CA2887428C - A computer implemented system and method for secure path selection using network rating - Google Patents
A computer implemented system and method for secure path selection using network rating Download PDFInfo
- Publication number
- CA2887428C CA2887428C CA2887428A CA2887428A CA2887428C CA 2887428 C CA2887428 C CA 2887428C CA 2887428 A CA2887428 A CA 2887428A CA 2887428 A CA2887428 A CA 2887428A CA 2887428 C CA2887428 C CA 2887428C
- Authority
- CA
- Canada
- Prior art keywords
- nodes
- node
- rating
- metrics
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims description 15
- 230000005540 biological transmission Effects 0.000 claims abstract description 30
- 238000004891 communication Methods 0.000 claims abstract description 30
- 238000011156 evaluation Methods 0.000 claims description 24
- 230000002155 anti-virotic effect Effects 0.000 claims description 6
- 230000004044 response Effects 0.000 claims description 6
- 230000037361 pathway Effects 0.000 claims description 4
- 230000036962 time dependent Effects 0.000 claims description 4
- 238000012546 transfer Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000001419 dependent effect Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- HDDSHPAODJUKPD-UHFFFAOYSA-N fenbendazole Chemical compound C1=C2NC(NC(=O)OC)=NC2=CC=C1SC1=CC=CC=C1 HDDSHPAODJUKPD-UHFFFAOYSA-N 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000035515 penetration Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000003449 preventive effect Effects 0.000 description 1
- 229940092174 safe-guard Drugs 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present disclosure provides solutions to the challenges encountered in the communication network where data packets need to be transmitted over network in a secure way. The system maintains integrity, provide high security and throughput in the network channel. The system works intelligently and resolves the vulnerability issues. If one portion of the network is being affected by intruder then the system can automatically bypass that portion and reroute the data packets. The system identifies the trustworthy/reliable/safe network, network paths, and network nodes based on statistical transactional data and provide network trust rating to the nodes. The system also identifies the strong and weak/vulnerable network nodes. The system further determines the risk probability in the network path and selects the best transmission path. The system also determines the breaches in the communication network based on the unusual or suspicious traffic and data transactions.
Description
A COMPUTER IMPLEMENTED SYSTEM AND METHOD FOR
SECURE PATH SELECTION USING NETWORK RATING
FIELD OF THE DISCLOSURE
The present disclosure relates to the field of network security.
DEFINITIONS OF TERMS USED IN THE SPECIFICATION
The expression 'trust value' used hereinafter in this specification refers to a value with respect to a network node indicating authenticity and reliability on a communication network.
The expression 'origin node' used hereinafter in this specification refers to a node in a network from which data is to be transmitted.
The expression 'destination node' used hereinafter in this specification refers to a node in a network where data is to be received.
The expression 'Performance metrics rating' used hereinafter in this specification refers to a value with respect to a node indicating the capability of node, performing in a communication path.
The expression 'Security metrics rating' used hereinafter in this specification refers to a value with respect to a node indicating the standard and status of safety measures enforced in a node for secure transmission. It also indicates whether a node is prone or vulnerable to third party attack or security of node could be easily breached.
The expression 'Reputation metrics rating' used hereinafter in this specification refers to a value with respect to a node indicating a node's performance throughout its execution lifetime. It also indicates how cooperative and communication friendly a network node is to the adjacent nodes. The expression 'Neighbor node metrics rating' used hereinafter in this specification refers to a value with respect to a node indicating a trustworthiness of the node, reflected by its neighbor (closely adjacent) nodes. It also indicates the compatibility match percentage, with the immediate adjacent nodes.
These definitions are in addition to those expressed in the art.
BACKGROUND
With the advent of modern networking technology, the information security plays a vital role for securing the communication network. The reliability and security are very crucial elements in communication network. There is a need of security measures, preventive and detective system identification of potential vulnerabilities.
There are number of techniques used to test the vulnerabilities to achieve the reliability and security in network. The vulnerability testing combats against common vulnerabilities and attacks that exist on the network paths. Currently, there are some vulnerability scanning software or security providers available in market for verifying the security weakness on the network or network paths. However, these software's or security provides, offers a limited means for correcting and resolving the detected vulnerabilities.
In today's scenario, data is available everywhere, getting a right data at a right time at a right location is a challenging task over a communication network. We need a network model which defends the vulnerabilities. If a portion of the network is being affected by an intruder or by vulnerabilities, the network model maintains the integrity, security and throughput in the communication network. Though most of the data have been encrypted with the help of robust algorithms and protocols, but there is no surety about the data passed through a network path whether it received by users without any disruption or not.
For example, Payment and transaction system of banking establishment makes lot of financial transactions with the bank and customer. This kind of transaction and financial data communication needs scalable security and privacy mechanisms.
It might be possible that financial data contains a robust encrypted data, may not be delivered to beneficiaries due to a vulnerable network path which amounts to
SECURE PATH SELECTION USING NETWORK RATING
FIELD OF THE DISCLOSURE
The present disclosure relates to the field of network security.
DEFINITIONS OF TERMS USED IN THE SPECIFICATION
The expression 'trust value' used hereinafter in this specification refers to a value with respect to a network node indicating authenticity and reliability on a communication network.
The expression 'origin node' used hereinafter in this specification refers to a node in a network from which data is to be transmitted.
The expression 'destination node' used hereinafter in this specification refers to a node in a network where data is to be received.
The expression 'Performance metrics rating' used hereinafter in this specification refers to a value with respect to a node indicating the capability of node, performing in a communication path.
The expression 'Security metrics rating' used hereinafter in this specification refers to a value with respect to a node indicating the standard and status of safety measures enforced in a node for secure transmission. It also indicates whether a node is prone or vulnerable to third party attack or security of node could be easily breached.
The expression 'Reputation metrics rating' used hereinafter in this specification refers to a value with respect to a node indicating a node's performance throughout its execution lifetime. It also indicates how cooperative and communication friendly a network node is to the adjacent nodes. The expression 'Neighbor node metrics rating' used hereinafter in this specification refers to a value with respect to a node indicating a trustworthiness of the node, reflected by its neighbor (closely adjacent) nodes. It also indicates the compatibility match percentage, with the immediate adjacent nodes.
These definitions are in addition to those expressed in the art.
BACKGROUND
With the advent of modern networking technology, the information security plays a vital role for securing the communication network. The reliability and security are very crucial elements in communication network. There is a need of security measures, preventive and detective system identification of potential vulnerabilities.
There are number of techniques used to test the vulnerabilities to achieve the reliability and security in network. The vulnerability testing combats against common vulnerabilities and attacks that exist on the network paths. Currently, there are some vulnerability scanning software or security providers available in market for verifying the security weakness on the network or network paths. However, these software's or security provides, offers a limited means for correcting and resolving the detected vulnerabilities.
In today's scenario, data is available everywhere, getting a right data at a right time at a right location is a challenging task over a communication network. We need a network model which defends the vulnerabilities. If a portion of the network is being affected by an intruder or by vulnerabilities, the network model maintains the integrity, security and throughput in the communication network. Though most of the data have been encrypted with the help of robust algorithms and protocols, but there is no surety about the data passed through a network path whether it received by users without any disruption or not.
For example, Payment and transaction system of banking establishment makes lot of financial transactions with the bank and customer. This kind of transaction and financial data communication needs scalable security and privacy mechanisms.
It might be possible that financial data contains a robust encrypted data, may not be delivered to beneficiaries due to a vulnerable network path which amounts to
2 snooping or hijacking of data.
Hence, to eliminate aforementioned drawbacks there is felt a need for a system that provides for trustworthy network communication, which is intelligent enough to safe guard a transactions and also capable of bypass the vulnerable node, if there is probability of breach.
OBJECTS
An object of the present disclosure is to provide a network that defends the vulnerabilities on the network nodes and network paths.
Another object of the present disclosure is to safeguard the data in the communication channel.
Yet another object of the present disclosure is to maintain the integrity, reliability, confidentiality, security and throughput in the communication network.
Still another object of the present disclosure is to increase the network capability and dynamically evolves with transactional statistics.
Another object of the present disclosure is to reduce the operational cost of maintaining dedicated virtual private network (VPN).
Another object of the present disclosure is to provide effective and message broadcast system.
Other objects and advantages of the present disclosure will be more apparent from the following description when read in conjunction with the accompanying figures, which are not intended to limit the scope of the present disclosure.
SUMMARY
The present disclosure envisages a computer implemented system and method for secure path selection using network rating.
Hence, to eliminate aforementioned drawbacks there is felt a need for a system that provides for trustworthy network communication, which is intelligent enough to safe guard a transactions and also capable of bypass the vulnerable node, if there is probability of breach.
OBJECTS
An object of the present disclosure is to provide a network that defends the vulnerabilities on the network nodes and network paths.
Another object of the present disclosure is to safeguard the data in the communication channel.
Yet another object of the present disclosure is to maintain the integrity, reliability, confidentiality, security and throughput in the communication network.
Still another object of the present disclosure is to increase the network capability and dynamically evolves with transactional statistics.
Another object of the present disclosure is to reduce the operational cost of maintaining dedicated virtual private network (VPN).
Another object of the present disclosure is to provide effective and message broadcast system.
Other objects and advantages of the present disclosure will be more apparent from the following description when read in conjunction with the accompanying figures, which are not intended to limit the scope of the present disclosure.
SUMMARY
The present disclosure envisages a computer implemented system and method for secure path selection using network rating.
