基于区块链的防护物联网设备DDoS攻击方法

doi:10.3969/j.issn.0255-8297.2019.02.006

应用科学学报 ›› 2019, Vol. 37 ›› Issue (2): 213-223.doi: 10.3969/j.issn.0255-8297.2019.02.006

基于区块链的防护物联网设备DDoS攻击方法

周启惠¹, 邓祖强³, 邹萍², 王秋生³, 李艳东², 姜海森²

1. 中国科学院信息工程研究所网络与系统安全实验室, 北京 100093;
2. 北京航天智造科技发展有限公司, 北京 100039;
3. 南瑞集团公司(国家电网电力研究院), 北京 102200

收稿日期:2018-12-15 修回日期:2019-01-15 出版日期:2019-03-31 发布日期:2019-03-31
作者简介:周启惠,助理研究员,研究方向:区块链技术及平台,E-mail:zhouqihui@iie.ac.cn
基金资助:
国家重点研发计划（No.2018YFB1004000）；政府间国际科技创新合作重点专项（No.2017YFE0101100）资助

DDoS Defense Method of IoT Devices Based on Blockchain

HOU Qi-hui¹, DENG Zu-qiang³, ZOU Ping², WANG Qiu-sheng³, LI Yan-dong², JIANG Hai-sen²

1. Laboratory of Network and System Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
2. Beijing Aerospace Smart Manufacturing Technology Development Co., Ltd, Beijing 100039, China;
3. NARI Group Corporation(State Grid Electric Power Research Institute), Beijing 102200, China

Received:2018-12-15 Revised:2019-01-15 Online:2019-03-31 Published:2019-03-31

摘要/Abstract

摘要： 随着物联网设备的普及，利用物联网设备发起的分布式拒绝服务攻击（distributeddenial service，DDoS）愈演愈烈，针对此类问题，提出了一种基于边缘计算和区块链的检测防御架构.在边缘节点依据物联网设备的业务功能特点实现了初步的疑似DDoS异常检测，初步检测结果的共享分析得出DDoS预警，最终对物联网设备发出的DDoS进行过滤.该方案的检测防御分布式部署在攻击源端，可以避免引流及流量清洗造成的高额成本和网络阻塞，并可以在检测到DDoS发生之初在源头进行持续过滤从而阻止攻击流量的上涨.

关键词: 区块链, 边缘计算, 物联网设备, 分布式拒绝服务攻击, 共享分析

Abstract: With the popularity of internet of things (IoT) devices, distributed denial of service (DDoS) attacks initiated by IoT devices have become ferce. To solve such problems, this paper proposes a detection and defense architecture based on edge computing and blockchain. According to the business characteristics of IoT devices, the suspected DDoS anomaly detection is implemented at edge nodes. Then the DDoS warning is obtained by sharing and analyzing the preliminary results with blockchain. Finally, DDoS connection is fltered at edge nodes based on the reward mechanism. The detection and defense is deployed at the source distributely, which can avoid high cost and network congestion caused by trafc extraction and cleaning, and can prevent the increasement of total DDoS trafc by fltering the trafc continuously at the source when DDoS is detected.

Key words: distributed denial of service (DDoS), share & analysis, blockchain, edge computing, IoT devices

中图分类号:

TP311

周启惠, 邓祖强, 邹萍, 王秋生, 李艳东, 姜海森. 基于区块链的防护物联网设备DDoS攻击方法[J]. 应用科学学报, 2019, 37(2): 213-223.

HOU Qi-hui, DENG Zu-qiang, ZOU Ping, WANG Qiu-sheng, LI Yan-dong, JIANG Hai-sen. DDoS Defense Method of IoT Devices Based on Blockchain[J]. Journal of Applied Sciences, 2019, 37(2): 213-223.

