CN103812864A - Sybil attack detection method in online social network - Google Patents
Sybil attack detection method in online social network Download PDFInfo
- Publication number
- CN103812864A CN103812864A CN201410037921.5A CN201410037921A CN103812864A CN 103812864 A CN103812864 A CN 103812864A CN 201410037921 A CN201410037921 A CN 201410037921A CN 103812864 A CN103812864 A CN 103812864A
- Authority
- CN
- China
- Prior art keywords
- node
- path
- sybil
- checking
- sign
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a Sybil attack detection method in an online social network, and aims to provide a Sybil attack detection method in the online social network. The technical scheme is that the method comprises the steps of selecting some node as a verification node, carrying out path announcement by taking a member relationship as the basis, and building the relationship path to reach the verification node; removing a redundant path and a share path in the process of announcement by adopting a similar path choice method based on a path k; gathering all feasible paths to the verification node for carrying out the dependability check after the announcement ended, so as to prevent privately building or tampering the path; and finally, taking the quantity of trusted paths of each node as a verification standard, and verifying whether other nodes are Sybil nodes through the verification node. According to the Sybil attack detection method, the quantity of trusted paths of each node is used for judging whether the node is the Sybil node, thus truly restoring and utilizing the difference of node relationship. The Sybil attack detection method is high in accuracy, low in false alarm rate, and free from depending on the support of a critical infrastructure or other auxiliary equipments, and has advantages of light weight and easy deployment.
Description
Technical field
The present invention relates to the detection method that Sybil in online community network attacks, be applicable to the detection of network waterborne troops, electronic voting and vote, the multiple application such as online community network recommendation.
Background technology
Sybil attacks and refers to that in network, malicious user passes through repeatedly registration acquisition multiple identities, and utilizes these identity in web transactions, to occupy mastery status, thereby affects network normal function, destroys network order.
Sybil attacks and is extensively present in the network application and network system of various use recommendations or shared mechanism.In typical as online ballot system, by repeatedly registering repeated vote, upset Justice Order, handle gained vote result; In e-commerce website, utilize multiple identities to manufacture wash sale and false evaluation, the judgement that misguides the consumer, causes bad competition; In online social network sites, use multiple accounts to carry out message forwarding and comment, manufacture " hot issue ", carry out rumour propagation.
Along with the rise of online community network, individual, gradually in network saliency, plays the part of more and more important role.By building private page, participation network activity, everyone becomes the part in network.People not only exchange mutually by network, also actively share, and this is mainly manifested in resource and two aspects of knowledge.No matter be resource-sharing or knowledge sharing, in fact all used recommendation mechanisms, each user can the knowledge background based on oneself recommend, network application or network system are integrated all users' recommendation, utilize swarm intelligence to draw the general conclusion of final appraisal results, and provide support for other users' decision-making.Very important principle of recommendation mechanisms is the equity of user identity, between user, is fair, and the weight that user recommends is consistent, and the final effective aspect of guarantee reveals most of users' wish like this, and recommendation mechanisms is played a role.Due to the existence of Sybil attack, although still show fairness between user, but because assailant has grasped multiple identities, if be same user by these identity fusion, the shared weight of this user is much larger than the weight of normal users so, and is proportional to the quantity of the Sybil identity that this user grasps.Sybil attacks the fairness of having broken user identity, makes assailant in recommendation process, occupy more advantages and even can manipulate final result directly.
Sybil attacks and is extensively present in multiple network application, has not only destroyed network application original function, misleads user and causes the distrust of user to network, also may bring multiple malice serious consequence.For example attack at video, picture website use Sybil illegal contents such as promoting violence, pornographic; Upload the file of the viral trojan horse program of subsidiary malice, and attack deception people by Sybil and download; On the online social application such as microblogging, micro-letter, utilize Sybil to attack and carry out rumour propagation, not only can damage other people reputation, even can cause social fear.
Solving Sybil, to attack effective means be to control user's registration, for example, require to use system of real name mode to register.User account is associated one by one with user real identification like this, has strengthened the difficulty of Sybil account registration, makes sole user cannot continue to handle unlimited many Sybil accounts, thereby weakens or eliminate Sybil and attack.But because this mode requires user to use on network and stores oneself real name information, may cause on the one hand privacy of user and leak, may make on the other hand user produce misgivings, thereby cause customer loss, therefore be difficult to dispose in practice and apply.