3 Typically in accordance with the present disclosure, describes the system for selecting a secure path for data transmission from one node to another in communication network having plurality of nodes. The system comprises a server configured for selecting a secure path by computing trust values for each of said nodes and then determining the risk probability for all possible paths based on the trust value of nodes present in the path.
A trust value of each node in network is computed based on following attributes:
= a performance metrics rating;
= a security metrics rating;
= a reputation metrics rating;
= neighbor node metrics rating;
The trust value is computed based on a mean of following attributes.
The nodes present in network comprises an evaluation unit configured to evaluate performance metrics attributes and security metrics attributes, a mean value determiner unit configured to determine a mean value of evaluated performance metrics attributes and security metrics attributes and an assignor unit configured to assign a performance metrics rating and a security metrics rating based on the determined mean value and transmit it to the server.
In an aspect, there is provided a computer implemented system for selecting a secure path for data transmission from one node to another in a communication network having plurality of nodes, the system comprising: an evaluation unit, a mean value determiner unit and an assignor unit, configured in a first repository in each of the nodes, the evaluation unit configured in a node adapted to evaluate performance metrics attributes and security metrics attributes of the node, the mean value determiner unit in the node configured to receive evaluated performance metrics attributes and security metrics attributes from the evaluation unit in the node and determine the mean value of the evaluated performance metrics attributes and security metrics attributes of the node and the assignor unit configured to receive the mean value of the performance metrics attributes and security
A trust value of each node in network is computed based on following attributes:
= a performance metrics rating;
= a security metrics rating;
= a reputation metrics rating;
= neighbor node metrics rating;
The trust value is computed based on a mean of following attributes.
The nodes present in network comprises an evaluation unit configured to evaluate performance metrics attributes and security metrics attributes, a mean value determiner unit configured to determine a mean value of evaluated performance metrics attributes and security metrics attributes and an assignor unit configured to assign a performance metrics rating and a security metrics rating based on the determined mean value and transmit it to the server.
In an aspect, there is provided a computer implemented system for selecting a secure path for data transmission from one node to another in a communication network having plurality of nodes, the system comprising: an evaluation unit, a mean value determiner unit and an assignor unit, configured in a first repository in each of the nodes, the evaluation unit configured in a node adapted to evaluate performance metrics attributes and security metrics attributes of the node, the mean value determiner unit in the node configured to receive evaluated performance metrics attributes and security metrics attributes from the evaluation unit in the node and determine the mean value of the evaluated performance metrics attributes and security metrics attributes of the node and the assignor unit configured to receive the mean value of the performance metrics attributes and security
4 Date Recue/Date Received 2021-09-09 metrics attributes of the node and assign a performance metrics rating and a security metrics rating to the node; and a server, fitted with a first processor for communication with each of the nodes, the processor adapted to send operational signals to the evaluation units, mean value determiner units and assignor units in each of the nodes to direct the performance of the units to provide the performance metrics rating and the security metrics rating for each of the nodes and further directing the assignor units to transfer the ratings to the server, the server comprising: an input module configured to accept risk probability threshold value from a user for determining user security needs for transmitting data between two nodes among the plurality of nodes along a secure pathway; a second repository for dynamically storing the performance history, mean performance index, attack history, transaction loss/
failed transaction history and neighbor nodes evaluation of each of the nodes;
a second processor adapted to process the information stored, in the second repository, in respect of each of the nodes to compute a current reputation metric rating and neighbor node metric rating of each of the nodes; a receiver module for receiving the performance metrics rating and security metrics rating for each of the nodes; an active node determiner module configured to determine active nodes present in the plurality of nodes; a path determiner module configured to detennine paths between the determined active nodes; a trust value module having a third processor configured to receive from the receiver module the performance metrics rating and the security metrics rating of a particular node and the reputation metric rating and neighbor node metric rating from the second processor and compute the current trust value for each of the active nodes for selecting a secure path present in the communication network; a risk determiner module fitted with a fourth processor configured to receive the current trust value of each of the active nodes and set of determined paths between the currently active node, the fourth processor adapted to compute the risk probability for each of the determined paths in the set paths by determining the mean of the trust values of the active nodes defining each of the path; a comparator having a fifth processor adapted to receive the risk probability threshold value from the input module and the current risk probability of each of the determined paths the fifth processor adapted to identify paths in the set having risk probability lower than the 4a Date Recue/Date Received 2021-09-09 risk probability threshold value; and a resources determiner module cooperating with the comparator, configured to determine the resources required for selecting a secure path for data transmission via the paths identified by the fifth processor to identify a path requiring the utilization of the least amount of resource; and a historical data collector configured to collect historical data after every transaction, for each of the nodes through which data is transferred, the historical data comprises performance history, mean performance index, attack history and transaction loss/ failed transaction history, and the historical data collector is further configured to transmit the historical data to the second repository.
In another aspect, there is provided a computer implemented method for a secure path selection in a network consisting of a plurality of nodes, configured to enable transmission of data between the nodes present in the network, the method comprising:
evaluating by an evaluation unit, performance metrics attribute and security metrics attribute;
determining, by a mean value determiner unit, a mean value of the evaluated performance metrics attribute and security metrics attribute; assigning, by an assignor unit, a performance metrics rating and security metrics rating; adapting to send operational signals, by a processor, to the evaluation units, mean value determiner units and assignor units in each of the nodes to direct the performance of the units to provide the performance metrics rating and the security metrics rating for each of the nodes; directing, by the processor, the assignor units to transfer the ratings to the server; accepting, by an input module, a risk probability threshold value from a user data for determining the user security needs for the transmission of data between two nodes among the plurality of nodes along a secure pathway; collecting, by a historical data collector, after every transaction, for each of the nodes through which data is transferred, the historical data comprises performance history, mean performance index, attack history and transaction loss/ failed transaction history;
transmitting, by the historical data collector, the historical data to a second repository;
storing, by the second repository, a performance history, mean performance index, attack history, transaction loss/ failed transaction history and neighbor node evaluation of each of the nodes; processing, by a second processor, the information stored, in the second 4b Date Recue/Date Received 2021-09-09 repository, in respect of each of the nodes to compute a current reputation metric rating and neighbor node metric rating of each of the nodes; receiving, by a receiver module, performance metrics and security metrics rating for each of the nodes;
determining, by an active node determiner module, active nodes present in the plurality of nodes;
determining, by a path determiner module, paths between the active nodes present in the network receiving, by a trust value module, the performance metrics rating and security metrics rating of a particular node and the reputation metric rating and neighbor node metric rating from the second processor and compute the current trust value for each of the active nodes for selecting a secure path present in the communication network; receiving, by a risk determiner module fitted with a fourth processor, the current trust value of each of the active nodes and set of determined paths between the currently active node;
adapting, by a fourth processor, to compute the risk probability for each of the determined paths in the set paths by determining the mean of the trust values of the active nodes defining each of the path; receiving, by a comparator, the risk probability threshold value and the current risk probability for each of the determined paths; identifying, by a fifth processor, paths having risk probability lower than the risk probability threshold value; and determining, by a resources determiner module, the resources required for selecting a secure path for data transmission via the paths and identifying a path requiring the utilization of least amount of resources.
BRIEF DESCRIPTION OF ACCOMPANYING DRAWING
Figure 1 illustrates a schematic diagram for a computer implemented system for secure path selection using trust value, in accordance with present disclosure.
Figure 2A and 2B illustrate a flow diagram showing the steps involved for secure path selection, in accordance with present disclosure.
Figure 3 illustrates an exemplary embodiment for computing a risk probability for selected possible paths.
4c Date Recue/Date Received 2021-09-09 DETAILED DESCRIPTION
A computer implemented system and method for secure path selection using network rating will now be described with reference to the embodiment shown in the accompanying drawing. The embodiment does not limit the scope and ambit of the disclosure. The description relates purely to the examples and preferred embodiments of the disclosed system and its suggested applications.
The system herein and the various features and advantageous details thereof are explained with reference to the non-limiting embodiments in the following description.
Descriptions of well-known parameters and processing techniques are omitted so as to not unnecessarily obscure the embodiment herein. The examples used herein are intended merely to facilitate an understanding of ways in which the embodiment herein may be practiced and to further enable those of skill in the art to practice the embodiment herein. Accordingly, the examples should not be construed as limiting the scope of the embodiment herein.
Referring to Figure 1, illustrates a system 100 for selecting a secure path for data transmission from one node to another in communication network 110 having plurality of nodes, (112A, 112B ...112N, 114A, 114B ...114N, 192A, 192B...
etc.) The system 100 comprises: an evaluation unit (112 Al, 112 Bl ...112 Ni, Al, 112 B1 ...112 Ni, 192 Al, 192 B1...192 Ni), a mean value determiner unit (112 A2, 112 B2 ...112 N2, 114A2, 112B2 ...112N2, 192 A2, 192 B2...192N2) and assignor unit (112 A3, 112 B3 ...112 N3, 114A3, 112B3 ...112N3, 192 A3, 192 B3...192N3) configured in a first repository (112RA, 112RB ...112RN, 114RA, 114RB ...114RN, 192RA, 192RB... 192RN etc.)in each of nodes and a server 120.According to an embodiment the plurality of nodes can form any network topology i.e. bus, star, ring, tree, mesh, hybrid etc.
The evaluation unit (112 Al, 112 B1 ...112 Ni, 114 Al, 112 B1 ¨.112 Ni, 192 Al, 192 Bl...192 Ni) evaluates performance metric attributes and security metric attributes associated with node. The performance metric has following attributes: a transmission latency rate, a success to fail transaction ratio, response time and bandwidth and time dependent management. Similarly, security metric has following attributes: firewall configurations and firewall security status, antivirus program and status of the program, status of connected media to the exposed port of the node. The evaluation unit (112 Al, 112 B1 ...112 N1, 114 Al, 112 B1 ...112 Ni, 192 Al, Bl...192 Ni) evaluates a numerical value with respect to each of the performance metric attributes and security metric attributes.
