WO2009062429A1 - Method, net node and system avoiding attacks in p2p network - Google Patents

Method, net node and system avoiding attacks in p2p network Download PDF

Info

Publication number
WO2009062429A1
WO2009062429A1 PCT/CN2008/072506 CN2008072506W WO2009062429A1 WO 2009062429 A1 WO2009062429 A1 WO 2009062429A1 CN 2008072506 W CN2008072506 W CN 2008072506W WO 2009062429 A1 WO2009062429 A1 WO 2009062429A1
Authority
WO
WIPO (PCT)
Prior art keywords
node
malicious
behavior
malicious behavior
notification message
Prior art date
Application number
PCT/CN2008/072506
Other languages
French (fr)
Chinese (zh)
Inventor
Feng Li
Xingfeng Jiang
Haifeng Jiang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2009062429A1 publication Critical patent/WO2009062429A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • H04L67/1023Server selection for load balancing based on a hash applied to IP addresses or costs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers

Definitions

  • the present invention relates to the field of P2P technologies, and in particular, to a method, a network node, and a system for preventing attacks in a P2P network. Background technique
  • Peer to Peer is a distributed network.
  • Network participants (Peer) share some of the hardware resources they have (processing power, storage capacity, network connectivity, printers, etc.). These shared resources. Services and content need to be provided by the network and can be accessed directly by other peers (Peer) without going through intermediate entities. Participants in this network are both providers of resources (services and content) and acquirers of resources (services and content).
  • P2P breaks the traditional client/server (C/S) mode, and the status of each node in the network is peer-to-peer. Each node acts as a server, serves other nodes, and accepts services provided by other nodes.
  • C/S client/server
  • P2P technology makes full use of the capabilities of each node in the system to provide services to each other.
  • the use of P2P technology will greatly increase the utilization of these nodes, thereby further improving the efficiency of networks, devices and information services.
  • P2P networks further include several types of structured, unstructured, and loosely structured.
  • the characteristic of a structured P2P network is that the release of resources is closely related to the network topology. The resources are accurately distributed in the network according to the logical addresses in the P2P topology.
  • Each node in such a network has a virtual logical address and makes all nodes form a relatively stable and compact topology based on the address.
  • the value generated after Hash is used as the key, and the generated key and its corresponding resource are recorded as key/value pairs.
  • the resource is distributed in the structured P2P network according to the mapping relationship between the key and the P2P node, and the resource can be found in the P2P network by using the key. That is to say, in the P2P network, each peer needs to be responsible for storing a range of key values, which is based on a distributed hash algorithm. (Down Hash Table, DHT) is calculated. The range of key values calculated by different DHT algorithms is also different.
  • the chord algorithm Take the chord algorithm as an example: In the chord algorithm, assuming that Peer a and Peer b are neighbors, and the ID of Peer a is smaller than the ID of Peer b, the key value range of Peer a is from Peer a ID to Peer b ID. The key value of the range of values.
  • P2P An important function of P2P is the routing of messages.
  • messages In a structured P2P system, messages must be routed to destinations according to a certain algorithm according to a certain number of peers.
  • Identity Attack is one of the attacks.
  • the principle of this attack is: When a malicious node receives a request from a user, it knows that it is not the root node responsible for the requested key/value pair (root node.
  • the DHT algorithm rule is responsible for a node of a key/value pair), but the malicious node no longer continues to route to the real root node according to the DHT algorithm rules, but rather calls itself the root node and returns the user to the requesting user. Any response returned, which can further implement the "phishing attack". Because the user who initiated the request in the P2P network does not know which node the key's root node is in, it is possible that the attacker will attack.
  • each node selects several cooperative nodes (the number of which can be determined according to the network size), and the cooperative node may be some specific node in the network. It can also be a node selected according to a certain rule, for example, selecting n bits from NodelD to do the hash.
  • a collaborative node is responsible for preserving evidence for multiple nodes. Each time the node goes online, it generates an online evidence to send to these collaboration nodes, and maintains a keep-alive relationship with these collaboration nodes.
  • the requesting node estimates the space of the root node's Nodeld according to the distribution of the nodes in its routing table. Then, according to the space, the cooperative node of the node in the space is calculated, and then a request for obtaining evidence is sent to the cooperative node. If the cooperative node finds that a node closer to the key value exists, the evidence is returned to the node that initiated the request.
  • the premise of this is: All messages are to be signed, and all messages have a timestamp. The requesting node compares the obtained response message with the evidence sent by the cooperative node.
  • the responding node is considered to be a malicious node, if the evidence returned is proved If no node closer than this node is responsible for this key value, then the message that the request response is valid is valid.
  • This scheme only provides a method for detecting identity attacks, that is, it is only used to discover malicious behaviors of malicious nodes, but this malicious node is not processed, and the next request cannot be prevented from being attacked by the same malicious node.
  • an embodiment of the present invention provides a method for preventing an attack in a P2P network, including: receiving a malicious behavior notification message, where the malicious behavior notification message carries a malicious behavior information of the node; After the message is legal, the node malicious behavior information carried in the malicious behavior notification message is recorded; the node with no malicious behavior or the node with less malicious behavior record is selected as the next hop to forward the P2P data packet according to the recorded malicious behavior information of the node.
  • Another method for preventing an attack in a P2P network includes: receiving a malicious node notification message, where the malicious node notification message carries malicious node information; and determining that the malicious node notification message is legal, the recording office Describe the malicious node information carried in the malicious node notification message; select a non-malicious node or a node with less malicious records according to the recorded malicious node information as One-hop forwarding of P2P data packets.
  • the embodiment of the invention further provides a network node, including:
  • a receiving unit configured to receive a malicious behavior notification message of the node
  • a first determining unit configured to determine a legality of a node malicious behavior notification message received by the receiving unit
  • the first storage unit is configured to store the malicious behavior information of the node after the first determining unit determines that the malicious behavior notification message of the node is legal, and the malicious behavior information of the node includes the number of times the node is determined to be malicious.
  • a receiving unit configured to receive a malicious node notification message
  • a first determining unit configured to determine a validity of the malicious node notification message received by the receiving unit, where the first storage unit is configured to store the malicious node information after the first determining unit determines that the malicious node notification message is legal,
  • the malicious node information includes the number of times the malicious node is determined to be malicious; the sending unit is configured to select a non-malicious node or a node with less malicious records as the next hop forwarding
  • the P2P network system includes a first node and a second node, where the first node is configured to determine whether a node that sends a response message is a malicious node, and when the node that sends the response message is a malicious node, Sending a malicious node notification message to the second node;
  • the second node is an upstream node of the malicious node, and the second node is configured to receive the malicious node notification message, determine the legality of the malicious node notification message, and record the malicious node notification message when the malicious node is notified
  • the malicious node information and after receiving the data packet, selects a non-malicious node or a node with less malicious records as the next hop to forward the data packet according to the recorded malicious node information.
  • Another P2P network system includes a first node and a second node.
  • the first node is configured to determine whether the behavior of the node that sends the response message is a malicious behavior, and send a node malicious behavior notification message to the second node when the behavior of the node that sends the response message is a malicious behavior;
  • the second node is an upstream node of a node that performs malicious behavior, and the second node is configured to receive the malicious behavior notification message of the node, determine the legality of the malicious behavior notification message of the node, and maliciously act on the node.
  • the notification message is legal
  • the node malicious behavior information is recorded, and the node with no malicious behavior or the node with less malicious behavior record is selected as the next hop to forward the P2P data packet according to the recorded malicious behavior information of the node.
  • the embodiment sends evidence that the node performs malicious behavior to the upstream node of the node that made the malicious behavior, and the upstream node records the malicious behavior.
  • FIG. 1 is a flowchart of a first embodiment of a method for preventing an attack in a P2P network according to the present invention
  • FIG. 2 is a flowchart of a second embodiment of a method for preventing an attack in a P2P network according to the present invention
  • FIG. 4 is a schematic diagram of a system of a P2P network system according to the present invention. detailed description