Attack owing to eliminating Sybil from root, currently mainly start with from attack detecting, find that the Sybil having broken out attacks and potential Sybil threat.Due to the difference of attack form and method for organizing, such as intrusion detection of traditional detection method etc. are difficult to effectively detect Sybil and attack.The object of Sybil attack detecting is to find Sybil node cluster, the otherness of social relationships between Main Basis member.Attack because Sybil node is mainly used to start Sybil, and be rarely used in daily alternately, therefore cause and the disappearance of normal node relation, on graph of a relation, show closely locally, contact loose minimal cut feature with the external world.This characteristic Y u proposes the earliest in the SybilGuard of SIGCOMM06, and is adopted as the basic assumption of Sybil attack detecting.SybilGuard uses the mode of random route to select the path that arrives verifier's node, and using final reachable path number as each node criterion.SybilLimit improves SybilGuard, but the two all exists False Rate and the high problem of misdetection rate.The GateKeeper of Tran utilizes social relationships between node, to carry out bill distribution, the bill quantity obtaining using final each node is as criterion, improve the accuracy rate detecting, but for the bill total amount of determining that the starting stage is issued, need repeatedly iteration operation distribution operation of detection system, strengthened system operation time and resource consumption.And this several method, for path or bill are verified, all needs the support of additional key infrastructure.
Attack detecting result how to utilize lightweight deployment way to obtain high accuracy is the technical problem that those skilled in the art very pay close attention to.
Summary of the invention
The technical problem to be solved in the present invention is to provide one Sybil attack detection method in community network.
Technical scheme is: choose a certain node for checking node, take member relation as according to carrying out path notice and propagation, build the relation path that arrives checking node; In communication process, adopt based on the similar routing resource eliminate redundancy path of path k and shared path; Whether the final quantity using each node trusted path, as validation criteria, is that Sybil node is verified by checking node to other node.
Use N to represent nodes number, for path P
1=<u
1, u
2, u
3... u
m>, (1≤m≤N) and path P
2=<v
1, v
2, v
3... v
n>, (1≤n≤N), defined node phase Sihe path is similar as follows, and m is path P
1length, n is path P
2length.
Define 1. node r similar: for 1≤r≤min (m, n) (min (m, n) represents to get m, less number in n), if P
1r node u
rand P
2r node v
rsame node, so P
1and P
2that node r is similar.
Define 2. path k similar: establish 1≤k≤min (m, n), if to any 1≤j≤k, P
1and P
2all that node j is similar, P so
1and P
2that k is similar.If meet P
1and P
2be that k is similar, k maximum occurrences is K, (1≤K≤min (m, n)), P so
1and P
2be (K+1) difference, coefficient of variation is (K+1).
From definition 1 and definition 2, similar if two paths are k, the sequence node before k node of this two paths is all the same so; If two paths are K difference, so this two paths before (K-1) individual sequence node all the same, and if path be all greater than K, their K node is different nodes so.
The concrete technical scheme of the present invention comprises the following steps:
The first step, chooses a certain node for checking node, is labeled as v, and arbitrary node can be served as checking node, and all nodes except checking node are all node to be verified, and each node carries out initialization operation, and method is:
The enciphering and deciphering algorithm of 1.1 all node definitions oneself, algorithm is without external disclosure, can use DES(Data Encryption Standard), AES(Advanced Encryption Standard), the classic algorithm such as MD5, RSA, also can use custom algorithm.
1.2 checking nodes create relation table, and define character string T arbitrarily
0as checking character string; Institute's node still to be tested creates relation table and routing table.Wherein relation table storage with other nodes of oneself setting up trusted relationships, in table, each is all a node identification; Routing table is used for storing the reachable path that arrives checking node, and in table, each is two tuples, is expressed as <P
i, Sign (P
i) >, (1≤i≤M), wherein M is total path number in network, P
irepresent i paths, Sign (P
i) expression P
imark.Each paths is all an orderly sequence node, and each mark is a character string after encryption.Relation table is by each node according to historical experience oneself definition, and routing table is initially sky.
Second step, by checking node, v carries out reachable path notice to other node, and method is:
2.1v sends advertised information M
0give all members in the relation table of v.Advertised information M
0content comprise path, mark, acceptable maximum difference COEFFICIENT K and acceptable MAXPATHLEN L.Because v verifies node exactly, therefore path is { v}; With the cryptographic algorithm of v to T
0encrypt as the path { mark of v}; Acceptable maximum difference COEFFICIENT K and acceptable longest path length L are all definite by checking node oneself, and the reference value that experiment provides is K=1, L=7.
2.2 have received advertised information M
0node u
jfirst to M
0the validity in middle path checks.If M
0middle path is P, is designated Sign (P), if met the following conditions, judges that P is with respect to u
jeffective:
(1) length of P is less than acceptable longest path length L;
(2) P and u
jrouting table in the coefficient of variation in arbitrary path be less than K, although or u
jrouting table in exist with P coefficient of variation and be more than or equal to the path of K, but P is shorter.If P is with respect to u
jeffectively, execution step 2.3, otherwise turn 2.5.