The mean value determiner unit (112 A2, 112 B2 ...112 N2, 114A2, 11282 ...112N2, 192 A2, 192 B2...192N2), determines the mean value of the evaluated performance metric attributes and security metric attributes associated with node.
The assignor unit (112 A3, 112 B3 ...112 N3, 114A3, 112B3 ...112N3, 192 A3, B3...192N3). assigns a performance metric rating and a security metric rating with respect to the node based upon the determined mean value of performance metric attributes and security metric attributes and transmits the assigned performance metric rating and security metric rating to the server 120.
The server 120 comprises first processor 20, an input module 10, a second node repository 32, a second processor 34, a receiver module 36, an active node determiner module 40, a path determiner module 50,a historical data collector 55, a trust value module 60, a third processor 65, a risk determiner module 70, a fourth processor 75, a comparator 80, a fifth processor 85, and a resource determiner module 90.
The input module 10 takes a risk probability threshold value from a user (which can be any one of the nodes present in the network) to determine security needs of the user for data transmission. If user desires the higher security for data, he should assign higher risk probability threshold value.
According to an exemplary embodiment, based on risk probability thresh hold value, data categorization can be done. Referring to table 1 where risk probability threshold value is assigned for different categories of data (top secret, strictly confidential etc.) out of maximum risk probability threshold value 5.
Table 1 S. No Risk probability threshold value Data categorization 1. 4.5 Top Secret 2. 4.2 Strictly confidential 3. 4.0 Private and confidential 4. 3.5 Internal
failed transaction history and neighbor nodes evaluation of each of the nodes;
a second processor adapted to process the information stored, in the second repository, in respect of each of the nodes to compute a current reputation metric rating and neighbor node metric rating of each of the nodes; a receiver module for receiving the performance metrics rating and security metrics rating for each of the nodes; an active node determiner module configured to determine active nodes present in the plurality of nodes; a path determiner module configured to detennine paths between the determined active nodes; a trust value module having a third processor configured to receive from the receiver module the performance metrics rating and the security metrics rating of a particular node and the reputation metric rating and neighbor node metric rating from the second processor and compute the current trust value for each of the active nodes for selecting a secure path present in the communication network; a risk determiner module fitted with a fourth processor configured to receive the current trust value of each of the active nodes and set of determined paths between the currently active node, the fourth processor adapted to compute the risk probability for each of the determined paths in the set paths by determining the mean of the trust values of the active nodes defining each of the path; a comparator having a fifth processor adapted to receive the risk probability threshold value from the input module and the current risk probability of each of the determined paths the fifth processor adapted to identify paths in the set having risk probability lower than the 4a Date Recue/Date Received 2021-09-09 risk probability threshold value; and a resources determiner module cooperating with the comparator, configured to determine the resources required for selecting a secure path for data transmission via the paths identified by the fifth processor to identify a path requiring the utilization of the least amount of resource; and a historical data collector configured to collect historical data after every transaction, for each of the nodes through which data is transferred, the historical data comprises performance history, mean performance index, attack history and transaction loss/ failed transaction history, and the historical data collector is further configured to transmit the historical data to the second repository.
In another aspect, there is provided a computer implemented method for a secure path selection in a network consisting of a plurality of nodes, configured to enable transmission of data between the nodes present in the network, the method comprising:
evaluating by an evaluation unit, performance metrics attribute and security metrics attribute;
determining, by a mean value determiner unit, a mean value of the evaluated performance metrics attribute and security metrics attribute; assigning, by an assignor unit, a performance metrics rating and security metrics rating; adapting to send operational signals, by a processor, to the evaluation units, mean value determiner units and assignor units in each of the nodes to direct the performance of the units to provide the performance metrics rating and the security metrics rating for each of the nodes; directing, by the processor, the assignor units to transfer the ratings to the server; accepting, by an input module, a risk probability threshold value from a user data for determining the user security needs for the transmission of data between two nodes among the plurality of nodes along a secure pathway; collecting, by a historical data collector, after every transaction, for each of the nodes through which data is transferred, the historical data comprises performance history, mean performance index, attack history and transaction loss/ failed transaction history;
transmitting, by the historical data collector, the historical data to a second repository;
storing, by the second repository, a performance history, mean performance index, attack history, transaction loss/ failed transaction history and neighbor node evaluation of each of the nodes; processing, by a second processor, the information stored, in the second 4b Date Recue/Date Received 2021-09-09 repository, in respect of each of the nodes to compute a current reputation metric rating and neighbor node metric rating of each of the nodes; receiving, by a receiver module, performance metrics and security metrics rating for each of the nodes;
determining, by an active node determiner module, active nodes present in the plurality of nodes;
determining, by a path determiner module, paths between the active nodes present in the network receiving, by a trust value module, the performance metrics rating and security metrics rating of a particular node and the reputation metric rating and neighbor node metric rating from the second processor and compute the current trust value for each of the active nodes for selecting a secure path present in the communication network; receiving, by a risk determiner module fitted with a fourth processor, the current trust value of each of the active nodes and set of determined paths between the currently active node;
adapting, by a fourth processor, to compute the risk probability for each of the determined paths in the set paths by determining the mean of the trust values of the active nodes defining each of the path; receiving, by a comparator, the risk probability threshold value and the current risk probability for each of the determined paths; identifying, by a fifth processor, paths having risk probability lower than the risk probability threshold value; and determining, by a resources determiner module, the resources required for selecting a secure path for data transmission via the paths and identifying a path requiring the utilization of least amount of resources.
BRIEF DESCRIPTION OF ACCOMPANYING DRAWING
Figure 1 illustrates a schematic diagram for a computer implemented system for secure path selection using trust value, in accordance with present disclosure.
Figure 2A and 2B illustrate a flow diagram showing the steps involved for secure path selection, in accordance with present disclosure.
Figure 3 illustrates an exemplary embodiment for computing a risk probability for selected possible paths.
4c Date Recue/Date Received 2021-09-09 DETAILED DESCRIPTION
A computer implemented system and method for secure path selection using network rating will now be described with reference to the embodiment shown in the accompanying drawing. The embodiment does not limit the scope and ambit of the disclosure. The description relates purely to the examples and preferred embodiments of the disclosed system and its suggested applications.
The system herein and the various features and advantageous details thereof are explained with reference to the non-limiting embodiments in the following description.
Descriptions of well-known parameters and processing techniques are omitted so as to not unnecessarily obscure the embodiment herein. The examples used herein are intended merely to facilitate an understanding of ways in which the embodiment herein may be practiced and to further enable those of skill in the art to practice the embodiment herein. Accordingly, the examples should not be construed as limiting the scope of the embodiment herein.
Referring to Figure 1, illustrates a system 100 for selecting a secure path for data transmission from one node to another in communication network 110 having plurality of nodes, (112A, 112B ...112N, 114A, 114B ...114N, 192A, 192B...
etc.) The system 100 comprises: an evaluation unit (112 Al, 112 Bl ...112 Ni, Al, 112 B1 ...112 Ni, 192 Al, 192 B1...192 Ni), a mean value determiner unit (112 A2, 112 B2 ...112 N2, 114A2, 112B2 ...112N2, 192 A2, 192 B2...192N2) and assignor unit (112 A3, 112 B3 ...112 N3, 114A3, 112B3 ...112N3, 192 A3, 192 B3...192N3) configured in a first repository (112RA, 112RB ...112RN, 114RA, 114RB ...114RN, 192RA, 192RB... 192RN etc.)in each of nodes and a server 120.According to an embodiment the plurality of nodes can form any network topology i.e. bus, star, ring, tree, mesh, hybrid etc.
The evaluation unit (112 Al, 112 B1 ...112 Ni, 114 Al, 112 B1 ¨.112 Ni, 192 Al, 192 Bl...192 Ni) evaluates performance metric attributes and security metric attributes associated with node. The performance metric has following attributes: a transmission latency rate, a success to fail transaction ratio, response time and bandwidth and time dependent management. Similarly, security metric has following attributes: firewall configurations and firewall security status, antivirus program and status of the program, status of connected media to the exposed port of the node. The evaluation unit (112 Al, 112 B1 ...112 N1, 114 Al, 112 B1 ...112 Ni, 192 Al, Bl...192 Ni) evaluates a numerical value with respect to each of the performance metric attributes and security metric attributes.
The mean value determiner unit (112 A2, 112 B2 ...112 N2, 114A2, 11282 ...112N2, 192 A2, 192 B2...192N2), determines the mean value of the evaluated performance metric attributes and security metric attributes associated with node.
The assignor unit (112 A3, 112 B3 ...112 N3, 114A3, 112B3 ...112N3, 192 A3, B3...192N3). assigns a performance metric rating and a security metric rating with respect to the node based upon the determined mean value of performance metric attributes and security metric attributes and transmits the assigned performance metric rating and security metric rating to the server 120.
The server 120 comprises first processor 20, an input module 10, a second node repository 32, a second processor 34, a receiver module 36, an active node determiner module 40, a path determiner module 50,a historical data collector 55, a trust value module 60, a third processor 65, a risk determiner module 70, a fourth processor 75, a comparator 80, a fifth processor 85, and a resource determiner module 90.
