CN101883101A - Vaccine distributing method based on double-layer Chord ring network - Google Patents
Vaccine distributing method based on double-layer Chord ring network Download PDFInfo
- Publication number
- CN101883101A CN101883101A CN 201010207453 CN201010207453A CN101883101A CN 101883101 A CN101883101 A CN 101883101A CN 201010207453 CN201010207453 CN 201010207453 CN 201010207453 A CN201010207453 A CN 201010207453A CN 101883101 A CN101883101 A CN 101883101A
- Authority
- CN
- China
- Prior art keywords
- node
- vaccine
- server
- trust
- lower level
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a vaccine distributing method based on a double-layer Chord ring network, belonging to the technical field of computer virus prevention and control. In the invention, the resource of non-server nodes in the network is fully utilized to increase the efficiency of vaccine distribution by constructing one compound double-layer Chord ring network, and the safety problem of vaccine transmission is solved by establishing a trust mechanism. Compared with the prior art, the invention efficiently reduces the load of a server.
Description
Technical field
The present invention relates to computer network antivirus techniques field, especially relate to a kind of vaccine distributing method.
Background technology
Appearance and fast development along with Internet technology, human life style has obtained huge change, but simultaneously a large amount of computer viruses also occurs thereupon, its kind is exponential growth, destructiveness is also more and more violent, and Prevention and Cure of Computer Virus also becomes the important component part in the computer networking technology.
In the computer virus precaution mode, immunity is to use the most a kind of mode, and wherein vital be exactly how vaccine to be propagated into whole network as soon as possible, cut off the route of transmission of virus.The currently available vaccines, existing vaccines circulation way mostly is the server-client pattern, promptly carries out the distribution of vaccine by centralized server to all clients, and vaccine broadcasting speed is slower, and the load of server is overweight.
(application number is 200710053778.9 one piece of Chinese invention patent application, open day is on April 30th, 2008) in computer virus vaccine broadcasting method under a kind of distributed environment is disclosed, this method adopts the vaccine broadcasting strategy that has dynamic trust mechanism, when carrying out vaccine broadcasting, the ordinary node that has credit worthiness has been born the responsibility of part vaccine distribution, node is judged the fail safe of propagating vaccine according to credit worthiness, is finally confirmed the reliability of vaccine when credit worthiness is not enough to as basis for estimation by server.This vaccine broadcasting method can partly reduce the load of server, improves the propagation velocity of vaccine.But in the architectural framework that this patent is described, node is followed and is received vaccine earlier, and whether the back checking needs the rule of this vaccine, might make node bandwidth waste on some unnecessary or wrong Data Receiving.In case node receives vaccine can't judge its reliability again the time, promptly be transferred to server and judge, yet do not provide the method that server is judged the vaccine reliability in the document; Node is when neighbor node sends vaccine, be to sort according to the connection degree, this can guarantee the comparatively fast immunity of node of high connections degree, however also caused simultaneously high connection degree node with high-frequency receive connection request, and also select the method for which request in the document to egress actually.
Summary of the invention
The object of the present invention is to provide a kind of vaccine distributing method,, further alleviate load of server guaranteeing that each node in time receives under the prerequisite of effective vaccine.
Technical scheme of the present invention is by making up a kind of compound double-deck Chord ring structure, makes full use of that the resource of non-server node improves the efficient of vaccine distribution in the network, and solves vaccine transmission safety problem by the mechanism of breaking the wall of mistrust.
Be convenient understanding technical scheme of the present invention, at first the substance of Chord ring network made brief description below:
Peer-to-peer network is that a class is utilized internet edge resource (storage, calculating, content or the like), distributed system decentralization, self-organizing and all or that most of contact is a symmetry.The node of each participation had both served as client (client) in the peer-to-peer network environment, also served as server (server), by all or part of resource of oneself is provided, obtained the resource of sharing in the peer-to-peer network; There are not concentrated coordinator and database, the neither one fellow has the view of whole system, and the behavioural characteristic of the overall situation comes from the mutual of this locality, and all already present data and service all are open to each fellow, and the fellow is autonomous, and its connection is insecure.
The weakened function of server of peer-to-peer network technology, pay attention to the effect of all individualities in the network, what emphasize is direct communication and contact between the individuality, between the system, between the computer, each participant be the client be again service side, this makes people be thus lifted to a level widely in the shared behavior on the internet, people is participated in the network in more initiatively mode go.It and the existing Client that distributed computing technology was adopted based on middleware have essential distinction.From present should being used for, the power of P2P also be mainly reflected on a large scale share, on the search advantages.Mainly solve the application of four major types on the network in this respect: reciprocity calculating, collaborative work, search engine, exchange files.
The Chord algorithm is a kind of distributed hash table algorithm that Massachusetts Institute of Technology computer science laboratory puts forward, and this algorithm can efficiently be located resource in large-scale distributed network.The Chord algorithm has satisfied the load balance in the peer-to-peer network, the distributed central authoritiesization of going, network self-adapting, name flexibly, requirements such as extensive applicability.