2.3u
jp is added in the routing table of oneself, and delete other path that is greater than K and grows than P with the coefficient of variation of P in routing table.
2.4u
jconstruct new path and mark.U
jby the afterbody that oneself adds P to form new path P ', if P={u
1, u
2... u
l, (1≤l), P ' so={ u
1, u
2... u
l, u
j, and use u
jthe cryptographic algorithm Crypt of oneself
uj() encrypted and formed new ID of trace route path Sign (P ')=Crypt Sign (P)
uj(Sign (P)).
2.5u
jsend new advertised information.Use former advertised information M
0the value of middle K and L, with new path P ' form new advertised information M together with mark Sign (P ')
1and send to u
jmember in relation list, and send notice prompting to v, go to step 2.6.Noticing the content of reminding is u
jnode identification u
j, be only used for notifying v to notice and still carrying out.
If 2.6 u
jreceive new advertised information M
1, by M
0content update be M
1, go to step 2.2, otherwise go to step 2.7.
2.7 checking node v are according to network size definition reminder time interval, and initialization is reminded timer and starts timing.Be set reminder time interval τ=10*logN second, remind if received to notice within the τ time, the timer of resetting is so zero and goes to step 2.2; If timer exceeds reminder time interval and do not receive any notice and remind, notice and finish so, carry out the 3rd step.
The 3rd step, node still to be tested send the checking that comprises reachable path and ask to checking node v, make all reachable paths gather checking node v place, then by verifying that node v checks that whether all reachable paths credible.Method is:
3.1 node still to be tested adopt new path and the mark of method construct of step 2.4, and new path and mark are sent to checking node v.
3.2 receive from after the checking request of node still to be tested, checking node v sorts according to length to all paths, and carry out successively the credible checking in path, and object is to prevent that some node from privately fabricating non-existent path or distorting path, verification method is:
3.2.1 verify that node v sorts all paths that receive according to length, add in table unverified_table to be verified.The data structure of unverified_table is identical with routing table, and each is all made up of path and mark, and difference is that unverified_table sorts according to path.
3.2.2 from unverified_table, take out shortest path P
sand corresponding mark Sign (P
s), by the known P of notice procedures
slength be necessarily more than or equal to 2, establish P
s={ u
1, u
2... u
t, (2≤t≤N).First verify P
swhether credible, method is:
If 3.2.2.1 u
1for checking node v, turn 3.2.2.2, otherwise turn 3.2.2.8;
If 3.2.2.2 P
slength equal 2, turn 3.2.2.3; Otherwise turn 3.2.2.4;
If 3.2.2.3 u
2be present in the relation table of v, by u
2utilize the decipherment algorithm of oneself
() is to Sign (P
s) deciphering, and make result
Wherein
() is u
2decipherment algorithm.If result Res is (P
s) equal init string T
0, be proved to be successful, turn 3.2.2.7; Otherwise authentication failed turns 3.2.2.8; If u
tbe not present in the relation table of v, illustrate that someone palms off path, authentication failed, turns 3.2.2.8;
3.2.2.4 check P
s-1={ u
1, u
2..., u
t-1whether be present in verified_table, if there is no, authentication failed turns 3.2.2.8; Otherwise enter step 3.2.2.5;
3.2.2.5 by P
s-1and Sign (P
s) send to P
sleast significant end node u
t;
3.2.2.6u
tfirst check P
s-1={ u
1, u
2... u
t-1whether at u
trouting table in, then use u
tdecipherment algorithm
to Sign (P
s) be decrypted, method is
And by result and P
s-1mark Sign (P
s-1) contrast, if Res is (P
s)=Sign (P
s-1) illustrate that this path was not tampered, return to positive feedback message to v, turn 3.2.2.7; Otherwise illustrate that path is tampered, provide negative feedback, turn 3.2.2.8.
3.2.2.7 be proved to be successful, turn 3.3;
3.2.2.8 authentication failed, turns 3.4.
3.3 by P
smove to verified_table from unverified_table, turn 3.5.
3.4 by P
sfrom unverified_table, delete, turn 3.5.
If 3.5 unverified_table non-NULLs, go to step 3.2.2, otherwise turn the 4th step.
The 4th step, judges according to the trusted path quantity of each node whether this node is Sybil node by checking node.
The node of all submission checking requests is added set unverified_set to be verified by 4.1 checking node v, and initialization Sybil node set sybil_set is empty set, and sets decision threshold α.The value of α is variable, can freely adjust according to demand, and lower value can be accepted more normal node, but also may make Sybil node be accepted simultaneously, thereby increases loss; Higher value can be refused more Sybil node, but also may make normal node be rejected simultaneously, thereby false drop rate is increased.The best practices value that we simulate α by test of many times is α=15* (logN)
2.
