CN103812864A - Sybil attack detection method in online social network - Google Patents

Sybil attack detection method in online social network Download PDF

Info

Publication number
CN103812864A
CN103812864A CN201410037921.5A CN201410037921A CN103812864A CN 103812864 A CN103812864 A CN 103812864A CN 201410037921 A CN201410037921 A CN 201410037921A CN 103812864 A CN103812864 A CN 103812864A
Authority
CN
China
Prior art keywords
node
path
verification
sybil
sign
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410037921.5A
Other languages
Chinese (zh)
Other versions
CN103812864B (en
Inventor
朱培栋
陈侃
郑倩冰
陈亮
曹华阳
胡罡
任浩
曹介南
蔡开裕
邵成成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Original Assignee
National University of Defense Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology filed Critical National University of Defense Technology
Priority to CN201410037921.5A priority Critical patent/CN103812864B/en
Publication of CN103812864A publication Critical patent/CN103812864A/en
Application granted granted Critical
Publication of CN103812864B publication Critical patent/CN103812864B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明公开了一种在线社会网络中Sybil攻击检测方法,目的是提供一种在社会网络中Sybil攻击检测方法。技术方案是选取某一节点为验证节点,以成员关系为依据进行路径通告,构建到达验证节点的关系路径;通告过程中采用基于路径k相似的路径选择方法剔除冗余路径和共享路径;通告结束后将所有可达路径聚集到验证节点进行可信性检验,以防止私造或篡改路径;最终以每个节点可信路径的数量作为验证标准,由验证节点对其它节点是否为Sybil节点进行验证。本发明利用每个节点的可达路径数量判断该节点是否为Sybil节点,真实还原并利用了节点关系的差异性,准确性高、误报率低,且无需依靠关键基础设施或其它辅助设备的支持,具有轻量级、易部署的优势。The invention discloses a Sybil attack detection method in an online social network, and aims to provide a Sybil attack detection method in a social network. The technical solution is to select a certain node as a verification node, conduct path notification based on the membership relationship, and construct a relationship path to the verification node; during the notification process, a path selection method based on path k similarity is used to eliminate redundant paths and shared paths; the notification ends Finally, all reachable paths are gathered to the verification node for credibility verification to prevent private creation or tampering of paths; finally, the number of trusted paths of each node is used as the verification standard, and the verification node verifies whether other nodes are Sybil nodes . The present invention uses the number of reachable paths of each node to judge whether the node is a Sybil node, truly restores and utilizes the differences in node relationships, has high accuracy, low false alarm rate, and does not need to rely on key infrastructure or other auxiliary equipment Support, with the advantages of being lightweight and easy to deploy.

Description

Sybil attack detection method in online community network
Technical field
The present invention relates to the detection method that Sybil in online community network attacks, be applicable to the detection of network waterborne troops, electronic voting and vote, the multiple application such as online community network recommendation.
Background technology
Sybil attacks and refers to that in network, malicious user passes through repeatedly registration acquisition multiple identities, and utilizes these identity in web transactions, to occupy mastery status, thereby affects network normal function, destroys network order.
Sybil attacks and is extensively present in the network application and network system of various use recommendations or shared mechanism.In typical as online ballot system, by repeatedly registering repeated vote, upset Justice Order, handle gained vote result; In e-commerce website, utilize multiple identities to manufacture wash sale and false evaluation, the judgement that misguides the consumer, causes bad competition; In online social network sites, use multiple accounts to carry out message forwarding and comment, manufacture " hot issue ", carry out rumour propagation.
Along with the rise of online community network, individual, gradually in network saliency, plays the part of more and more important role.By building private page, participation network activity, everyone becomes the part in network.People not only exchange mutually by network, also actively share, and this is mainly manifested in resource and two aspects of knowledge.No matter be resource-sharing or knowledge sharing, in fact all used recommendation mechanisms, each user can the knowledge background based on oneself recommend, network application or network system are integrated all users' recommendation, utilize swarm intelligence to draw the general conclusion of final appraisal results, and provide support for other users' decision-making.Very important principle of recommendation mechanisms is the equity of user identity, between user, is fair, and the weight that user recommends is consistent, and the final effective aspect of guarantee reveals most of users' wish like this, and recommendation mechanisms is played a role.Due to the existence of Sybil attack, although still show fairness between user, but because assailant has grasped multiple identities, if be same user by these identity fusion, the shared weight of this user is much larger than the weight of normal users so, and is proportional to the quantity of the Sybil identity that this user grasps.Sybil attacks the fairness of having broken user identity, makes assailant in recommendation process, occupy more advantages and even can manipulate final result directly.
