A Blockchain-Enabled Trusted Protocol Based on Whole-Process User Behavior in 6G Network

The access of massive users and devices in the 6G networks increases the risk of network attacks. Designing a trusted protocol to control user behavior can eﬀectively improve the security capability of the network. However, most of the existing trusted protocols focus on unilateral user behavior and lack eﬀective control over the whole process of user behavior. In this paper, we design a blockchain-enabled trusted protocol based on the whole-process user behavior. At ﬁrst, we describe the Whole-Process User Behavior (WPUB) after the user accesses the network, and model the whole-process trusted control process. The proposed model establishes a trusted chain between user identity, access action, and communication traﬃc, and realizes the control of WPUB. Then, based on the proposed model, we design a whole-process trusted protocol with smart agents and smart contracts in combination with blockchain. Finally, we evaluate the designed protocol in the HyperLedger Fabric-based prototype system. Evaluations show that the proposed protocol can control the WPUB and reduce the risk of the network being attacked.


Introduction
e Sixth-Generation (6G) network realizes borderless connection under the global coverage, and enables the ubiquitous connectivity of massive users and devices by thoroughly integrating multiple heterogeneous networks, including satellite, air, ground, and sea networks [1][2][3]. e access of a large number of users and devices increases the potential risk of network attacks, bringing great challenges to network security [4][5][6]. e Trusted Protocol (TP) can effectively reduce the attacks launched by malicious users on the network by controlling and managing user behaviors, which is one of the important methods to improve network security [7][8][9]. How to construct a TP to detect malicious behaviors in 6G networks with massive connections is an urgent problem to be solved. However, traditional TPs (such as identity authentication, access control, and traffic detection) are mostly deployed in centralized networks and are difficult to be applied directly to 6G networks with dynamic changes in user behaviors and heterogeneous network structures. e 6G networks put forward new security requirements for TPs, which are mainly shown as follows.
(i) Behavior traceability. For the dynamically changing user behavior in 6G heterogeneous networks, TPs need to be able to memorize the user's historical behavior and make an accurate and dynamic control based on the user behavior [10,11]. Besides, the data for TPs should be shared among trusted distributed nodes.
(ii) Privacy protection. User behavior data reflects the specific activities of users in the network [12,13]. When analyzing user behavior, it should be ensured that user behavior data is not leaked and maliciously tampered with.
In recent years, as a key technology in the 6G network, blockchain has been widely used in various fields [14,15]. e blockchain-based TPs can well meet the new security requirements of the 6G networks. On the one hand, storing user behaviors in the blockchain enables traceability of user historical behavior, making it possible to accurately control dynamically changing user behaviors. On the other hand, the decentralized and tamper-proof characteristics of blockchain ensure the security and reliability of the constructed blockchain-based TPs.
However, the existing blockchain-based TPs still have the following problems. Firstly, most of the existing methods manage user behavior under a single specific security requirement, and cannot comprehensively consider the wholeprocess user behavior after accessing the network. Secondly, the existing methods lack dynamic closed-loop feedback, and it is difficult to meet the needs of dynamic evaluation and closed-loop management. erefore, it is urgent to construct a TP with dynamic closed-loop feedback that can comprehensively consider the whole-process user behavior.
In this paper, we design a Whole-Process User Behaviorbased Blockchain-enabled Trusted Protocol (WPUB-BTP) that can control the whole-process user behavior after accessing the network. e proposed WPUB-BTP constructs a trusted control chain between user identity, access action, and communication traffic, and realizes the control of user behavior in the whole process. In addition, the protocol also builds dynamic closed-loop feedback based on user reputation, which realizes dynamic control of user behavior. e contribution of this paper can be summarized as follows.
(i) We design the trusted control model of the wholeprocess user behavior, which can comprehensively consider identity authentication behavior, access control behavior, and communication traffic behavior. (ii) We put forward a blockchain-enabled trusted protocol based on the proposed model to achieve dynamic control and closed-loop feedback on user behavior. (iii) We evaluate the trusted protocol in a HyperLedger Fabric prototype system. e evaluation shows that the proposed protocol can control the whole-process user behavior after the user accesses the network, and reduces the risk of the network being attacked. e remainder of this paper is organized as follows. In Section 2, we review the secure control methods for user behavior based on blockchain. In Section 3, we design the trusted control model of the whole-process user behavior consisting of identity authentication behavior, access control behavior, and communication traffic behavior. Based on the proposed model, we put forward the blockchain-enabled trusted protocol in Section 4.
e prototype system and evaluation analysis of the WPUB-BTP are represented in Section 5. In the end, conclusions are drawn in Section 7.

