电子与信息学报
電子與信息學報
전자여신식학보
JOURNAL OF ELECTRONICS & INFORMATION TECHNOLOGY
2009年
7期
1576-1581
,共6页
纪俊杰%阳小龙%王进%吴雄飚%林建人%隆克平
紀俊傑%暘小龍%王進%吳雄飚%林建人%隆剋平
기준걸%양소룡%왕진%오웅표%림건인%륭극평
IP网络%生存性%信任%容错%容侵
IP網絡%生存性%信任%容錯%容侵
IP망락%생존성%신임%용착%용침
IP networks%Survivability%Trust%Fault-tolerant%Intrusion-tolerant
目前IP网络受自身故障和网络攻击等异常行为影响较过去更深广.因此如何增强IP网络的容错和容侵能力显得尤为重要.但是目前很多的研究仅关注其中一个方面,而很少两者兼有,从而不能很好地兼顾安全性和可生存性.该文提出了一种有效的基于信任关系的容错容侵机制.该机制借用了社会网络中的信任关系思想,定量地描述了信任关系值与网络行为的对应关系--某节点的恶意行为会使得自己在其他节点处的信任值下降.然后,分析了该机制如何对3种网络异常,即自身故障、诋毁攻击和矛盾行为攻击的容忍能力.最后,仿真结果和分析表明该机制可以迅速而精确地检测到异常节点,并能有效地阻止这些异常对网络的攻击和破坏.
目前IP網絡受自身故障和網絡攻擊等異常行為影響較過去更深廣.因此如何增彊IP網絡的容錯和容侵能力顯得尤為重要.但是目前很多的研究僅關註其中一箇方麵,而很少兩者兼有,從而不能很好地兼顧安全性和可生存性.該文提齣瞭一種有效的基于信任關繫的容錯容侵機製.該機製藉用瞭社會網絡中的信任關繫思想,定量地描述瞭信任關繫值與網絡行為的對應關繫--某節點的噁意行為會使得自己在其他節點處的信任值下降.然後,分析瞭該機製如何對3種網絡異常,即自身故障、詆燬攻擊和矛盾行為攻擊的容忍能力.最後,倣真結果和分析錶明該機製可以迅速而精確地檢測到異常節點,併能有效地阻止這些異常對網絡的攻擊和破壞.
목전IP망락수자신고장화망락공격등이상행위영향교과거경심엄.인차여하증강IP망락적용착화용침능력현득우위중요.단시목전흔다적연구부관주기중일개방면,이흔소량자겸유,종이불능흔호지겸고안전성화가생존성.해문제출료일충유효적기우신임관계적용착용침궤제.해궤제차용료사회망락중적신임관계사상,정량지묘술료신임관계치여망락행위적대응관계--모절점적악의행위회사득자기재기타절점처적신임치하강.연후,분석료해궤제여하대3충망락이상,즉자신고장、저훼공격화모순행위공격적용인능력.최후,방진결과화분석표명해궤제가이신속이정학지검측도이상절점,병능유효지조지저사이상대망락적공격화파배.
Nowadays, IP networks are suffering many faults and malicious attacks which greatly threaten its security and survivability. So it is an important issue that how to make the IP networks to be more robust under faults and attacks, i.e., to improve their tolerance abilities for both fault and intrusion. However recently, most of the researches focus on only one of them, and decouple the survivability and security each other. According to the trust model in social networks, this paper proposes an efficient fault-tolerant and intrusion-tolerant scheme based on trust relationship for IP networks. This scheme not only borrows the trust rating from the social links, but also qualitatively describes the relationships between the trust rating and the network behavior. Then, this paper analyses the scheme how to tolerate three known malicious behaviors, viz., self-faults, bad mouth attacks and conflict behavior attacks. Finally, the numeric simulation results show that the scheme can detect the malicious nodes fast and accurately and efficiently prevent these malicious behaviors in IP networks.