Sybil attacks and is extensively present in multiple network application, has not only destroyed network application original function, misleads user and causes the distrust of user to network, also may bring multiple malice serious consequence.For example attack at video, picture website use Sybil illegal contents such as promoting violence, pornographic; Upload the file of the viral trojan horse program of subsidiary malice, and attack deception people by Sybil and download; On the online social application such as microblogging, micro-letter, utilize Sybil to attack and carry out rumour propagation, not only can damage other people reputation, even can cause social fear.
Solving Sybil, to attack effective means be to control user's registration, for example, require to use system of real name mode to register.User account is associated one by one with user real identification like this, has strengthened the difficulty of Sybil account registration, makes sole user cannot continue to handle unlimited many Sybil accounts, thereby weakens or eliminate Sybil and attack.But because this mode requires user to use on network and stores oneself real name information, may cause on the one hand privacy of user and leak, may make on the other hand user produce misgivings, thereby cause customer loss, therefore be difficult to dispose in practice and apply.
Attack owing to eliminating Sybil from root, currently mainly start with from attack detecting, find that the Sybil having broken out attacks and potential Sybil threat.Due to the difference of attack form and method for organizing, such as intrusion detection of traditional detection method etc. are difficult to effectively detect Sybil and attack.The object of Sybil attack detecting is to find Sybil node cluster, the otherness of social relationships between Main Basis member.Attack because Sybil node is mainly used to start Sybil, and be rarely used in daily alternately, therefore cause and the disappearance of normal node relation, on graph of a relation, show closely locally, contact loose minimal cut feature with the external world.This characteristic Y u proposes the earliest in the SybilGuard of SIGCOMM06, and is adopted as the basic assumption of Sybil attack detecting.SybilGuard uses the mode of random route to select the path that arrives verifier's node, and using final reachable path number as each node criterion.SybilLimit improves SybilGuard, but the two all exists False Rate and the high problem of misdetection rate.The GateKeeper of Tran utilizes social relationships between node, to carry out bill distribution, the bill quantity obtaining using final each node is as criterion, improve the accuracy rate detecting, but for the bill total amount of determining that the starting stage is issued, need repeatedly iteration operation distribution operation of detection system, strengthened system operation time and resource consumption.And this several method, for path or bill are verified, all needs the support of additional key infrastructure.
Attack detecting result how to utilize lightweight deployment way to obtain high accuracy is the technical problem that those skilled in the art very pay close attention to.
Summary of the invention
The technical problem to be solved in the present invention is to provide one Sybil attack detection method in community network.
Technical scheme is: choose a certain node for checking node, take member relation as according to carrying out path notice and propagation, build the relation path that arrives checking node; In communication process, adopt based on the similar routing resource eliminate redundancy path of path k and shared path; Whether the final quantity using each node trusted path, as validation criteria, is that Sybil node is verified by checking node to other node.
Use N to represent nodes number, for path P 1=<u 1, u 2, u 3... u m>, (1≤m≤N) and path P 2=<v 1, v 2, v 3... v n>, (1≤n≤N), defined node phase Sihe path is similar as follows, and m is path P 1length, n is path P 2length.
Define 1. node r similar: for 1≤r≤min (m, n) (min (m, n) represents to get m, less number in n), if P 1r node u rand P 2r node v rsame node, so P 1and P 2that node r is similar.
Define 2. path k similar: establish 1≤k≤min (m, n), if to any 1≤j≤k, P 1and P 2all that node j is similar, P so 1and P 2that k is similar.If meet P 1and P 2be that k is similar, k maximum occurrences is K, (1≤K≤min (m, n)), P so 1and P 2be (K+1) difference, coefficient of variation is (K+1).
From definition 1 and definition 2, similar if two paths are k, the sequence node before k node of this two paths is all the same so; If two paths are K difference, so this two paths before (K-1) individual sequence node all the same, and if path be all greater than K, their K node is different nodes so.
The concrete technical scheme of the present invention comprises the following steps:
The first step, chooses a certain node for checking node, is labeled as v, and arbitrary node can be served as checking node, and all nodes except checking node are all node to be verified, and each node carries out initialization operation, and method is:
The enciphering and deciphering algorithm of 1.1 all node definitions oneself, algorithm is without external disclosure, can use DES(Data Encryption Standard), AES(Advanced Encryption Standard), the classic algorithm such as MD5, RSA, also can use custom algorithm.