4.2 take out a node from unverified_set, be made as u, the routing table of supposing its submission is path_table (u), calculates trusted path collection trusted_table (u)=path_table (u) ∩ verified_table.If element number is greater than α in trusted_table (u), turns 4.3, otherwise turn 4.4.
4.3 to be proved to be successful be that u is not Sybil node, and u is deleted from unverified_set, turns 4.5.
4.4 authentication faileds are that u is Sybil node, and u is deleted and added sybil_set from unverified_set, turn 4.5.
If 4.5 unverified_set non-NULLs, turn 4.2, otherwise turn 4.6.
4.6 finish, and the node in set sybil_set is all Sybil node.
Adopt the present invention can reach following beneficial effect:
For Sybil user, owing to being subject to the impact of time, energy etc., cannot use all accounts to carry out daily interacting activity, conventionally only can use wherein some or a few, caused the scarcity of other account relation.Meanwhile, owing to using these accounts to carry out Sybil attack simultaneously, between these accounts, formed associated closely.On the present graph of a relation of these mark sheets, just present internal connection tight, with the loose structure of external relation, this causes Sybil node to arrive reachable path disappearance of other normal node.The present invention is as detecting foundation.
In the first step, each node definition the enciphering and deciphering algorithm of oneself, these algorithms are used for the mark of build path, according to mark, credibility carried out in all paths and verify in the 3rd step, thereby guarantee authenticity and the correctness in path, prevent that node from forging, distorting path privately.
In second step, the propagation to reachable path between the declaration by checking node to reachable path and node, each node has all been set up the path that arrives checking node.Concerning Sybil node, due to the scarcity of relation, therefore its path all comes from a few node, claims that these paths are redundant path.By definition K Similar Track and in the time propagating, route availability is checked, can effectively eliminate redundant path, the scarcity that is related to of Sybil node is shown in the scarcity of active path, for the detection of the 4th step provides basis.
The reachable path of all nodes is gathered checking node by the 3rd step, and by checking node, authenticity examination is carried out in these paths.Avoid like this node in order privately to forge path by checking or to distort path; Use the self-defining enciphering and deciphering algorithm of each node to identify path, without the support that relies on critical infrastructures or other auxiliary equipment, there is lightweight, easy advantage of disposing, be more suitable for network environment.
The 4th step utilizes the reachable path quantity of each node to judge that whether this node is Sybil node, owing to truly having reduced and having utilized the otherness of node relationships, has the advantages such as accuracy is high, rate of false alarm is low.
Accompanying drawing explanation
Fig. 1 is overview flow chart of the present invention;
Fig. 2 is a part for network topology;
Fig. 3 is the self-defining relation list of node in topological structure shown in Fig. 2;
Fig. 4 is node u in topology shown in Fig. 2
7routing table change;
Fig. 5 is all paths that in the total proof procedure of topology shown in Fig. 2, verifier's node receives;
Fig. 6 is the performance of method detection method under heterogeneous networks scale.
Embodiment
Fig. 1 has provided the main-process stream of detection method.Take a concrete network as example, specific embodiment of the invention method is described.Use stochastic network model to generate analog network, comprise 1,500 node and 22,004 limits.Because network node is too much, we explain concrete implementation detail by the topology that the part of nodes shown in Fig. 2 forms.Wherein v is verifier's node, and other is node to be verified.
Detection method comprises four steps altogether.
The first step, chooses a certain node for checking node, is labeled as v, and arbitrary node can be served as checking node, and all nodes except checking node are all node to be verified, and each node carries out initialization operation: the enciphering and deciphering algorithm of each node definition oneself; And according to being related to initialization relation list, as shown in Figure 3.
Second step, by checking node, v carries out reachable path notice to other node, and method is:
First v sends declaration information to the member u in relation list
1and u
2, wherein path parameter is that { v} is designated Crypt
v(T
0), wherein Crypt
v() is the cryptographic algorithm of v, T
0for the arbitrary string of v definition.Get all the other parameter K=4, L=7.When initial, the routing table of each node is all empty, so { v} and its mark are added into u in path
1and u
2routing table in.
Subsequently, u
2in original route, form new route { v, u by self adding to
2, and use encipheror to form new mark to former mark encryption, then by new route and the member u identifying in the relation list that sends to him
3and u
4.Due to u
1relation list be empty, therefore do not need to carry out path declaration.