The input module 10 takes a risk probability threshold value from a user (which can be any one of the nodes present in the network) to determine security needs of the user for data transmission. If user desires the higher security for data, he should assign higher risk probability threshold value.
According to an exemplary embodiment, based on risk probability thresh hold value, data categorization can be done. Referring to table 1 where risk probability threshold value is assigned for different categories of data (top secret, strictly confidential etc.) out of maximum risk probability threshold value 5.
Table 1 S. No Risk probability threshold value Data categorization 1. 4.5 Top Secret 2. 4.2 Strictly confidential 3. 4.0 Private and confidential 4. 3.5 Internal
5. 3.0 General So, according to this embodiment, if two nodes are involve in a communication of sharing top secret data, the data shouldn't go through the path whose risk probability value is lesser than 4.5.
According to another embodiment, risk probability threshold value categories a data in a manner that data has to travel from those nodes only whose trust value will be greater than the risk probability thresh hold value.
According to yet another embodiment, if user chooses a very high risk probability threshold value the network will logically behave as a Virtual Private Network (VPN).
The historical data collector 55 is configured to collect historical data after every transaction, for each of said nodes through which data is transferred from origin node to the destination nodes, said historical data comprises performance history, mean performance index, attack history and transaction loss/ failed transaction history.
The second repository 32 is configured to store a performance history, mean performance index, attack history, transaction loss/ failed transaction history and neighbor node evaluation of each of said node. The neighboring node evaluation is based on the experience of service neighbor nodes gets from the interacting node, The historical data collector 55 updates the second repository after every transmission for each of said nodes through which data is transmitted.
The second processor 34 is configured to process the data stored in second repository for computing the reputation metrics rating and neighbor node metrics rating and transmit it to the trust value module 60.
The receiver module 36 is configured to receive the performance metrics rating and security metrics rating from each of said nodes wherein assignor unit present in each node assigns a performance metrics rating and security metrics rating to said node.
The active node determiner module 40 is configured for determining active nodes present in plurality of nodes present in the network 110. In the network large number of nodes is present, in some of which are inactive (not in a position of transmitting and receiving data). So, it's necessary to determine the active nodes through which data can be transmitted.
The path determiner module 50 is configured to for determining all possible paths consisting of active nodes between the origin node and destination node.
Origin node and destination node can be any of the nodes present in the network.
The trust value module 60 is configured for computing a trust value for each of the active nodes present in determined path. The trust value module based on performance metrics rating, security metrics rating, reputation metrics rating and neighbor node metrics rating computes the trust value for the node. The third processor 65 is configured to receive the performance metrics rating and security metrics rating of particular node from receiver module 36 and reputation metrics rating and neighbor node metrics rating from the second processor 34 and computes the current trust value.
The risk determiner module 70 is configured to determine a risk probability for each of the paths determined by path determiner module 50 based on a mean of the trust value of nodes present in the path. The risk determiner module 70 comprises the fourth processor 75 for receiving the current trust value from the trust value module 60 and set of determined paths from the path determiner module 50. The risk probability for each of determined path is computed by determining the mean of the trust values of all the nodes which are defining the path.
Referring to Figure 3, illustrates an exemplary embodiment for determining risk probability for possible paths.
Node A is an origin node, through which data has to be transmitted to node B, which is destination node. The following possible paths are available for transmitting a data from node A to node B:
A.4 C F B
A4D¨>G¨>B
For each interacting node trust value has been calculated according to above mentioned steps. The trust value for the following nodes is:
C= 4.2D= 4.7 E=3.5 F=4.3 G=4.2 Now risk probability of possible paths is calculated for all the possible paths by adding the trust values of the intermediary interacting nodes.
A4 C 4 F 4 B = 4.2 + 4.3 = - *100=85% secure, Risk probability= 15%
A4 C 4 E 4 B = 4.2 + 3.5 = * 100 = 77% secure, Risk probability= 23%
A4 D 4 G 4 B = 4.7 + 4.2 = * 100 = 89% secure, Risk Probability= 11%
io The comparator 80 compares risk probability threshold value with the risk probability for each of the paths identified by the path determiner 50 and identifies the paths whose risk probability is lesser than the risk probability threshold value.
The comparator 80 is having the fifth processor 85 which receives the risk probability threshold value from the input module 10 and risk probability for each of the paths through risk determiner module 70. The fifth processor identifies the paths which has a risk probability lower than risk probability threshold value.
The resource determiner 90 is configured to determine the resources required by the identified path for transmission of data. Resource determiner 90 is cooperating with the comparator, for identifying the paths which has a risk probability lower than risk probability threshold value, for said paths resource requirement is determined and said path is identified which requires the utilization of the least amount of resources. In an exemplary embodiment, if there are three paths A, B and C in between the origin node and destination node. Resources determiner 70 determines the resources required like number of nodes data has to travel to reach the destination node in each of the paths, time required for transmission of data etc.
Referring to Figure 2A and 2B, illustrates a flow diagram 200 showing the steps involved for selecting a secure path for data transmission from one node to another in communication network having plurality of nodes in accordance with present disclosure.
In step 202 performance metric attribute and security metrics attributes is evaluated.
Performance metrics has following attributes:
= Transmission latency rate = Success to fail transaction ratio = Response time = Bandwidth and its time dependent management Similarly Security metrics rating has following attributes:
= Firewall configurations and firewall security status = Antivirus program installed and the status of the program = Status of connected media to the exposed port of the node = Input device attached and Scope of the Input device In step 204 mean values for the performance metrics attribute and security metrics attributes is determined.
In step 206 performance metrics rating and security metrics rating is assigned to the node based on the determined mean value.
Table 2 shows an exemplary embodiment where performance metrics rating has been computed according to steps 202, 204 and 206. According to an embodiment, maximum value referred in table 2 can either be manually defined or automatically generated.
Table 2 Attributes Evaluated maximum Percentage value value value 1 Transmission latency rate 4 5 80 2 Success to fail transaction 85 100 85 ratio 3 Response time 4 5 80 4 Bandwidth and its time 4.5 5 90 dependent management In aforementioned table, transmission latency of a node is evaluated as 4 from the maximum value 5, success to fail ratio is evaluated as 85 from the maximum value 100, response time is evaluated as 4 from the maximum evaluated 5 and bandwidth and its dependent management is evaluated as 4.5 from the maximum value 5.
Accordingly, a percentage value with respect to every attribute is computed based on which, a mean is computed as:
(80+85+80+90)/400 * 100 = 83.75%
Further, overall performance metric rating is calculated: 5 * 83.75% = 4.18 In above computation, 5 is a maximum performance rating value, which can be user defined or automatically generated.
Table 3 shows an exemplary embodiment where security metrics rating has been computed according to steps 202, 204 and 206. According to an embodiment, maximum value referred in table 3 can either be manually defined or automatically generated.
Table 3 Attributes Evaluated maximum Percentage value value value 1 Firewall configurations 4 5 80 and firewall security status 2 Antivirus program 85 100 85 installed and the status of the program 3 Status of connected media 4 5 80 to the exposed port of the node 4 Input device attached and 4.5 5 90 Scope of the Input device In aforementioned table Firewall configurations and firewall security status is evaluated as 4 out of maximum value 5, Antivirus program installed and the status of the program is evaluated as 85 out of maximum mark value 100, Status of connected media to the exposed port of the node is evaluated as 4 out of maximum value 5. Input device attached and Scope of the Input device is evaluated as 4.5 out of maximum value 5. Accordingly, a percentage value with respect to every attribute is calculated based on which, a mean is computed as:
(80+85+80+90)1400 * 100 = 83.75%
Further, overall security metric rating is computed: 5 * 83.75% = 4.18 In above computation, 5 is a maximum security rating value, which can be user defined or automatically generated.
In step 208, the risk probability threshold value is accepted from a user.
Risk probability threshold value helps to determine the user security needs or preferences, about the level of security he needs for the transmission of data.
According to an embodiment user will assign a numerical value on the scale 1-5 for assigning his security preferences.
According to another embodiment the risk probability threshold value will determines the path through which user wants to transmit his data (the highly secure path or moderately secure path). However, it might be possible that highly secure nodes have higher congestion rate because every node wants to transmits their data through highly secure nodes.
In step 210, performance history, mean performance index, attack history(type of attack and level of damage/ penetration done) , transaction loss/ failed transaction history and neighbor node evaluation of each of said nodes is stored in second repository (shown in figure). Historical data collector (shown in figure 1) collects the value performance history, mean performance index, attack history, transaction loss/
failed transaction history after every transaction and updates the values for the nodes which are involved in transaction in second repository. Neighbor node evaluation is the values which are given by the neighbor nodes to the interacting node based on the experience they have get during the interaction.
In step 212, reputation metrics rating and neighbor node metric rating is computed.
The reputation metrics rating is computed on second processor (shown in figure I). If a node has a history of attack, then the reputation metrics rating calculated would be less. It is also computed based on the neighbor node rating given by neighbor nodes to specific node, where the reputation of specific node is determined how cooperative and communication friendly to neighbor nodes. But, on the same time the node will get a chance to regain its reputation if it shows a good performance and security index rating over persistent amount of time.
Neighbor nodes while interacting with a specific node, can rate the interacting nodes based on the experience they have get, network efficiency can be one of the attribute for the neighbor node rating. The rating given by neighbor nodes to specific node also helps to determine the reputation of specific node in the network. It also indicates the compatibility (match percentage), with the immediate adjacent neighbor node.
