[1]张星星,何利文,段红秀.基于区块链与排队理论的DDoS防御机制研究[J].计算机技术与发展,2024,34(11):117-124.[doi:10.20165/j.cnki.ISSN1673-629X.2024.0213]
 ZHANG Xing-xing,HE Li-wen,DUAN Hong-xiu.Research on DDoS Defense Mechanism Based on Blockchain and Queuing Theory[J].,2024,34(11):117-124.[doi:10.20165/j.cnki.ISSN1673-629X.2024.0213]
点击复制

基于区块链与排队理论的DDoS防御机制研究()

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
34
期数:
2024年11期
页码:
117-124
栏目:
网络空间安全
出版日期:
2024-11-10

文章信息/Info

Title:
Research on DDoS Defense Mechanism Based on Blockchain and Queuing Theory
文章编号:
1673-629X(2024)11-0117-08
作者:
张星星何利文段红秀
南京传媒学院,江苏 南京 211172
Author(s):
ZHANG Xing-xingHE Li-wenDUAN Hong-xiu
Communication University of China,Nanjing 211172,China
关键词:
区块链分布式拒绝服务排队理论容量监控软件定义网络智能合约
Keywords:
blockchaindistributed denial of servicequeuing theorycapacity monitoringsoftware-defined networkingsmart contracts
分类号:
TP399
DOI:
10.20165/j.cnki.ISSN1673-629X.2024.0213
摘要:
在软件定义网络(Software Defined Networking,SDN)中,控制层很容易受到分布式拒绝服务(Distributed Denial of Service,DDoS)攻击的威胁。 攻击者通过恶意请求或数据流等方式,向 SDN 控制器发送大量请求,从而使控制器资源耗尽,导致控制器不能正常工作。 因此,防范和处理控制层 DDoS 攻击是 SDN 安全的关键。 该文提出一种基于区块链与排队理论的 DDoS 攻击检测防御机制,该防御机制结合区块链技术,设计了一种新的 SDN 架构模型,该模型对 SDN 控制层重新进行构造,在 SDN 控制层加入容量监控模块、安全模块及区块链模块。 容量监控模块基于排队理论,计算进入控制器数据包队列的长度阈值,当队列内数据包数目连续 2 次超过阈值或控制器规则表容量达到 70% 容量触发报警,安全模块用于触发报警后在设置报警的数据包进行 DDoS 特征匹配,如果被确定为异常数据则将数据包摘要信息上传至区块链,利用智能合约共享异常数据包信息摘要,既能够防止过多的信息记录在区块链造成系统负载,又能够使 SDN 网络信息达成共识。对该攻击检测防御机制进行仿真实验,选出了效果最优参数,实验结果表明,与同类型系统相比,该机制对异常数据流的检测率及正常数据流的误报率均有所提升。
Abstract:
In Software Defined Networking ( SDN), the control layer is easily threatened by Distributed Denial of Service ( DDoS) attacks. Attackers send a large number of requests to the SDN controller through malicious requests or data streams, leading to the depletion of controller resources and the inability of the controller to function properly. Therefore,preventing and handling control layer DDoS attacks is crucial for SDN security. We propose a DDoS attack detection and defense mechanism based on blockchain and queuing theory. This defense mechanism combines blockchain technology and designs a new SDN architecture model. The model reconstructs the SDN control layer by adding capacity monitoring module,security module,and blockchain module. The capacity monitoring module is based on queuing theory and calculates the length threshold for entering the controller packet queue. When the number of packets in the queue exceeds the threshold twice in a row or the controller rule table capacity reaches 70% ,an alarm is triggered. The security module is used to trigger the alarm and perform DDoS feature matching on the data packets that have set the alarm. If it is determined to be abnormal data,the packet summary information is uploaded to the blockchain. By using smart contracts to share the abnormal packet in-formation summary,it can not only prevent excessive information from being recorded on the blockchain and causing system load,but also enable SDN network information to reach consensus. We conduct simulation experiments on the proposed attack detection and defense mechanism, selecting the most effective parameters. The experimental results show that compared with similar systems, the detection rate of abnormal data streams and the false alarm rate of normal data streams in the proposed mechanism have been improved.