Related Work
In this section, we review the related work on blockchainbased security control methods in three aspects: identity authentication, access control, and malicious traffic detection.

Blockchain-Based Authentication
Method. Identity authentication prevents malicious users from accessing the network by identifying user identities. Recently, many researchers have designed many authentication methods based on blockchain technology to improve the security of the network.
In Vehicular Ad-hoc Networks (VANETs), Zheng et al. [16] proposed a blockchain-based authentication system, which can provide the trusted communication environment of the Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I). Similarly, Feng et al. [17] put forward a Blockchain-based Assisted Privacy-preserving authentication System (BAPS) for VANETs. e proposed system is efficient and scalable, and can efficiently achieve privacypreserving authentication without any online registration center. In the Internet of drones, Feng et al. [18] presented a blockchain-based cross-domain authentication method to build an identity federation for collaborative domains. To ensure the privacy and security of the Intelligent Transportation Systems (ITS) networks, Qureshi et al. [19] proposed a Blockchain-based Privacy-Preserving Authentication model (BPPAU).

Blockchain-Based Access Control Method.
e access control method can prevent malicious users from accessing network resources without authorization, and realize the management and control of user access behavior. With the development of blockchain, many blockchain-based access control methods have been proposed.
Tan et al. [20] suggested a blockchain-empowered general Green Smart Device (GSD) access control framework in the Green Internet of ings (GIoT). e proposed framework provides a fine-grained and extensible access control of GSDs and ensures the credibility and immutability of permission data and identity data during access. On the Internet of ings (IoT), Sun et al. [21] proposed a blockchain-based IoT access control system, which combines the permission blockchain, Attribute-Based Access Control (ABAC), and Identity-Based Signature (IBS) to achieve security, lightweight, and cross-domain access control. To provide decentralized Electrical Health Records (EHR) and service automation, a blockchain-based Internet of Medical ings (IoMT) architecture called Fortified-Chain is proposed by Egala et al. [22]. e proposed architecture can provide decentralized automation access control, security, and privacy. In the Industrial Internet of ings (IIoT), Feng et al. [23] put forward a novel access control framework based on blockchain, which consists of three types of chaincodes: PMC, ACC, and CEC. e proposed framework can achieve fast and reliable consensus based on historical behavior records stored in the ledger.

Blockchain-Based Traffic Detection Method.
User traffic detection is another important way to improve network security. According to the way of traffic detection, it can be divided into methods-based statistical methods and methods based on machine learning methods [24]. In recent years, the development of blockchain has enabled more and more scholars to build detection models in blockchain networks based on existing traffic detection technologies.
In the Satellite Communication (SATCOM) systems, Cao et al. [25] proposed a blockchain-based access control and intrusion detection framework ACID, which can dynamically adjust the Access Control Rules (ACRs) and effectively detect attacks against smart contrasts. Similarly, Guo et al. [26] proposed a blockchain-based Distributed Collaborative Entrance Defense (DCED) framework to protect the satellite networks from malicious attacks. Experiment shows that the proposed framework can effectively protect the bandwidth resources of satellite Internet from DDoS attacks. Ramanan et al. [27] put forward a blockchainbased decentralized replay attack detection mechanism for large-scale power systems. e proposed mechanism can detect coordinated replay attacks with full privacy. To prevent IoT devices and other computing resources from DDoS attacks, Hayat et al. [28] proposed a Multilevel DDoS mitigation approach (ML-DDoS) based on blockchain. e results show that the proposed framework can accurately detect DDoS attacks in IoT, and has good performance in throughput, latency, and CPU utilization.
In Table 1, we summarize the relevant work of blockchain-based TPs and analyze whether they meet the security requirements of TPs in 6G networks. e above methods put forward the blockchain-based TPs to improve network security in different aspects. However, most methods only focus on one aspect of user behavior and lack control of the whole-process user behavior after accessing the network. In addition, for dynamically changing user behavior in the 6G network, those methods lack closed-loop feedback, and cannot adjust control strategies in real time according to user behaviors. erefore, based on blockchain, we build a trusted protocol with dynamic closed-loop feedback to realize the whole-process behavior control of users, so as to meet the security requirements of TPs in the 6G networks.

