A Distributed Security SDN Cluster Architecture for Smart Grid Based on Blockchain Technology

State Key Laboratory of Networking & Switching Technology, Beijing University of Posts & Telecommunications, Beijing 100876, China Beijing Fibrlink Communications Co., Ltd., Beijing 100070, China State Grid Henan Electric Power Company Information and Communication Company, Zhengzhou 450018, China Christian-Albrechts-Universität zu Kiel, Kiel, Schleswig-Holstein 24118, Germany Department of Electrical Engineering, École de Technologie Supérieure ÉTS, Université du Québec, Montreal 8871, Canada

flow rules. e correctness and consistency of the flow rules are the key factors to ensure the network security. If the switch implements a forged flow rule, it will forward the packet incorrectly. e SDN network usually forwards data based on the OpenFlow protocol. In the forwarding process, the SDN controller first formulates a data forwarding strategy and sends it to the flow table of the switch on the data layer. e following types of attacks may be encountered during this data forwarding process: the attacker controls the SDN controller to issue the wrong flow rules to the flow table. e switch at the data layer does not have the ability to judge the correctness of the issued flow rules, and only forward data according to the flow rules. erefore, tampering with the flow rules issued by the controller is an attack method faced by the SDN network. e attacker controls the switch to forward data packets maliciously. erefore, one way to ensure the security of the SDN network is to strengthen the security of the SDN controller, and the other is to strengthen the security of the flow 2 to ensure consistency of flow rules [8].
In recent years, many scholars have studied how to strengthen the security of the SDN networks. Part of the research considers the hardware direction, improve the hardware security performance of the equipment to ensure the security of the network, or ensure the security of the network by increasing the complexity of the encryption algorithm. Obviously, these two methods are both costly and poorly scalable. If the network scale is large, it will consume a lot of physical resources and network computing resources. erefore, the current popular studies are all based on network function virtualization. rough network function virtualization, some network security functions of the smart grid are realized in virtual machines, which greatly reduce costs and have higher scalability. e application scenarios are instantiated, so this article is also based on network function virtualization to simulate network devices in the form of nodes, and security functions are implemented through applications.
On the other hand, the SDN network is a centralized control network. One of the problems that the centralized control network is prone to is the single point of failure. e SDN controller in the network is hijacked by an attacker, which will directly cause the network to collapse. At the same time, in the centralized control network scenario, since the control information of the network is concentrated on the only SDN controller, the controller will bear too much burden.
en, the communication performance of the network will be limited by the performance of the controller, which greatly limits the communication performance of the network. erefore, distributed control networks have gradually emerged. e emergence of distributed SDN controllers has solved the above problems. One is to avoid single points of failure. If one of the SDN controllers is attacked, the scope of the impact will be doubled. Another advantage is that the pressure on the control layer is reduced, and the upper limit of the performance of the entire network is increased, so that the network performance will not be limited by the performance of the control layer. is article realizes the design of the distributed SDN control network through the emerging technology of blockchain. Blockchain is a new type of distributed database in which the information of the database is stored in the form of blocks, and each block has a unique hash value identification. In addition, the blockchain has the characteristics of decentralization and does not rely on central nodes. e distributed SDN control network based on blockchain has stronger security.
is article is researched through the classic smart grid scenario of substation automation, using network topology and communication services that comply with the IEC 61850 standard. e IEC 61850 standard was originally a designated standard for substation automation and was later extended to most aspects of smart grid communication.

