Satellite Internet (SI) dramatically expanded the ground-based Internet, and it is also the future direction of 6G. However, due to limited computing power and bandwidth resources, Distributed Denial-of-Service (DDoS) attacks can cause more severe damage to SI, and even paralysis of the entire network. Current DDoS defense mechanisms are built on abundant computing power and bandwidth resources, making applying in the SI scenario challenging. Aiming at protecting SI from DDoS attacks, a blockchain-based distributed collaborative entrance defense (DCED) framework is proposed, in which network traffic characteristics can be recorded and aggregated at the entrances of SI. The proposed framework consists of a distributed detection digesting procedure, a digest virtual aggregation procedure, and an entrance control strategy. The former procedure detects and extracts multidimensional characteristics of DDoS attacks and pushes them onto the blockchain. The latter procedure collects block data and aggregates attack features using the MapReduce algorithm and then compares them with baseline and gives an alert. The strategy completes the filtering and interception of traffic. Experiments use the IXIA platform to generate malicious traffic, and results show that the framework can accurately identify attack traffic within 1500 ms, reaching an area of 0.99 under the receiver operating characteristic curve. The proposed framework is more effective than other similar DDoS methods, protecting the precious SI bandwidth resources.

中文翻译：

---

卫星互联网DDoS攻击分布式协同入口防御框架


卫星互联网（SI）极大地扩展了地面互联网，也是6G的未来方向。然而，由于计算能力和带宽资源有限，分布式拒绝服务（DDoS）攻击会对SI造成更严重的损害，甚至导致整个网络瘫痪。目前的DDoS防御机制建立在丰富的算力和带宽资源之上，在SI场景中的应用具有挑战性。为了保护SI免受DDoS攻击，提出了一种基于区块链的分布式协作入口防御（DCED）框架，其中可以在SI的入口处记录和聚合网络流量特征。所提出的框架由分布式检测摘要程序、摘要虚拟聚合程序和入口控制策略组成。前一个过程检测并提取DDoS攻击的多维特征并将其推送到区块链上。后者通过MapReduce算法收集区块数据并聚合攻击特征，然后与基线进行比较并发出警报。该策略完成流量的过滤和拦截。实验使用IXIA平台生成恶意流量，结果表明该框架能够在1500 ms内准确识别攻击流量，接收者工作特征曲线下面积达到0.99。所提出的框架比其他类似的 DDoS 方法更有效，可以保护宝贵的 SI 带宽资源。