Trusted Control Model
In this section, we first present the whole-process user behavior description. en, we describe the trusted control model of the whole-process user behavior.

Whole-Process User Behavior Description.
Before introducing the trusted control model, the Whole-Process User Behavior (WPUB) in the 6G network needs to be defined. According to the different behaviors initiated by users after accessing the network, the WPUB can be divided into three sub-behaviors: Identity Authentication Behavior (IAB), Access Control Behavior (ACB), and Communication Traffic Behavior (CTB), as shown below.

Whole-Process Trusted Control Model.
To realize the trusted control of the WPUB, a Whole-Process Trusted Control model (WPTC) deployed in the access gateway is proposed. According to the division of WPUB, WPTC can be divided into three different modules: Identity Authentication Module (IAM), Access Control Module (ACM), and Traffic Detection Module (TDM). e proposed three modules can control and manage the user's sub-behavior to ensure the trust of each process. Besides, to achieve closed-loop feedback and dynamic control between three different control processes, a Dynamic Control Mechanism (DCM) based on the user's reputation is also proposed. e DCM constructs a dynamic control between user sub-behaviors in different modules and realizes the trusted control of whole-process behavior. e WPTC is shown in Figure 1.

Identity Authentication Module.
e IAM authenticates the identity of users to ensure the trusted user identity, which is the first security protection barrier in the WPTC framework. To better model the IAM and reflect the control process of the module on IAB, we represent the Identity Authentication Result (IAR) as the mapping relationship of IAB, as shown in the following equation:

Security and Communication Networks
It is assumed that n users are accessing the network through the access gateway at time t. In (6), f is the trusted authentication protocol reflecting the relationship between IAR and IAB. IAB t i and IAR t i represent the IAB and IAR of user u i at time t, respectively. If the identity of user u i is trusted, the IAR t i is set to 1. Otherwise, IAR t i is set to 0.

Access Control Module.
e ACM is the key module to ensure the trust of access actions, which verifies whether the user can be authorized to access the Network Resources (NR) according to the access policy. e user needs to be authenticated before performing access control. A user with a trusted identity can access the network resources only after obtaining the legitimate access authorization. e ACM can be modeled as shown in (7). g() is the trusted access control protocol. ACB t i and ACR t i represent the ACB and the Access Control Result (ACR) of user u i at time t, respectively. If the access action of u i is authorized, the access control result is 1.    [16] 2019 Security and Communication Networks