The Chord system is based on the efficient distributed query system of the consistency hash of Chord algorithm, and it will indicate the node of spatial mappings in the Chord network.A node on the Chord network can be a main frame, also can be that each node all has a Chord identifier by the socket (process communication mechanism) of IP address and network port address definition.And the resource on the network uses identifier to indicate equally, then resource related information is mapped on the node.In the Chord network,, just can find the resource index of preserving this keyword rapidly as long as provide a keyword (key).
The Chord agreement is only supported an operation: provide keyword arbitrarily, he is mapped to this keyword on the node.Use the application program of Chord to be responsible for preserving the value related with this key.Chord uses the consistency hashing that keyword is mapped on the node.The consistency hashing makes the network node load balancing on the Chord, because each node can both be received the keyword of equal number roughly, and. when node adds or leaves, only there is a spot of keyword to shift original position.The algorithm that uses the consistency hash in the past all is to be based upon this hypothesis of position that node is all known most other nodes in the system.This hypothesis does not conform at the environment of reality, so cause algorithm in the past to use inadequately.In contrast, the Chord algorithm only needs the routing iinformation of fraction.Under stable status, the Chord system that contains N node only need safeguard the information of individual other nodes of general O (logN).And guarantee inferior forwarding inquiries, just can finish inquiry work node at O (logN).When having node to add in the Chord network or withdrawing from, only there be 1/N keyword must change original position in the network, Chord must be to this change new routing information more, and the information that at this time needs O (log2N) transmits in network.
Chord uses the consistency hashing algorithm, and the consistency hashing algorithm is mapped to each node the identifier of identical figure place.The algorithm that uses in the Chord algorithm is the cryptographic algorithm of SHA-1.The identifier of node can from IP or ((IP, port, other flag bit) generates.Use (node label, address) to indicate a node in the Chord algorithm.In order to guarantee can not exist in the network two nodes of same node point sign, m must be bigger.Use the SHA-1 algorithm can be on the data of the data map to 160 of indefinite length.Like this, the node label space of Chord algorithm just is 2
160, the probability that can guarantee to occur identical identifier is very little.
For the identifier space is 2
mThe Chord network, identifier is according to mould 2
mBe ranked into a circle, this circle becomes the Chord ring.
For the symbol space on the network is mapped on these nodes, the Chord algorithm proposes the notion of a Successor.Successor (Key) is the node number more than or equal to the minimum of Key.
The Chord algorithm uses the Successor function that NameSpace is mapped on some relevant nodes, is responsible for the Resource Key that is present in this NameSpace is carried out index service by these nodes.Simultaneously, in order to find relevant node apace, the node in the Chord network is preserved routing iinformation.As previously mentioned, if the identifier of Chord network is the m position, each node can be safeguarded a routing table that m element arranged at most so.This routing table is called the Finger table.The node number of supposing certain node among the Chord is n, the i item sj=successor (n+2 of Finger Table
I-1), 1≤i≤m wherein, and resulting result is to 2
mAsk mould.Field such as following table 1 in the Finger table:
| {。##.##1}, | Definition |
| Finger[k] .start (initial key identifier) | ??(n+2 k-1)mod2 m,1≤k≤m |
| .interval (finish the key identifier) | ??[finger[k].start,finger[k+1].start) |
| .node (the mapping interdependent node of certain key) | ??frst?node≥n.finger[k].start |
| .successor (descendant node) | The next node adjacent in the current ring with this node |
| Predecessor (the preceding node that continues) | The previous node adjacent in the current ring with this node |
Table 1
Below only the substance of Chord network has been carried out concise and to the point description, but more detailed content list of references (IonStoica, Robert Morris, David Karger.Chord:A Scalable Peer-to-peer Lookup Service forInternet Applications.SIGCOMM ' O1, San Diego, California, USA, 2001).