1.2 checking nodes create relation table, and define character string T arbitrarily 0as checking character string; Institute's node still to be tested creates relation table and routing table.Wherein relation table storage with other nodes of oneself setting up trusted relationships, in table, each is all a node identification; Routing table is used for storing the reachable path that arrives checking node, and in table, each is two tuples, is expressed as <P i, Sign (P i) >, (1≤i≤M), wherein M is total path number in network, P irepresent i paths, Sign (P i) expression P imark.Each paths is all an orderly sequence node, and each mark is a character string after encryption.Relation table is by each node according to historical experience oneself definition, and routing table is initially sky.
Second step, by checking node, v carries out reachable path notice to other node, and method is:
2.1v sends advertised information M 0give all members in the relation table of v.Advertised information M 0content comprise path, mark, acceptable maximum difference COEFFICIENT K and acceptable MAXPATHLEN L.Because v verifies node exactly, therefore path is { v}; With the cryptographic algorithm of v to T 0encrypt as the path { mark of v}; Acceptable maximum difference COEFFICIENT K and acceptable longest path length L are all definite by checking node oneself, and the reference value that experiment provides is K=1, L=7.
2.2 have received advertised information M 0node u jfirst to M 0the validity in middle path checks.If M 0middle path is P, is designated Sign (P), if met the following conditions, judges that P is with respect to u jeffective:
(1) length of P is less than acceptable longest path length L;
(2) P and u jrouting table in the coefficient of variation in arbitrary path be less than K, although or u jrouting table in exist with P coefficient of variation and be more than or equal to the path of K, but P is shorter.If P is with respect to u jeffectively, execution step 2.3, otherwise turn 2.5.
2.3u jp is added in the routing table of oneself, and delete other path that is greater than K and grows than P with the coefficient of variation of P in routing table.
2.4u jconstruct new path and mark.U jby the afterbody that oneself adds P to form new path P ', if P={u 1, u 2... u l, (1≤l), P ' so={ u 1, u 2... u l, u j, and use u jthe cryptographic algorithm Crypt of oneself uj() encrypted and formed new ID of trace route path Sign (P ')=Crypt Sign (P) uj(Sign (P)).
2.5u jsend new advertised information.Use former advertised information M 0the value of middle K and L, with new path P ' form new advertised information M together with mark Sign (P ') 1and send to u jmember in relation list, and send notice prompting to v, go to step 2.6.Noticing the content of reminding is u jnode identification u j, be only used for notifying v to notice and still carrying out.
If 2.6 u jreceive new advertised information M 1, by M 0content update be M 1, go to step 2.2, otherwise go to step 2.7.
2.7 checking node v are according to network size definition reminder time interval, and initialization is reminded timer and starts timing.Be set reminder time interval τ=10*logN second, remind if received to notice within the τ time, the timer of resetting is so zero and goes to step 2.2; If timer exceeds reminder time interval and do not receive any notice and remind, notice and finish so, carry out the 3rd step.
The 3rd step, node still to be tested send the checking that comprises reachable path and ask to checking node v, make all reachable paths gather checking node v place, then by verifying that node v checks that whether all reachable paths credible.Method is:
3.1 node still to be tested adopt new path and the mark of method construct of step 2.4, and new path and mark are sent to checking node v.
3.2 receive from after the checking request of node still to be tested, checking node v sorts according to length to all paths, and carry out successively the credible checking in path, and object is to prevent that some node from privately fabricating non-existent path or distorting path, verification method is:
3.2.1 verify that node v sorts all paths that receive according to length, add in table unverified_table to be verified.The data structure of unverified_table is identical with routing table, and each is all made up of path and mark, and difference is that unverified_table sorts according to path.
