Rongfei Zeng is the associate Professor of Software College at Northeastern University. He received his Ph.D. degree in Computer Science and Technology from Tsinghua University with honor in 2012. Now, his research interests include networks security and privacy, machine learning and its security, and industrial networks and IoT. He has published several papers in top journals and conferences such as IEEE Transactions on Parallel and Distributed Systems (TPDS), Elsevier Computer Networks, IEEE ICDCS, etc. Currently, he is a member of CCF TC on Internet and Network & Data Communications, and an executive member of CCF WC on Science Promotion. He is also the consultant of CCTV2, Posts & Telecom Press, etc.
Speech Title: A CIDS Mode DDoS Blacklist Mechanism based on Smart Contract in SAVI-Enable IPv6 Network
In current IPv6 networks, the increasing number of network devices also boosts the widespread DDoS attacks. Meanwhile, Intrusion Detection System (IDS) is evolved from the individual defense pattern to a distributed and collaborative mode, and Cooperative IDS (CIDS) becomes the mainstream technique. How to improve the overall defense capability through the coordination of information becomes worth studying. In this paper, we propose a DDoS blacklist mechanism with smart contract for IPv6-SAVI (Source Address Validation Improvements) network. In SAVI environment, DDoS source information detected by IDS is considered to be credible. Based on this observation, we design a dynamic update strategy for the reputation of trusted addresses based on the detection results and form a blacklist. Furthermore, we combine CIDS deployment with blockchain to design a blacklist sharing strategy based on smart contract, so that the individual IDS distributed on the chain can realize safe and reliable sharing and updating of the blacklist. Finally, extensive experiments evaluate the performance of our mechanism in terms of latency, overhead, reputation change accuracy, etc., which demonstrates that the blacklist can provide DDoS traffic filtering reference to improve the DDoS mitigation capability.