Dynamic Control
Mechanism. e above three modules control user sub-behaviors from three aspects: user identity, access action, and communication traffic. By constructing a trusted control chain of the "user identityaccess action-communication traffic," WPTC realizes the security control of user behavior in the whole process. In order to improve the security capability of closed-loop feedback and dynamic control, we introduce the DCM in WPTC.
DCM is the core control mechanism of WPTC, which can dynamically control the user's behavior by evaluating the reputation of the user. In DCM, the user's reputation is calculated by the Reputation Evaluation Module (REM), and the reputation is consisting of two kinds of subreputations: Sub-behavior Reputation (SR) and Global Reputation (GR). e SR is calculated by the historical behavior of each subbehavior. Based on the division of the WPUB, the SR of user u i at time t can be subdivided into user identity reputation UIR t i , access action reputation AAR t i , and communication traffic reputation CTR t i . e UIR t i , AAR t i , and CTR t i can be calculated by (9-11), respectively.
In (9)-(11), IAB T i , ACB T i , and CTB T i represent the historical sub-behaviors of IAB, ACB, and CTB in the time period T before time t, respectively. IAB t1 i is the first historical sub-behavior IAB of u i in the time period T. Likewise, the historical sub-behavior in the time period of ACB and CTB can be represented similarly to the IAB. φ 1 , φ 2 , and φ 3 are the reputation evaluation functions of IAB, ACB, and CTB, respectively. e global reputation GR t i of user u i can be calculated by the above three sub-behavior reputations, as shown in (12). θ is the global reputation calculation function.
When the user behavior is untrusted, based on proposed SR (UIR t i , AAR t i , CTR t i ) and GR (GR t i ), we put forward the DCM in the above three models. e DCM can be divided into the following three stages.
In the identity authentication stage, the Dynamic Control Result (DCR) generated by DCM can be modeled as (13). When the identity of user u i is untrusted (IAR t i � 0), the DCM can formulate different DCRs according to the different UIR t i . μ 1 is the security control judgment function of DCM in the IAM, and DC R t i is the DCR of user u i at time t. If UIR t i is greater than the threshold value ω, the DCR t i of user u i is set to "re-authenticate." If UIR t i < ω, the DCR t i is set to "access blocking," and the user is not allowed to access the network.
In the access control stage, the dynamic control process can be represented as (14). e DCM in the ACM ensures that different control policies are implemented based on different UIR t i and AAR t i when user's access behaviors are abnormal (ACR t i � 0). μ 2 is the security control judgment function of DCM in the ACM. If the access reputation value AR t i of user u i is less than the threshold value λ 1 , DCR t i is "access blocking," which means the access behavior of the user is blocked. If λ 1 ≤ AR t i < λ 2 , the user needs to be reauthenticated; If AR t i ≥ λ 2 , the DCR t i is "re-access control," and the user needs to perform access control again. e AR t i can be calculated as follows. AR t i � ψ(UIR t i , AAR t i ). ψ is the evaluation function of the access behavior.
In the traffic detection stage, DCM can be modeled as (15). When a user initiates abnormal traffic to the network (CTB t i � 0), DCM formulates different security control schemes based on the user's global reputation GR t i to improve the security capability of the network. μ 3 indicates the security control judgment function of the DCM in the ACM. When the user traffic is detected as malicious traffic, the communication traffic is blocked. If the global reputation GR t i is less than ρ 1 , the user is recorded on the blacklist and is not allowed to access the network for a period of time. If ρ 1 ≤ GR t i < ρ 2 , the DCR t i is "re-authenticate"; If GR t i ≥ ρ 2 , the user should be "re-access control." ρ 1 and ρ 2 are the threshold constants of global reputation in the traffic detection stage.
In (13)(14)(15), the DCR t i is one of the elements in the set of Dynamic Control Policies (DCP). DCR t i ∈ DCP. DCP can be given as follows: DCP � dcp 1 , . . . , dcp n .
In (16), dcp n is the nth subcontrol policy in the DCP set. In the DCM, the subcontrol policy dcp n can be set as "reauthentication," "re-access control," "access blocking," "traffic blocking," and so on according to the specific network scenario.

Blockchain-Enabled Trusted Protocol Based on WPUB
In this section, based on the proposed trusted control model, we design the Blockchain-enabled Trusted Protocol (WPUB-Security and Communication Networks BTP) including trusted user identity protocol, trusted access action protocol, and trusted communication traffic protocol. In WPUB-BTP, the functions of the modules in the trusted control model are deployed in the access gateway and blockchain network in the form of Smart Agents (SA) and Smart Contracts (SC). e SA is mainly responsible for interacting with UEs, processing and forwarding the user requests, while the SC stores the user behaviors and generate trusted management policies in the blockchain. e division of modules in the trusted control model can be shown as follows.
e functions of the IAM are performed by the Identity Authentication Agent (IAA) and Identity Authentication Smart Contract (IASC), and the ACM is deployed as the Access Control Agent (ACA) and Access Control Smart Contract (ACSC). In addition, the TDM is deployed in WPUB-BTP as a Traffic Detection Agent (TDA) and Traffic Detection Smart Contract (TDSC).
e Reputation Evaluation Smart Contract (RESC) in the blockchain network is deployed to perform the functions of the proposed REM. Besides, the user in the WPUB-BTP is represented as UE, and the network resources in the servers are abbreviated as NR.
In the following subsections, we will describe the three subprotocols in WPUB-BTP for security control of user subbehaviors.
e blockchain-enabled trusted protocol is shown in Figure 2.