3.2.2 from unverified_table, take out shortest path P sand corresponding mark Sign (P s), by the known P of notice procedures slength be necessarily more than or equal to 2, establish P s={ u 1, u 2... u t, (2≤t≤N).First verify P swhether credible, method is:
If 3.2.2.1 u 1for checking node v, turn 3.2.2.2, otherwise turn 3.2.2.8;
If 3.2.2.2 P slength equal 2, turn 3.2.2.3; Otherwise turn 3.2.2.4;
If 3.2.2.3 u 2be present in the relation table of v, by u 2utilize the decipherment algorithm of oneself
Figure BDA0000462578680000071
() is to Sign (P s) deciphering, and make result Res ( P s ) = Decrypt u 2 ( Sign ( P s ) ) , Wherein
Figure BDA0000462578680000073
() is u 2decipherment algorithm.If result Res is (P s) equal init string T 0, be proved to be successful, turn 3.2.2.7; Otherwise authentication failed turns 3.2.2.8; If u tbe not present in the relation table of v, illustrate that someone palms off path, authentication failed, turns 3.2.2.8;
3.2.2.4 check P s-1={ u 1, u 2..., u t-1whether be present in verified_table, if there is no, authentication failed turns 3.2.2.8; Otherwise enter step 3.2.2.5;
3.2.2.5 by P s-1and Sign (P s) send to P sleast significant end node u t;
3.2.2.6u tfirst check P s-1={ u 1, u 2... u t-1whether at u trouting table in, then use u tdecipherment algorithm
Figure BDA0000462578680000074
to Sign (P s) be decrypted, method is Res ( P s ) = Decrypt u t ( Sign ( P s ) ) , And by result and P s-1mark Sign (P s-1) contrast, if Res is (P s)=Sign (P s-1) illustrate that this path was not tampered, return to positive feedback message to v, turn 3.2.2.7; Otherwise illustrate that path is tampered, provide negative feedback, turn 3.2.2.8.
3.2.2.7 be proved to be successful, turn 3.3;
3.2.2.8 authentication failed, turns 3.4.
3.3 by P smove to verified_table from unverified_table, turn 3.5.
3.4 by P sfrom unverified_table, delete, turn 3.5.
If 3.5 unverified_table non-NULLs, go to step 3.2.2, otherwise turn the 4th step.
The 4th step, judges according to the trusted path quantity of each node whether this node is Sybil node by checking node.
The node of all submission checking requests is added set unverified_set to be verified by 4.1 checking node v, and initialization Sybil node set sybil_set is empty set, and sets decision threshold α.The value of α is variable, can freely adjust according to demand, and lower value can be accepted more normal node, but also may make Sybil node be accepted simultaneously, thereby increases loss; Higher value can be refused more Sybil node, but also may make normal node be rejected simultaneously, thereby false drop rate is increased.The best practices value that we simulate α by test of many times is α=15* (logN) 2.
4.2 take out a node from unverified_set, be made as u, the routing table of supposing its submission is path_table (u), calculates trusted path collection trusted_table (u)=path_table (u) ∩ verified_table.If element number is greater than α in trusted_table (u), turns 4.3, otherwise turn 4.4.
4.3 to be proved to be successful be that u is not Sybil node, and u is deleted from unverified_set, turns 4.5.
4.4 authentication faileds are that u is Sybil node, and u is deleted and added sybil_set from unverified_set, turn 4.5.
If 4.5 unverified_set non-NULLs, turn 4.2, otherwise turn 4.6.
4.6 finish, and the node in set sybil_set is all Sybil node.
Adopt the present invention can reach following beneficial effect:
For Sybil user, owing to being subject to the impact of time, energy etc., cannot use all accounts to carry out daily interacting activity, conventionally only can use wherein some or a few, caused the scarcity of other account relation.Meanwhile, owing to using these accounts to carry out Sybil attack simultaneously, between these accounts, formed associated closely.On the present graph of a relation of these mark sheets, just present internal connection tight, with the loose structure of external relation, this causes Sybil node to arrive reachable path disappearance of other normal node.The present invention is as detecting foundation.
In the first step, each node definition the enciphering and deciphering algorithm of oneself, these algorithms are used for the mark of build path, according to mark, credibility carried out in all paths and verify in the 3rd step, thereby guarantee authenticity and the correctness in path, prevent that node from forging, distorting path privately.
In second step, the propagation to reachable path between the declaration by checking node to reachable path and node, each node has all been set up the path that arrives checking node.Concerning Sybil node, due to the scarcity of relation, therefore its path all comes from a few node, claims that these paths are redundant path.By definition K Similar Track and in the time propagating, route availability is checked, can effectively eliminate redundant path, the scarcity that is related to of Sybil node is shown in the scarcity of active path, for the detection of the 4th step provides basis.