Related Works
In recent years, there has been much research on SDN and blockchain, especially the application of blockchain to the network architecture of SDN to improve the direction of security. Tselios and Kotsopoulos introduced blockchain into the solution of SDN and Internet of ings problems and proposed a distributed cloud architecture based on blockchain to improve security [9]. Xiao et al. conducted an overall analysis of the blockchain consensus protocol, determined the core components of the blockchain consensus protocol, and compared the performance of the consensus protocol through different performance indicators [10]. Chakrabarty and Engels proposed a smart city security system architecture that includes four basic IoT architecture modules. e architecture mainly uses a key management system to mitigate network attacks and enhance the security of the architecture [11]. Flauzac et al. proposed the concept of the SDN domain and defined the way in which multiple domains are connected to each other and the method of enhancing domain security. is is a new type of SDN architecture. By dividing the SDN control scope by domains, the pressure on the SDN controller can be reduced, and the management of nodes in the network is clearer and more direct [12]. Dorri et al. introduced blockchain to the research of smart homes to ensure the communication security of smart home networks [13].
At the same time, another research direction to enhance network security is to propose new algorithms for detecting and mitigating attacks. Based on the concept of SDx, Wang et al. proposed an IOT framework that includes SDIOT controllers, gateways, and switches and proposed algorithms to detect DDoS attacks and mitigate DDoS attacks. By calculating the cosine similarity of the transmission rate data vectors of the SDIOT switch port, it is determined whether a DDoS attack has occurred in the network [14]. Dharma et al. considered the duration of DDoS attack detection and the duration of the attack and proposed a time-based method for DDoS detection and mitigation of attacks. e detection was performed by counting the number of invalid data packets within a defined time window when the network receives DDoS attacks [15]. Establishing statistical models and applying machine learning models are also a popular research direction for detecting DDoS attacks. Kousar et al.
introduced a new framework, Apache Spark, to monitor DDoS attacks, using DSL-KDD CuP as a benchmark dataset. Experimental simulations prove that the framework has higher performance than decision trees and optimizes the process time and training time [16]. e above detection schemes are all based on a centralized SDN network. Jia and Liang proposed a distributed DDoS chain monitoring framework based on the blockchain, using AdaBoost and Random Forest, as integrated learning strategies and designed multiple indicators to monitor the framework. e experimental results show that the framework has excellent performance in detecting DDoS attacks [17]. Hussain et al. considered converting network traffic data into image data, and based on the CNN model, using ResNet for the converted image data, which greatly improved the detection accuracy [18]. Sun et al. used the BiLSTM RNN neural network to train the dataset and classify real-time traffic data and verified the accuracy of the detection algorithm through experiments [19]. Su et al. proposed a DDoS attack detection algorithm based on a mixed traffic prediction model. e algorithm uses RBF neural network technology to train and predict network traffic and sets thresholds to reduce environmental noise. Experimental simulation proves that the algorithm has a high flow prediction accuracy [20].
Bordel et al. defined a theoretical framework with high trust in IoT scenarios based on the blockchain and conducted relevant experimental verifications to prove that the framework has higher security [21]. Li and others introduced quantum technology into blockchain research, introduced the structural framework of quantum blockchain, and summarized the advantages and development prospects of this direction [22]. Fu et al. proposed an antinoise location method based on a multinorm regularization matrix using the Euclidean distance matrix to express the reconstruction problem of EDM as a multinorm regularization matrix model. In addition, it can be observed through experiments that the model has a high accuracy [23]. Li and others applied blockchain to energy transactions and proposed a high-security energy transaction system called the energy blockchain. At the same time, an optimal pricing strategy based on the Stackelberg game is proposed, which reduces the limitation of the high latency of the blockchain through a credit-based payment method [24]. Liu and others applied blockchain to the food supply chain and proposed a blockchain-based food traceability framework. e framework uses the PBFT consensus algorithm to improve the processing performance of the system [25]. is article is an attempt to use blockchain to provide security functions in a smart grid that supports SDN and to use blockchain to ensure data flow security.

ClusterBlock Architecture Design
is chapter introduces the specific details of the Cluster-Block model proposed in this article, which mainly includes four parts: secure communication architecture, distributed control strategy, network monitoring attack process, and detection algorithm, which are introduced in detail below.