Similarly, u
3and u
4also according to step 1 flow process, path is declared.Fig. 4 has shown node u
7routing table along with the change procedure of notice procedures.U
7routing table be initialized as sky, receiving u
4after the declaration information of sending, routing table is as shown in Fig. 4 (a); Work as u
7receive from u
5declaration information after, according to notice procedures, first route availability is checked.New route { v, u
2, u
3, u
5and { v, u
2, u
4, u
5length be all less than L, with original path { v, u
2, u
4coefficient of variation be respectively 3 and 4, due to definition maximum difference COEFFICIENT K=4, therefore { v, u
2, u
3, u
5effectively to be added into routing table, and { v, u
2, u
4, u
5invalid being dropped.Now u
7routing table as shown in Fig. 4 (b).Finally, u
7receive and come from u
6declaration information, new route { v, u
2, u
4, u
6and original route { v, u
2, u
4coefficient of variation equals 4, equals maximum difference coefficient, be therefore dropped.Final u
7routing table as shown in Fig. 4 (c).
When all nodes no longer receive that after new advertised information, advertisement phase finishes.
The 3rd step, node still to be tested send the checking that comprises reachable path and ask to checking node v, make all reachable paths gather checking node v place, then by verifying that node v checks that whether all reachable paths credible.
Node still to be tested send to checking node v etc. to be verified by the form of advertised information the content in own routing table.V, sorts according to path, as shown in Figure 5 after request still to be tested receiving.Wherein shortest path shape is as { v, u
1and { v, u
2, because u
1and u
2all, in the relation table of v, therefore send checking message to u
1and u
2, wherein respectively comprise path { v, u
1and { v, u
2and mark separately.U
1and u
2to returning to v after mark deciphering, after v deciphering, obtain init string T
0, be therefore proved to be successful, by { v, u
1and { v, u
2add in verified_table.
To { v, u
2, u
3while verifying, first find { v, u
2in verified_table, then give most end node u
3send authorization information, u
3to feeding back to v after mark deciphering, v is by feedback result and { v, u
2mark compare, be unanimously proved to be successful, otherwise authentication failed.
After v verifies all paths successively, the credible Qualify Phase in gathering and path finishes.
The 4th step, judges according to the trusted path quantity of each node whether this node is Sybil node, and method is by checking node:
Checking node calculates each node to be verified and has trusted path quantity, if trusted path quantity is greater than checking threshold values, this node verification success is described, otherwise authentication failed.
Be proved to be successful and show that verifier accepts this node, otherwise verifier refuses this node.For invention accuracy is assessed, definition AR is the receptance (Accept Rate) to normal node, and RR represents the reject rate (Reject Rate) to Sybil node.The receptible normal node of the higher expression of AR is more, but it is also more to receive Sybil node simultaneously; The Sybil node that the higher expression of RR can detect is more, but simultaneously also may be more by the normal node of flase drop.Good detection method should be able to obtain higher AR and RR simultaneously.
Use the network of different scales to verify the validity of method, and systematic function under different parameters is contrasted, result is as shown in table 6.Under heterogeneous networks scale, the receptance of the inventive method and reject rate can be up to 90% as we can see from the figure, and along with increasing of node, performance declines to some extent, but also all maintain more than 88%.
The present invention attacks and detects Sybil, the social relationships that form in reciprocal process take node are foundation detection Sybil node, not only can find that the Sybil having started attacks, can also attack to threaten to potential Sybil and detect, thereby avoid to greatest extent attacking the harm causing.Can be applied in the various online community network field that uses recommendation mechanisms and shared mechanism, such as network is voted online, scoring online, video are shared etc.
Claims (7)
1. a Sybil attack detection method in online community network, is characterized in that comprising the following steps:
The first step, chooses a certain node for checking node, is labeled as v, and arbitrary node can be served as checking node, and all nodes except checking node are all node to be verified, and each node carries out initialization operation, and method is:
The enciphering and deciphering algorithm of 1.1 all node definitions oneself;
1.2 checking nodes create relation table, and define character string T arbitrarily
0as initialized mark; Institute's node still to be tested creates relation table and routing table; Wherein relation table storage with other nodes of oneself setting up trusted relationships, in table, each is all a node identification; Routing table is used for storing the reachable path that arrives checking node, and in table, each is two tuples, is expressed as <P
i, Sign (P
i) >, 1≤i≤M, wherein M is total path number in network, P
irepresent i paths, Sgin (P
i) representing the mark of Pi, each paths is all an orderly sequence node, and each mark is a character string after encryption, and relation table is defined according to historical experience oneself by each node, and routing table is initially sky;
Second step, by checking node, v carries out reachable path notice to other node, and method is:
2.1v sends advertised information M
0give all members in the relation table of v, M
0content comprise and arrive the reachable path of v, the mark of reachable path, acceptable maximum difference COEFFICIENT K and acceptable MAXPATHLEN L, with the cryptographic algorithm of v to T
0encrypt as the path { mark of v}; Acceptable maximum difference COEFFICIENT K and acceptable longest path length L are all determined by checking node oneself.