In sum, it is as follows to obtain technical scheme of the present invention:
A kind of vaccine distributing method based on double-layer Chord ring network is characterized in that, may further comprise the steps:
Step 1) makes up double-deck Chord loop network; Described double-layer Chord ring network comprises two kinds of different node cycles: server ring and lower level node ring, wherein each node in the server ring a corresponding lower level node ring as server admin, and is connected entirely with all lower level nodes in this lower level node ring; All adopt the Chord agreement to communicate between the server node in the server ring and between the lower level node in each lower level node ring;
Step 2) server node generates vaccine bag XX (j+1) with vaccine or vaccine bag XX (j), trust table and the digital signature of self that obtains, and described vaccine and the digital signature of self are bundled into vaccine bag XX (j+2); Wherein, described trust table is by the server node Dynamic Maintenance, and comprises all nodenames and the pairing trust mark of each node in the lower level node ring that this server administers; Wherein j is the sequence number of vaccine bag;
The step 3) server node obtains the routing iinformation of associated server node by the finger table of inquiry self, the associated server node routing iinformation that finds is carried out hash with the hash value of transmission vaccine port numbers and vaccine file obtain a key value, and whether this key value of inquiry exists in current finger table, as not existing, then send vaccine bag XX (j+2) to this server node, if exist, then turn to the next clauses and subclauses in the finger table, from the trust table, select lower level node to carry out the transmission of vaccine bag XX (j+1) simultaneously according to preset rule;
Step 4) receives the reliability of the associated server node of vaccine bag by the digital signature authentication vaccine in the vaccine bag, if reliability is guaranteed, then use the vaccine file to reinforce or the redemption system, simultaneously with self routing iinformation and the transmission port numbers of vaccine and the hash value of vaccine file carry out obtaining a value behind the hash, and the relevant information that will be worth is stored in the finger table of associated server node, in local log file, carry out simultaneously corresponding change, illustrate and oneself played certain vaccine, the execution in step that circulates then 2-step 4, each server node has all traveled through the clauses and subclauses in the own finger table in the server ring;
The lower level node that receives vaccine is by the reliability of the digital signature authentication vaccine that carries in the vaccine file, if reliability is guaranteed, then use the vaccine file to reinforce or the redemption system, routing iinformation with self carries out obtaining a value behind the hash with the port numbers of transmission vaccine and the hash value of vaccine file simultaneously, and the relevant information that will be worth is stored in the finger table of interdependent node and goes, use the trust table in the vaccine bag to upgrade the local node trust mark of storing, simultaneously in local log file, carry out corresponding change, illustrate and oneself played this vaccine;
Step 5) was beaten the interdependent node routing iinformation of storing in the current finger table of lower floor's link point inquiry of vaccine, the relevant lower level node routing iinformation that finds is carried out hash with the hash value of transmission vaccine port numbers and vaccine file obtain a key value, and whether this key value of inquiry exists in current finger table, if exist, then explanation should have been played vaccine by relevant lower level node, and turned to the next clauses and subclauses in self finger table; If do not exist, then send vaccine transmission request to this relevant lower level node;
Step 6) receives the relevant lower level node of vaccine transmission request and inquire about the trust mark that sends vaccine transmission requesting node in the trust table, and the trust threshold that will trust mark and predefined node compares, as greater than this trust threshold, then receive vaccine and go to step 4; As less than this trust threshold, then reject vaccine.
Technique scheme is by making up a kind of compound double-layer Chord ring network, made full use of that the resource of non-server node improves the efficient of vaccine distribution in the network, and solved vaccine transmission safety problem by the mechanism of breaking the wall of mistrust.Compared to existing technology, reduced the load of server effectively.
In technique scheme, in order to prevent that indivedual lower level nodes from can not in time obtain vaccine, can whether play vaccine by lower floor's link point that server is administered according to certain time interval inquiry, as find that this node do not vaccinate, then to this node transmission vaccine bag; The present invention adopts following scheme:
(trust mark/d) inferior heartbeat, relevant parameter in the return node daily record and default parameters are compared, be not inconsistent as the two, not immunity fully of node is described, then server just sends up-to-date vaccine bag to this node to the every triggering of server node X-; X, d are predefined constants, and X and d are the integer greater than 1, and X>(100/d).
In order to allow server know that node is online, node needs regularly to send information to server, if the server certain hour does not receive information, then thinks this node off-line, and the every reception primary information of server is considered as a heartbeat of node.
Above-mentioned predefined X, d can be provided with as required, and the time interval of the big more then inquiry of X is long more, and the server burden is light more, but may reduce the speed of vaccine diffusion.The big more then trust value of n is more little to the time interval influence of inquiry.
In the present invention, trust the foundation of table and safeguard very important, because in the P2P peer-to-peer network, the status of each node all equates, but in the real network environment, always there are some nodes important, in the present invention, we distinguish important and non-important node by the alarm ability of considering node, because if the alarm of node often and accurately, illustrate that the network activity that it carries out usually is more, and be the node of relative " honesty ", the user often is ready to accept the vaccine bag from trustworthy node, so promote they the trust table in seniority among brothers and sisters, the possibility that allows them receive server vaccine bag at the beginning becomes big, safeguard the fail safe that they are own, and the user also only accepts to trust mark and is higher than the vaccine bag that node that this machine is provided with secure threshold is sent, so just guaranteed the security reliability of vaccine bag, the node that sends vaccine on the other hand will send connection request earlier before being connected setting up the transmission of vaccine bag with other node, reciever wants to accept the vaccine bag by judging at the trust mark of faith mechanism table inquiry transmit leg, can not set up transmission relation with the sending node that is lower than requirement, this has also saved the flow in the network to a certain extent.
