智能物联网中基于智能合约的DDoS攻击溯源审计机制

IF 3.1 3区 计算机科学 Q2 TELECOMMUNICATIONS
Zhuohao Wang, Weiting Zhang, Runhu Wang, Y. Liu, Chenyang Xu, Chengxiao Yu
{"title":"智能物联网中基于智能合约的DDoS攻击溯源审计机制","authors":"Zhuohao Wang, Weiting Zhang, Runhu Wang, Y. Liu, Chenyang Xu, Chengxiao Yu","doi":"10.23919/JCC.fa.2023-0020.202308","DOIUrl":null,"url":null,"abstract":"In this paper, we focus on providing data provenance auditing schemes for distributed denial of service (DDoS) defense in intelligent internet of things (IoT). To achieve effective DDoS defense, we introduce a two-layer collaborative blockchain framework to support data auditing. Specifically, using data scattered among intelligent IoT devices, switch gateways self-assemble a layer of blockchain in the local autonomous system (AS), and the main chain with controller participation can be aggregated by its associated layer of blocks once a cycle, to obtain a global security model. To optimize the processing delay of the security model, we propose a process of data pre-validation with the goal of ensuring data consistency while satisfying overhead requirements. Since the flood of identity spoofing packets, it is difficult to solve the identity consistency of data with traditional detection methods, and accountability cannot be pursued afterwards. Thus, we proposed a Packet Traceback Telemetry (PTT) scheme, based on in-band telemetry, to solve the problem. Specifically, the PTT scheme is executed on the distributed switch side, the controller to schedule and select routing policies. Moreover, a tracing probabilistic optimization is embedded into the PTT scheme to accelerate path reconstruction and save device resources. Simulation results show that the PTT scheme can reconstruct address spoofing packet forward path, reduce the resource consumption compared with existing tracing scheme. Data tracing audit method has fine-grained detection and feasible performance.","PeriodicalId":9814,"journal":{"name":"China Communications","volume":"20 1","pages":"54-64"},"PeriodicalIF":3.1000,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Smart contract based DDoS attack traceability audit mechanism in intelligent IoT\",\"authors\":\"Zhuohao Wang, Weiting Zhang, Runhu Wang, Y. Liu, Chenyang Xu, Chengxiao Yu\",\"doi\":\"10.23919/JCC.fa.2023-0020.202308\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we focus on providing data provenance auditing schemes for distributed denial of service (DDoS) defense in intelligent internet of things (IoT). To achieve effective DDoS defense, we introduce a two-layer collaborative blockchain framework to support data auditing. Specifically, using data scattered among intelligent IoT devices, switch gateways self-assemble a layer of blockchain in the local autonomous system (AS), and the main chain with controller participation can be aggregated by its associated layer of blocks once a cycle, to obtain a global security model. To optimize the processing delay of the security model, we propose a process of data pre-validation with the goal of ensuring data consistency while satisfying overhead requirements. Since the flood of identity spoofing packets, it is difficult to solve the identity consistency of data with traditional detection methods, and accountability cannot be pursued afterwards. Thus, we proposed a Packet Traceback Telemetry (PTT) scheme, based on in-band telemetry, to solve the problem. Specifically, the PTT scheme is executed on the distributed switch side, the controller to schedule and select routing policies. Moreover, a tracing probabilistic optimization is embedded into the PTT scheme to accelerate path reconstruction and save device resources. Simulation results show that the PTT scheme can reconstruct address spoofing packet forward path, reduce the resource consumption compared with existing tracing scheme. Data tracing audit method has fine-grained detection and feasible performance.\",\"PeriodicalId\":9814,\"journal\":{\"name\":\"China Communications\",\"volume\":\"20 1\",\"pages\":\"54-64\"},\"PeriodicalIF\":3.1000,\"publicationDate\":\"2023-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"China Communications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.23919/JCC.fa.2023-0020.202308\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"TELECOMMUNICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"China Communications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.23919/JCC.fa.2023-0020.202308","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}
引用次数: 0

摘要

在本文中,我们专注于为智能物联网中的分布式拒绝服务(DDoS)防御提供数据来源审计方案。为了实现有效的DDoS防御,我们引入了两层协作区块链框架来支持数据审计。具体而言,交换机网关利用分散在智能物联网设备之间的数据,在本地自治系统(AS)中自行组装一层区块链,控制器参与的主链可以通过其关联的区块层一个周期聚合一次,以获得全局安全模型。为了优化安全模型的处理延迟,我们提出了一个数据预验证过程,目的是确保数据一致性,同时满足开销要求。由于身份欺骗数据包泛滥,传统的检测方法很难解决数据的身份一致性问题,事后也无法追究责任。因此,我们提出了一种基于带内遥测的分组回溯遥测(PTT)方案来解决这个问题。具体地,PTT方案在分布式交换机侧执行,控制器调度和选择路由策略。此外,在PTT方案中嵌入了跟踪概率优化,以加速路径重建并节省设备资源。仿真结果表明,与现有的跟踪方案相比,PTT方案能够重构地址欺骗分组的前向路径,降低资源消耗。数据跟踪审计方法具有细粒度的检测和可行的性能。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Smart contract based DDoS attack traceability audit mechanism in intelligent IoT
In this paper, we focus on providing data provenance auditing schemes for distributed denial of service (DDoS) defense in intelligent internet of things (IoT). To achieve effective DDoS defense, we introduce a two-layer collaborative blockchain framework to support data auditing. Specifically, using data scattered among intelligent IoT devices, switch gateways self-assemble a layer of blockchain in the local autonomous system (AS), and the main chain with controller participation can be aggregated by its associated layer of blocks once a cycle, to obtain a global security model. To optimize the processing delay of the security model, we propose a process of data pre-validation with the goal of ensuring data consistency while satisfying overhead requirements. Since the flood of identity spoofing packets, it is difficult to solve the identity consistency of data with traditional detection methods, and accountability cannot be pursued afterwards. Thus, we proposed a Packet Traceback Telemetry (PTT) scheme, based on in-band telemetry, to solve the problem. Specifically, the PTT scheme is executed on the distributed switch side, the controller to schedule and select routing policies. Moreover, a tracing probabilistic optimization is embedded into the PTT scheme to accelerate path reconstruction and save device resources. Simulation results show that the PTT scheme can reconstruct address spoofing packet forward path, reduce the resource consumption compared with existing tracing scheme. Data tracing audit method has fine-grained detection and feasible performance.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
China Communications
China Communications 工程技术-电信学
CiteScore
8.00
自引率
12.20%
发文量
2868
审稿时长
8.6 months
期刊介绍: China Communications (ISSN 1673-5447) is an English-language monthly journal cosponsored by the China Institute of Communications (CIC) and IEEE Communications Society (IEEE ComSoc). It is aimed at readers in industry, universities, research and development organizations, and government agencies in the field of Information and Communications Technologies (ICTs) worldwide. The journal's main objective is to promote academic exchange in the ICTs sector and publish high-quality papers to contribute to the global ICTs industry. It provides instant access to the latest articles and papers, presenting leading-edge research achievements, tutorial overviews, and descriptions of significant practical applications of technology. China Communications has been indexed in SCIE (Science Citation Index-Expanded) since January 2007. Additionally, all articles have been available in the IEEE Xplore digital library since January 2013.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信