With the rapid development of Internet-of-Things (IoT), more smart devices can be connected to the Internet, resulting in a dramatic increase of data transmission and communication. Software-Defined Networking (SDN), which separates the control planes and data planes, is considered as a promising solution to provide the scale and versatility necessary for IoT. However, SDN still suffers from several challenges, i.e., the centralized control plane would be a single point of failure. With the wide adoption of blockchain applications, such technologies can have a positive impact on SDN’s performance, i.e., blockchains allow non-confident individuals to interact with each other without the need for a central authority. However, attackers can still inject traffic to influence blockchain nodes from normal operations. Motivated by the recent development of blockchains and SDN, in this work, we focus on blockchain-based SDN and develop BSDNFilter, an IDS-based security mechanism that builds a trust-based filtration by using traffic fusion and aggregation to handle and reduce malicious traffic. Through collaborating with an IT organization, our evaluation in a real blockchain-based SDN environment demonstrates that our BSDNFilter is able to achieve better filtration performance against flooding attacks than similar approaches.

随着物联网（IoT）的快速发展，可以将更多的智能设备连接到Internet，从而极大地增加了数据传输和通信。将控制平面和数据平面分开的软件定义网络（SDN）被认为是提供物联网所需的规模和多功能性的有前途的解决方案。但是，SDN仍然面临一些挑战，即集中控制平面将成为单点故障。随着区块链应用程序的广泛采用，此类技术可以对SDN的性能产生积极影响，即，区块链允许不信任的个人彼此交互，而无需中央授权。但是，攻击者仍然可以注入流量，以影响正常运行的区块链节点。受区块链和SDN最近发展的推动，在这项工作中，我们专注于基于区块链的SDN并开发BSDNFilter，这是一种基于IDS的安全机制，该机制通过使用流量融合和聚合来处理和减少恶意流量来构建基于信任的过滤。通过与IT组织合作，我们在基于区块链的真实SDN环境中的评估表明，与类似方法相比，我们的BSDNFilter能够在抵御泛洪攻击方面实现更好的过滤性能。