In technical scheme of the present invention, the nodename in the trust table is meant the hash value of username, and this nodename immobilizes; Server node carries out Dynamic Maintenance according to following rule to the trust mark of each lower floor's link point of being managed:
● the best result of trusting mark is 100 minutes, reaches 100 and no longer continues to rise; Minimumly be divided into 0 fen, reduce to and no longer continued downward modulation in 0 minute;
● server whenever receives warning information one time, then recomputates and revise the trust mark of the lower floor's link point that sends this warning message according to following formula:
A’=A+(N
total-S
ere*N
ere-S
evl*N
evl)*(T
new-T
latest)-(T
new-T
latest)*α
Wherein, A " be the preceding trust mark of this node alarm; The trust mark that A ' is recomputated and revises for this node alarm back; N
TotalBe this node successful alarm total degree; N
EreBe this node error alarm total degree; N
EvlBe malice alarm total degree; S
EreBe the penalty factor of predefined error alarm, span be (1,10]; S
EvlBe the penalty factor of predefined malice alarm, span be (1,10]; T
NewJust responding the time point of alarm at serviced device for present node; T
LatestSuccessfully accept the time point alarmed for the last serviced device of present node; α is predefined adjusting parameter, is a constant.
For initiate lower floor link point, give the initial value of an acquiescence by server, this initial value should be greater than 0 but is lower than average mark 50, because in network, be lower than 50 for not by trusted node, be higher than 50 for than trusted node, but with 50 minutes difference should be too not big, in order to avoid waste new node resource, promptly a very long time is all distrusted new node.
Why will be at this with the interval of alarm time as taking advantage of the factor, be because frequency explanation node is bigger in the current infringement that is subjected to, if its alarm all is correct basically, illustrated that also this is the node of a honesty, its existence finds in time that to the helping service device problem in the network is producing positive role, should receive awards, promote its trust mark.But the node of considering sends same report repeatedly for the mark of defrauding of confidence, though alarm is correct really, has run counter to node and has trusted the original intention that mark is provided with, here by deducting (T
New-T
Latest) * α, slow down the too frequent mark that sends the report node and add up, so that system is more reasonable.In addition-(T
New-T
Latest) * α indicating that also if node does not for a long time send report, trust mark gradually will run off.
Nodename is the hash value of username in the trust table, when node will be inquired about the trust value of other node, the transmit leg nodename need be carried out hash in this locality, carries out matching inquiry then from the trust table; Why hash will be carried out in the address of node, be in order to prevent that malicious node from directly retrieving the relevant information of all nodes from the trust table.
From trust table, select lower level node described in the step 3 of technical solution of the present invention according to preset rule, be meant: from according to first node of trusting the lower level node that mark sequences from big to small successively, calculate each lower level node A* (100-a) %+F (0, a) numerical value, and whether judge this value greater than predefined class secure threshold, and in this way, then selected this node, accumulator value adds 1 simultaneously, continues to calculate next node then; As not, then continue to calculate next node; So circulation stops during for N*a% up to accumulator value;
Wherein, N is the node sum in lower floor's ring; A is the trust mark of trusting this node in the table at present; A is predefined greater than 0 and less than 100 constant; F (0, a) get random number between being illustrated in 0 to a.
Here, a% is actually the ratio of predefined server to institute's area under one's jurisdiction lower level node initialization vaccine, this value is established senior general De Tai increases the server burden, too for a short time, make that then the diffusion of vaccine in whole lower floor ring is rapid inadequately, the reduction system is ageing, therefore need choose according to actual conditions; F (0, be between 0 to a, to get random number a), guarantee the interests of some medium nodes and newly added node, promptly be not that each high node of trust value of all only giving sends vaccine, initiate node also is first to obtain vaccine.
Description of drawings
Fig. 1 is the basic structure schematic diagram of Chord ring;
Fig. 2 is the structural representation of double-layer Chord ring network of the present invention;
Fig. 3 is the flow chart of the specific embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing technical scheme of the present invention is elaborated:
As shown in Figure 3, the present invention carries out the vaccine granting according to following each step:
Step 1) makes up double-deck Chord loop network; Described double-layer Chord ring network comprises two kinds of different node cycles: server ring and lower level node ring, wherein each node in the server ring a corresponding lower level node ring as server admin, and is connected entirely with all lower level nodes in this lower level node ring; All adopt the Chord agreement to communicate between the server node in the server ring and between the lower level node in each lower level node ring;
The basic structure of Chord ring as shown in Figure 1, the structure of the double-deck Chord loop network that the present invention is constructed is as shown in Figure 2;
For ease of understanding, a certain server node SaSa in the double-layer Chord ring network of supposing to make up has above generated or has obtained a new vaccine XX0, need be distributed to away it Alice, Bob, WoW and Cat are the several nodes in the SaSa administration node cycle; Wherein Bob that has in the finger of the Alice table and the routing iinformation of Cat, WoW has the routing iinformation of Cat and Bob, and Bob has the routing iinformation of WoW and Cat, and Cat has the routing iinformation of Alice and WoW.