According to an exemplary embodiment a network node with a specific system configuration can be capable of high performance communication, but the same communication bandwidth may not be supported with the immediate communicating node. Consider a scenario, where a node is capable of communicating with 1GBPS
speed, but the immediate node is capable to support only 100MBPS.
Node to neighbor node rating is many to one (rating) mapping, which also, tells the inbound traffic, the most suitable nodes that could be connected, for easy and efficient transmission of data. It also helps to determine, at the point of failure or breach, the safest node, that can be replaced with the affected node.
According to another embodiment neighbor node metric rating is computed in accordance with step 212. In an embodiment, maximum rating can be a manually defined by the user or automatically generated.
The network efficiency of the node is calculated as:
Network Efficiency Recieved packet ¨ Corrupt packet Total time taken Total packet sent __________________________ x Standard time of arrival x 100 In an exemplary embodiment to compute network efficiency of node A where node B
transmits data through node A wherein, Total Packet Sent= 40, Received packet (by destination host): 38, Total Time taken:
4ms, Corrupt Packet: 2, Standard time of arrival: 5sec In this case Network efficiency is computed as:
- X - X 100 = -36 X -4 X 100 = 80 So, B gives Rating to Node A= 5 * 80%= 4 (where benchmark rating¨ 5) With each transaction of node B with node A, the rating given above will keep on changing based on the experiences of the service node B will get from node A.
If node A provides a good service i.e. all packets are received and transmitted without any loss, damage& hijack, the rating from the neighbor nodes to the interacting node keeps increasing. Else, it would decrease or stay same.
With the same strategy, node D & C also rates the node A
Node B¨)Node A= Rating 4 Node C Node A¨ Rating 3.5 Node D--) Node A=Rating 4 4+3.5+4 node A mean of neighbor node rating¨ 3 = 3.83 Similarly, node A can also rate the neighbor nodes, while node A is transmitting and any other node is interacting. This two way rating system among the neighbor nodes will help to determine the suitable path for transmission.
In step 214, performance metrics rating and security metrics rating is received from the assignor present on each node.
In step 216, active nodes present in the network is determined, network consist of large number of nodes, in some of which are inactive state (not in a position of transmitting and receiving data). So, it's necessary to determine the active nodes present in network before the transmission of data.
In step 218, all the possible paths are determined between the origin node and destination node. Origin node and destination can be any of the nodes present in the network.
In step 220 trust value of the nodes present in paths determined. First a mean value of performance metrics rating, security metrics rating, reputation metrics rating and neighbor node metrics rating is computed and trust value is assigned based on said computed mean value.
Table 4 shows an exemplary embodiment where the mean value is computed and trust value is assigned in accordance with step 220.
According to an embodiment, a weightage referred in table 4 can be defined according to user data security needs, wherein user can define the weightage manually or it can be automatically generated.
Table 4 Weightage Maximum Rating Weightage (W) *
(W) Value (R) Rating(R) Performance metrics 3 5 4.18 12.54 rating Security metrics 3 5 4.18 12.54 rating Reputation metrics 1 5 4 4 rating Neighbor node 3 5 3.83 11.49 metrics rating 12.54+12.54+4.00+11.49 057 Mean Value¨ x 100 =. X 100 = 81. 14 3x5+3x5+1x5+3x5 SO
Now, based on mean value, trust value is calculated.
Trust Value = Maximum trust value for a node x Mean Value =
x 81.14 = 4.057 According to an embodiment the Maximum trust for a node can either be manually defined or automatically generated.
In step 222, risk probability is determined for determined paths based on the mean of trust value of each of active nodes present in path, Referring to figure 3, illustrates an exemplary embodiment for determining a risk probability for selected possible paths.
Node A is a origin node, through which data has to be transmitted to node B, which is destination node. The following possible paths are available for transmitting a data from node A to node B:
A4 D-* G 4 B
For each interacting node trust value has been calculated according to above mentioned steps. The trust values for the following nodes are:
C= 4.2D= 4.7 E=3.5 F=4.3 G=4.2 Now risk probability of possible paths is computed by adding the trust values of the intermediary interacting nodes.
A4 C 4 F 4 B = 4.2 + 4.3 = -5-8 * 100 = 85% secure, Risk probability= 15%
to A4 C 4 E 4 B = 4.2 + 3.5 = ¨7.7 * 100 = 77% secure, Risk probability= 23%
to A4 D G 4 B = 4.7 + 4.2 = * 100 -= 89% secure, Risk Probability= 11%
to In step 224, risk probability of each of the paths is compared with the risk probability threshold value to determine what all paths are secure enough according to user needs!
preferences. First risk probability threshold value is received from input nodule 10(shown in figure 1) and the current risk probability for each of said determined paths is received from risk determiner module 80 (shown in figure 1). Further those paths are identified which have the risk probability lower than the risk probability threshold value.
In step 226, resources requirement by the paths which are secure enough according to user needs is determined, it might be possible in step 224 comparator identifies more than one path having risk probability is lesser then the user needs. This step helps to determine the best possible path for transmission of data which required least resources.
TECHNICAL ADVANCEMENTS
The technical advancements of the system envisaged by the present disclosure include the realization of:
= a system that defends the vulnerabilities on the network nodes and network paths, Another object of the present disclosure is to safeguard the data in the communication channel;
= a system that maintain the integrity, reliability, confidentiality, security and throughput in the communication network;
= a system that increase the network capability and dynamically evolves with transactional statistics;
= a system that reduces the operational cost of maintaining dedicated virtual private network (VPN);
= a system that provides a logical VPN for high value financial transactions in the same protocol, even user is using 3rd party network; and = a system that provides effective and message broadcast system.
The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily modify and/or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification within the spirit and scope of the embodiments as described herein.
According to another embodiment, risk probability threshold value categories a data in a manner that data has to travel from those nodes only whose trust value will be greater than the risk probability thresh hold value.
According to yet another embodiment, if user chooses a very high risk probability threshold value the network will logically behave as a Virtual Private Network (VPN).
The historical data collector 55 is configured to collect historical data after every transaction, for each of said nodes through which data is transferred from origin node to the destination nodes, said historical data comprises performance history, mean performance index, attack history and transaction loss/ failed transaction history.
The second repository 32 is configured to store a performance history, mean performance index, attack history, transaction loss/ failed transaction history and neighbor node evaluation of each of said node. The neighboring node evaluation is based on the experience of service neighbor nodes gets from the interacting node, The historical data collector 55 updates the second repository after every transmission for each of said nodes through which data is transmitted.
The second processor 34 is configured to process the data stored in second repository for computing the reputation metrics rating and neighbor node metrics rating and transmit it to the trust value module 60.
The receiver module 36 is configured to receive the performance metrics rating and security metrics rating from each of said nodes wherein assignor unit present in each node assigns a performance metrics rating and security metrics rating to said node.
The active node determiner module 40 is configured for determining active nodes present in plurality of nodes present in the network 110. In the network large number of nodes is present, in some of which are inactive (not in a position of transmitting and receiving data). So, it's necessary to determine the active nodes through which data can be transmitted.
The path determiner module 50 is configured to for determining all possible paths consisting of active nodes between the origin node and destination node.
Origin node and destination node can be any of the nodes present in the network.
The trust value module 60 is configured for computing a trust value for each of the active nodes present in determined path. The trust value module based on performance metrics rating, security metrics rating, reputation metrics rating and neighbor node metrics rating computes the trust value for the node. The third processor 65 is configured to receive the performance metrics rating and security metrics rating of particular node from receiver module 36 and reputation metrics rating and neighbor node metrics rating from the second processor 34 and computes the current trust value.
The risk determiner module 70 is configured to determine a risk probability for each of the paths determined by path determiner module 50 based on a mean of the trust value of nodes present in the path. The risk determiner module 70 comprises the fourth processor 75 for receiving the current trust value from the trust value module 60 and set of determined paths from the path determiner module 50. The risk probability for each of determined path is computed by determining the mean of the trust values of all the nodes which are defining the path.
Referring to Figure 3, illustrates an exemplary embodiment for determining risk probability for possible paths.
Node A is an origin node, through which data has to be transmitted to node B, which is destination node. The following possible paths are available for transmitting a data from node A to node B:
A.4 C F B
A4D¨>G¨>B
For each interacting node trust value has been calculated according to above mentioned steps. The trust value for the following nodes is:
C= 4.2D= 4.7 E=3.5 F=4.3 G=4.2 Now risk probability of possible paths is calculated for all the possible paths by adding the trust values of the intermediary interacting nodes.
A4 C 4 F 4 B = 4.2 + 4.3 = - *100=85% secure, Risk probability= 15%
A4 C 4 E 4 B = 4.2 + 3.5 = * 100 = 77% secure, Risk probability= 23%
A4 D 4 G 4 B = 4.7 + 4.2 = * 100 = 89% secure, Risk Probability= 11%
io The comparator 80 compares risk probability threshold value with the risk probability for each of the paths identified by the path determiner 50 and identifies the paths whose risk probability is lesser than the risk probability threshold value.
The comparator 80 is having the fifth processor 85 which receives the risk probability threshold value from the input module 10 and risk probability for each of the paths through risk determiner module 70. The fifth processor identifies the paths which has a risk probability lower than risk probability threshold value.
The resource determiner 90 is configured to determine the resources required by the identified path for transmission of data. Resource determiner 90 is cooperating with the comparator, for identifying the paths which has a risk probability lower than risk probability threshold value, for said paths resource requirement is determined and said path is identified which requires the utilization of the least amount of resources. In an exemplary embodiment, if there are three paths A, B and C in between the origin node and destination node. Resources determiner 70 determines the resources required like number of nodes data has to travel to reach the destination node in each of the paths, time required for transmission of data etc.