2.2 have received advertised information M
0node u
jfirst to M
0the validity in middle path checks, establishes M
0middle path is P, is designated Sign (P), if P is with respect to u
jeffectively, execution step 2.3, otherwise go to step 2.5;
2.3u
jp is added in the routing table of oneself, and delete other path that is greater than K and grows than P with the coefficient of variation of P in routing table;
2.4u
jconstruct new path and mark: u
jby the afterbody that oneself adds P to form new path P ', if P={u
1, u
2... u
l, P '={ u
1, u
2... u
l, u
j, 1≤l≤N, N is nodes number, and uses u
jthe cryptographic algorithm Crypt of oneself
uj() encrypts Sign (P), forms new ID of trace route path, i.e. Sogn (P ')=Crypt
uj(Sign (P));
2.5u
jsend new advertised information M
1: use former advertised information M
0the value of middle K and L, with new path P ' form new advertised information M together with mark Sign (P ')
1and send to u
jmember in relation list, and send notice prompting to v, go to step 2.6; Noticing the content of reminding is u
jnode identification u
j;
If 2.6 u
jreceive new advertised information M
1, by M
0content update be M
1, go to step 2.2, otherwise go to step 2.7;
2.7 checking node v are according to network size definition reminder time interval, and initialization is reminded timer and starts timing; Reminder time interval τ is set, reminds if received to notice within the τ time, the timer of resetting is zero and goes to step 2.2; If timer exceeds reminder time interval and do not receive any notice and remind, carry out the 3rd step;
The 3rd step, node still to be tested send the checking that comprises reachable path and ask to checking node v, make all reachable paths gather checking node v place, then, by verifying that node v checks that whether all reachable paths credible, method is:
3.1 node still to be tested adopt new path and the mark of method construct of step 2.4, and new path and mark are sent to checking node v;
3.2 receive from after the checking request of node still to be tested, checking node v sorts according to length to all paths, and carries out successively the credible checking in path, method is:
3.2.1 verify that node v sorts all paths that receive according to length, add in table unverified_table to be verified, the data structure of unverified_table is identical with routing table, each is all made up of path and mark, and difference is that unverified_table sorts according to path;
3.2.2 from unverified_table, take out shortest path P
sand corresponding mark Sign (P
s), establish P
s={ u
1, u
2... u
t, 2≤t≤N, first verifies P
swhether credible, method is:
If 3.2.2.1 u
1for checking node v, go to step 3.2.2.2, otherwise go to step 3.2.2.8;
If 3.2.2.2 P
slength equal 2, go to step 3.2.2.3; Otherwise go to step 3.2.2.4;
If 3.2.2.3 u
2be present in the relation table of v, by u
2utilize the decipherment algorithm of oneself
() is to Sign (P
s) deciphering, and make result
If result Res is (P
s) equal init string T
0, be proved to be successful, turn 3.2.2.7; Otherwise authentication failed goes to step 3.2.2.8; If u
tbe not present in the relation table of v, illustrate that someone palms off path, authentication failed, goes to step 3.2.2.8;
3.2.2.4 check P
s-1={ u
1, u
2..., u
t-1whether be present in verified_table, if there is no, authentication failed goes to step 3.2.2.8; Otherwise enter step 3.2.2.5;
3.2.2.5 by P
s-1and Sign (P
s) send to P
sleast significant end node u
t;
3.2.2.6u
tfirst check P
s-1={ u
1, u
2... u
t-1whether at u
trouting table in, then use u
tdecipherment algorithm
to Sign (P
s) be decrypted, method is Ren (P
s)=
(Sign (P
s)), and by result and P
s-1mark Sign (P
s-1) contrast, if Res is (P
s)=Sign (P
s-1) illustrate that this path was not tampered, return to positive feedback message to v, go to step 3.2.2.7; Otherwise illustrate that path is tampered, provide negative feedback, go to step 3.2.2.8.