Step 2) SaSa generates vaccine bag XX1 with vaccine or vaccine bag XX0, trust table and the digital signature of self that obtains, and described vaccine and the digital signature of self are bundled into vaccine bag XX2; Wherein, described trust table is by the server node Dynamic Maintenance, and comprises all nodenames and the pairing trust mark of each node in the lower level node ring that this server administers;
The trust table that in this embodiment, sets as shown in Figure 4, the nodename in the trust table is meant the hash value of username, this nodename immobilizes; Server node carries out Dynamic Maintenance according to following rule to the trust mark of each lower floor's link point of being managed:
● the best result of trusting mark is 100 minutes, reaches 100 and no longer continues to rise; Minimumly be divided into 0 fen, reduce to and no longer continued downward modulation in 0 minute;
● server whenever receives warning information one time, then recomputates and revise the trust mark of the lower floor's link point that sends this warning message according to following formula:
A’=A”+(N
total-S
ere*N
ere-S
evl*N
evl)*(T
new-T
latest)-(T
new-T
latest)*α
Wherein, A " be the preceding trust mark of this node alarm; The trust mark that A ' is recomputated and revises for this node alarm back; N
TotalBe this node successful alarm total degree; N
EreBe this node error alarm total degree; N
EvlBe malice alarm total degree; S
EreBe the penalty factor of predefined error alarm, span be (1,10]; S
EvlBe the penalty factor of predefined malice alarm, span be (1,10]; T
NewJust responding the time point of alarm at serviced device for present node; T
LatestSuccessfully accept the time point alarmed for the last serviced device of present node; α is predefined adjusting parameter, is a constant.
In this embodiment, the initial value that initiate lower level node is endowed is 40, S
EreValue is 1.5, and the Sevl value is 4, and the α value is 0.3.
Step 3) SaSa obtains the routing iinformation of associated server node by the finger table of inquiry self, the associated server node routing iinformation that finds is carried out hash with the hash value of transmission vaccine port numbers and vaccine file obtain a key value, and whether this key value of inquiry exists in current finger table, as not existing, then send vaccine bag XX2 to this server node, if exist, then turn to the next clauses and subclauses in the finger table, from the trust table, select lower level node to carry out the transmission of vaccine bag XX1 simultaneously according to predefined following rule:
From according to first node of trusting the lower level node that mark sequences from big to small successively, calculate each lower level node A* (100-a) %+F (0, a) numerical value, and judge that whether this value is greater than predefined class secure threshold, in this way, then selected this node, accumulator value adds 1 simultaneously, continues to calculate next node then; As not, then continue to calculate next node; So circulation stops during for N*a% up to accumulator value;
Wherein, N is the node sum in lower floor's ring; A is the trust mark of trusting this node in the table at present; A is predefined greater than 0 and less than 100 constant; F (0, a) get random number between being illustrated in 0 to a.
Selected Alice and Cat at this SaSa by above-mentioned rule, and it has been sent the vaccine bag.
Step 4) receives the reliability of the associated server node of vaccine bag by the digital signature authentication vaccine in the vaccine bag, if reliability is guaranteed, then use the vaccine file to reinforce or the redemption system, simultaneously with self routing iinformation and the transmission port numbers of vaccine and the hash value of vaccine file carry out obtaining a value behind the hash, and the relevant information that will be worth is stored in the finger table of associated server node, in local log file, carry out simultaneously corresponding change, illustrate and oneself played certain vaccine, the execution in step that circulates then 2-step 4, each server node has all traveled through the clauses and subclauses in the own finger table in the server ring;
The lower level node that receives vaccine is by the reliability of the digital signature authentication vaccine that carries in the vaccine file, if reliability is guaranteed, then use the vaccine file to reinforce or the redemption system, routing iinformation with self carries out obtaining a value behind the hash with the port numbers of transmission vaccine and the hash value of vaccine file simultaneously, and the relevant information that will be worth is stored in the finger table of interdependent node and goes, use the trust table in the vaccine bag to upgrade the local node trust mark of storing, simultaneously in local log file, carry out corresponding change, illustrate and oneself played this vaccine;
At this, after Alice and Cat checking vaccine are reliable, used vaccine, routing iinformation with self carries out obtaining a value behind the hash with the port numbers of transmission vaccine and the hash value of vaccine file simultaneously, and the relevant information that will be worth is stored in the finger table of interdependent node and goes, use the trust table in the vaccine bag to upgrade the local node trust mark of storing, in local log file, carry out corresponding change simultaneously, illustrate and oneself played this vaccine.