ClusterBlock Design Overview.
is section mainly introduces the secure communication architecture under the background of smart grid based on blockchain and SDN. e core idea is to use blockchain technology to improve the overall security of the network and reduce the loss caused by attacks.
e blockchain ensures the consistency of the control layer strategy and the flow rules in the data layer flow table to prevent data from being tampered due to network attacks. e system architecture mainly includes three layers as shown in Figure 1.

Data Layer.
One of the underlying smart grid communication equipment is a substation aggregation unit, which is used to collect data; the other is a gateway, which is used to connect to the wide area network and interact with external networks. e main equipment of the data layer is the switch, and the switch mainly processes and forwards data according to the flow table. e flow rules in the flow table are mainly issued according to the SDN controller; therefore, the security of the control layer strategy is very important.

Control Layer.
In past research, SDN networks generally used a centralized SDN controller to manage the entire network, but the latest research shows that the design of distributed SDN controllers can maximize the network performance. e use of multiple controllers can not only balance the load between the device and the controller and minimize data packet loss but also enhance the safety performance of the SDN controller to avoid a single point of failure. erefore, the SDN controller in the control layer adopts a cluster structure, and each cluster becomes an SDN domain. At the same time, in order to reduce the network delay in each SDN domain, an SDN controller is selected as the cluster head in each SDN domain and is responsible for coordinating and controlling the transmission of control commands within the network in the SDN domain. In the proposed architecture, all SDN controllers are connected to each other in a distributed blockchain manner, so that each smart grid device in the network can communicate easily and efficiently.

Blockchain Layer.
e application of blockchain technology can protect the security and integrity of data. One of the disadvantages of blockchain is the large amount of computing power, which is necessary to maintain largescale distributed ledgers.
is problem can be alleviated through the design of the SDN domain and the cluster head SDN controller mentioned above. Today's networks are becoming more and more complex, and the number of nodes is increasing. e load of a conventional centralized SDN controller is too large, and it is prone to single point of failure. Dividing a huge network into several SDN domains for management can greatly reduce the complexity of the network. It can also greatly reduce the computational complexity caused by the introduction of the blockchain. On the other hand, each SDN domain adopts a cluster head controller as the main controller and other controllers as a supplementary design, which is also a design that takes network security into consideration. When the cluster head controller is attacked and cannot work normally, other SDN controllers in the network can be switched to the cluster head controller to ensure the network security. e cluster head controller manages the data on-chain problem of the blockchain. When a device in the SDN domain needs to be on-chain, it first needs to initiate an application to the control layer, and the cluster head controller verifies whether the device has been on-chain. If it has not been chained, the device is assigned an exclusive identifier of the SDN domain to identify the SDN domain to which the device belongs. In the future, when the SDN controller issues a control policy, it will only issue a control policy to the device with the SDN domain ID. When the number of devices in an SDN domain is higher than a certain threshold, the devices will also be migrated to other SDN domains. At this time, the cluster head controller of this SDN domain will detect the SDN domain with the smallest number of devices recorded on the blockchain. e identification of the SDN domain is allocated to the device, thereby completing the migration of the device in the SDN domain.