  • Embodiments of the present invention provide a method for preventing an attack in a P2P network, and a P2P network system and a network node for preventing an attack.
  • the node detects that there are other nodes in the P2P network system to make malicious behavior, it will prove that the node made evidence of malicious behavior to the node that made the malicious behavior.
  • the upstream node the upstream node records the information of the node that made the malicious behavior and the number of times the node is notified of the malicious behavior, and selects the node with no malicious behavior record or the number of malicious behavior records when the data message needs to be forwarded.
  • the node forwards the data packet to reduce or avoid the impact of the node that has made malicious behavior on the entire P2P network.
  • FIG. 4 it is a schematic diagram of a system of a P2P network system according to the present invention.
  • the node A-G assumes the same work in the P2P network.
  • data packets are transmitted clockwise along the A-G direction.
  • A is the node that initiated the request
  • F is the root node of the key/value pair requested by the storage A
  • D is the node responding to the request of A
  • C is the upstream node of D
  • the dotted line indicates the path to be forwarded
  • the solid line indicates the notification message sent by node A.
  • FIG. 1 a flow chart of a first embodiment of a method for preventing an attack in a P2P network according to the present invention is shown.
  • the method runs in the system shown in FIG. 4 and specifically includes the following steps:
  • the node A initiates a request message for acquiring a resource in the P2P network, where the request message carries a tag value of the resource.
  • the request message is transmitted in the P2P network according to the routing rule of the P2P.
  • the node D After receiving the resource request message, the node D sends a response message to the node A by using itself as the root node.
  • the node A After receiving the response message sent by the node D, the node A determines whether the behavior of the node D sending the response message is malicious.
  • the node A can determine whether the behavior of the node D sending the response message is a malicious behavior by using the solution provided by the background of the present invention. That is, the node A knows through the cooperation node whether the node D is the root node responsible for the key requested by the node A, where Let me repeat.
  • Node A determines that the behavior of determining that node D sends a response message is a malicious behavior, and calculates a section. The upstream node of point D.
  • node A can also save evidence that node D sends a response message that is malicious.
  • the evidence may include a response message signed by node D and evidence that node D sent by the cooperating node is not responsible for the root node of the requested key.
  • Node A sends a malicious behavior notification message to node C, informing node D to make a malicious behavior.
  • the malicious behavior notification message may carry evidence that the behavior of the node D transmitting the response message is malicious behavior.
  • the node C After receiving the malicious behavior notification message sent by the node A, the node C determines whether the malicious behavior notification message is legal. If it is legal, step S17 is performed. If it is not legal, the malicious behavior may be discarded or not processed. The notification message may also confirm the behavior of the node A sending the notification message as a malicious behavior when the malicious behavior notification message is invalid.
  • Judging whether the malicious behavior notification message is legal can be performed according to whether the node A is a trusted node, or according to the evidence that the behavior of the certification node D carried in the malicious behavior notification message is a malicious behavior. If the evidence can prove that node D is not the root node responsible for the key requested by node A, then the behavior of node D sending the response message is considered malicious.
  • Node C records the malicious behavior information of node D.
  • the malicious behavior information includes the information of the node D and the number of times the node D is notified of the malicious behavior.
  • the node C After receiving the request for forwarding the P2P data packet, the node C first calculates the possible next hop node, and then selects the node with no malicious behavior record or the node with less malicious behavior record to forward the data packet from the nodes. .
  • FIG. 2 it is a flow chart of a second embodiment of a method for preventing an attack in a P2P network according to the present invention.
  • the method also operates in the system shown in FIG. 4, and specifically includes the following steps:
  • the node A initiates a request message for acquiring a resource in the P2P network, where the request message carries the resource.
  • the tag value key The request message is transmitted in the P2P network according to the routing rule of the P2P.
  • the node D After receiving the resource request message, the node D sends a response message to the node A by using itself as the root node.
  • the node A After receiving the response message sent by the node D, the node A determines whether the node D is a malicious node. Node A can use the scheme provided in the background of the present invention to determine whether node D is the root node responsible for the key requested by node A. If not, node D is considered to be a malicious node.
  • node A After determining that node D is a malicious node, node A calculates an upstream node of node D. Preferably, node A can also save evidence that node D is a malicious node. The evidence may include a response message signed by the node D and evidence that node D sent by the cooperating node is not responsible for the root node of the requested key.
  • Node A sends a malicious node notification message to node C, and notifies node D that it is a malicious node.
  • the malicious node notification message may carry evidence that the node D is a malicious node.
  • the node C determines whether the malicious node notification message is legal. If it is legal, step S27 is performed. If it is not legal, the malicious node may be discarded or not processed.
  • the notification message may also be considered as a malicious node by the node A that sent the notification message.
  • Judging whether the malicious node notification message is legal can be performed according to whether the node A is a trusted node, or according to the evidence that the certification node D carried in the malicious node notification message is a malicious node. If the evidence can prove that node D is not the root node responsible for the key requested by node A, then node D is considered to be a malicious node.
  • Node C records node D as a malicious node. It is also possible to record the number of times Node D is notified as a malicious node.
  • the node C After receiving the request for forwarding the P2P data packet, the node C first calculates the possible next hop. Point, and then select a non-malicious node from these nodes or a node that is notified that the number of malicious nodes is small to forward the data message.
  • FIG. 3 is a schematic structural diagram of a network node according to the present invention. Determined by the structural characteristics of the network, the network node can be any one of the A-Gs in Figure 4. This node includes:
  • a first receiving unit configured to receive a malicious behavior notification message
  • a first determining unit configured to determine a legality of the malicious behavior notification message received by the first receiving unit
  • a first storage unit configured to store, after the first determining unit determines that the malicious behavior notification message is legal, storing malicious behavior information of the node, where the malicious behavior information includes a number of times the node behavior is determined to be malicious;
  • a first calculating unit configured to calculate and select a next hop node of the forwarding file that has no malicious behavior record or has less malicious records
  • a first sending unit configured to forward the data packet
  • a second receiving unit configured to receive a response message
  • a second determining unit configured to determine whether the behavior of the node of the response message received by the second receiving unit is a malicious behavior
  • a second storage unit configured to store, after the second determining unit determines that the behavior of the node that sends the response message is a malicious behavior, storing the behavior as evidence of malicious behavior;
  • a second calculating unit configured to calculate an upstream node of the node that performs the malicious behavior
  • a second sending unit configured to send a malicious behavior notification message to an upstream node of the node that performs the malicious behavior.
  • the first receiving unit in the network node of the present invention is further configured to receive a malicious node notification message; the first determining unit is further configured to determine the evil received by the first receiving unit
  • the first storage unit is further configured to store the malicious node information after the first determining unit determines that the malicious node notification message is legal, and the malicious node information includes the number of times the node is determined to be malicious;
  • the first calculating unit is further configured to calculate and select a next hop node of the non-malicious or maliciously recorded packet with less frequent number of records;
  • the first sending unit is further configured to forward the P2P data packet;
  • the second receiving unit is further configured to receive a second determining unit is further configured to determine whether the node of the response message received by the second receiving unit is a malicious node;
  • the second storage unit is further configured to determine, by the second determining unit, the sending response message After the node is a malicious node, the node is stored as a malicious node;
  • the second computing unit is further configured to

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method, net node and system avoiding attacks in a p2p network are disclosed. The method includes: sending the evidence proving that a node acts a malicious behavior to an upriver node of the node who acts a malicious behavior when detecting that the node acts malicious behavior in the p2p network; the upriver node recording the information of the node who acts a malicious behavior or the times of the node reported acting a malicious behavior; and when needing to forward a data message, selecting a node having no malicious behavior records or a node having less times of acting malicious behavior to transmit the data message.