参考文献

[1] Gubbi J, Buyya R, Marusic S, Palaniswamia M. Internet of things (IoT):a vision, architectural elements, and future directions[J]. Future Generation Computer Systems, 2013, 29(7):1645-1660.
[2] 施巍松,孙辉,曹杰,张权,刘伟. 边缘计算:万物互联时代新型计算模型[J]. 计算机研究与发展,2017, 54(5):907-924. Shi W S, Sun H, Cao J, Zhang Q, Liu W. Edge computing:an emerging computing model for the internet of everything era[J]. Journal of Computer Research and Development, 2017, 54(5):907-924. (in Chinese)
[3] Shi W S, Cao J, Zhang Q, Li Y H Z. Edge computing:vision and challenges[J]. IEEE Internet of Things Journal, 2016, 3(5):637-646.
[4] 梅兰妮·斯万. 区块链:新经济蓝图及导读[M]. 北京:新星出版社,2016:27-32.
[5] 袁勇,王飞跃. 区块链技术发展现状与展望[J]. 自动化学报,2016, 42(4):481-494. Yuan Y, Wang F Y. Blockchain:the state of the art and future trends[J]. Journal of Automatica Sinica, 2016, 42(4):481-494(in Chinese).
[6] Rodrigues B, Bocek T, Lareida A, Hausheer D, Rafati S, Stiller B. A blockchainbased architecture for collaborative DDoS mitigation with smart contracts[C]//IFIP International Conference on Autonomous Infrastructure, Management and Security, 2017:16-29.
[7] Rodrigues B, Bocek T, Stiller B. Multi-domain DDoS mitigation based on blockchains[J]. Security of Networks and Services in an All-Connected World, 2018:185-190.
[8] Gil T M, Poletto M. MULTOPS:a data-structure for band width attach detection[C]//The 10th Conference on USENIX Security Symposium, 2001:23-38.
[9] Mirkovic J, Reiher P. D-WARD:a source-end defense against flooding denial-of-service attacks[J]. IEEE Transactions on Dependable & Secure Computing, 2005, 2(3):216-232.
[10] Zargar S T, Joshi J, Tipper D. A survey of defense mechanism against distributed denial of service flooding attacks[J]. IEEE Communications Surveys & Tutorials, 2013, 15(4):2046-2069.
[11] Rukavitsyn A, Borisenko K, Shorov A. Self-learning method for DDoS detection model in cloud computing[C]//Young Researchers in Electrical and Electronic Engineering. IEEE, 2017:544-547.
[12] Yu Y, Chen Q, Li X. Distributed collaborative monitoring in software defned networks[C]//Proceeding of the ACM SIGCOMM 2014 Workshop on Hot Topics in Software Defned Networking, 2014.
[13] Kansal V, Dave M. Proactive DDoS attack detection and isolation[C]//International Conference on Computer, Communications and Electronics. IEEE, 2017:334-338.
[14] Yao G, Bi J, Vasilakos A V. Passive IP traceback:disclosing the locations of IP spoofers from path backscatter[J]. IEEE Transactions on Information Forensics & Security, 2015, 10(3):471-484.
[15] Sahi A, Lai D, Li Y, Diykh M. An efcient DDoS TCP flood attack detection and prevention system in a cloud environment[J]. IEEE Access, 2017(5):1-1.
[16] Yaar A, Perrig A, Song D. StackPi:new packet marking and fltering mechanisms for DDoS and IP spoofng defense[J]. IEEE Journal on Selected Areas in Communications, 2006, 24(10):1853-1863.
[17] 陈飞,毕小红,王晶晶,刘渊. DDoS攻击防御技术发展综述[J]. 网络与信息安全学报,2017, 3(10):16-24. Chen F, Bi X H, Wang J J, Liu Y. Survey of DDoS defense:challenges and directions[J]. Chinese Journal of Network and Information Security, 2017, 3(10):16-24. (in Chinese)
[18] 陈旭. 基于区块链技术的网络DDoS联合防御方法研究[J]. 网络安全技术与应用,2017(11):29-30. Chen X. Research on network DDoS joint defense method based on blockchain[J]. Network Security Technology & Application, 2017(11):29-30. (in Chinese)
[19] 杨翊,彭扬,矫毅. 基于区块链的DDoS防御云网络[EB/OL].[2016-11-04]. http://www.paper.edu.cn/releasepaper/content/201611-59.
[20] Kim Y, Lau W C, Chuah M C, Chao H C. PacketScore:a statistics-based packet fltering scheme against distributed denial-of-service attacks[J]. IEEE Transactions on Dependable & Secure Computing, 2006, 3(2):141-155.
[21] Kim Y, Lau W C, Chuah M C, Chao H J. Packetscore:statistics-based overload control against distributed denial-of-service attacks[C]//International Confrence on Computer Communications. IEEE, 2004(4):2594-2604.
[22] Beitollahi H, Deconinck G. A cooperative mechanism to defense against distributed denial of service attacks[C]//International Conference on Trust, Security and Privacy in Computing and Communications. IEEE, 2012:11-20.