3.2.2.7 be proved to be successful, turn 3.3;
3.2.2.8 authentication failed, turns 3.4;
3.3 by P
smove to verified_table from unverified_table, go to step 3.5;
3.4 by P
sfrom unverified_table, delete, go to step 3.5;
If 3.5 unverified_table non-NULLs, go to step 3.2.2, otherwise turn the 4th step;
The 4th step, judges according to the trusted path quantity of each node whether this node is Sybil node by checking node:
The node of all submission checking requests is added set unverified_set to be verified by 4.1 checking node v, and initialization Sybil set sybil_set is empty set, and sets decision threshold α, and α freely adjusts according to demand;
4.2 take out a node u from unverified_set, calculate trusted path collection trusted_table (u)=path_table (u) ∩ verified_table, the routing table that wherein path_table (u) submits to for u, if element number is greater than α in trusted_table (u), goes to step 4.3, otherwise go to step 4.4;
4.3 to be proved to be successful be that u is not Sybil node, and u is deleted from unverified_set, turns 4.5;
4.4 authentication faileds are that u is Sybil node, and u is deleted and added sybil_set from unverified_set, turn 4.5;
If 4.5 unverified_set non-NULLs, turn 4.2, otherwise turn 4.6;
4.6 finish, and the node in set sybil_set is all Sybil node.
2. Sybil attack detection method in online community network as claimed in claim 1, the enciphering and deciphering algorithm that it is characterized in that described node definition is that DES is that Data Encryption Standard, AES are Advanced Encryption Standard, MD5, RSA or custom algorithm.
3. Sybil attack detection method in online community network as claimed in claim 1, is characterized in that, if met the following conditions, judging P
iwith respect to u
jeffective:
(1) P
ilength be less than acceptable longest path length L;
(2) P
iwith u
jrouting table in the coefficient of variation in arbitrary path be less than K, although or u
jrouting table in exist and P
icoefficient of variation is more than or equal to the path of K, but P
ishorter.
4. Sybil attack detection method in online community network as claimed in claim 1, is characterized in that described coefficient of variation refers to: if path P
1and P
2be that k is similar, k maximum occurrences is K, 1≤K≤min (m, n), so P
1and P
2be (K+1) difference, coefficient of variation is (K+1), and m is path P
1length, n is path P
2length.
5. Sybil attack detection method in online community network as claimed in claim 1, is characterized in that described decision threshold
α=15* (logN)
2, N is nodes number.
6. Sybil attack detection method in online community network as claimed in claim 1, is characterized in that interval τ=10*logN of described reminder time second, and N is nodes number.
7. Sybil attack detection method in online community network as claimed in claim 1, is characterized in that described maximum difference COEFFICIENT K=4, acceptable MAXPATHLEN L=7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410037921.5A CN103812864B (en) | 2014-01-26 | 2014-01-26 | Sybil attack detection method in online community network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410037921.5A CN103812864B (en) | 2014-01-26 | 2014-01-26 | Sybil attack detection method in online community network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103812864A true CN103812864A (en) | 2014-05-21 |
| CN103812864B CN103812864B (en) | 2016-09-14 |
Family
ID=50709065
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410037921.5A Expired - Fee Related CN103812864B (en) | 2014-01-26 | 2014-01-26 | Sybil attack detection method in online community network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103812864B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105635072A (en) * | 2014-11-06 | 2016-06-01 | 阿里巴巴集团控股有限公司 | Controlled account identification method and device |
| CN107896191A (en) * | 2017-11-27 | 2018-04-10 | 深信服科技股份有限公司 | A kind of virtual secure component based on container is across cloud system and method |
| CN108183888A (en) * | 2017-12-15 | 2018-06-19 | 恒安嘉新(北京)科技股份公司 | A kind of social engineering Network Intrusion path detection method based on random forests algorithm |
| CN108696713A (en) * | 2018-04-27 | 2018-10-23 | 苏州科达科技股份有限公司 | Safety detecting method, device and the test equipment of code stream |
| CN110598128A (en) * | 2019-09-11 | 2019-12-20 | 西安电子科技大学 | Community detection method for large-scale network for resisting Sybil attack |
| CN112055012A (en) * | 2018-07-24 | 2020-12-08 | 中国计量大学 | Distributed system |
| CN112839025A (en) * | 2020-11-26 | 2021-05-25 | 北京航空航天大学 | Sybil attack detection method based on node attention and forwarding characteristics and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070094494A1 (en) * | 2005-10-26 | 2007-04-26 | Honeywell International Inc. | Defending against sybil attacks in sensor networks |
| CN101478756A (en) * | 2009-01-16 | 2009-07-08 | 南京邮电大学 | Method for detecting Sybil attack |
