智能物联网中基于智能合约的DDoS攻击溯源审计机制

IF 3.1 3区 计算机科学 Q2 TELECOMMUNICATIONS China Communications Pub Date : 2023-08-01 DOI:10.23919/JCC.fa.2023-0020.202308
Zhuohao Wang, Weiting Zhang, Runhu Wang, Y. Liu, Chenyang Xu, Chengxiao Yu
{"title":"智能物联网中基于智能合约的DDoS攻击溯源审计机制","authors":"Zhuohao Wang, Weiting Zhang, Runhu Wang, Y. Liu, Chenyang Xu, Chengxiao Yu","doi":"10.23919/JCC.fa.2023-0020.202308","DOIUrl":null,"url":null,"abstract":"In this paper, we focus on providing data provenance auditing schemes for distributed denial of service (DDoS) defense in intelligent internet of things (IoT). To achieve effective DDoS defense, we introduce a two-layer collaborative blockchain framework to support data auditing. Specifically, using data scattered among intelligent IoT devices, switch gateways self-assemble a layer of blockchain in the local autonomous system (AS), and the main chain with controller participation can be aggregated by its associated layer of blocks once a cycle, to obtain a global security model. To optimize the processing delay of the security model, we propose a process of data pre-validation with the goal of ensuring data consistency while satisfying overhead requirements. Since the flood of identity spoofing packets, it is difficult to solve the identity consistency of data with traditional detection methods, and accountability cannot be pursued afterwards. Thus, we proposed a Packet Traceback Telemetry (PTT) scheme, based on in-band telemetry, to solve the problem. Specifically, the PTT scheme is executed on the distributed switch side, the controller to schedule and select routing policies. Moreover, a tracing probabilistic optimization is embedded into the PTT scheme to accelerate path reconstruction and save device resources. Simulation results show that the PTT scheme can reconstruct address spoofing packet forward path, reduce the resource consumption compared with existing tracing scheme. Data tracing audit method has fine-grained detection and feasible performance.","PeriodicalId":9814,"journal":{"name":"China Communications","volume":"20 1","pages":"54-64"},"PeriodicalIF":3.1000,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Smart contract based DDoS attack traceability audit mechanism in intelligent IoT\",\"authors\":\"Zhuohao Wang, Weiting Zhang, Runhu Wang, Y. Liu, Chenyang Xu, Chengxiao Yu\",\"doi\":\"10.23919/JCC.fa.2023-0020.202308\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we focus on providing data provenance auditing schemes for distributed denial of service (DDoS) defense in intelligent internet of things (IoT). To achieve effective DDoS defense, we introduce a two-layer collaborative blockchain framework to support data auditing. Specifically, using data scattered among intelligent IoT devices, switch gateways self-assemble a layer of blockchain in the local autonomous system (AS), and the main chain with controller participation can be aggregated by its associated layer of blocks once a cycle, to obtain a global security model. To optimize the processing delay of the security model, we propose a process of data pre-validation with the goal of ensuring data consistency while satisfying overhead requirements. Since the flood of identity spoofing packets, it is difficult to solve the identity consistency of data with traditional detection methods, and accountability cannot be pursued afterwards. Thus, we proposed a Packet Traceback Telemetry (PTT) scheme, based on in-band telemetry, to solve the problem. Specifically, the PTT scheme is executed on the distributed switch side, the controller to schedule and select routing policies. Moreover, a tracing probabilistic optimization is embedded into the PTT scheme to accelerate path reconstruction and save device resources. Simulation results show that the PTT scheme can reconstruct address spoofing packet forward path, reduce the resource consumption compared with existing tracing scheme. Data tracing audit method has fine-grained detection and feasible performance.\",\"PeriodicalId\":9814,\"journal\":{\"name\":\"China Communications\",\"volume\":\"20 1\",\"pages\":\"54-64\"},\"PeriodicalIF\":3.1000,\"publicationDate\":\"2023-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"China Communications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.23919/JCC.fa.2023-0020.202308\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"TELECOMMUNICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"China Communications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.23919/JCC.fa.2023-0020.202308","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}
引用次数: 0