基于区块链的防护物联网设备DDoS攻击方法

DDoS Defense Method of IoT Devices Based on Blockchain

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	方俊杰, 雷凯. 面向边缘人工智能计算的区块链技术综述[J]. 应用科学学报, 2020, 38(1): 1-21.
[2]	何正源, 段田田, 张颖, 张瀚文, 孙毅. 物联网中区块链技术的应用与挑战[J]. 应用科学学报, 2020, 38(1): 22-33.
[3]	李忠诚, 黄建华, 唐瑞琮, 胡庆春, 夏旭. 一种基于权益代表的可扩展共识协议[J]. 应用科学学报, 2020, 38(1): 51-64.
[4]	邹秀清, 罗得寸, 林平, 沈世平, 谢振平, 王玉珏, 丁勇. 基于区块链的河长制水质信息存证系统[J]. 应用科学学报, 2020, 38(1): 65-80.
[5]	苑陈娟, 孙国梓, 李华康, 王纪涛. 牌类游戏可信存证链系统[J]. 应用科学学报, 2020, 38(1): 81-92.
[6]	江云超, 何小卫, 崔一举. 区块链节点存储优化方案[J]. 应用科学学报, 2020, 38(1): 119-126.
[7]	潘恒, 潘磊, 姚中原, 斯雪明. 一种病人可控的电子病历安全访问方案[J]. 应用科学学报, 2020, 38(1): 127-138.
[8]	佘维, 陈建森, 顾志豪, 田钊, 徐力, 刘炜. 基于区块链的物联网节点位置隐私保护模型[J]. 应用科学学报, 2020, 38(1): 139-151.
[9]	雷凯, 黄硕康, 方俊杰, 黄济乐, 谢英英, 彭波. 智能生态网络:知识驱动的未来价值互联网基础设施[J]. 应用科学学报, 2020, 38(1): 152-172.
[10]	张利华, 胡方舟, 黄阳, 万源华, 李晶晶. 基于联盟链的微电网身份认证协议[J]. 应用科学学报, 2020, 38(1): 173-183.
[11]	张逸飞, 曹少中, 祁德力, 王亮, 杨彦红. 基于区块链的图书侵权记录存证平台[J]. 应用科学学报, 2020, 38(1): 184-196.
[12]	任鹏, 徐晶晶, 王意, 马小峰. 基于区块链和车联网的汽车租赁联盟的研究与实现[J]. 应用科学学报, 2019, 37(6): 851-858.
[13]	范贤丽, 范春晓, 吴岳辛. 基于区块链和IPFS技术实现粮食供应链隐私信息保护[J]. 应用科学学报, 2019, 37(2): 179-190.
[14]	李博, 郑博, 郭子阳, 王宏志. 区块链技术在金融方向应用的发展及展望[J]. 应用科学学报, 2019, 37(2): 151-163.
[15]	吕婧淑, 操晓春, 杨培. 基于区块链和人脸识别的双因子身份认证模型[J]. 应用科学学报, 2019, 37(2): 164-178.