Description

一种在 P2P网络中防止攻击的方法、 网络节点及系统  Method, network node and system for preventing attacks in P2P network
技术领域 Technical field
本发明涉及 P2P技术领域, 尤其涉及一种在 P2P网络中防止攻击的方法、 网络节点及系统。 背景技术  The present invention relates to the field of P2P technologies, and in particular, to a method, a network node, and a system for preventing attacks in a P2P network. Background technique
对等网络(Peer to Peer, P2P )是一种分布式网络, 网络的参与者(Peer )共 享他们所拥有的一部分硬件资源 (处理能力、 存储能力、 网络连接能力、 打印 机等) , 这些共享资源需要由网络提供服务和内容, 能被其他对等节点 (Peer ) 直接访问而无需经过中间实体。 在此网络中的参与者既是资源 (服务和内容) 的提供者(Server ) , 又是资源 (服务和内容)的获取者(Client ) 。 P2P打破了 传统的客户端 /服务器(Client / Server, C / S )模式, 网络中的每个节点的地位 都是对等的。 每个节点既充当服务器, 为其他节点提供服务, 同时也接受其他 节点提供的服务。  Peer to Peer (P2P) is a distributed network. Network participants (Peer) share some of the hardware resources they have (processing power, storage capacity, network connectivity, printers, etc.). These shared resources. Services and content need to be provided by the network and can be accessed directly by other peers (Peer) without going through intermediate entities. Participants in this network are both providers of resources (services and content) and acquirers of resources (services and content). P2P breaks the traditional client/server (C/S) mode, and the status of each node in the network is peer-to-peer. Each node acts as a server, serves other nodes, and accepts services provided by other nodes.
P2P技术充分利用系统中的各个节点的能力, 互相提供服务。使用 P2P技术将 大大提高这些节点的利用率, 从而进一步提升网络、 设备和信息服务的效率。 P2P网络进一步包括结构化、 非结构化和松散结构化几种类型。 结构化 P2P网络的特点在于资源的发布和网络拓朴紧密相关, 资源按照 P2P 拓朴中的逻辑地址精确的分布在网络中。 在这类网络中的每个节点都具有虚拟 的逻辑地址, 并根据地址使所有节点构成一个相对稳定而紧密的拓朴结构。 结 构化 P2P中, 对资源进行 Hash (哈希算法)后生成的值为 key, 生成的 key和其对 应的资源记为 key/value对。 资源根据该 key和 P2P节点的映射关系分布在结构化 P2P网络中, 可以通过该 key在该 P2P网络中找到该资源。 也就是说在 P2P网络中 每个 Peer都需要负责存储一段 key值范围,这段 key值范围是根据分布式哈希算法 ( Distributed Hash Table , DHT )算出来的。 不同的 DHT算法计算出来的这段 key值范围也不一样。 以 chord算法为例: 在 chord算法中, 假设 Peer a和 Peer b是 邻居, 且 Peer a的 ID小于 Peer b的 ID, 则 Peer a负责的 key值范围就是从 Peer a ID 到 Peer b ID这段数值范围的 key值。 P2P technology makes full use of the capabilities of each node in the system to provide services to each other. The use of P2P technology will greatly increase the utilization of these nodes, thereby further improving the efficiency of networks, devices and information services. P2P networks further include several types of structured, unstructured, and loosely structured. The characteristic of a structured P2P network is that the release of resources is closely related to the network topology. The resources are accurately distributed in the network according to the logical addresses in the P2P topology. Each node in such a network has a virtual logical address and makes all nodes form a relatively stable and compact topology based on the address. In structured P2P, the value generated after Hash (hash algorithm) is used as the key, and the generated key and its corresponding resource are recorded as key/value pairs. The resource is distributed in the structured P2P network according to the mapping relationship between the key and the P2P node, and the resource can be found in the P2P network by using the key. That is to say, in the P2P network, each peer needs to be responsible for storing a range of key values, which is based on a distributed hash algorithm. (Down Hash Table, DHT) is calculated. The range of key values calculated by different DHT algorithms is also different. Take the chord algorithm as an example: In the chord algorithm, assuming that Peer a and Peer b are neighbors, and the ID of Peer a is smaller than the ID of Peer b, the key value range of Peer a is from Peer a ID to Peer b ID. The key value of the range of values.
P2P的一个重要功能是消息的路由, 在结构化 P2P系统中消息要能够根据 key 按照一定的算法, 经过若干个 peer (节点)路由到目的地。  An important function of P2P is the routing of messages. In a structured P2P system, messages must be routed to destinations according to a certain algorithm according to a certain number of peers.
然而, 在 P2P网络中, 由于 Peer是任意一个用户, 这些用户中也就可能会出现 一些恶意的用户, 故意破坏这些算法规则, 导致其它用户的请求不能成功。 或 者通过这些特殊的手段达到欺骗其它用户的目的。 身份攻击 ( Identity Attack ) 就是其中的一种攻击, 这种攻击的原理是: 当恶意节点接收到一个用户的请求 后, 明知自己不是负责所请求的 key/value对的根节点(root node。 按照 DHT算法 规则负责某个 key/value对的节点) , 但是恶意节点不再继续按照 DHT算法规则 继续路由到真正的 root node, 而是慌称自己就是 root node, 并给发起请求的用户 返回自己想返回的任意响应, 这样可以进一步实施"钓鱼攻击"。 因为在 P2P网络 中发起请求的用户并不能知道 key 的 root node在是哪个确定的节点,这样就可能 被攻击者实施攻击。  However, in a P2P network, since Peer is any user, some malicious users may appear in these users, and these algorithm rules are deliberately destroyed, resulting in the failure of other users' requests. Or through these special means to achieve the purpose of deceiving other users. Identity Attack is one of the attacks. The principle of this attack is: When a malicious node receives a request from a user, it knows that it is not the root node responsible for the requested key/value pair (root node. The DHT algorithm rule is responsible for a node of a key/value pair), but the malicious node no longer continues to route to the real root node according to the DHT algorithm rules, but rather calls itself the root node and returns the user to the requesting user. Any response returned, which can further implement the "phishing attack". Because the user who initiated the request in the P2P network does not know which node the key's root node is in, it is possible that the attacker will attack.
现有技术中提供了一种发现身份攻击的方法, 在 overlay中每个节点都选择 几个协作节点 (其个数可根据网络规模具体确定) , 协作节点可以是网络中的 某些特定的节点, 也可以是按照某种规则选择的节点, 如, 从 NodelD中选择出 其中的 n位做 Hash得到。 一般一个协作节点会负责为多个节点保存证据。 节点每 次上线后, 产生一个自己在线的证据发送给这些协作节点, 并且和这些协作节 点保持保活 (keep-alive ) 关系。 当一个节点发起一个请求得到响应后, 发起请 求的节点根据自己的路由表中节点的分布情况估算 root node的 Nodeld的空间,然 后根据这个空间计算出这个空间内节点的协作节点, 再发送一个获取证据的请 求给协作节点, 如果协作节点发现有一个更接近 key值的节点存在, 则将这个证 据返回给发起请求的节点。 这样做的前提是: 所有的报文要被签名, 所有的报 文都具有时间戳。 发起请求的节点将获得的响应报文以及协作节点发来的证据 做比较,如果证据证明有比响应节点更接近的节点应该是 root node, 则认为这个 响应节点是个恶意节点, 如果返回的证据证明没有比这个节点更接近的节点负 责这个 key值, 则认为这次请求响应的消息是有效的。 In the prior art, a method for discovering an identity attack is provided. In the overlay, each node selects several cooperative nodes (the number of which can be determined according to the network size), and the cooperative node may be some specific node in the network. It can also be a node selected according to a certain rule, for example, selecting n bits from NodelD to do the hash. Typically a collaborative node is responsible for preserving evidence for multiple nodes. Each time the node goes online, it generates an online evidence to send to these collaboration nodes, and maintains a keep-alive relationship with these collaboration nodes. When a node initiates a request to get a response, the requesting node estimates the space of the root node's Nodeld according to the distribution of the nodes in its routing table. Then, according to the space, the cooperative node of the node in the space is calculated, and then a request for obtaining evidence is sent to the cooperative node. If the cooperative node finds that a node closer to the key value exists, the evidence is returned to the node that initiated the request. The premise of this is: All messages are to be signed, and all messages have a timestamp. The requesting node compares the obtained response message with the evidence sent by the cooperative node. If the evidence proves that the node closer to the responding node should be the root node, the responding node is considered to be a malicious node, if the evidence returned is proved If no node closer than this node is responsible for this key value, then the message that the request response is valid is valid.
