摘要
Nowadays,a large number of intelligent devices involved in the Industrial Internet of Things(IIoT)environment are posing unprecedented cybersecurity challenges.Due to the limited budget for security protection,the IIoT devices are vulnerable and easily compromised to launch Distributed Denial-of-Service(DDoS)attacks,resulting in disastrous results.Unfortunately,considering the particularity of the IIoT environment,most of the defense solutions in traditional networks cannot be directly applied to IIoT with acceptable security performance.Therefore,in this work,we propose a multi-point collaborative defense mechanism against DDoS attacks for IIoT.Specifically,for the single point DDoS defense,we design an edge-centric mechanism termed EdgeDefense for the detection,identification,classification,and mitigation of DDoS attacks and the generation of defense information.For the practical multi-point scenario,we propose a collaborative defense model against DDoS attacks to securely share the defense information across the network through the blockchain.Besides,a fast defense information sharing mechanism is designed to reduce the delay of defense information sharing and provide a responsive cybersecurity guarantee.The simulation results indicate that the identification and classification performance of the two machine learning models designed for EdgeDefense are better than those of the state-of-the-art baseline models,and therefore EdgeDefense can defend against DDoS attacks effectively.The results also verify that the proposed fast sharing mechanism can reduce the propagation delay of the defense information blocks effectively,thereby improving the responsiveness of the multi-point collaborative DDoS defense.
基金
supported by the National Key Research and Development Program of China under Grant 2019YFB2102001.