Trusted User Identity Protocol.
In the trusted user identity protocol, the IAA is used to forward and process the identity authentication requests of users, while the IASC stores the authentication credentials and generates the user authentication vector. e trusted user identity protocol can be described as the following steps. STEP 1: UE sends the authentication request to IAA; STEP 2: IAA invokes the interface of IASC to generate authentication vector and authenticate user identity. If the user identity is authenticated successfully, go to STEP 4. Otherwise, go to STEP 3. STEP 3: If the user identity is untrusted, IAA needs to query the User Identity Reputation (UIR) of the user, and generates the DCR according to the UIR; STEP 4: Meanwhile, the IAA invokes IASC interfaces to record identity authentication behaviors. STEP 5: RESC updates the user identity reputation based on the recorded IAB; STEP 6: Finally, IAA returns the IAR or the DCR to UE.

Trusted Access Action Protocol.
e trusted access action protocol in the WPUB-BTP is used to evaluate user access control behavior. In the trusted access action protocol, there are two components, ACA and ACSC, which perform the access control function. e ACA is used to forward the access control requests initiated by users, while the ACSC generates the access policy and stores the user access control behavior. e trusted access action protocol consists of the following seven steps. STEP 1: UE sends the access control request to the ACA. STEP 2: After receiving the access control request, the ACA looks up the identity authentication result of the UE to verify whether the user identity is legal; If the user is illegal, the ACR is set to 0, and the next step is STEP 5. Otherwise, go to STEP 3. STEP 3: If the identity of the user is trusted, the ACSC generates the access control policy for the UE. If the user access action is unauthorized, go to STEP 4. Otherwise, go to STEP 5. STEP 4: ACA queries the user's Access Action Reputation (AAR), and generates the DCR based on the obtained AAR. STEP 5: At the same time, the ACA invokes ACSC interfaces to record access control behaviors. STEP 6: RESC updates the access action reputation based on the recorded ACB. STEP 7: In the end, ACA returns the access control result or the dynamic control result to UE.

Trusted Communication Traffic Protocol.
In the trusted communication traffic protocol, the TDA in the access gateway is the component that mainly performs the function of traffic detection. In TDA, different types of detection submodules can be deployed to detect the user traffic passing through the gateway in real time. e TDSC in the protocol periodically stores the communication traffic behavior of users. e trusted communication traffic protocol is used to control the communication traffic behavior of users, which includes the following steps. STEP 1: UE sends the communication traffic through the access gateway to the NR. STEP 2: e TDA in the access gateway needs to ask the ACSC contract whether the user has permission to access NR when the user's traffic arrives for the first time. STEP 3: If the UE is an authorized access user, the user is allowed to send traffic to network resources. At the same time, the TDA continuously detects the traffic between UE and NR in real time. STEP 4: If the traffic initiated by the user is detected abnormal, the communication traffic needs to be blocked at the first time. en, the TDA calls the interface of RESC to obtain the user's Communication Traffic Reputation (CTR), and generates the DCR based on the obtained CTR; STEP 5: Meanwhile, the TDA periodically records the CTB in the TDSC contract based on the traffic detection results. STEP 6: And the RESC updates the communication traffic reputation based on the recorded CTB. STEP 7: At last, the TDA returns the dynamic control result to UE.

Evaluation
In this section, we first introduce the prototype system based on the proposed WPUB-BCP protocol. en, we evaluate the WPUB-BCP protocol in the HyperLedger Fabric prototype system. Figure 3, based on the proposed WPUB-BTP protocol, a prototype system is deployed for evaluation. We deploy a server cluster based on VMware vSphere [29] virtualization platform. e server cluster consists of 12 servers, each configured with a 40G disk, 16G memory, and an 8-core processor. In the server cluster, 12 servers can be divided into satellite networks domain, cellular networks domain, and wireless local area networks domain depending on the application scenario. And each domain contains one UE and three access gateways.