摘要

在本文中,我们专注于为智能物联网中的分布式拒绝服务(DDoS)防御提供数据来源审计方案。为了实现有效的DDoS防御,我们引入了两层协作区块链框架来支持数据审计。具体而言,交换机网关利用分散在智能物联网设备之间的数据,在本地自治系统(AS)中自行组装一层区块链,控制器参与的主链可以通过其关联的区块层一个周期聚合一次,以获得全局安全模型。为了优化安全模型的处理延迟,我们提出了一个数据预验证过程,目的是确保数据一致性,同时满足开销要求。由于身份欺骗数据包泛滥,传统的检测方法很难解决数据的身份一致性问题,事后也无法追究责任。因此,我们提出了一种基于带内遥测的分组回溯遥测(PTT)方案来解决这个问题。具体地,PTT方案在分布式交换机侧执行,控制器调度和选择路由策略。此外,在PTT方案中嵌入了跟踪概率优化,以加速路径重建并节省设备资源。仿真结果表明,与现有的跟踪方案相比,PTT方案能够重构地址欺骗分组的前向路径,降低资源消耗。数据跟踪审计方法具有细粒度的检测和可行的性能。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Smart contract based DDoS attack traceability audit mechanism in intelligent IoT
In this paper, we focus on providing data provenance auditing schemes for distributed denial of service (DDoS) defense in intelligent internet of things (IoT). To achieve effective DDoS defense, we introduce a two-layer collaborative blockchain framework to support data auditing. Specifically, using data scattered among intelligent IoT devices, switch gateways self-assemble a layer of blockchain in the local autonomous system (AS), and the main chain with controller participation can be aggregated by its associated layer of blocks once a cycle, to obtain a global security model. To optimize the processing delay of the security model, we propose a process of data pre-validation with the goal of ensuring data consistency while satisfying overhead requirements. Since the flood of identity spoofing packets, it is difficult to solve the identity consistency of data with traditional detection methods, and accountability cannot be pursued afterwards. Thus, we proposed a Packet Traceback Telemetry (PTT) scheme, based on in-band telemetry, to solve the problem. Specifically, the PTT scheme is executed on the distributed switch side, the controller to schedule and select routing policies. Moreover, a tracing probabilistic optimization is embedded into the PTT scheme to accelerate path reconstruction and save device resources. Simulation results show that the PTT scheme can reconstruct address spoofing packet forward path, reduce the resource consumption compared with existing tracing scheme. Data tracing audit method has fine-grained detection and feasible performance.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
China Communications
China Communications 工程技术-电信学
CiteScore
8.00
自引率
12.20%
发文量
2868
审稿时长
8.6 months
期刊介绍: China Communications (ISSN 1673-5447) is an English-language monthly journal cosponsored by the China Institute of Communications (CIC) and IEEE Communications Society (IEEE ComSoc). It is aimed at readers in industry, universities, research and development organizations, and government agencies in the field of Information and Communications Technologies (ICTs) worldwide. The journal's main objective is to promote academic exchange in the ICTs sector and publish high-quality papers to contribute to the global ICTs industry. It provides instant access to the latest articles and papers, presenting leading-edge research achievements, tutorial overviews, and descriptions of significant practical applications of technology. China Communications has been indexed in SCIE (Science Citation Index-Expanded) since January 2007. Additionally, all articles have been available in the IEEE Xplore digital library since January 2013.
期刊最新文献
Secure short-packet transmission in uplink massive MU-MIMO assisted URLLC under imperfect CSI IoV and blockchain-enabled driving guidance strategy in complex traffic environment Multi-source underwater DOA estimation using PSO-BP neural network based on high-order cumulant optimization An overview of interactive immersive services Performance analysis in SWIPT-based bidirectional D2D communications in cellular networks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1