该方案只提供了一种检测身份攻击的方法, 即只用于发现恶意节点的恶意 行为, 但是对这个恶意节点并没有进行处理, 不能避免下次的请求还遭受同一 个恶意节点的身份攻击。 发明内容  This scheme only provides a method for detecting identity attacks, that is, it is only used to discover malicious behaviors of malicious nodes, but this malicious node is not processed, and the next request cannot be prevented from being attacked by the same malicious node. Summary of the invention
为了解决上述技术问题, 本发明实施例提供了一种在 P2P 网络中防止攻击 的方法, 包括: 接收恶意行为通知消息, 所述恶意行为通知消息中携带节点恶意行为信息; 确定所述恶意行为通知消息合法后, 记录所述恶意行为通知消息中携带的 节点恶意行为信息; 根据记录的节点恶意行为信息选择无恶意行为的节点或恶意行为记录较少 的节点作为下一跳转发 P2P数据报文。 本发明实施例提供的另一种在 P2P 网络中防止攻击的方法, 包括: 接收恶 意节点通知消息, 所述恶意节点通知消息中携带恶意节点信息; 确定所述恶意节点通知消息合法后, 记录所述恶意节点通知消息中携带的 恶意节点信息; 根据记录的恶意节点信息选择非恶意节点或者恶意记录较少的节点作为下 一跳转发 P2P数据报文。 In order to solve the above technical problem, an embodiment of the present invention provides a method for preventing an attack in a P2P network, including: receiving a malicious behavior notification message, where the malicious behavior notification message carries a malicious behavior information of the node; After the message is legal, the node malicious behavior information carried in the malicious behavior notification message is recorded; the node with no malicious behavior or the node with less malicious behavior record is selected as the next hop to forward the P2P data packet according to the recorded malicious behavior information of the node. . Another method for preventing an attack in a P2P network according to an embodiment of the present invention includes: receiving a malicious node notification message, where the malicious node notification message carries malicious node information; and determining that the malicious node notification message is legal, the recording office Describe the malicious node information carried in the malicious node notification message; select a non-malicious node or a node with less malicious records according to the recorded malicious node information as One-hop forwarding of P2P data packets.
本发明实施例还提供了一种网络节点, 包括:  The embodiment of the invention further provides a network node, including:
接收单元, 用于接收节点恶意行为通知消息;  a receiving unit, configured to receive a malicious behavior notification message of the node;
第一判断单元, 用于判断所述接收单元接收的节点恶意行为通知消息的合 法性;  a first determining unit, configured to determine a legality of a node malicious behavior notification message received by the receiving unit;
第一存储单元, 用于在所述第一判断单元确定所述节点恶意行为通知消息 合法后存储节点恶意行为信息, 所述节点恶意行为信息包括节点被确定为恶意 的次数。  The first storage unit is configured to store the malicious behavior information of the node after the first determining unit determines that the malicious behavior notification message of the node is legal, and the malicious behavior information of the node includes the number of times the node is determined to be malicious.
本发明实施例提供的另一种网络节点, 包括:  Another network node provided by the embodiment of the present invention includes:
接收单元, 用于接收恶意节点通知消息;  a receiving unit, configured to receive a malicious node notification message;
第一判断单元, 用于判断所述接收单元接收的恶意节点通知消息的合法性; 第一存储单元, 用于在所述第一判断单元确定所述恶意节点通知消息合法 后存储恶意节点信息, 所述恶意节点信息包括恶意节点被确定为恶意的次数; 发送单元, 用于选择非恶意节点或者恶意记录较少的节点作为下一跳转发 a first determining unit, configured to determine a validity of the malicious node notification message received by the receiving unit, where the first storage unit is configured to store the malicious node information after the first determining unit determines that the malicious node notification message is legal, The malicious node information includes the number of times the malicious node is determined to be malicious; the sending unit is configured to select a non-malicious node or a node with less malicious records as the next hop forwarding
P2P数据报文。 P2P data message.
本发明实施例提供的 P2P网络系统, 包括第一节点和第二节点, 所述第一 节点用于判断发送响应消息的节点是否为恶意节点, 并在所述发送响应消息的 节点为恶意节点时, 向所述第二节点发送恶意节点通知消息;  The P2P network system provided by the embodiment of the present invention includes a first node and a second node, where the first node is configured to determine whether a node that sends a response message is a malicious node, and when the node that sends the response message is a malicious node, Sending a malicious node notification message to the second node;
所述第二节点为恶意节点的上游节点, 所述第二节点用于接收所述恶意节 点通知消息, 判断所述恶意节点通知消息的合法性, 在所述恶意节点通知消息 合法时记录所述恶意节点信息, 并在接收到数据报文后根据记录的恶意节点信 息选择非恶意节点或者恶意记录较少的节点作为下一跳转发所述数据报文。  The second node is an upstream node of the malicious node, and the second node is configured to receive the malicious node notification message, determine the legality of the malicious node notification message, and record the malicious node notification message when the malicious node is notified The malicious node information, and after receiving the data packet, selects a non-malicious node or a node with less malicious records as the next hop to forward the data packet according to the recorded malicious node information.
本发明实施例提供的另一种 P2P网络系统, 包括第一节点和第二节点, 所 述第一节点用于判断发送响应消息的节点的行为是否为恶意行为, 并在所述发 送响应消息的节点的行为为恶意行为时, 向所述第二节点发送节点恶意行为通 知消息; Another P2P network system provided by the embodiment of the present invention includes a first node and a second node. The first node is configured to determine whether the behavior of the node that sends the response message is a malicious behavior, and send a node malicious behavior notification message to the second node when the behavior of the node that sends the response message is a malicious behavior;
所述第二节点为做出恶意行为的节点的上游节点, 所述第二节点用于接收 所述节点恶意行为通知消息, 判断所述节点恶意行为通知消息的合法性, 在所 述节点恶意行为通知消息合法时记录所述节点恶意行为信息, 并根据记录的节 点恶意行为信息选择无恶意行为的节点或者恶意行为记录较少的节点作为下一 跳转发 P2P数据报文。  The second node is an upstream node of a node that performs malicious behavior, and the second node is configured to receive the malicious behavior notification message of the node, determine the legality of the malicious behavior notification message of the node, and maliciously act on the node. When the notification message is legal, the node malicious behavior information is recorded, and the node with no malicious behavior or the node with less malicious behavior record is selected as the next hop to forward the P2P data packet according to the recorded malicious behavior information of the node.
本发明实施例通过在节点检测到 P2P 网络中有其他节点做出恶意行为时, 将证明该节点做出恶意行为的证据发送给该做出恶意行为的节点的上游节点, 上游节点记录做出恶意行为的节点的信息以及该节点被通知做出恶意行为的次 数, 并在需要转发数据报文时, 选择没有恶意行为记录的节点或者恶意行为次 数较少的节点转发数据报文, 有效减少或避免曾经做出恶意行为的节点对整个 P2P网络的影响。 附图说明  When the node detects that there are other nodes in the P2P network to make malicious behavior, the embodiment sends evidence that the node performs malicious behavior to the upstream node of the node that made the malicious behavior, and the upstream node records the malicious behavior. The information of the node of the behavior and the number of times the node is notified of the malicious behavior, and when the data packet needs to be forwarded, the node that has no malicious behavior record or the node with less malicious behavior forwards the data packet, effectively reducing or avoiding The impact of nodes that have made malicious actions on the entire P2P network. DRAWINGS
图 1为本发明所述在 P2P网络中防止攻击的方法的第一实施例流程图; 图 2为本发明所述在 P2P网络中防止攻击的方法的第二实施例流程图; 图 3为本发明所述网络节点的结构示意图;  1 is a flowchart of a first embodiment of a method for preventing an attack in a P2P network according to the present invention; FIG. 2 is a flowchart of a second embodiment of a method for preventing an attack in a P2P network according to the present invention; A schematic diagram of the structure of the network node of the invention;