Prototype System. As shown in
Compared with other blockchain platforms such as Ethereum (https://ethereum.org/), HyperLedger Fabric (https://github.com/hyperledger/fabric/) has the advantages of high modularity and scalability, and has been widely and maturely applied in various commercial scenarios. erefore, in this article, we build the WPUB-BTP protocol prototype system based on Fabric. In the prototype system, the blockchain network is constructed on the nine access gateways.
In the prototype system, the HyperLedger Fabric blockchain network is divided into three organizations (3 Org), and each organization consists of one certificate authority (1 CA), three peer nodes (3 peers), and one UE  IAA  ACA  TDA  IASC  ACSC  TDSC  RESC  NR   UE  IAA  ACA  TDA  IASC  ACSC  TDSC  RESC   Security and Communication Networks ordering node (1 orderer). e access gateways initiate the transactions to the blockchain network through the SDK interface (fabric-py-sdk (https://github.com/hyperledger/ fabric-sdk-py/)) for data storage, update, and query operations. ree smart agents (IAA, ACA, and TDA) written in Python (https://docs.python.org/3.9/) are deployed at each access gateways, performing identity authentication, access control, and traffic detection functions. In addition, we design four smart contracts (IASC, ACSC, TDSC, and RESC) based on the go-lang (https://github.com/golang/ go/) language and deploy them in the blockchain network in the form of chaincodes. IASC and ACSC are used to control user authentication behavior and access control behavior, respectively. TDSC is used to detect the traffic behavior sent by users, while RESC evaluates the reputation based on user authentication, access control, and traffic behavior to realize dynamic closed-loop control of user behavior.

3.Detect UE-Network Resource communication traffic
To evaluate the performance of the proposed WPUB-BCP protocol, we deploy the specific control methods in each module (SA and SC). In our previous work [30], an authentication method based on EAP-MD5 is proposed for fast authenticate. erefore, in the IAM module, we use the same authentication method to represent the trusted authentication protocol f, so as to ensure the trusted user identity. Besides, an access control method based on the   Security and Communication Networks Attribute-Based Access Control (ABAC) model [31] is deployed in the ACM module to represent the trusted access control protocol g. In the TDM, we deploy the same traffic detection method based on the Deep Deterministic Policy Gradient (DDPG) algorithm as in [32] to represent the trusted communication traffic protocol h. In addition, the Beta Reputation System (BRS) [33] can give a comprehensively evaluation of users' positive and negative behaviors. erefore, in this paper, we deploy the BRS in REM module to evaluate the reputation of user's sub-behavior (UIR t i , AAR t i , CTR t i ) and to provide the feedback for dynamic control. φ 1 , φ 2 , and φ 3 are the reputation value calculation formulas of beta reputation system. Specifically, the global reputation and the access reputation can be calculated as follows: In addition, the threshold constants in the DCM are set as follows: ω � 0.5, λ 1 � 0.35, λ 2 � 0.65, ρ 1 � 0.4, ρ 2 � 0.7. μ 1 , μ 2 , and μ 3 are set as described in Section 3.2.

Performance Evaluation.
In this subsection, we first evaluate the performance of the three proposed trusted protocols: trusted user identity protocol, trusted access action protocol, and trusted communication traffic protocol. Subsequently, we functionally evaluated the designed dynamic control mechanism. Figure 4 shows the evaluation result of the trusted user identity protocol. We evaluate the control results of the trusted user identity protocol under 100, 500, 1000, 2000, 5000, and 10000 authentication requests, and the proportion of illegal users is 20%, 40%, 60%, and 80%, respectively. As can be seen from Figure 4, the proposed trusted user identity protocol can achieve accurate authentication of a large number of users. In addition, the proposed protocol can prevent illegal users from accessing the network, which improves the security of the network.

Trusted Access Action
Protocol. Subsequently, we evaluate the trusted access action protocol with 100, 200, 500, and 1000 access control requests per second in, as shown in Figure 5. In the evaluation, it is assumed that 20% of the requests are sent by unauthenticated UEs and 80% by the trusted identity UEs. In addition, it is assumed that 60% of users with trusted identities can obtain access policies. As can be seen from Figure 5, the proposed trusted access action protocol can evaluate user access control behaviors and successfully generate the corresponding access policies. Furthermore, the evaluation results show that users without trusted identities cannot get access authorization, which ensures the security and credibility of the network from both user identity and access action. Figure 6, the management and control process of user traffic behavior by the proposed trusted communication traffic protocol is shown. We simulated the traffic sent by two types of authorized users, namely normal user traffic and abnormal user traffic. Within 0-200 s, the normal users continuously send normal traffic to the network resource, while the abnormal uses periodically launch attack traffic. Both the normal traffic and the abnormal traffic are generated according to traffic dataset collected in [20]. e traffic detection module is deployed in the access gateway at 50 s. As shown in the figure, the traffic detection module can distinguish the normal traffic and abnormal traffic according to the traffic characteristics. And the trusted communication traffic protocol can generate the real-time control policies to block the malicious traffic according to the detection results.