| CN102186171A (en) * | 2011-03-11 | 2011-09-14 | 北京工业大学 | Anti-attack reliable wireless sensor network node positioning method |
-
2014
- 2014-01-26 CN CN201410037921.5A patent/CN103812864B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070094494A1 (en) * | 2005-10-26 | 2007-04-26 | Honeywell International Inc. | Defending against sybil attacks in sensor networks |
| CN101478756A (en) * | 2009-01-16 | 2009-07-08 | 南京邮电大学 | Method for detecting Sybil attack |
| CN102186171A (en) * | 2011-03-11 | 2011-09-14 | 北京工业大学 | Anti-attack reliable wireless sensor network node positioning method |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105635072A (en) * | 2014-11-06 | 2016-06-01 | 阿里巴巴集团控股有限公司 | Controlled account identification method and device |
| CN105635072B (en) * | 2014-11-06 | 2018-11-27 | 阿里巴巴集团控股有限公司 | Regulated account recognition methods and device |
| CN107896191A (en) * | 2017-11-27 | 2018-04-10 | 深信服科技股份有限公司 | A kind of virtual secure component based on container is across cloud system and method |
| CN107896191B (en) * | 2017-11-27 | 2020-11-27 | 深信服科技股份有限公司 | Container-based virtual security component cross-cloud system and method |
| CN108183888A (en) * | 2017-12-15 | 2018-06-19 | 恒安嘉新(北京)科技股份公司 | A kind of social engineering Network Intrusion path detection method based on random forests algorithm |
| CN108183888B (en) * | 2017-12-15 | 2020-09-15 | 恒安嘉新(北京)科技股份公司 | Social engineering intrusion attack path detection method based on random forest algorithm |
| CN108696713A (en) * | 2018-04-27 | 2018-10-23 | 苏州科达科技股份有限公司 | Safety detecting method, device and the test equipment of code stream |
| CN112055012A (en) * | 2018-07-24 | 2020-12-08 | 中国计量大学 | Distributed system |
| CN110598128A (en) * | 2019-09-11 | 2019-12-20 | 西安电子科技大学 | Community detection method for large-scale network for resisting Sybil attack |
| CN110598128B (en) * | 2019-09-11 | 2022-08-09 | 西安电子科技大学 | Community detection method for large-scale network for resisting Sybil attack |
| CN112839025A (en) * | 2020-11-26 | 2021-05-25 | 北京航空航天大学 | Sybil attack detection method based on node attention and forwarding characteristics and electronic equipment |
| CN112839025B (en) * | 2020-11-26 | 2022-04-12 | 北京航空航天大学 | Sybil attack detection method based on node attention and forwarding characteristics and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103812864B (en) | 2016-09-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zhang et al. | Blockchain-assisted public-key encryption with keyword search against keyword guessing attacks for cloud storage | |
| Shayan et al. | Biscotti: A blockchain system for private and secure federated learning | |
| Li et al. | Efficient and privacy-preserving carpooling using blockchain-assisted vehicular fog computing | |
| CN103812864A (en) | Sybil attack detection method in online social network | |
| CN109842606B (en) | Block chain consensus algorithm and system based on consistent Hash algorithm | |
| EP3896638A1 (en) | Distributed transaction propagation and verification system | |
| US20190371106A1 (en) | Voting system and method | |
| EP4002181A1 (en) | A consensus method and framework for a blockchain system | |
| Feng et al. | Blockchain-based data management and edge-assisted trusted cloaking area construction for location privacy protection in vehicular networks | |
| CN106878318A (en) | A kind of block chain real time polling cloud system | |
| Gupta et al. | Game theory-based authentication framework to secure internet of vehicles with blockchain | |
| Cai et al. | Hardening distributed and encrypted keyword search via blockchain | |
| Xu et al. | A secure and computationally efficient authentication and key agreement scheme for internet of vehicles | |
| CN116405187B (en) | Distributed node intrusion situation sensing method based on block chain | |
| Li et al. | Logisticschain: a blockchain‐based secure storage scheme for logistics data | |
| CN104378327B (en) | Network attack protection method, apparatus and system | |
| Samuel et al. | An anonymous IoT-based E-health monitoring system using blockchain technology | |
| Asfia et al. | A blockchain construct for energy trading against sybil attacks | |
| Wu et al. | A blockchain-based network security mechanism for voting systems | |
| Wang et al. | An Efficient Data Sharing Scheme for Privacy Protection Based on Blockchain and Edge Intelligence in 6G‐VANET | |
| Islam et al. | Blockchain-Enabled Cybersecurity Provision for Scalable Heterogeneous Network: A Comprehensive Survey. | |
| Saputri et al. | E-voting security system for the election of EEPIS BEM president | |
| GB2587541A (en) | A consensus method and framework for a blockchain system | |
| Hu et al. | Blockchain‐Enhanced Fair and Efficient Energy Trading in Industrial Internet of Things | |
| Li et al. | Cryptoeconomics: Economic Mechanisms Behind Blockchains |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160914 Termination date: 20220126 |