Referring to Figure 2A and 2B, illustrates a flow diagram 200 showing the steps involved for selecting a secure path for data transmission from one node to another in communication network having plurality of nodes in accordance with present disclosure.
In step 202 performance metric attribute and security metrics attributes is evaluated.
Performance metrics has following attributes:
= Transmission latency rate = Success to fail transaction ratio = Response time = Bandwidth and its time dependent management Similarly Security metrics rating has following attributes:
= Firewall configurations and firewall security status = Antivirus program installed and the status of the program = Status of connected media to the exposed port of the node = Input device attached and Scope of the Input device In step 204 mean values for the performance metrics attribute and security metrics attributes is determined.
In step 206 performance metrics rating and security metrics rating is assigned to the node based on the determined mean value.
Table 2 shows an exemplary embodiment where performance metrics rating has been computed according to steps 202, 204 and 206. According to an embodiment, maximum value referred in table 2 can either be manually defined or automatically generated.
Table 2 Attributes Evaluated maximum Percentage value value value 1 Transmission latency rate 4 5 80 2 Success to fail transaction 85 100 85 ratio 3 Response time 4 5 80 4 Bandwidth and its time 4.5 5 90 dependent management In aforementioned table, transmission latency of a node is evaluated as 4 from the maximum value 5, success to fail ratio is evaluated as 85 from the maximum value 100, response time is evaluated as 4 from the maximum evaluated 5 and bandwidth and its dependent management is evaluated as 4.5 from the maximum value 5.
Accordingly, a percentage value with respect to every attribute is computed based on which, a mean is computed as:
(80+85+80+90)/400 * 100 = 83.75%
Further, overall performance metric rating is calculated: 5 * 83.75% = 4.18 In above computation, 5 is a maximum performance rating value, which can be user defined or automatically generated.
Table 3 shows an exemplary embodiment where security metrics rating has been computed according to steps 202, 204 and 206. According to an embodiment, maximum value referred in table 3 can either be manually defined or automatically generated.
Table 3 Attributes Evaluated maximum Percentage value value value 1 Firewall configurations 4 5 80 and firewall security status 2 Antivirus program 85 100 85 installed and the status of the program 3 Status of connected media 4 5 80 to the exposed port of the node 4 Input device attached and 4.5 5 90 Scope of the Input device In aforementioned table Firewall configurations and firewall security status is evaluated as 4 out of maximum value 5, Antivirus program installed and the status of the program is evaluated as 85 out of maximum mark value 100, Status of connected media to the exposed port of the node is evaluated as 4 out of maximum value 5. Input device attached and Scope of the Input device is evaluated as 4.5 out of maximum value 5. Accordingly, a percentage value with respect to every attribute is calculated based on which, a mean is computed as:
(80+85+80+90)1400 * 100 = 83.75%
Further, overall security metric rating is computed: 5 * 83.75% = 4.18 In above computation, 5 is a maximum security rating value, which can be user defined or automatically generated.
In step 208, the risk probability threshold value is accepted from a user.
Risk probability threshold value helps to determine the user security needs or preferences, about the level of security he needs for the transmission of data.
According to an embodiment user will assign a numerical value on the scale 1-5 for assigning his security preferences.
According to another embodiment the risk probability threshold value will determines the path through which user wants to transmit his data (the highly secure path or moderately secure path). However, it might be possible that highly secure nodes have higher congestion rate because every node wants to transmits their data through highly secure nodes.
In step 210, performance history, mean performance index, attack history(type of attack and level of damage/ penetration done) , transaction loss/ failed transaction history and neighbor node evaluation of each of said nodes is stored in second repository (shown in figure). Historical data collector (shown in figure 1) collects the value performance history, mean performance index, attack history, transaction loss/
failed transaction history after every transaction and updates the values for the nodes which are involved in transaction in second repository. Neighbor node evaluation is the values which are given by the neighbor nodes to the interacting node based on the experience they have get during the interaction.
In step 212, reputation metrics rating and neighbor node metric rating is computed.
The reputation metrics rating is computed on second processor (shown in figure I). If a node has a history of attack, then the reputation metrics rating calculated would be less. It is also computed based on the neighbor node rating given by neighbor nodes to specific node, where the reputation of specific node is determined how cooperative and communication friendly to neighbor nodes. But, on the same time the node will get a chance to regain its reputation if it shows a good performance and security index rating over persistent amount of time.
Neighbor nodes while interacting with a specific node, can rate the interacting nodes based on the experience they have get, network efficiency can be one of the attribute for the neighbor node rating. The rating given by neighbor nodes to specific node also helps to determine the reputation of specific node in the network. It also indicates the compatibility (match percentage), with the immediate adjacent neighbor node.
According to an exemplary embodiment a network node with a specific system configuration can be capable of high performance communication, but the same communication bandwidth may not be supported with the immediate communicating node. Consider a scenario, where a node is capable of communicating with 1GBPS
speed, but the immediate node is capable to support only 100MBPS.
Node to neighbor node rating is many to one (rating) mapping, which also, tells the inbound traffic, the most suitable nodes that could be connected, for easy and efficient transmission of data. It also helps to determine, at the point of failure or breach, the safest node, that can be replaced with the affected node.
According to another embodiment neighbor node metric rating is computed in accordance with step 212. In an embodiment, maximum rating can be a manually defined by the user or automatically generated.
The network efficiency of the node is calculated as:
Network Efficiency Recieved packet ¨ Corrupt packet Total time taken Total packet sent __________________________ x Standard time of arrival x 100 In an exemplary embodiment to compute network efficiency of node A where node B
transmits data through node A wherein, Total Packet Sent= 40, Received packet (by destination host): 38, Total Time taken:
4ms, Corrupt Packet: 2, Standard time of arrival: 5sec In this case Network efficiency is computed as:
- X - X 100 = -36 X -4 X 100 = 80 So, B gives Rating to Node A= 5 * 80%= 4 (where benchmark rating¨ 5) With each transaction of node B with node A, the rating given above will keep on changing based on the experiences of the service node B will get from node A.
If node A provides a good service i.e. all packets are received and transmitted without any loss, damage& hijack, the rating from the neighbor nodes to the interacting node keeps increasing. Else, it would decrease or stay same.
With the same strategy, node D & C also rates the node A
Node B¨)Node A= Rating 4 Node C Node A¨ Rating 3.5 Node D--) Node A=Rating 4 4+3.5+4 node A mean of neighbor node rating¨ 3 = 3.83 Similarly, node A can also rate the neighbor nodes, while node A is transmitting and any other node is interacting. This two way rating system among the neighbor nodes will help to determine the suitable path for transmission.
In step 214, performance metrics rating and security metrics rating is received from the assignor present on each node.
In step 216, active nodes present in the network is determined, network consist of large number of nodes, in some of which are inactive state (not in a position of transmitting and receiving data). So, it's necessary to determine the active nodes present in network before the transmission of data.
In step 218, all the possible paths are determined between the origin node and destination node. Origin node and destination can be any of the nodes present in the network.
In step 220 trust value of the nodes present in paths determined. First a mean value of performance metrics rating, security metrics rating, reputation metrics rating and neighbor node metrics rating is computed and trust value is assigned based on said computed mean value.
Table 4 shows an exemplary embodiment where the mean value is computed and trust value is assigned in accordance with step 220.
According to an embodiment, a weightage referred in table 4 can be defined according to user data security needs, wherein user can define the weightage manually or it can be automatically generated.
Table 4 Weightage Maximum Rating Weightage (W) *
(W) Value (R) Rating(R) Performance metrics 3 5 4.18 12.54 rating Security metrics 3 5 4.18 12.54 rating Reputation metrics 1 5 4 4 rating Neighbor node 3 5 3.83 11.49 metrics rating 12.54+12.54+4.00+11.49 057 Mean Value¨ x 100 =. X 100 = 81. 14 3x5+3x5+1x5+3x5 SO
Now, based on mean value, trust value is calculated.
Trust Value = Maximum trust value for a node x Mean Value =
x 81.14 = 4.057 According to an embodiment the Maximum trust for a node can either be manually defined or automatically generated.
In step 222, risk probability is determined for determined paths based on the mean of trust value of each of active nodes present in path, Referring to figure 3, illustrates an exemplary embodiment for determining a risk probability for selected possible paths.
Node A is a origin node, through which data has to be transmitted to node B, which is destination node. The following possible paths are available for transmitting a data from node A to node B:
A4 D-* G 4 B
For each interacting node trust value has been calculated according to above mentioned steps. The trust values for the following nodes are:
C= 4.2D= 4.7 E=3.5 F=4.3 G=4.2 Now risk probability of possible paths is computed by adding the trust values of the intermediary interacting nodes.
A4 C 4 F 4 B = 4.2 + 4.3 = -5-8 * 100 = 85% secure, Risk probability= 15%
to A4 C 4 E 4 B = 4.2 + 3.5 = ¨7.7 * 100 = 77% secure, Risk probability= 23%
to A4 D G 4 B = 4.7 + 4.2 = * 100 -= 89% secure, Risk Probability= 11%
to In step 224, risk probability of each of the paths is compared with the risk probability threshold value to determine what all paths are secure enough according to user needs!
preferences. First risk probability threshold value is received from input nodule 10(shown in figure 1) and the current risk probability for each of said determined paths is received from risk determiner module 80 (shown in figure 1). Further those paths are identified which have the risk probability lower than the risk probability threshold value.