The reachable path of all nodes is gathered checking node by the 3rd step, and by checking node, authenticity examination is carried out in these paths.Avoid like this node in order privately to forge path by checking or to distort path; Use the self-defining enciphering and deciphering algorithm of each node to identify path, without the support that relies on critical infrastructures or other auxiliary equipment, there is lightweight, easy advantage of disposing, be more suitable for network environment.
The 4th step utilizes the reachable path quantity of each node to judge that whether this node is Sybil node, owing to truly having reduced and having utilized the otherness of node relationships, has the advantages such as accuracy is high, rate of false alarm is low.
Accompanying drawing explanation
Fig. 1 is overview flow chart of the present invention;
Fig. 2 is a part for network topology;
Fig. 3 is the self-defining relation list of node in topological structure shown in Fig. 2;
Fig. 4 is node u in topology shown in Fig. 2 7routing table change;
Fig. 5 is all paths that in the total proof procedure of topology shown in Fig. 2, verifier's node receives;
Fig. 6 is the performance of method detection method under heterogeneous networks scale.
Embodiment
Fig. 1 has provided the main-process stream of detection method.Take a concrete network as example, specific embodiment of the invention method is described.Use stochastic network model to generate analog network, comprise 1,500 node and 22,004 limits.Because network node is too much, we explain concrete implementation detail by the topology that the part of nodes shown in Fig. 2 forms.Wherein v is verifier's node, and other is node to be verified.
Detection method comprises four steps altogether.
The first step, chooses a certain node for checking node, is labeled as v, and arbitrary node can be served as checking node, and all nodes except checking node are all node to be verified, and each node carries out initialization operation: the enciphering and deciphering algorithm of each node definition oneself; And according to being related to initialization relation list, as shown in Figure 3.
Second step, by checking node, v carries out reachable path notice to other node, and method is:
First v sends declaration information to the member u in relation list 1and u 2, wherein path parameter is that { v} is designated Crypt v(T 0), wherein Crypt v() is the cryptographic algorithm of v, T 0for the arbitrary string of v definition.Get all the other parameter K=4, L=7.When initial, the routing table of each node is all empty, so { v} and its mark are added into u in path 1and u 2routing table in.
Subsequently, u 2in original route, form new route { v, u by self adding to 2, and use encipheror to form new mark to former mark encryption, then by new route and the member u identifying in the relation list that sends to him 3and u 4.Due to u 1relation list be empty, therefore do not need to carry out path declaration.
Similarly, u 3and u 4also according to step 1 flow process, path is declared.Fig. 4 has shown node u 7routing table along with the change procedure of notice procedures.U 7routing table be initialized as sky, receiving u 4after the declaration information of sending, routing table is as shown in Fig. 4 (a); Work as u 7receive from u 5declaration information after, according to notice procedures, first route availability is checked.New route { v, u 2, u 3, u 5and { v, u 2, u 4, u 5length be all less than L, with original path { v, u 2, u 4coefficient of variation be respectively 3 and 4, due to definition maximum difference COEFFICIENT K=4, therefore { v, u 2, u 3, u 5effectively to be added into routing table, and { v, u 2, u 4, u 5invalid being dropped.Now u 7routing table as shown in Fig. 4 (b).Finally, u 7receive and come from u 6declaration information, new route { v, u 2, u 4, u 6and original route { v, u 2, u 4coefficient of variation equals 4, equals maximum difference coefficient, be therefore dropped.Final u 7routing table as shown in Fig. 4 (c).
When all nodes no longer receive that after new advertised information, advertisement phase finishes.
The 3rd step, node still to be tested send the checking that comprises reachable path and ask to checking node v, make all reachable paths gather checking node v place, then by verifying that node v checks that whether all reachable paths credible.
Node still to be tested send to checking node v etc. to be verified by the form of advertised information the content in own routing table.V, sorts according to path, as shown in Figure 5 after request still to be tested receiving.Wherein shortest path shape is as { v, u 1and { v, u 2, because u 1and u 2all, in the relation table of v, therefore send checking message to u 1and u 2, wherein respectively comprise path { v, u 1and { v, u 2and mark separately.U 1and u 2to returning to v after mark deciphering, after v deciphering, obtain init string T 0, be therefore proved to be successful, by { v, u 1and { v, u 2add in verified_table.
To { v, u 2, u 3while verifying, first find { v, u 2in verified_table, then give most end node u 3send authorization information, u 3to feeding back to v after mark deciphering, v is by feedback result and { v, u 2mark compare, be unanimously proved to be successful, otherwise authentication failed.
