Design of Network-level Moving Target Defense System Based on Blockchain

Abstract

Abstract: The network-level moving target defense is an effective approach to deal with the cyber attacks, like flooding attack. However, the existing network-level moving target defense systems mostly adopt the static central controller. This kind of centralized management architecture is prone to risks such as single point of failure or untrusted data. To address the above problems, this paper proposes a scheme of network-level moving target defense system based on blockchain, which realizes dynamically switching the central controller through the PoW consensus mechanism and overcomes the single point of failure of it and improves its robustness. In addition, based on the distributed trusted network environment constructed by blockchain, this paper establishes load balancing mechanism and disaster-tolerant backup mechanism for the dynamic central controller, making the system have good performance in dealing with the high concurrent service requests and recovering quickly from paralysis. Finally, this paper designs and implements the prototype system of network-level moving target defense system based on blockchain. The test results show that the designed system has good availability and robustness.

Key words: moving target defense, blockchain, decentralization, load balancing, disaster-tolerant backup

DUAN Peng-fei, LAN Ru. Design of Network-level Moving Target Defense System Based on Blockchain[J]. Computer and Modernization, 2021, 0(08): 121-126.

References ［22］

［1］	WANG J, WEN R, LI J Q, et al. Detecting and mitigating target link-flooding attacks using SDN［J］. IEEE Transactions on Dependable and Secure Computing, 2019,16(6):944-956.
［2］	HONG J B, ENOCH S Y, KIM D S, et al. Dynamic security metrics for measuring the effectiveness of moving target defense techniques［J］. Computers & Security, 2018,79:33-52.
［3］	STEINBERGER J, KUHNERT B, DIETZ C, et al. DDoS defense using MTD and SDN［C］// IEEE/IFIP Network Operations and Management Symposium. 2018:1-9.
［4］	邬江兴. 网络空间拟态防御研究［J］. 信息安全学报, 2017,1(4):1-10.
［5］	斯雪明,王伟,曾俊杰,等. 拟态防御基础理论研究综述［J］. 中国工程科学, 2016,18(6):62-68.
［6］	石乐义,贾春福,吕述望. 基于端信息跳变的主动网络防护研究［J］. 通信学报, 2008,29(2):106-110.
［7］	石乐义,郭宏彬,温晓,等．端信息跳扩混合的主动网络防御技术研究［J］．通信学报, 2019,40(5):125-135.
［8］	DUNLOP M, GROAT S, URBANSKI W, et al. MT6D: A moving target IPv6 defense［C］// Military Communications Conference. 2011:1321-1326.
［9］	BELYAEV M, GAIVORONSKI S. Towards load balancing in SDN networks during DDoS-attacks［C］// IEEE International Science and Technology Conference (Modern Networking Technologies). 2014:1-6.
［10］	黄俊飞,刘杰. 区块链技术研究综述［J］. 北京邮电大学学报, 2018,41(2):1-8.〖HJ1.18mm〗
［11］	LUO Y B, WANG B S, WANG X F, et al. RPAH: Random port and address hopping for thwarting internal and external adversaries［C］// Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA. 2015,1:263-270.
［12］	刘江,张红旗,代向东,等. 基于端信息自适应跳变的主动网络防御模型［J］. 电子与信息学报, 2015,37(11):2642-2649.
［13］	KAMPANAKIS P, PERROS H, BEYENE T. SDN-based solutions for moving target defense network protection［C］// 2014 IEEE 15th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM). 2014:1-6.
［14］	刘敖迪,杜学绘,王娜,等. 区块链技术及其在信息安全领域的研究进展［J］. 软件学报, 2018,29(7):2092-2115.
［15］	CHEN P W, JIANG B S, WANG C H. Blockchain-based payment collection supervision system using pervasive bitcoin digital wallet［C］// 2017 IEEE 13th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). 2017:139-146.
［16］	WANG H M,ZHENG Z B, XIE S A, et al. Blockchain challenges and opportunities: A survey ［J］. International Journal of Web and Grid Services, 2018,14(4):352-375.
［17］	JEON J H, KIM K H, KIM J H. Blockchain-based data security enhanced IoT server platform［C］// 2018 International Conference on Information Networking (ICOIN). 2018:941-944.
［18］	祝烈煌,高峰,沈蒙,等. 区块链隐私保护研究综述［J］. 计算机研究与发展, 2017,54(10):2170-2186.
［19］	FROMKNECHT C, VELICANU D. A Decentralized Public Key Infrastructure with Identity Retention［R］. Massachusetts Institute of Technology, 2014.
［20］	MAGDY Y, KASHKOUSH M S, AZAB M, et al. Anonymous blockchain based routing for moving-target defense across federated clouds［C］// 2020 IEEE 21st International Conference on High Performance Switching and Routing (HPSR). 2020:1-7.
［21］	SHARPLES M, DOMINGUE J. The blockchain and Kudos: A distributed system for educational record, reputation and reward［C］// 2016 LNCS. 2016:490-496.
［22］	ROUHANI S, DETERS R. Performance analysis of ethereum transactions in private blockchain［C］// 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS). 2017:70-74.