相似文献/References:

[1]忽海娜 张虎 王中立.DDoS攻击下RED算法的仿真研究[J].计算机技术与发展,2010,(02):178.
 HU Hai-na,ZHANG Hu,WANG Zhong-li.Simulation Study of RED Algorithm under DDoS[J].,2010,(11):178.
[2]曾文权 向友君 尚敏.DDoS攻击原理及防御方法分析[J].计算机技术与发展,2009,(07):156.
 ZENG Wen-quan,XIANG You-jun,SHANG Min.Analysis of Principle and Defense of DDoS Attacks[J].,2009,(11):156.
[3]忽海娜 冯浩 王中立.DDoS攻击下高带宽聚类的控制[J].计算机技术与发展,2008,(04):155.
 HU Hai-na,FENG Hao,WANG Zhong-li.Controlling High Bandwidth Aggregates under DDoS[J].,2008,(11):155.
[4]刘旭勇.DDoS攻击及主动防御模型研究[J].计算机技术与发展,2008,(07):143.
 LIU Xu-yong.Research on DDoS Attacks and Proactive Defense Model[J].,2008,(11):143.
[5]蔡杰 熊齐邦.DDoS攻击下的IP追踪技术[J].计算机技术与发展,2007,(03):159.
 CAI Jie,XIONG Qi-bang.IP Traceback under DDoS Attack[J].,2007,(11):159.
[6]翟社平,李兆兆,段宏宇,等.区块链关键技术中的数据一致性研究[J].计算机技术与发展,2018,28(09):94.[doi:10.3969/ j. issn.1673-629X.2018.09.020]
 ZHAI She-ping,LI Zhao-zhao,DUAN Hong-yu,et al.Research on Data Consistency of Key Technologies of Blockchain[J].,2018,28(11):94.[doi:10.3969/ j. issn.1673-629X.2018.09.020]
[7]陈春玲,沈阳,余瀚.去中心化的征信系统模型研究[J].计算机技术与发展,2019,29(03):122.[doi:10.3969/ j. issn.1673-629X.2019.03.026]
 CHEN Chun-ling,SHEN Yang,YU Han.Research on Decentralized Model for Credit Information System[J].,2019,29(11):122.[doi:10.3969/ j. issn.1673-629X.2019.03.026]
[8]董蓉,苑明海,周灼.基于区块链的云制造信息数据记录技术[J].计算机技术与发展,2019,29(05):97.[doi:10. 3969 / j. issn. 1673-629X. 2019. 05. 021]
 DONG Rong,YUAN Ming-hai,ZHOU Zhuo.Cloud Manufacturing Service Transaction Information Recording Technology Based on Block Chain[J].,2019,29(11):97.[doi:10. 3969 / j. issn. 1673-629X. 2019. 05. 021]
[9]董黛莹,汪学明.基于区块链的电子医疗记录共享研究[J].计算机技术与发展,2019,29(05):121.[doi:10. 3969 / j. issn. 1673-629X. 2019. 05. 026]
 DONG Dai-ying,WANG Xue-ming.Research on Electronic Medical Record Sharing Model Based on Blockchain[J].,2019,29(11):121.[doi:10. 3969 / j. issn. 1673-629X. 2019. 05. 026]
[10]宁 卓,李牧阳.基于联盟区块链的物流信息平台 LIP-Chain[J].计算机技术与发展,2019,29(08):190.[doi:10. 3969 / j. issn. 1673-629X. 2019. 08. 036]
 NING Zhuo,LI Mu-yang.LIP-Chain:A Logistics Information Platform Based on Permissioned Blockchain[J].,2019,29(11):190.[doi:10. 3969 / j. issn. 1673-629X. 2019. 08. 036]

更新日期/Last Update: 2024-11-10