Dynamic Control Mechanism.
In this subsection, we evaluate the continuous dynamic control results of the proposed dynamic control mechanism on user behavior when the user accesses the network and performs identity authentication, access control, and traffic detection in sequence.
As shown in Table 2, we simulate the user behavior of 200 users accessing the network. At the beginning of 200 users accessing the network, we set 50% of users to send correct authentication requests, 25% of high-reputation users (reputation greater than 0.5) to send incorrect authentication requests, and 25% of low-reputation users (low reputation greater than 0.5) to send a bad authentication request. e 100 users with trusted identities who send correct authentication requests need to perform access control when accessing network resources. Similarly, we set the following settings for users who send access control requests, among which 50% of users have successful access control, and 50% of users have failed access control; among the users whose access control fails, we set 50% of the users whose reputation is higher than 0.65, 30% of users have a reputation between 0.35 and 0.65, and 20% of users have a reputation below 0.35. Finally, among the 50 authorized users, we set 25 users send normal traffic, and the rest send abnormal traffic. In order to display the dynamic control results in the traffic detection stage, we divided the users sending abnormal traffic into three groups as follows: good reputation (reputation is greater than 0.7), moderate Security and Communication Networks reputation (reputation is between 0.4 and 0.7), and low reputation (reputation is lower than 0.4). e three groups have 25, 15 and 10, users respectively. Figure 7 shows the dynamic control results of the wholeprocess user behavior in three continuous stages. 0-200 s is the user identity authentication stage; 200-300 s is the user access control stage; and 300-350 s is the user traffic detection stage. It should be noted that, in order to visually display the results of dynamic control mechanism, Figure 7 only shows the number of users who successfully authenticated for the first time and access control for the first time, but does not show the number of users who successfully reauthenticated and re-access control.
In the identity authentication stage, we simulated a total of 200 users sending identity authentication requests to IAM. As can be seen from Figure 7, the designed IAM can accurately control user authentication behavior, and can generate different dynamic control results according to different reputation values of users.
Only users who are successfully authenticated in the identity authentication stage can perform access control. erefore, in the access control stage, it can be seen from Figure 7 that the number of re-authentication ("re-auth"), re-access control ("re-acc. ctrl."), and access blocking ("acc.  corresponding access control policies according to user's access action. In the traffic detection phase, as can be seen from Figure 7, the traffic detection module can allow users who send normal traffic ("tfc. allow") to access network resources, and block the traffic sent by malicious users ("tfc. block") in time. In addition, the designed dynamic feedback mechanism can generate accurate dynamic control results ("re-auth," "re-acc. ctrl.," and "acc. block") according to the user's reputation value when the traffic detection is abnormal. When the user's reputation is lower than the threshold 0.4, the dynamic control mechanism will prevent users from accessing the network ("acc. block"). When the user reputation value is between 0.4 and 0.7, the proposed mechanism generates the dynamic control result of "reauth." When the user's reputation is higher than 0.7, the user is asked to redo the access control process ("re-acc. ctrl.").

Conclusion
In this paper, we have proposed a blockchain-enabled trusted protocol based on the whole-process user behavior. e proposed WPUB-BTP constructs a trusted control chain between user identity, access action, and communication traffic, and realizes the control of user behavior in the whole process. In addition, the protocol also builds dynamic closed-loop feedback based on user reputation, which realizes dynamic control of user behavior. Eventually, we deployed the proposed protocol in the Hyperledger Fabric for evaluation. e results show that the proposed WPUB-BTP can control the whole-process user behavior and reduce the risk of network being attacked.
is paper focuses on demonstrating the dynamic trusted control mechanism based on whole-process user behavior. In future work, we will optimize the trusted subprotocol and parameter selection in each module, and conduct more in-depth research on authentication, access control, and malicious traffic detection.

Data Availability
e data that support the findings of this study can be obtained from the corresponding author upon reasonable request.

Conflicts of Interest
e authors declare that there are no conflicts of interest regarding the publication of this paper.