[1]	CHAI Li, WANG Xiao, GONG Jia-hao, WANG Yang, JI Shun-hui, ZHANG Peng-cheng. Survey of Supply Chain Oriented Consensus Algorithms [J]. Computer and Modernization, 2023, 0(11): 22-27.
[2]	WANG Chong-yang, ZHUANG Yi. Load Balancing Algorithm of Multi-job Cluster Based on SDN and Improved CSA Algorithm [J]. Computer and Modernization, 2023, 0(11): 28-35.
[3]	YANG Bo, XU Sheng-chao. Security Protection Method of Cloud Network Special Line Scenarios Based on SRv6#br# Service Chain [J]. Computer and Modernization, 2023, 0(08): 107-111.
[4]	LYU Zhi-xing, YU Hui, KANG Kai, LI Teng-chang, DU Guo-li. A Feature Modeling Based Bidding Trading Mechanism in Power Blockchain [J]. Computer and Modernization, 2023, 0(08): 112-118.
[5]	ZHONG Lin-feng, LI Yan-feng, ZHANG Gui-peng, LIU Wen-yin. Decentralized Online Shopping Data Sharing Scheme Based on Blockchain [J]. Computer and Modernization, 2023, 0(07): 61-68.
[6]	ZHA Kai-jin, WANG Zhi-bo, HE Yue-shun, XU Hong-zhen. Survey on Blockchain Security Protection [J]. Computer and Modernization, 2023, 0(06): 110-117.
[7]	JIANG Yu-hang, ZHANG Xin-you. Ethereum-based Medical Healthy Data Sharing System [J]. Computer and Modernization, 2023, 0(02): 110-115.
[8]	FENG Yun-xia, CHEN Hong-da, NIU Yun-he. A Relay-based Consortium Chain Cross-chain Communication System [J]. Computer and Modernization, 2023, 0(02): 121-126.
[9]	YUAN Jia-li, LIU Meng-chi. Dynamic Data Partition Algorithm for Information Network Model [J]. Computer and Modernization, 2022, 0(10): 100-105.
[10]	ZHANG Bin, LI Da-peng, JIANG Rui, WANG Xiao-ming. An Off-chain Extended Storage Scheme for Blockchain Traceability [J]. Computer and Modernization, 2022, 0(10): 106-112.
[11]	NI Ya-ting, YANG Wen-hui, MIAO Fang, HUANG An-qi, JIANG Yuan. Dynamic Load Balancing Strategy of DRC Cluster Based on Nginx [J]. Computer and Modernization, 2022, 0(04): 58-64.
[12]	ZHANG Tian-xi, WANG Li-peng, ZHOU Chun-tian, YANG Yan-yan, LI Xiao-chong. Secret Content Auditing Scheme in Internet of Things Scenes Based on Blockchain [J]. Computer and Modernization, 2022, 0(03): 30-36.
[13]	ZHANG Tian-xi, WANG Li-peng, FU Jun-jun, CUI Ci, JIN Meng-lu. Certificateless Signcryption Scheme Based on Blockchain [J]. Computer and Modernization, 2022, 0(01): 120-126.
[14]	LI Juan. Dynamic Load Balancing Algorithm for Heterogeneous Clusters Based on Internet of Things Technology#br# [J]. Computer and Modernization, 2021, 0(04): 104-108.
[15]	SUN Guang-cheng, LI Hong-zhe, LI Sai-fei, ZHANG Xiao-wei. Internet of Things Access Control System Based on Blockchain [J]. Computer and Modernization, 2020, 0(11): 100-108.