Step 5) was beaten the interdependent node routing iinformation of storing in the current finger table of lower floor's link point inquiry of vaccine, the relevant lower level node routing iinformation that finds is carried out hash with the hash value of transmission vaccine port numbers and vaccine file obtain a key value, and whether this key value of inquiry exists in current finger table, if exist, then explanation should have been played vaccine by relevant lower level node, and turned to the next clauses and subclauses in self finger table; If do not exist, then send vaccine transmission request to this relevant lower level node;
At this, Alice inquiry self finger shows, and has found the relevant routing iinformation of Bob and Cat, inquire Bob and do not play vaccine, and Cat has carried out related immune, so only Bob is sent vaccine transmission request; Cat inquiry self finger shows, and has found the relevant routing iinformation of Alice and WoW, inquire WoW and do not play vaccine, and Alice has carried out related immune, so only WoW is sent vaccine transmission request.
Step 6) receives the relevant lower level node of vaccine transmission request and inquire about the trust mark that sends vaccine transmission requesting node in the trust table, and the trust threshold that will trust mark and predefined node compares, as greater than this trust threshold, then receive vaccine and go to step 4; As less than this trust threshold, then reject vaccine;
At this, when Bob receives the vaccine transmission request of Alice, the user name of Alice is carried out hash, the trust mark of inquiry Alice in trusting table, the current trust table of SaSa sees the following form 2, and the trust mark of Alice is higher than the trust threshold that Bob is provided with, so Bob agrees to accept the vaccine bag, begin to carry out from step 4 after receiving the vaccine bag, promptly confirm by the digital signature in the vaccine bag whether vaccine is reliable earlier, after confirming reliably, use the vaccine file to reinforce or the redemption system, simultaneously the routing iinformation of self and the port numbers of transmission vaccine and the hash value of vaccine file are carried out obtaining a value behind the hash, and the relevant information that will the be worth finger that is stored in interdependent node goes in showing, simultaneously in local log file, carry out corresponding change, illustrate and oneself played this vaccine; Whether played this vaccine and sent vaccine transmission request according to the described inquiry interdependent node of step 5 then to the interdependent node of not playing vaccine.
Table 2
The vaccine that WoW receives Cat sends request, and the user name of Cat is carried out hash, and the trust mark of inquiry Cat in trusting table finds that the trust mark of Cat is lower than the trust threshold that WoW is provided with, and refusal is accepted the vaccine bag.
In the present embodiment, the every triggering of server node X-(trusts mark/d) inferior heartbeat, relevant parameter in the return node daily record and default parameters is compared, be not inconsistent as the two, not immunity fully of node is described, then server just sends up-to-date vaccine bag to this node; X, d are that predefined constant X and d are the integer greater than 1, and X>(100/d);
At this, the inquiry Alice of server S aSa elder generation finds that Alice had played vaccine; Inquiry Bob after a period of time finds that Bob played vaccine again; Inquiry Cat after a period of time finds that Cat also played vaccine; Inquire again and ask WoW,, then send vaccine bag XX2 to WoW if this moment, WoW did not stamp vaccine (in fact WoW may accept the vaccine bag from Bob).
In the embodiment of the present invention, other server nodes are when completing steps 4 goes to step 2 in the server ring, and first server node generates vaccine bag XX3, XX4, and second server node generates vaccine bag XX5, XX6 ..., and the like; Vaccine distribution process in lower floor's ring that each server node is administered is same as described above, repeats no more herein.
Claims (5)
1. the vaccine distributing method based on double-layer Chord ring network is characterized in that, may further comprise the steps:
Step 1) makes up double-deck Chord loop network; Described double-layer Chord ring network comprises two kinds of different node cycles: server ring and lower level node ring, wherein each node in the server ring a corresponding lower level node ring as server admin, and is connected entirely with all lower level nodes in this lower level node ring; All adopt the Chord agreement to communicate between the server node in the server ring and between the lower level node in each lower level node ring;
Step 2) server node generates vaccine bag XX (j+1) with vaccine or vaccine bag XX (j), trust table and the digital signature of self that obtains, and described vaccine and the digital signature of self are bundled into vaccine bag XX (j+2); Wherein, described trust table is by the server node Dynamic Maintenance, and comprises all nodenames and the pairing trust mark of each node in the lower level node ring that this server administers; Wherein j is the sequence number of vaccine bag;
The step 3) server node obtains the routing iinformation of associated server node by the finger table of inquiry self, the associated server node routing iinformation that finds is carried out hash with the hash value of transmission vaccine port numbers and vaccine file obtain a key value, and whether this key value of inquiry exists in current finger table, as not existing, then send vaccine bag XX (j+2) to this server node, if exist, then turn to the next clauses and subclauses in the finger table, from the trust table, select lower level node to carry out the transmission of vaccine bag XX (j+1) simultaneously according to preset rule;