图 4为本发明所述 P2P网络系统的系统示意图。 具体实施方式  4 is a schematic diagram of a system of a P2P network system according to the present invention. detailed description
本发明实施例提供了一种在 P2P 网络中防止攻击的方法, 以及防止攻击的 P2P 网络系统及网络节点。 通过在节点检测到 P2P 网络系统中有其他节点做出 恶意行为时, 将证明该节点做出恶意行为的证据发送给该做出恶意行为的节点 的上游节点, 上游节点记录做出恶意行为的节点的信息以及该节点被通知做出 恶意行为的次数, 并在需要转发数据报文时, 选择没有恶意行为记录的节点或 者恶意行为记录次数较少的节点转发数据报文, 达到减少或避免曾经做出恶意 行为的节点对整个 P2P网络的影响的目的。 Embodiments of the present invention provide a method for preventing an attack in a P2P network, and a P2P network system and a network node for preventing an attack. When the node detects that there are other nodes in the P2P network system to make malicious behavior, it will prove that the node made evidence of malicious behavior to the node that made the malicious behavior. The upstream node, the upstream node records the information of the node that made the malicious behavior and the number of times the node is notified of the malicious behavior, and selects the node with no malicious behavior record or the number of malicious behavior records when the data message needs to be forwarded. The node forwards the data packet to reduce or avoid the impact of the node that has made malicious behavior on the entire P2P network.
以下结合附图和实施例对本发明进行详细描述。  The invention is described in detail below with reference to the drawings and embodiments.
如图 4所示, 为本发明所述 P2P网络系统的系统示意图。 由 P2P网络结构 特点决定, 节点 A-G在 P2P网络中承担同样的工作, 在 P2P网络中, 数据报文 沿着 A-G 的方向顺时针传送。 为了便于理解, 假设在一个数据处理过程中, A 为发起请求的节点, F为存储 A所请求的 key/value对的根节点, D为响应 A的 请求的节点, C为 D的上游节点, 虚线表示请求转发的路径, 实线表示节点 A 发出的通知消息。  As shown in FIG. 4, it is a schematic diagram of a system of a P2P network system according to the present invention. Determined by the P2P network structure characteristics, the node A-G assumes the same work in the P2P network. In the P2P network, data packets are transmitted clockwise along the A-G direction. For ease of understanding, it is assumed that in a data processing process, A is the node that initiated the request, F is the root node of the key/value pair requested by the storage A, D is the node responding to the request of A, and C is the upstream node of D, The dotted line indicates the path to be forwarded, and the solid line indicates the notification message sent by node A.
如图 1所示, 为本发明所述在 P2P网络中防止攻击的方法的第一实施例流 程图。 所述方法运行在图 4所示的系统中, 具体包括以下步骤:  As shown in FIG. 1, a flow chart of a first embodiment of a method for preventing an attack in a P2P network according to the present invention is shown. The method runs in the system shown in FIG. 4 and specifically includes the following steps:
511、节点 A在 P2P网络内发起获取资源的请求消息,该请求消息携带资源 的标记值 key。 该请求消息根据 P2P的路由规则在 P2P网络中传输。  511. The node A initiates a request message for acquiring a resource in the P2P network, where the request message carries a tag value of the resource. The request message is transmitted in the P2P network according to the routing rule of the P2P.
512、 节点 D收到该资源请求消息后, 以自己作为根节点向节点 A发送响 应消息。  512. After receiving the resource request message, the node D sends a response message to the node A by using itself as the root node.
513、 节点 A收到节点 D发送的响应消息后, 判断节点 D发送响应消息的 行为是否为恶意行为。  513. After receiving the response message sent by the node D, the node A determines whether the behavior of the node D sending the response message is malicious.
节点 A可以利用本发明背景技术部分提供的方案判断节点 D发送响应消息 的行为是否为恶意行为, 即节点 A通过协作节点得知节点 D是否是负责节点 A 所请求的 key的根节点, 这里不再赘述。  The node A can determine whether the behavior of the node D sending the response message is a malicious behavior by using the solution provided by the background of the present invention. That is, the node A knows through the cooperation node whether the node D is the root node responsible for the key requested by the node A, where Let me repeat.
514、 节点 A判断确定节点 D发送响应消息的行为是恶意行为后, 计算节 点 D的上游节点。 514. Node A determines that the behavior of determining that node D sends a response message is a malicious behavior, and calculates a section. The upstream node of point D.
优选的,节点 A还可以保存节点 D发送响应消息的行为是恶意行为的证据。 该证据可以包括节点 D签名的响应消息以及协作节点发送的节点 D不是负责所 请求的 key的根节点的证据。  Preferably, node A can also save evidence that node D sends a response message that is malicious. The evidence may include a response message signed by node D and evidence that node D sent by the cooperating node is not responsible for the root node of the requested key.
515、 节点 A向节点 C发送恶意行为通知消息, 通知节点 D做出恶意行为。 该恶意行为通知消息中可以携带证明节点 D发送响应消息的行为是恶意行为的 证据。  515. Node A sends a malicious behavior notification message to node C, informing node D to make a malicious behavior. The malicious behavior notification message may carry evidence that the behavior of the node D transmitting the response message is malicious behavior.
516、 节点 C收到节点 A发送的恶意行为通知消息后, 判断该恶意行为通 知消息是否合法, 如果是合法的, 则执行步骤 S17, 如果不是合法的, 可以丟弃 或者不予处理该恶意行为通知消息, 也可以在该恶意行为通知消息不合法时, 将节点 A发送该通知消息的行为确认为恶意行为。  516. After receiving the malicious behavior notification message sent by the node A, the node C determines whether the malicious behavior notification message is legal. If it is legal, step S17 is performed. If it is not legal, the malicious behavior may be discarded or not processed. The notification message may also confirm the behavior of the node A sending the notification message as a malicious behavior when the malicious behavior notification message is invalid.
判断恶意行为通知消息是否合法可以根据节点 A 是否是受信任的节点进 行, 或者根据恶意行为通知消息中携带的证明节点 D发送响应消息的行为是恶 意行为的证据进行。 如果该证据能够证明节点 D不是负责节点 A所请求的 key 的根节点, 则认为节点 D发送响应消息的行为是恶意行为。  Judging whether the malicious behavior notification message is legal can be performed according to whether the node A is a trusted node, or according to the evidence that the behavior of the certification node D carried in the malicious behavior notification message is a malicious behavior. If the evidence can prove that node D is not the root node responsible for the key requested by node A, then the behavior of node D sending the response message is considered malicious.
517、 节点 C记录节点 D的恶意行为信息。 该恶意行为信息包括节点 D的 信息及节点 D被通知做出恶意行为的次数。  517. Node C records the malicious behavior information of node D. The malicious behavior information includes the information of the node D and the number of times the node D is notified of the malicious behavior.
518、节点 C收到转发 P2P数据报文的请求后,首先计算出可能的下一跳节 点, 然后从这些节点中选择没有恶意行为记录的节点或者恶意行为记录较少的 节点转发该数据报文。  518. After receiving the request for forwarding the P2P data packet, the node C first calculates the possible next hop node, and then selects the node with no malicious behavior record or the node with less malicious behavior record to forward the data packet from the nodes. .
如图 2所示, 为本发明所述在 P2P网络中防止攻击的方法的第二实施例流 程图。 所述方法同样运行在图 4所示的系统中, 具体包括以下步骤:  As shown in FIG. 2, it is a flow chart of a second embodiment of a method for preventing an attack in a P2P network according to the present invention. The method also operates in the system shown in FIG. 4, and specifically includes the following steps:
S21、节点 A在 P2P网络内发起获取资源的请求消息,该请求消息携带资源 的标记值 key。 该请求消息根据 P2P的路由规则在 P2P网络中传输。 S21. The node A initiates a request message for acquiring a resource in the P2P network, where the request message carries the resource. The tag value key. The request message is transmitted in the P2P network according to the routing rule of the P2P.
522、 节点 D收到该资源请求消息后, 以自己作为根节点向节点 A发送响 应消息。  522. After receiving the resource request message, the node D sends a response message to the node A by using itself as the root node.