Distributed Control Strategy Based on Blockchain
Consensus. First, the switching node of the data layer sends a request to the control layer. e request type includes a routing flow rule request and an authentication request. After receiving the request, the cluster head controller first verifies whether the SDN domain identifier of the request source node is the SDN domain to which the cluster head controller belongs and then verifies whether the node identifier of the node is recorded in the database. If the verification fails, the request is directly discarded. After the verification is passed, the cluster head controller broadcasts in the controller cluster, and the controller group conducts a consensus according to the PBFT consensus algorithm. After the consensus is completed, it is fed back to the cluster head controller. e controller stores the information that needs to be saved for this decision, such as identity information, flow rule information and controller strategy information, routing strategy, or load balancing strategy information, and stores it on the chain, and, at the same time, returns information to the data layer to update the global strategy of the switch network information, node's identity information, and flow table information.
(1) Flow table forwarding rule data uploading: when the cluster head controller sends forwarding policies to the data layer, it will issue the flow rules required by the data nodes, and the data nodes will record them in their own flow  Figure 1: ClusterBlock design overview. the chain through the cluster head controller to enhance the security of the network as shown in Figure 2. e storage content of the controller's data flow rules on the blockchain is shown in Table 2: At the same time, the switching node will also periodically send specific information to the controller, such as periodic network traffic information, data link change information that needs to be recorded, device online and offline, etc. e controller updates the control information according to the information and stores the information on the blockchain. e innovative point of the distributed control strategy based on the blockchain consensus is that it first changes the conventional centralized SDN controller mode, turning a single controller into a controller cluster that performs distributed control through a consensus algorithm, including a cluster and several common controllers of the head controller. e controller cluster uses the PBFT consensus algorithm for consensus. e advantage of this is that if a controller is attacked and becomes a malicious node, as long as the number of malicious nodes in the controller cluster does not exceed 1/3 of the total, the result is still credible, which greatly increases the robustness of the SDN control layer.

SDN Network Monitoring Attack Method Based on Blockchain.
is section proposes a specific monitoring attack method based on a blockchain-based SDN network. e main purpose of this method is to detect and report network threats. It is mainly divided into three stages. One stage is to build a complete network view; the second stage builds a vector network containing traffic information; the third stage detects network attacks and makes corresponding treatments based on the detected network attacks.
In the first stage, in order to conduct a comprehensive analysis of the network, the smart contract module parses all communication data packets in the network.
In the second stage, the smart contract module will analyse all the OpenFlow data packets to obtain topology data and transmission status data, extracts metadata feature sets from the topology data, obtains the network topology status and network information from the header of the OpenFlow packet, obtains flow information, as well as the flow rule information of the network, and finally construct a vector network containing the communication data flow.
In the third stage, the smart contract module monitors the data interaction, flow rules and global strategy information of the data layer, and monitors whether there are malicious nodes or whether the network is under attack. is module recognizes whether the network is under attack through the strategy specified by the application layer. e specific monitoring method is roughly given below.
When the switch receives a new data packet, the switch first checks whether there is a matching flow rule in its flow table, and then the switch sends a request to assign a flow rule for the data packet to the control layer through the southbound interface API. e control layer receives the issuing rules of the application layer, sends the rules to the data layer switch, and, at the same time, stores the flow rule information on the chain, and then the switch forwards the given service according to the issued new flow rule. At the same time, the data layer switch node accesses the blockchain and compares the flow rules therein with the flow rules issued by the controller. If the rules obtained by the two methods are different, it means that the issued rule is not correct, it is a malicious flow rule, the controller has been attacked, and the attack has been successfully detected at this time.
When the monitoring module detects a new data flow, no alarm signal will be issued. Only when the monitoring module detects that the current data flow rule is issued by a malicious control node, the flow rule is inconsistent with the chain rule, and the current flow rule cannot be specified by the application layer. When the rules are modified, the monitoring module will send out an alarm signal at this time, and other conditions will not cause the monitoring module to send out an alarm signal. At the same time, the rerouting of data flow rules will not cause the monitoring module to issue an alarm signal because the rerouting rules are generated by a trusted controller, which reduces unnecessary alarm signals in the incremental graph network. At the same time, through a custom algorithm, the reply message data of each switch on the data flow path are collected to monitor the data flow statistics, and it was compared with the blockchain data to determine whether the flow rule of the switch has deviated. Figure 3 shows that the network contains several controllers as core nodes and many switches as basic data forwarding nodes. e distributed SDN control network based on blockchain mainly includes SDN controller nodes and data nodes. e controller node is also the validation node. e controller node maintains updated data flow rule information, data node identity information, and data layer network control policy information in its own database. e data node initiates requests to other data nodes and controller nodes and responds to requests. It is mainly composed of data layer forwarding devices or switches of the smart grid. A data node of this class is defined as a request node of the blockchain network if the node's operation is a request to probe the flow rules in the flow table of another node. All other nodes that respond to the request of this node are responding nodes. Response nodes may be common data forwarding nodes or core control nodes. Block ID e attack detection algorithm designed in this paper mainly introduces the Jaccard similarity coefficient to compare the similarity of the data packet transmission rate of the switch port.