Step 4) receives the reliability of the associated server node of vaccine bag by the digital signature authentication vaccine in the vaccine bag, if reliability is guaranteed, then use the vaccine file to reinforce or the redemption system, simultaneously with self routing iinformation and the transmission port numbers of vaccine and the hash value of vaccine file carry out obtaining a value behind the hash, and the relevant information that will be worth is stored in the finger table of associated server node, in local log file, carry out simultaneously corresponding change, illustrate and oneself played certain vaccine, the execution in step that circulates then 2-step 4, each server node has all traveled through the clauses and subclauses in the own finger table in the server ring;
The lower level node that receives vaccine is by the reliability of the digital signature authentication vaccine that carries in the vaccine file, if reliability is guaranteed, then use the vaccine file to reinforce or the redemption system, routing iinformation with self carries out obtaining a value behind the hash with the port numbers of transmission vaccine and the hash value of vaccine file simultaneously, and the relevant information that will be worth is stored in the finger table of interdependent node and goes, use the trust table in the vaccine bag to upgrade the local node trust mark of storing, simultaneously in local log file, carry out corresponding change, illustrate and oneself played this vaccine;
Step 5) was beaten the interdependent node routing iinformation of storing in the current finger table of lower floor's link point inquiry of vaccine, the relevant lower level node routing iinformation that finds is carried out hash with the hash value of transmission vaccine port numbers and vaccine file obtain a key value, and whether this key value of inquiry exists in current finger table, if exist, then explanation should have been played vaccine by relevant lower level node, and turned to the next clauses and subclauses in self finger table; If do not exist, then send vaccine transmission request to this relevant lower level node;
Step 6) receives the relevant lower level node of vaccine transmission request and inquire about the trust mark that sends vaccine transmission requesting node in the trust table, and the trust threshold that will trust mark and predefined node compares, as greater than this trust threshold, then receive vaccine and go to step 4; As less than this trust threshold, then reject vaccine.
2. according to claim 1 based on the vaccine distributing method of double-layer Chord ring network, it is characterized in that the nodename in the described trust table is meant the hash value of username, this nodename immobilizes; Server node carries out Dynamic Maintenance according to following rule to the trust mark of each lower floor's link point of being managed:
● the best result of trusting mark is 100 minutes, reaches 100 and no longer continues to rise; Minimumly be divided into 0 fen, reduce to and no longer continued downward modulation in 0 minute;
● server whenever receives warning information one time, then recomputates and revise the trust mark of the lower floor's link point that sends this warning message according to following formula:
A’=A”+(N
total-S
ere*N
ere-S
evl*N
evl)*(T
new-T
latest)-(T
new-T
latest)*α
Wherein, A " be the preceding trust mark of this node alarm; The trust mark that A ' is recomputated and revises for this node alarm back; N
TotalBe this node successful alarm total degree; N
EreBe this node error alarm total degree; N
EvlBe malice alarm total degree; S
EreBe the penalty factor of predefined error alarm, span be (1,10]; S
EvlBe the penalty factor of predefined malice alarm, span be (1,10]; T
NewJust responding the time point of alarm at serviced device for present node; T
LatestSuccessfully accept the time point alarmed for the last serviced device of present node; α is predefined adjusting parameter, is a constant.
3. according to claim 1 based on the vaccine distributing method of double-layer Chord ring network, it is characterized in that, from trust table, select lower level node described in the step 3, be meant according to preset rule:
From according to first node of trusting the lower level node that mark sequences from big to small successively, calculate each lower level node A* (100-a) %+F (0, a) numerical value, and judge that whether this value is greater than predefined class secure threshold, in this way, then selected this node, accumulator value adds 1 simultaneously, continues to calculate next node then; As not, then continue to calculate next node; So circulation stops during for N*a% up to accumulator value;
Wherein, N is the node sum in lower floor's ring; A is the trust mark of trusting this node in the table at present; A is predefined greater than 0 and less than 100 constant; F (0, a) get random number between being illustrated in 0 to a.
4. according to claim 1 based on the vaccine distributing method of double-layer Chord ring network, it is characterized in that: whether lower floor's link point that server node is administered according to the certain time interval inquiry had played vaccine, as find that this node do not vaccinate, then send the vaccine bag to this node.