In step 226, resources requirement by the paths which are secure enough according to user needs is determined, it might be possible in step 224 comparator identifies more than one path having risk probability is lesser then the user needs. This step helps to determine the best possible path for transmission of data which required least resources.
TECHNICAL ADVANCEMENTS
The technical advancements of the system envisaged by the present disclosure include the realization of:
= a system that defends the vulnerabilities on the network nodes and network paths, Another object of the present disclosure is to safeguard the data in the communication channel;
= a system that maintain the integrity, reliability, confidentiality, security and throughput in the communication network;
= a system that increase the network capability and dynamically evolves with transactional statistics;
= a system that reduces the operational cost of maintaining dedicated virtual private network (VPN);
= a system that provides a logical VPN for high value financial transactions in the same protocol, even user is using 3rd party network; and = a system that provides effective and message broadcast system.
The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily modify and/or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification within the spirit and scope of the embodiments as described herein.
Claims (6)
1. A computer implemented system for selecting a secure path for data transmission from one node to another in a communication network having plurality of nodes, said system comprising:
= an evaluation unit, a mean value determiner unit and an assignor unit, configured in a first repository in each of said nodes, the evaluation unit configured in a node adapted to evaluate performance metrics attributes and security metrics attributes of said node, the mean value determiner unit in the node configured to receive evaluated performance metrics attributes and security metrics attributes from said evaluation unit in said node and determine the mean value of the evaluated performance metrics attributes and security metrics attributes of said node and the assignor unit configured to receive the mean value of the performance metrics attributes and security metrics attributes of said node and assign a performance metrics rating and a security metrics rating to said node; and = a server, fitted with a first processor for communication with each of said nodes, said processor adapted to send operational signals to said evaluation units, mean value determiner units and assignor units in each of said nodes to direct the performance of said units to provide the performance metrics rating and the security metrics rating for each of the nodes and further directing the assignor units to transfer said ratings to the server, said server comprising:
o an input module configured to accept risk probability threshold value from a user for determining user security needs for transmitting data between two nodes among said plurality of nodes along a secure pathway;
o a second repository for dynamically storing the performance history, mean performance index, attack history, transaction loss/ failed Date Recue/Date Received 2021-09-09 transaction history and neighbor nodes evaluation of each of said nodes;
o a second processor adapted to process the information stored, in the second repository, in respect of each of said nodes to compute a current reputation metric rating and neighbor node metric rating of each of said nodes;
o a receiver module for receiving said performance metrics rating and security metrics rating for each of said nodes;
o an active node determiner module configured to determine active nodes present in said plurality of nodes;
o a path determiner module configured to determine paths between said determined active nodes;
o a trust value module having a third processor configured to receive from said receiver module the performance metrics rating and the security metrics rating of a particular node and the reputation metric rating and neighbor node metric rating from said second processor and compute the current trust value for each of the active nodes for selecting a secure path present in said communication network;
o a risk determiner module fitted with a fourth processor configured to receive the current trust value of each of said active nodes and set of determined paths between the currently active node, said fourth processor adapted to compute the risk probability for each of said determined paths in said set paths by determining the mean of the trust values of the active nodes defining each of the path;
o a comparator having a fifth processor adapted to receive the risk probability threshold value from said input module and the current risk probability of each of said determined paths said fifth processor Date Recue/Date Received 2021-09-09 adapted to identify paths in said set having risk probability lower than the risk probability threshold value; and o a resources determiner module cooperating with said comparator, configured to determine the resources required for selecting a secure path for data transmission via said paths identified by said fifth processor to identify a path requiring the utilization of the least amount of resource; and = a historical data collector configured to collect historical data after every transaction, for each of said nodes through which data is transferred, said historical data comprises performance history, mean performance index, attack history and transaction loss/ failed transaction history, and said historical data collector is further configured to transmit the historical data to the second repository.
= an evaluation unit, a mean value determiner unit and an assignor unit, configured in a first repository in each of said nodes, the evaluation unit configured in a node adapted to evaluate performance metrics attributes and security metrics attributes of said node, the mean value determiner unit in the node configured to receive evaluated performance metrics attributes and security metrics attributes from said evaluation unit in said node and determine the mean value of the evaluated performance metrics attributes and security metrics attributes of said node and the assignor unit configured to receive the mean value of the performance metrics attributes and security metrics attributes of said node and assign a performance metrics rating and a security metrics rating to said node; and = a server, fitted with a first processor for communication with each of said nodes, said processor adapted to send operational signals to said evaluation units, mean value determiner units and assignor units in each of said nodes to direct the performance of said units to provide the performance metrics rating and the security metrics rating for each of the nodes and further directing the assignor units to transfer said ratings to the server, said server comprising:
o an input module configured to accept risk probability threshold value from a user for determining user security needs for transmitting data between two nodes among said plurality of nodes along a secure pathway;
o a second repository for dynamically storing the performance history, mean performance index, attack history, transaction loss/ failed Date Recue/Date Received 2021-09-09 transaction history and neighbor nodes evaluation of each of said nodes;
o a second processor adapted to process the information stored, in the second repository, in respect of each of said nodes to compute a current reputation metric rating and neighbor node metric rating of each of said nodes;
o a receiver module for receiving said performance metrics rating and security metrics rating for each of said nodes;
o an active node determiner module configured to determine active nodes present in said plurality of nodes;
o a path determiner module configured to determine paths between said determined active nodes;
o a trust value module having a third processor configured to receive from said receiver module the performance metrics rating and the security metrics rating of a particular node and the reputation metric rating and neighbor node metric rating from said second processor and compute the current trust value for each of the active nodes for selecting a secure path present in said communication network;
o a risk determiner module fitted with a fourth processor configured to receive the current trust value of each of said active nodes and set of determined paths between the currently active node, said fourth processor adapted to compute the risk probability for each of said determined paths in said set paths by determining the mean of the trust values of the active nodes defining each of the path;
o a comparator having a fifth processor adapted to receive the risk probability threshold value from said input module and the current risk probability of each of said determined paths said fifth processor Date Recue/Date Received 2021-09-09 adapted to identify paths in said set having risk probability lower than the risk probability threshold value; and o a resources determiner module cooperating with said comparator, configured to determine the resources required for selecting a secure path for data transmission via said paths identified by said fifth processor to identify a path requiring the utilization of the least amount of resource; and = a historical data collector configured to collect historical data after every transaction, for each of said nodes through which data is transferred, said historical data comprises performance history, mean performance index, attack history and transaction loss/ failed transaction history, and said historical data collector is further configured to transmit the historical data to the second repository.
2. The system as claimed in claim 1, wherein the performance metrics attribute comprises a transmission latency rate, a success to fail transaction ratio, a response time and a bandwidth and its time dependent management.
3. The system as claimed in claim 1, wherein the security metrics attribute comprises a firewall configuration and firewall security status, a installed anti-virus program and status of the program, a status of connected medias to an exposed port of the node and an input device attached and scope of the input device.
4. A computer implemented method for a secure path selection in a network consisting of a plurality of nodes, configured to enable transmission of data between the nodes present in the network, said method comprising:
= evaluating by an evaluation unit, performance metrics attribute and security metrics attribute;
Date Recue/Date Received 2021-09-09 = determining, by a mean value determiner unit, a mean value of the evaluated performance metrics attribute and security metrics attribute;
= assigning, by an assignor unit, a performance metrics rating and security metrics rating;
= adapting to send operational signals, by a processor, to said evaluation units, mean value determiner units and assignor units in each of said nodes to direct the performance of said units to provide the performance metrics rating and the security metrics rating for each of the nodes;
= directing, by said processor, the assignor units to transfer said ratings to the server;
= accepting, by an input module, a risk probability threshold value from a user data for determining the user security needs for the transmission of data between two nodes among said plurality of nodes along a secure pathway;
= collecting, by a historical data collector, after every transaction, for each of said nodes through which data is transferred, said historical data comprises performance history, mean performance index, attack history and transaction loss/ failed transaction history;
= transmitting, by said historical data collector, the historical data to a second repository;
= storing, by said second repository, a performance history, mean performance index, attack history, transaction loss/ failed transaction history and neighbor node evaluation of each of said nodes;
= processing, by a second processor, the information stored, in the second repository, in respect of each of said nodes to compute a current reputation metric rating and neighbor node metric rating of each of said nodes;
= receiving, by a receiver module, performance metrics and security metrics rating for each of said nodes;
Date Recue/Date Received 2021-09-09 = determining, by an active node determiner module, active nodes present in said plurality of nodes;
= determining, by a path determiner module, paths between said active nodes present in the network = receiving, by a trust value module, said performance metrics rating and security metrics rating of a particular node and the reputation metric rating and neighbor node metric rating from said second processor and compute the current trust value for each of the active nodes for selecting a secure path present in said communication network;
= receiving, by a risk determiner module fitted with a fourth processor, the current trust value of each of said active nodes and set of determined paths between the currently active node;
= adapting, by a fourth processor, to compute the risk probability for each of said determined paths in said set paths by determining the mean of the trust values of the active nodes defining each of the path;
= receiving, by a comparator, the risk probability threshold value and the current risk probability for each of said determined paths;
= identifying, by a fifth processor, paths having risk probability lower than the risk probability threshold value; and = determining, by a resources determiner module, the resources required for selecting a secure path for data transmission via said paths and identifying a path requiring the utilization of least amount of resources.