Update Method of Flow Rules in the Blockchain Network.
First, the port transmission rate is processed as a vector. en, the data packet transmission rate of the switch port is obtained, and the port data packet transmission rate of the first i switch to r i (i � 1, 2, . . .) is set. e transmission rate is where n is the number of vectors in the set. en, the Jaccard similarity coefficient is calculated. e Jaccard similarity coefficient is an index used to measure the similarity of two sets. e larger the Jaccard value, the higher the similarity between the two sets. e Jaccard similarity coefficient of odd and even arrays is calculated as follows: where m � 1, 2, . . ., k. By comparing Jaccard, we can get the degree of change of the port rate. When the change exceeds a certain threshold, it is judged that the network is under attack. Figure 4 describes the update process of the data flow rules in the distributed SDN control network based on the blockchain. When the smart grid data forwarding device requests the update of the flow rules, the device acts as the requesting node. When a data packet requesting a flow rule update is circulating on the network, other nodes in the network, including all controller nodes and response nodes, will respond to the request data packet.
If the destination node is a controller node, the controller will first detect the version number of the flow table of the requesting node. If the version number of the flow table is the latest version, the blockchain database is then requested to match and compare the integrity of the flow table of the requesting node. If there is a mismatch during the detection process, the controller updates the flow table information of the node.
When the destination node is a normal node, the node will first compare whether its own flow    Security and Communication Networks is the same as that of the source node. If the version number is the same, the destination node requests the smart contract module in the blockchain network to verify the source node flow table and the hash value. If the verification is successful, it is proved that the flow rule table of the source node is correct and is the latest version, and the destination node returns a response data packet to the source and the node. If the content of the flow table of the destination node and the source node are different, the destination node requests the controller to update the flow tables by itself and the source node.

Results and Discussion
In order to evaluate the safety capability of the model in this paper, this paper sets up a software and hardware test environment to evaluate and compare with the conventional SDN network based on the OpenFlow protocol. Simulation parameters are shown in Table 3. is article uses the MININET SDN network simulator and ROX SDN controller to implement the SDN cluster based on the Ethereum platform in the Ubuntu 18.04 LTS platform and uses the PyEthereum test tool to test the functions of the blockchain part. e simulation environment is composed of 3 clusters, namely, 3 SDN domains, each SDN domain is equipped with 4 SDN controllers, among which the smart grid equipment node of the data layer uses MININET to simulate 400 data nodes to simulate the data interaction at the bottom of the smart grid.
is paper measures the bandwidth of clients launching DDoS attacks on the network, which are initiated by clients at different speeds to the switch, and evaluates the bandwidth impact of using and not using the ClusterBlock model. As shown in Figure 5, the bandwidth tested in both models is 1.9 M/S without attack. After a DDoS attack is launched, the bandwidth decreases rapidly as the attack rate increases. When the DDoS attack rate reaches 400 packets/s, the bandwidth drops to almost half. When the DDoS attack rate reaches 1400 packets per second, the network is down and data cannot be transmitted. On the other hand, using the ClusterBlock model, the bandwidth performance remains almost constant, with only a slight decrease in the whole process.
As shown in Figures 6 and 7, this paper also changes the bandwidth upper limits for testing. At the upper limits of 5M and 10M bandwidth, the ClusterBlock model has a significantly more stable performance in the face of DDoS attacks.

Conclusions
e evaluation results show that under the same scale of DDoS attack security performance, the ClusterBlock model has a more stable bandwidth and a stronger performance.

Data Availability
e data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest
e authors declare that there are no conflicts of interest.