With the popularity of internet of things (IoT) devices, distributed denial of service (DDoS) attacks initiated by IoT devices have become ferce. To solve such problems, this paper proposes a detection and defense architecture based on edge computing and blockchain. According to the business characteristics of IoT devices, the suspected DDoS anomaly detection is implemented at edge nodes. Then the DDoS warning is obtained by sharing and analyzing the preliminary results with blockchain. Finally, DDoS connection is fltered at edge nodes based on the reward mechanism. The detection and defense is deployed at the source distributely, which can avoid high cost and network congestion caused by trafc extraction and cleaning, and can prevent the increasement of total DDoS trafc by fltering the trafc continuously at the source when DDoS is detected.
HOU Qi-hui, DENG Zu-qiang, ZOU Ping, WANG Qiu-sheng, LI Yan-dong, JIANG Hai-sen
. DDoS Defense Method of IoT Devices Based on Blockchain[J]. Journal of Applied Sciences, 2019
, 37(2)
: 213
-223
.
DOI: 10.3969/j.issn.0255-8297.2019.02.006
[1] Gubbi J, Buyya R, Marusic S, Palaniswamia M. Internet of things (IoT):a vision, architectural elements, and future directions[J]. Future Generation Computer Systems, 2013, 29(7):1645-1660.
[2] 施巍松,孙辉,曹杰,张权,刘伟. 边缘计算:万物互联时代新型计算模型[J]. 计算机研究与发展,2017, 54(5):907-924. Shi W S, Sun H, Cao J, Zhang Q, Liu W. Edge computing:an emerging computing model for the internet of everything era[J]. Journal of Computer Research and Development, 2017, 54(5):907-924. (in Chinese)
[3] Shi W S, Cao J, Zhang Q, Li Y H Z. Edge computing:vision and challenges[J]. IEEE Internet of Things Journal, 2016, 3(5):637-646.
[4] 梅兰妮·斯万. 区块链:新经济蓝图及导读[M]. 北京:新星出版社,2016:27-32.
[5] 袁勇,王飞跃. 区块链技术发展现状与展望[J]. 自动化学报,2016, 42(4):481-494. Yuan Y, Wang F Y. Blockchain:the state of the art and future trends[J]. Journal of Automatica Sinica, 2016, 42(4):481-494(in Chinese).
[6] Rodrigues B, Bocek T, Lareida A, Hausheer D, Rafati S, Stiller B. A blockchainbased architecture for collaborative DDoS mitigation with smart contracts[C]//IFIP International Conference on Autonomous Infrastructure, Management and Security, 2017:16-29.
[7] Rodrigues B, Bocek T, Stiller B. Multi-domain DDoS mitigation based on blockchains[J]. Security of Networks and Services in an All-Connected World, 2018:185-190.
[8] Gil T M, Poletto M. MULTOPS:a data-structure for band width attach detection[C]//The 10th Conference on USENIX Security Symposium, 2001:23-38.
[9] Mirkovic J, Reiher P. D-WARD:a source-end defense against flooding denial-of-service attacks[J]. IEEE Transactions on Dependable & Secure Computing, 2005, 2(3):216-232.
[10] Zargar S T, Joshi J, Tipper D. A survey of defense mechanism against distributed denial of service flooding attacks[J]. IEEE Communications Surveys & Tutorials, 2013, 15(4):2046-2069.
[11] Rukavitsyn A, Borisenko K, Shorov A. Self-learning method for DDoS detection model in cloud computing[C]//Young Researchers in Electrical and Electronic Engineering. IEEE, 2017:544-547.
[12] Yu Y, Chen Q, Li X. Distributed collaborative monitoring in software defned networks[C]//Proceeding of the ACM SIGCOMM 2014 Workshop on Hot Topics in Software Defned Networking, 2014.
[13] Kansal V, Dave M. Proactive DDoS attack detection and isolation[C]//International Conference on Computer, Communications and Electronics. IEEE, 2017:334-338.
[14] Yao G, Bi J, Vasilakos A V. Passive IP traceback:disclosing the locations of IP spoofers from path backscatter[J]. IEEE Transactions on Information Forensics & Security, 2015, 10(3):471-484.
[15] Sahi A, Lai D, Li Y, Diykh M. An efcient DDoS TCP flood attack detection and prevention system in a cloud environment[J]. IEEE Access, 2017(5):1-1.
[16] Yaar A, Perrig A, Song D. StackPi:new packet marking and fltering mechanisms for DDoS and IP spoofng defense[J]. IEEE Journal on Selected Areas in Communications, 2006, 24(10):1853-1863.
[17] 陈飞,毕小红,王晶晶,刘渊. DDoS攻击防御技术发展综述[J]. 网络与信息安全学报,2017, 3(10):16-24. Chen F, Bi X H, Wang J J, Liu Y. Survey of DDoS defense:challenges and directions[J]. Chinese Journal of Network and Information Security, 2017, 3(10):16-24. (in Chinese)
[18] 陈旭. 基于区块链技术的网络DDoS联合防御方法研究[J]. 网络安全技术与应用,2017(11):29-30. Chen X. Research on network DDoS joint defense method based on blockchain[J]. Network Security Technology & Application, 2017(11):29-30. (in Chinese)
[19] 杨翊,彭扬,矫毅. 基于区块链的DDoS防御云网络[EB/OL].[2016-11-04]. http://www.paper.edu.cn/releasepaper/content/201611-59.
[20] Kim Y, Lau W C, Chuah M C, Chao H C. PacketScore:a statistics-based packet fltering scheme against distributed denial-of-service attacks[J]. IEEE Transactions on Dependable & Secure Computing, 2006, 3(2):141-155.
[21] Kim Y, Lau W C, Chuah M C, Chao H J. Packetscore:statistics-based overload control against distributed denial-of-service attacks[C]//International Confrence on Computer Communications. IEEE, 2004(4):2594-2604.
[22] Beitollahi H, Deconinck G. A cooperative mechanism to defense against distributed denial of service attacks[C]//International Conference on Trust, Security and Privacy in Computing and Communications. IEEE, 2012:11-20.