= evaluating by an evaluation unit, performance metrics attribute and security metrics attribute;
Date Recue/Date Received 2021-09-09 = determining, by a mean value determiner unit, a mean value of the evaluated performance metrics attribute and security metrics attribute;
= assigning, by an assignor unit, a performance metrics rating and security metrics rating;
= adapting to send operational signals, by a processor, to said evaluation units, mean value determiner units and assignor units in each of said nodes to direct the performance of said units to provide the performance metrics rating and the security metrics rating for each of the nodes;
= directing, by said processor, the assignor units to transfer said ratings to the server;
= accepting, by an input module, a risk probability threshold value from a user data for determining the user security needs for the transmission of data between two nodes among said plurality of nodes along a secure pathway;
= collecting, by a historical data collector, after every transaction, for each of said nodes through which data is transferred, said historical data comprises performance history, mean performance index, attack history and transaction loss/ failed transaction history;
= transmitting, by said historical data collector, the historical data to a second repository;
= storing, by said second repository, a performance history, mean performance index, attack history, transaction loss/ failed transaction history and neighbor node evaluation of each of said nodes;
= processing, by a second processor, the information stored, in the second repository, in respect of each of said nodes to compute a current reputation metric rating and neighbor node metric rating of each of said nodes;
= receiving, by a receiver module, performance metrics and security metrics rating for each of said nodes;
Date Recue/Date Received 2021-09-09 = determining, by an active node determiner module, active nodes present in said plurality of nodes;
= determining, by a path determiner module, paths between said active nodes present in the network = receiving, by a trust value module, said performance metrics rating and security metrics rating of a particular node and the reputation metric rating and neighbor node metric rating from said second processor and compute the current trust value for each of the active nodes for selecting a secure path present in said communication network;
= receiving, by a risk determiner module fitted with a fourth processor, the current trust value of each of said active nodes and set of determined paths between the currently active node;
= adapting, by a fourth processor, to compute the risk probability for each of said determined paths in said set paths by determining the mean of the trust values of the active nodes defining each of the path;
= receiving, by a comparator, the risk probability threshold value and the current risk probability for each of said determined paths;
= identifying, by a fifth processor, paths having risk probability lower than the risk probability threshold value; and = determining, by a resources determiner module, the resources required for selecting a secure path for data transmission via said paths and identifying a path requiring the utilization of least amount of resources.
5. The method as claimed in claim 4, wherein the performance metrics attribute comprises a transmission latency rate, a success to fail transaction ratio, a response time and a bandwidth and its time dependent management.
Date Recue/Date Received 2021-09-09
Date Recue/Date Received 2021-09-09
6. The method as claimed in claim 4, wherein the security metrics attribute comprises a firewall configuration and firewall security status, an installed anti-virus program and status of the program, a status of connected medias to an exposed port of the node and an input device attached and scope of the input device.
Date Recue/Date Received 2021-09-09
Date Recue/Date Received 2021-09-09
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| IN3837MU2014 | 2014-12-01 | ||
| IN3837/MUM/2014 | 2014-12-01 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2887428A1 CA2887428A1 (en) | 2016-06-01 |
| CA2887428C true CA2887428C (en) | 2022-07-19 |
Family
ID=56087557
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2887428A Active CA2887428C (en) | 2014-12-01 | 2015-04-07 | A computer implemented system and method for secure path selection using network rating |
Country Status (3)
| Country | Link |
|---|---|
| JP (1) | JP6495050B2 (en) |
| CN (1) | CN105991617B (en) |
| CA (1) | CA2887428C (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR102259732B1 (en) * | 2019-11-28 | 2021-06-02 | 광주과학기술원 | A honeypot deployment method on a network |
| US12238126B2 (en) * | 2020-05-04 | 2025-02-25 | The George Washington University | Systems and methods for learning-based high-performance, energy-efficient, and secure on-chip communication design framework |
| DE102020210193B3 (en) | 2020-08-12 | 2021-10-14 | Robert Bosch Gesellschaft mit beschränkter Haftung | Method and system for securing data communication within a network |
| CN114943389B (en) * | 2022-07-21 | 2022-11-15 | 中国兵器科学研究院 | Delivery path optimization method and device based on brittleness theory and storage medium |
| CN115842681B (en) * | 2023-02-03 | 2023-05-19 | 国网数字科技控股有限公司 | A risk assessment method and related device for public-private interactive power business system |
| WO2024180603A1 (en) * | 2023-02-27 | 2024-09-06 | 日本電気株式会社 | Route selection system, route selection method, and non-transitory computer-readable medium |
| CN116797267B (en) * | 2023-08-23 | 2023-11-24 | 深空间发展投资控股(湖北)有限公司 | Distributed market data acquisition management system for equity investment |
| CN116976759B (en) * | 2023-09-25 | 2023-12-08 | 深圳点筹农业供应链有限公司 | Agricultural data transaction security assessment method based on Internet of things |
| CN117473533B (en) * | 2023-11-10 | 2024-05-28 | 上海创芯致锐互联网络有限公司 | Reaction data transmission management system in magnetron sputtering cooling cavity |
| CN118041577B (en) * | 2023-12-28 | 2024-07-19 | 广州视声智能科技有限公司 | Home data transmission method and system based on multiple agents |
| KR102778911B1 (en) * | 2023-12-28 | 2025-03-12 | 주식회사 융넷 | Database inference attack control apparatus based on probabilistic logic and method thereof |
| CN118964162B (en) * | 2024-10-16 | 2025-01-14 | 浙江大学 | Chip system trust calculation method, security protection method and device |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4185852B2 (en) * | 2003-11-20 | 2008-11-26 | 日本電信電話株式会社 | Communications system |
| US7991852B2 (en) * | 2004-01-22 | 2011-08-02 | Alcatel-Lucent Usa Inc. | Network architecture and related methods for surviving denial of service attacks |
| DE102005023879B3 (en) * | 2005-05-24 | 2006-12-28 | Siemens Ag | Method for evaluating an object in a communication network |
| CN101110762A (en) * | 2007-08-22 | 2008-01-23 | 华中科技大学 | An Ad hoc Network Security Routing Method |
| JP2009071436A (en) * | 2007-09-11 | 2009-04-02 | Toshiba Corp | Communication path selecting method, and information processing device for relaying |
| CN101404572A (en) * | 2008-11-14 | 2009-04-08 | 西安交通大学 | Network node total trust degree estimation method based on feedback trust aggregation |
| CN102158864B (en) * | 2011-04-15 | 2013-07-24 | 北京航空航天大学 | Mobile AD Hoc network self-adapting secure routing method based on reliability |
| JP2013093781A (en) * | 2011-10-27 | 2013-05-16 | Fujitsu Ltd | Communication network system, node device, and route selection method for communication network system |
| CN103179001B (en) * | 2013-04-17 | 2015-09-30 | 重庆邮电大学 | A kind of reliability of electric force communication network appraisal procedure based on operating path information |
-
2015
- 2015-03-02 JP JP2015039820A patent/JP6495050B2/en active Active
- 2015-03-04 CN CN201510096474.5A patent/CN105991617B/en active Active
- 2015-04-07 CA CA2887428A patent/CA2887428C/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN105991617A (en) | 2016-10-05 |
| JP6495050B2 (en) | 2019-04-03 |
| CA2887428A1 (en) | 2016-06-01 |
| CN105991617B (en) | 2020-04-24 |
| JP2016111664A (en) | 2016-06-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2887428C (en) | A computer implemented system and method for secure path selection using network rating | |
| US10187422B2 (en) | Mitigation of computer network attacks | |
| US10129297B2 (en) | System and method thereof for multi-tiered mitigation of cyber-attacks | |
| US9130977B2 (en) | Techniques for separating the processing of clients' traffic to different zones | |
| US10887347B2 (en) | Network-based perimeter defense system and method | |
| US20120324572A1 (en) | Systems and methods that perform application request throttling in a distributed computing environment | |
| Ubale et al. | Survey on DDoS attack techniques and solutions in software-defined network | |
| US9813448B2 (en) | Secured network arrangement and methods thereof | |
| US20100257599A1 (en) | Dynamic authenticated perimeter defense | |
| US20160234234A1 (en) | Orchestrating the Use of Network Resources in Software Defined Networking Applications | |
| US9306959B2 (en) | Dual bypass module and methods thereof | |
| JP2016508353A (en) | Improved streaming method and system for processing network metadata | |
| KR20110049282A (en) | DDoS detection / blocking system for DDoS attack and its method | |
| EP3266174B1 (en) | Uplink port oversubscription determination | |
| Nisa et al. | TPAAD: Two‐phase authentication system for denial of service attack detection and mitigation using machine learning in software‐defined network | |
| Aibin et al. | Resilient sdn, cdn and icn technology and solutions | |
| KR102162991B1 (en) | Integrated security router for idc and integrated secutiry service based on traffic shaping and ips fusion implementation | |
| US20090100487A1 (en) | Mitigating subscriber side attacks in a cable network | |
| US10616094B2 (en) | Redirecting flow control packets | |
| CN117938728B (en) | Routing method, device, equipment and medium for edge nodes in server cluster | |
| Park et al. | HEX Switch: Hardware-assisted security extensions of OpenFlow | |
| HK1229968A1 (en) | A computer implemented system and method for secure path selection using network rating | |
| Zunnurhain et al. | FAPA: flooding attack protection architecture in a cloud system | |
| HK1229968B (en) | A computer implemented system and method for secure path selection using network rating | |
| Fazely Hamedani | Scalable and Reliable Framework to Detect and Mitigate DDoS Attack in OpenFlow-based SDN Network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request |
Effective date: 20200325 |
|
| EEER | Examination request |
Effective date: 20200325 |
|
| EEER | Examination request |
Effective date: 20200325 |