FEATURE TOPIC: EVOLUTIONARY TRENDS OF INTELLIGENT IOT NETWORKING FOR COMMERCIAL AND INDUSTRIAL USE CASES
Zhuohao Wang, Weiting Zhang, Runhu Wang, Ying Liu, Chenyang Xu, Chengxiao Yu
In this paper, we focus on providing data provenance auditing schemes for distributed denial of service (DDoS) defense in intelligent internet of things (IoT). To achieve effective DDoS defense, we introduce a two-layer collaborative blockchain framework to support data auditing. Specifically, using data scattered among intelligent IoT devices, switch gateways self-assemble a layer of blockchain in the local autonomous system (AS), and the main chain with controller participation can be aggregated by its associated layer of blocks once a cycle, to obtain a global security model. To optimize the processing delay of the security model, we propose a process of data pre-validation with the goal of ensuring data consistency while satisfying overhead requirements. Since the flood of identity spoofing packets, it is difficult to solve the identity consistency of data with traditional detection methods, and accountability cannot be pursued afterwards. Thus, we proposed a $Packet \; Traceback \; Telemetry $ (PTT) scheme, based on in-band telemetry, to solve the problem. Specifically, the PTT scheme is executed on the distributed switch side, the controller to schedule and select routing policies. Moreover, a tracing probabilistic optimization is embedded into the PTT scheme to accelerate path reconstruction and save device resources. Simulation results show that the PTT scheme can reconstruct address spoofing packet forward path, reduce the resource consumption compared with existing tracing scheme. Data tracing audit method has fine-grained detection and feasible performance.