523、 节点 A收到节点 D发送的响应消息后, 判断节点 D是否为恶意节点。 节点 A可以利用本发明背景技术部分提供的方案判断节点 D是否是负责节 点 A所请求的 key的根节点, 如果不是, 则认为节点 D为恶意节点。  523. After receiving the response message sent by the node D, the node A determines whether the node D is a malicious node. Node A can use the scheme provided in the background of the present invention to determine whether node D is the root node responsible for the key requested by node A. If not, node D is considered to be a malicious node.
524、 节点 A判断确定节点 D为恶意节点后, 计算节点 D的上游节点。 优选的, 节点 A还可以保存节点 D为恶意节点的证据。 该证据可以包括节 点 D签名的响应消息以及协作节点发送的节点 D不是负责所请求的 key的根节 点的证据。  524. After determining that node D is a malicious node, node A calculates an upstream node of node D. Preferably, node A can also save evidence that node D is a malicious node. The evidence may include a response message signed by the node D and evidence that node D sent by the cooperating node is not responsible for the root node of the requested key.
525、 节点 A向节点 C发送恶意节点通知消息, 通知节点 D为恶意节点。 该恶意节点通知消息中可以携带证明节点 D是恶意节点的证据。  525. Node A sends a malicious node notification message to node C, and notifies node D that it is a malicious node. The malicious node notification message may carry evidence that the node D is a malicious node.
526、 节点 C收到节点 A发送的恶意节点通知消息后, 判断该恶意节点通 知消息是否合法, 如果是合法的, 则执行步骤 S27, 如果不是合法的, 可以丟弃 或者不予处理该恶意节点通知消息, 也可以认为发送该通知消息的节点 A为恶 意节点。  526. After receiving the malicious node notification message sent by the node A, the node C determines whether the malicious node notification message is legal. If it is legal, step S27 is performed. If it is not legal, the malicious node may be discarded or not processed. The notification message may also be considered as a malicious node by the node A that sent the notification message.
判断恶意节点通知消息是否合法可以根据节点 A是否是受信任的节点进 行, 或者根据恶意节点通知消息中携带的证明节点 D是恶意节点的证据进行。 如果该证据能够证明节点 D不是负责节点 A所请求的 key的根节点, 则认为节 点 D是恶意节点。  Judging whether the malicious node notification message is legal can be performed according to whether the node A is a trusted node, or according to the evidence that the certification node D carried in the malicious node notification message is a malicious node. If the evidence can prove that node D is not the root node responsible for the key requested by node A, then node D is considered to be a malicious node.
S27、 节点 C记录节点 D为恶意节点。 同时还可以记录节点 D被通知为恶 意节点的次数。  S27. Node C records node D as a malicious node. It is also possible to record the number of times Node D is notified as a malicious node.
S28、节点 C收到转发 P2P数据报文的请求后,首先计算出可能的下一跳节 点, 然后从这些节点中选择非恶意节点或者被通知为恶意节点次数较少的节点 转发该数据报文。 S28. After receiving the request for forwarding the P2P data packet, the node C first calculates the possible next hop. Point, and then select a non-malicious node from these nodes or a node that is notified that the number of malicious nodes is small to forward the data message.
如图 3所示, 为本发明所述网络节点的结构示意图。 由 Ρ2Ρ网络的结构特 点决定, 该网络节点可以是图 4中的 A-G中任意一个节点。 该节点包括:  FIG. 3 is a schematic structural diagram of a network node according to the present invention. Determined by the structural characteristics of the network, the network node can be any one of the A-Gs in Figure 4. This node includes:
第一接收单元, 用于接收恶意行为通知消息;  a first receiving unit, configured to receive a malicious behavior notification message;
第一判断单元, 用于判断所述第一接收单元接收的恶意行为通知消息的合 法性;  a first determining unit, configured to determine a legality of the malicious behavior notification message received by the first receiving unit;
第一存储单元, 用于在所述第一判断单元确定所述恶意行为通知消息合法 后存储节点恶意行为信息, 所述恶意行为信息包括节点行为被确定为恶意的次 数;  a first storage unit, configured to store, after the first determining unit determines that the malicious behavior notification message is legal, storing malicious behavior information of the node, where the malicious behavior information includes a number of times the node behavior is determined to be malicious;
第一计算单元, 用于计算和选择没有恶意行为记录的或者恶意记录较少的 转发 文的下一跳节点;  a first calculating unit, configured to calculate and select a next hop node of the forwarding file that has no malicious behavior record or has less malicious records;
第一发送单元, 用于转发 Ρ2Ρ数据报文;  a first sending unit, configured to forward the data packet;
第二接收单元, 用于接收响应消息;  a second receiving unit, configured to receive a response message;
第二判断单元, 用于判断由所述第二接收单元接收的响应消息的节点的行 为是否为恶意行为;  a second determining unit, configured to determine whether the behavior of the node of the response message received by the second receiving unit is a malicious behavior;
第二存储单元, 用于在所述第二判断单元确定所述发送响应消息的节点的 行为为恶意行为后, 存储所述行为为恶意行为的证据;  a second storage unit, configured to store, after the second determining unit determines that the behavior of the node that sends the response message is a malicious behavior, storing the behavior as evidence of malicious behavior;
第二计算单元, 用于计算做出恶意行为的节点的上游节点;  a second calculating unit, configured to calculate an upstream node of the node that performs the malicious behavior;
第二发送单元, 用于向做出恶意行为的节点的上游节点发送恶意行为通知 消息。  And a second sending unit, configured to send a malicious behavior notification message to an upstream node of the node that performs the malicious behavior.
对应于本发明的另一实施例, 本发明网络节点中的第一接收单元, 还用于 接收恶意节点通知消息; 第一判断单元还用于判断所述第一接收单元接收的恶 意节点通知消息的合法性; 第一存储单元还用于在所述第一判断单元确定所述 恶意节点通知消息合法后存储恶意节点信息, 所述恶意节点信息包括节点被确 定为恶意的次数; 第一计算单元还用于计算和选择非恶意的或者恶意记录次数 较少的转发报文的下一跳节点; 第一发送单元还用于转发 P2P数据报文; 第二 接收单元还用于接收响应消息; 第二判断单元还用于判断由所述第二接收单元 接收的响应消息的节点是否为恶意节点; 第二存储单元还用于在所述第二判断 单元确定所述发送响应消息的节点为恶意节点后, 存储所述节点为恶意节点的 证据; 第二计算单元还用于计算恶意节点的上游节点; 第二发送单元还用于向 恶意节点的上游节点发送恶意节点通知消息。 通过实施本发明的上述实施例, 能够有效减少或避免曾经做出恶意行为的 节点 (恶意节点 )对整个 P2P网络的影响。 Corresponding to another embodiment of the present invention, the first receiving unit in the network node of the present invention is further configured to receive a malicious node notification message; the first determining unit is further configured to determine the evil received by the first receiving unit The first storage unit is further configured to store the malicious node information after the first determining unit determines that the malicious node notification message is legal, and the malicious node information includes the number of times the node is determined to be malicious; The first calculating unit is further configured to calculate and select a next hop node of the non-malicious or maliciously recorded packet with less frequent number of records; the first sending unit is further configured to forward the P2P data packet; and the second receiving unit is further configured to receive a second determining unit is further configured to determine whether the node of the response message received by the second receiving unit is a malicious node; the second storage unit is further configured to determine, by the second determining unit, the sending response message After the node is a malicious node, the node is stored as a malicious node; the second computing unit is further configured to calculate an upstream node of the malicious node; and the second sending unit is further configured to send a malicious node notification message to the upstream node of the malicious node. By implementing the above-described embodiments of the present invention, it is possible to effectively reduce or avoid the influence of a node (malicious node) that has made malicious behavior on the entire P2P network.
以上所述仅为本发明的优选实施方式, 应当指出, 对于本技术领域的普通 技术人员来说, 在不脱离本发明原理的前提下, 所做出的任何修改、 等同替换 和改进, 均应该涵盖在本发明的保护范围之内。  The above description is only a preferred embodiment of the present invention, and it should be noted that any modification, equivalent replacement, and improvement made by those skilled in the art without departing from the principles of the present invention should be It is intended to be covered by the scope of the invention.