As described in the claim 4 based on the vaccine distributing method of double-layer Chord ring network, it is characterized in that whether lower floor's link point that described server node is administered according to the certain time interval inquiry had played vaccine is meant:
(trust mark/d) inferior heartbeat, relevant parameter in the return node daily record and default parameters are compared, be not inconsistent as the two, not immunity fully of node is described, then server just sends up-to-date vaccine bag to this node to the every triggering of server node X-; X, d are predefined constants, and X and d are the integer greater than 1, and X>(100/d).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102074533A CN101883101B (en) | 2010-06-23 | 2010-06-23 | Vaccine distributing method based on double-layer Chord ring network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102074533A CN101883101B (en) | 2010-06-23 | 2010-06-23 | Vaccine distributing method based on double-layer Chord ring network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101883101A true CN101883101A (en) | 2010-11-10 |
| CN101883101B CN101883101B (en) | 2012-11-28 |
Family
ID=43054989
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102074533A Expired - Fee Related CN101883101B (en) | 2010-06-23 | 2010-06-23 | Vaccine distributing method based on double-layer Chord ring network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101883101B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105357247A (en) * | 2015-09-22 | 2016-02-24 | 上海理工大学 | Multi-dimensional cloud resource interval finding method based on hierarchical cloud peer-to-peer network |
| CN107222482A (en) * | 2017-06-01 | 2017-09-29 | 黑龙江卓亚科技有限公司 | A kind of data management system and method based on compound block chain network |
| CN110138540A (en) * | 2018-02-08 | 2019-08-16 | 触信(厦门)智能科技有限公司 | A kind of data block encryption method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070006314A1 (en) * | 2004-07-21 | 2007-01-04 | Microsoft Corporation | Self-certifying alert |
| CN101169747A (en) * | 2007-11-06 | 2008-04-30 | 华中科技大学 | Computer virus vaccine broadcasting method in distributed environment |
| CN101719842A (en) * | 2009-11-20 | 2010-06-02 | 中国科学院软件研究所 | Cloud computing environment-based distributed network security pre-warning method |
-
2010
- 2010-06-23 CN CN2010102074533A patent/CN101883101B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070006314A1 (en) * | 2004-07-21 | 2007-01-04 | Microsoft Corporation | Self-certifying alert |
| CN101169747A (en) * | 2007-11-06 | 2008-04-30 | 华中科技大学 | Computer virus vaccine broadcasting method in distributed environment |
| CN101719842A (en) * | 2009-11-20 | 2010-06-02 | 中国科学院软件研究所 | Cloud computing environment-based distributed network security pre-warning method |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105357247A (en) * | 2015-09-22 | 2016-02-24 | 上海理工大学 | Multi-dimensional cloud resource interval finding method based on hierarchical cloud peer-to-peer network |
| CN105357247B (en) * | 2015-09-22 | 2018-08-28 | 上海理工大学 | Multidimensional property cloud resource range lookup method based on layering cloud peer-to-peer network |
| CN107222482A (en) * | 2017-06-01 | 2017-09-29 | 黑龙江卓亚科技有限公司 | A kind of data management system and method based on compound block chain network |
| CN110138540A (en) * | 2018-02-08 | 2019-08-16 | 触信(厦门)智能科技有限公司 | A kind of data block encryption method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101883101B (en) | 2012-11-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110024352B (en) | Decentralized data storage and processing for IOT devices | |
| CN110945853B (en) | Method for generating and managing multimode identification network based on alliance chain voting consensus algorithm | |
| CN110741400A (en) | Block chain network interaction controller | |
| US11425133B2 (en) | System and method for network device security and trust score determinations | |
| CN101714976B (en) | Method for resisting malicious behaviors of nodes in P2P network | |
| CN109919771B (en) | Industrial internet transaction device applying hierarchical block chain technology | |
| CN101193103B (en) | A method and system for allocating and validating identity identifier | |
| CN105247529A (en) | Synchronizing credential hashes between directory services | |
| Revanesh et al. | A trusted distributed routing scheme for wireless sensor networks using blockchain and meta‐heuristics‐based deep learning technique | |
| CN112804358B (en) | Method and device for transferring data in cross-link mode based on relay equipment network | |
| KR20200081533A (en) | Blockchain Consensus Method based Improved Dynamic Blind Voting for Internet of Things Environment | |
| Li et al. | Social-P2P: Social network-based P2P file sharing system | |
| CN101883101B (en) | Vaccine distributing method based on double-layer Chord ring network | |
| Vu et al. | An efficient peer-to-peer bitcoin protocol with probabilistic flooding | |
| Laube et al. | A solution to the split & merge problem for blockchain-based applications in ad hoc networks | |
| Avoussoukpo et al. | Securing and facilitating communication within opportunistic networks: a holistic survey | |
| CN116996521B (en) | Relay committee cross-chain interaction system and method based on trust evaluation model | |
| Choudhary et al. | A quality of service‐aware high‐security architecture design for software‐defined network powered vehicular ad‐hoc network s using machine learning‐based blockchain routing | |
| Diallo et al. | Toward scalable blockchain for data management in VANETs | |
| CN116595094A (en) | Federal learning incentive method, device, equipment and storage medium based on block chain | |
| Bai et al. | Blockchain-based Authentication and Proof-of-Reputation Mechanism for Trust Data Sharing in Internet of Vehicles. | |
| Wang et al. | Improving cooperation in peer-to-peer systems using social networks | |
| CN116260826A (en) | Bayesian-busy fault tolerance consensus method and system in supply chain tracing | |
| CN116112506A (en) | Transaction information processing method, device, medium and equipment based on alliance chain system | |
| Wang et al. | A blockchain-empowered framework for decentralized trust management in Internet of Battlefield Things |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121128 Termination date: 20150623 |
|
| EXPY | Termination of patent right or utility model |