计算机与现代化 ›› 2021, Vol. 0 ›› Issue (08): 121-126.

• 信息安全 • 上一篇    

基于区块链的网络级移动目标防御系统设计

  

  1. (中国石油大学(华东)海洋与空间信息学院,山东青岛266580)
  • 出版日期:2021-08-19 发布日期:2021-08-19
  • 作者简介:段鹏飞(1995—),男,山东潍坊人,硕士研究生,研究方向:主动防御,区块链,E-mail: 1620406085@qq.com; 兰茹(1996—),女,内蒙古呼和浩特人,硕士研究生,研究方向:信息安全,隐蔽通信,E-mail: 1627535262@qq.com。
  • 基金资助:
    山东省自然科学基金资助项目(ZR2019MF034); 国家自然科学基金资助项目(61772551)

Design of Network-level Moving Target Defense System Based on Blockchain

  1. (College of Oceanography & Space Informatics, China University of Petroleum(East China), Qingdao 266580, China)
  • Online:2021-08-19 Published:2021-08-19

摘要: 网络级移动目标防御技术是应对诸如泛洪攻击等攻击手段的有效方式。但现有网络级移动目标防御系统多采用单一静态中央控制器,这种集中式的管理架构易带来单点故障以及数据不可信等风险。针对上述问题,本文提出一种基于区块链的网络级移动目标防御方案,通过PoW共识机制实现中央控制器的动态切换,解决集中式中央控制器带来的单点故障问题并提高其健壮性。此外,基于区块链所构建的分布式可信网络环境,在动态中央控制器中引入负载均衡与容灾备份机制,使得网络级移动目标防御系统具有良好的高并发服务请求能力以及遭遇致命网络攻击后的服务快速恢复能力。本文设计并实现了基于区块链的网络级移动目标防御原型系统并进行充分的性能测试实验。实验结果表明系统具有良好的可用性和鲁棒性。

关键词: 移动目标防御, 区块链, 去中心化, 负载均衡, 容灾备份

Abstract: The network-level moving target defense is an effective approach to deal with the cyber attacks, like flooding attack. However, the existing network-level moving target defense systems mostly adopt the static central controller. This kind of centralized management architecture is prone to risks such as single point of failure or untrusted data. To address the above problems, this paper proposes a scheme of network-level moving target defense system based on blockchain, which realizes dynamically switching the central controller through the PoW consensus mechanism and overcomes the single point of failure of it and improves its robustness. In addition, based on the distributed trusted network environment constructed by blockchain, this paper establishes load balancing mechanism and disaster-tolerant backup mechanism for the dynamic central controller, making the system have good performance in dealing with the high concurrent service requests and recovering quickly from paralysis. Finally, this paper designs and implements the prototype system of network-level moving target defense system based on blockchain. The test results show that the designed system has good availability and robustness.

Key words: moving target defense, blockchain, decentralization, load balancing, disaster-tolerant backup