Claims

权 利 要 求 Rights request
1、 一种在 P2P网络中防止攻击的方法, 其特征在于, 包括: A method for preventing an attack in a P2P network, characterized in that it comprises:
接收恶意行为通知消息, 所述恶意行为通知消息中携带节点恶意行为信息; 确定所述恶意行为通知消息合法后, 记录所述恶意行为通知消息中携带的 节点恶意行为信息;  Receiving a malicious behavior notification message, where the malicious behavior notification message carries the node malicious behavior information; and after determining that the malicious behavior notification message is legal, recording the malicious behavior information of the node carried in the malicious behavior notification message;
根据记录的节点恶意行为信息选择无恶意行为的节点或恶意行为记录较少 的节点作为下一跳转发 P2P数据报文。  According to the recorded malicious behavior of the node, the node with no malicious behavior or the node with less malicious behavior record is selected as the next hop to forward the P2P data packet.
2、 根据权利要求 1所述在 P2P网络中防止攻击的方法, 其特征在于, 所述 接收恶意行为通知消息具体为做出恶意行为的节点的上游节点接收所述恶意行 为通知消息。  2. The method for preventing an attack in a P2P network according to claim 1, wherein the receiving the malicious behavior notification message is that the upstream node of the node that performs the malicious behavior receives the malicious behavior notification message.
3、 根据权利要求 1或 2所述在 P2P网络中防止攻击的方法, 其特征在于, 所述接收恶意行为通知消息的步骤之前, 进一步包括发起请求消息的节点检测 节点恶意行为的步骤。  The method for preventing an attack in a P2P network according to claim 1 or 2, wherein the step of receiving the malicious behavior notification message further comprises the step of detecting, by the node that initiates the request message, the malicious behavior of the node.
4、 根据权利要求 3所述的在 P2P网络中防止攻击的方法, 其特征在于, 所 述发起请求消息的节点检测节点恶意行为的步骤具体包括:  The method for preventing an attack in a P2P network according to claim 3, wherein the step of detecting the malicious behavior of the node by the node that initiates the request message specifically includes:
所述发起请求消息的节点接收到响应消息后, 判断发送所述响应消息的节 点是否为负责所述请求消息中携带的标记值 key 的根节点, 如果否, 则确定所 述发送响应消息的行为为节点恶意行为。  After receiving the response message, the node that initiates the request message determines whether the node that sends the response message is the root node responsible for the tag value key carried in the request message, and if not, determines the behavior of sending the response message. Malicious behavior for the node.
5、 根据权利要求 4所述的在 P2P网络中防止攻击的方法, 其特征在于, 所 述发起请求消息的节点检测节点恶意行为的步骤之后还包括:  The method for preventing an attack in a P2P network according to claim 4, wherein the step of detecting the malicious behavior of the node by the node that initiates the request message further comprises:
所述发起请求消息的节点记录所述节点恶意行为信息, 向做出所述恶意行 为的节点的上游节点发送恶意行为通知消息, 携带所述恶意行为信息及证明该 行为为恶意行为的证据。 The node that initiates the request message records the malicious behavior information of the node, and sends a malicious behavior notification message to the upstream node of the node that performs the malicious behavior, carrying the malicious behavior information and proving the Behavior is evidence of malicious behavior.
6、 根据权利要求 5所述的在 P2P网络中防止攻击的方法, 其特征在于, 所 述证明该行为为恶意行为的证据包括该节点签名的响应消息以及证明该节点不 是负责所述请求消息中携带的标记值 key的根节点的证据。  6. The method for preventing an attack in a P2P network according to claim 5, wherein the evidence that the behavior is a malicious behavior comprises a response message signed by the node and proves that the node is not responsible for the request message. Evidence of the root node carrying the tag value key.
7、根据权利要求 5或 6所述的在 P2P网络中防止攻击的方法,其特征在于, 所述确定所述恶意行为通知消息合法具体是指做出恶意行为的节点的上游节点 确定发起请求消息的节点发送的证明该节点行为为恶意行为的证据合法。  The method for preventing an attack in a P2P network according to claim 5 or 6, wherein the determining that the malicious behavior notification message is legal means that the upstream node of the node that performs the malicious behavior determines the initiation request message. The evidence sent by the node that proves that the node behaves as a malicious act is legal.
8、 一种网络节点, 其特征在于, 包括:  8. A network node, comprising:
第一接收单元, 用于接收恶意行为通知消息;  a first receiving unit, configured to receive a malicious behavior notification message;
第一判断单元, 用于判断所述第一接收单元接收的恶意行为通知消息的合 法性;  a first determining unit, configured to determine a legality of the malicious behavior notification message received by the first receiving unit;
第一存储单元, 用于在所述第一判断单元确定所述恶意行为通知消息合法 后存储节点恶意行为信息, 所述恶意行为信息包括节点行为被确定为恶意的次 数。  The first storage unit is configured to store the malicious behavior information of the node after the first determining unit determines that the malicious behavior notification message is legal, and the malicious behavior information includes the number of times the node behavior is determined to be malicious.
9、 根据权利要求 8所述的网络节点, 其特征在于, 还包括:  The network node according to claim 8, further comprising:
第一计算单元, 用于计算和选择没有恶意行为记录的或者恶意记录较少的 转发 文的下一跳节点;  a first calculating unit, configured to calculate and select a next hop node of the forwarding file that has no malicious behavior record or has less malicious records;
第一发送单元, 用于转发 P2P数据报文。  The first sending unit is configured to forward the P2P data packet.
10、 根据权利要求 8所述的网络节点, 其特征在于, 还包括:  The network node according to claim 8, further comprising:
第二接收单元, 用于接收响应消息;  a second receiving unit, configured to receive a response message;
第二判断单元, 用于判断由所述第二接收单元接收的响应消息的节点的行 为是否为恶意行为;  a second determining unit, configured to determine whether the behavior of the node of the response message received by the second receiving unit is a malicious behavior;
第二存储单元, 用于在所述第二判断单元确定所述发送响应消息的节点的 行为为恶意行为后, 存储所述行为为恶意行为的证据。 a second storage unit, configured to determine, at the second determining unit, the node that sends the response message After the behavior is malicious, the evidence is stored as evidence of malicious behavior.
11、 根据权利要求 10所述的网络节点, 其特征在于, 还包括:  The network node according to claim 10, further comprising:
第二计算单元, 用于计算做出恶意行为的节点的上游节点;  a second calculating unit, configured to calculate an upstream node of the node that performs the malicious behavior;
第二发送单元, 用于向所述做出恶意行为的节点的上游节点发送恶意行为 通知消息。  And a second sending unit, configured to send a malicious behavior notification message to an upstream node of the node that performs the malicious behavior.
12、 一种在 P2P网络中防止攻击的方法, 其特征在于, 包括:  12. A method for preventing an attack in a P2P network, characterized in that:
接收恶意节点通知消息, 所述恶意节点通知消息中携带恶意节点信息; 确定所述恶意节点通知消息合法后, 记录所述恶意节点通知消息中携带的 恶意节点信息;  Receiving a malicious node notification message, where the malicious node notification message carries malicious node information; and after determining that the malicious node notification message is legal, recording the malicious node information carried in the malicious node notification message;
根据记录的恶意节点信息选择非恶意节点或者恶意记录较少的节点作为下 一跳转发 P2P数据报文。  According to the recorded malicious node information, a non-malicious node or a node with less malicious records is selected as the next hop to forward P2P data packets.
13、 一种网络节点, 其特征在于, 包括:  13. A network node, comprising:
第一接收单元, 用于接收恶意节点通知消息;  a first receiving unit, configured to receive a malicious node notification message;
第一判断单元, 用于判断所述第一接收单元接收的恶意节点通知消息的合 法性;  a first determining unit, configured to determine a legality of the malicious node notification message received by the first receiving unit;
第一存储单元, 用于在所述第一判断单元确定所述恶意节点通知消息合法 后存储恶意节点信息, 所述恶意节点信息包括恶意节点被确定为恶意的次数。  a first storage unit, configured to store malicious node information after the first determining unit determines that the malicious node notification message is legal, where the malicious node information includes a number of times the malicious node is determined to be malicious.
14、 根据权利要求 13所述的网络节点, 其特征在于, 还包括:  The network node according to claim 13, further comprising:
第一计算单元, 用于计算和选择非恶意的或者恶意记录较少的转发报文的 下一跳节点;  a first calculating unit, configured to calculate and select a next hop node of the non-malicious or maliciously recorded forwarding message;
第一发送单元, 用于转发 P2P数据报文。  The first sending unit is configured to forward the P2P data packet.
15、 一种 P2P网络系统, 包括第一节点和第二节点, 其特征在于, 所述第 一节点用于判断发送响应消息的节点是否为恶意节点, 并在所述发送响应消息 的节点为恶意节点时, 向所述第二节点发送恶意节点通知消息; A P2P network system, comprising a first node and a second node, wherein the first node is configured to determine whether a node that sends a response message is a malicious node, and sends a response message in the When the node is a malicious node, sending a malicious node notification message to the second node;
所述第二节点为恶意节点的上游节点, 所述第二节点用于接收所述恶意节 点通知消息, 判断所述恶意节点通知消息的合法性, 在所述恶意节点通知消息 合法时记录所述恶意节点信息, 并在接收到数据报文后根据记录的恶意节点信 息选择非恶意节点或者恶意记录较少的节点作为下一跳转发所述数据报文。  The second node is an upstream node of the malicious node, and the second node is configured to receive the malicious node notification message, determine the legality of the malicious node notification message, and record the malicious node notification message when the malicious node is notified The malicious node information, and after receiving the data packet, selects a non-malicious node or a node with less malicious records as the next hop to forward the data packet according to the recorded malicious node information.
16、 一种 P2P网络系统, 包括第一节点和第二节点, 其特征在于, 所述第 一节点用于判断发送响应消息的节点的行为是否为恶意行为, 并在所述发送响 应消息的节点的行为为恶意行为时, 向所述第二节点发送恶意行为通知消息; 所述第二节点为做出恶意行为的节点的上游节点, 所述第二节点用于接收 所述恶意行为通知消息, 判断所述恶意行为通知消息的合法性, 在所述恶意行 为通知消息合法时记录所述节点恶意行为信息, 并根据记录的节点恶意行为信 息选择无恶意行为的节点或者恶意行为记录较少的节点作为下一跳转发 P2P数 据报文。  A P2P network system, comprising a first node and a second node, wherein the first node is configured to determine whether a behavior of a node that sends a response message is a malicious behavior, and in the node that sends the response message When the behavior is a malicious behavior, sending a malicious behavior notification message to the second node; the second node is an upstream node of a node that performs malicious behavior, and the second node is configured to receive the malicious behavior notification message, Determining the legality of the malicious behavior notification message, recording the malicious behavior information of the node when the malicious behavior notification message is legal, and selecting a node with no malicious behavior or a node with less malicious behavior record according to the recorded malicious behavior information of the node Forwards P2P data packets as the next hop.
PCT/CN2008/072506 2007-11-16 2008-09-25 Method, net node and system avoiding attacks in p2p network WO2009062429A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710124641.8A CN101436926B (en) 2007-11-16 2007-11-16 Method, network node and system for preventing aggression in P2P network
CN200710124641.8 2007-11-16

