防御，我们引入了两层协作区块链框架来支持数据审计。具体而言，交换机网关利用分散在智能物联网设备之间的数据，在本地自治系统（AS）中自行组装一层区块链，控制器参与的主链可以通过其关联的区块层一个周期聚合一次，以获得全局安全模型。为了优化安全模型的处理延迟，我们提出了一个数据预验证过程，目的是确保数据一致性，同时满足开销要求。由于身份欺骗数据包泛滥，传统的检测方法很难解决数据的身份一致性问题，事后也无法追究责任。因此，我们提出了一种基于带内遥测的分组回溯遥测（PTT）方案来解决这个问题。具体地，PTT方案在分布式交换机侧执行，控制器调度和选择路由策略。此外，在PTT方案中嵌入了跟踪概率优化，以加速路径重建并节省设备资源。仿真结果表明，与现有的跟踪方案相比，PTT方案能够重构地址欺骗分组的前向路径，降低资源消耗。数据跟踪审计方法具有细粒度的检测和可行的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

China Communications 工程技术-电信学

CiteScore

8.00

自引率

12.20%

发文量

2868

审稿时长

8.6 months

期刊介绍： China Communications (ISSN 1673-5447) is an English-language monthly journal cosponsored by the China Institute of Communications (CIC) and IEEE Communications Society (IEEE ComSoc). It is aimed at readers in industry, universities, research and development organizations, and government agencies in the field of Information and Communications Technologies (ICTs) worldwide. The journal's main objective is to promote academic exchange in the ICTs sector and publish high-quality papers to contribute to the global ICTs industry. It provides instant access to the latest articles and papers, presenting leading-edge research achievements, tutorial overviews, and descriptions of significant practical applications of technology. China Communications has been indexed in SCIE (Science Citation Index-Expanded) since January 2007. Additionally, all articles have been available in the IEEE Xplore digital library since January 2013.