Publications (1)

Publication Number Publication Date
WO2009062429A1 true WO2009062429A1 (en) 2009-05-22

Family

ID=40638338

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/072506 WO2009062429A1 (en) 2007-11-16 2008-09-25 Method, net node and system avoiding attacks in p2p network

Country Status (2)

Country Link
CN (1) CN101436926B (en)
WO (1) WO2009062429A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102291371B (en) * 2010-06-21 2015-09-16 中兴通讯股份有限公司 A kind of routing attack defense method and device
CN106611137B (en) * 2015-10-22 2020-09-15 阿里巴巴集团控股有限公司 Risk control method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1455569A (en) * 2002-04-29 2003-11-12 微软公司 Safety foundation structure of coordinate network name analytical agneement (PNRP) and method thereof
CN1703045A (en) * 2005-06-09 2005-11-30 清华大学 Method for establishing local trust model based on binary opinion in a peer-to-peer network
US20060215575A1 (en) * 2005-03-25 2006-09-28 Microsoft Corporation System and method for monitoring and reacting to peer-to-peer network metrics

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1455569A (en) * 2002-04-29 2003-11-12 微软公司 Safety foundation structure of coordinate network name analytical agneement (PNRP) and method thereof
US20060215575A1 (en) * 2005-03-25 2006-09-28 Microsoft Corporation System and method for monitoring and reacting to peer-to-peer network metrics
CN1703045A (en) * 2005-06-09 2005-11-30 清华大学 Method for establishing local trust model based on binary opinion in a peer-to-peer network

Also Published As

Publication number Publication date
CN101436926B (en) 2011-11-16
CN101436926A (en) 2009-05-20

Similar Documents

Publication Publication Date Title
EP2164207B1 (en) Message routing method, system and node equipment
Wang et al. Mobiccn: Mobility support with greedy routing in content-centric networks
Chai et al. Cache “less for more” in information-centric networks
US8694675B2 (en) Generalized dual-mode data forwarding plane for information-centric network
EP2705645B1 (en) Name-based neighbor discovery and multi-hop service discovery in information-centric networks
US20070233832A1 (en) Method of distributed hash table node ID collision detection
JP5048134B2 (en) Packet routing method, system, apparatus, and backup resource selection method, system
WO2013029569A1 (en) A Generalized Dual-Mode Data Forwarding Plane for Information-Centric Network
Conti et al. BlockAuth: BlockChain based distributed producer authentication in ICN
Ma et al. APCN: A scalable architecture for balancing accountability and privacy in large-scale content-based networks
WO2009059525A1 (en) Method, device and system for request and response of p2p overlay network
Signorello et al. Advanced interest flooding attacks in named-data networking
WO2008128449A1 (en) Method, system and access device for implementing two-layer intercommunication of special service
Luo et al. Decoupling the design of identifier-to-locator mapping services from identifiers
Mirkovic et al. Building accountability into the future Internet
Barrera et al. Scion five years later: Revisiting scalability, control, and isolation on next-generation networks
WO2009062429A1 (en) Method, net node and system avoiding attacks in p2p network
Chen et al. Security analysis of a future Internet architecture
CN111327628B (en) Anonymous communication system based on SDN
JP5022412B2 (en) Route information management system, route information management method, and program
JP5784234B2 (en) Generalized dual-mode data transfer plane for information-centric networks
Lee et al. A lightweight prefix-based routing for content-centric networking
Pelsser et al. Scalable support of interdomain routes in a single as
Chuat et al. Control Plane
Zima et al. Cryptography enhanced ad-hoc approach to P2P overlays

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08800979

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08800979

Country of ref document: EP

Kind code of ref document: A1