After v verifies all paths successively, the credible Qualify Phase in gathering and path finishes.
The 4th step, judges according to the trusted path quantity of each node whether this node is Sybil node, and method is by checking node:
Checking node calculates each node to be verified and has trusted path quantity, if trusted path quantity is greater than checking threshold values, this node verification success is described, otherwise authentication failed.
Be proved to be successful and show that verifier accepts this node, otherwise verifier refuses this node.For invention accuracy is assessed, definition AR is the receptance (Accept Rate) to normal node, and RR represents the reject rate (Reject Rate) to Sybil node.The receptible normal node of the higher expression of AR is more, but it is also more to receive Sybil node simultaneously; The Sybil node that the higher expression of RR can detect is more, but simultaneously also may be more by the normal node of flase drop.Good detection method should be able to obtain higher AR and RR simultaneously.
Use the network of different scales to verify the validity of method, and systematic function under different parameters is contrasted, result is as shown in table 6.Under heterogeneous networks scale, the receptance of the inventive method and reject rate can be up to 90% as we can see from the figure, and along with increasing of node, performance declines to some extent, but also all maintain more than 88%.
The present invention attacks and detects Sybil, the social relationships that form in reciprocal process take node are foundation detection Sybil node, not only can find that the Sybil having started attacks, can also attack to threaten to potential Sybil and detect, thereby avoid to greatest extent attacking the harm causing.Can be applied in the various online community network field that uses recommendation mechanisms and shared mechanism, such as network is voted online, scoring online, video are shared etc.

Claims (7)

1.一种在线社会网络中Sybil攻击检测方法,其特征在于包括以下步骤:1. a Sybil attack detection method in an online social network, is characterized in that comprising the following steps: 第一步,选取某一节点为验证节点,标记为v,任意节点都可以作为验证节点,除验证节点之外的所有节点都为待验证节点,各节点进行初始化操作,方法是:The first step is to select a certain node as a verification node and mark it as v. Any node can be used as a verification node. All nodes except the verification node are nodes to be verified. Each node is initialized by: 1.1所有节点定义自己的加解密算法;1.1 All nodes define their own encryption and decryption algorithms; 1.2验证节点创建关系表,并定义任意的字符串T0作为初始化的标识;所有待验证节点创建关系表和路径表;其中关系表存储已经与自己建立起可信关系的其他节点,表中每一项都是一个节点标识;路径表用来存储到达验证节点的可达路径,表中每一项是一个二元组,表示为<Pi,Sign(Pi)>,1≤i≤M,其中M为网络中总路径数,Pi表示第i条路径,Sgin(Pi)表示Pi的标识,每一条路径都是一个有序的节点序列,每一个标识是一个加密后的字符串,关系表由各节点根据历史经验自己定义,路径表初始为空;1.2 The verification node creates a relationship table, and defines any string T 0 as an initialization identifier; all nodes to be verified create a relationship table and a path table; the relationship table stores other nodes that have established a trusted relationship with itself, and each node in the table One item is a node identifier; the path table is used to store the reachable path to the verification node, and each item in the table is a two-tuple, expressed as <P i , Sign(P i )>, 1≤i≤M , where M is the total number of paths in the network, P i represents the i-th path, Sgin(P i ) represents the identity of Pi, each path is an ordered sequence of nodes, and each identity is an encrypted string , the relationship table is defined by each node based on historical experience, and the path table is initially empty; 第二步,由验证节点v对其它节点进行可达路径通告,方法是:In the second step, the verification node v advertises reachable paths to other nodes, the method is: 2.1v发送通告信息M0给v的关系表中所有成员,M0的内容包括到达v的可达路径、可达路径的标识、可接受的最大差异系数K以及可接受的最大路径长度L,以v的加密算法对T0加密作为路径{v}的标识;可接受的最大差异系数K和可接受的最长路径长度L都由验证节点自己确定。2.1v sends notification information M 0 to all members in the relationship table of v, the content of M 0 includes the reachable path to v, the identifier of the reachable path, the acceptable maximum difference coefficient K and the acceptable maximum path length L, Encrypt T 0 with the encryption algorithm of v as the identification of the path {v}; the acceptable maximum difference coefficient K and the acceptable longest path length L are determined by the verification node itself. 2.2接收到了通告信息M0的节点uj首先对M0中路径的有效性进行检查,设M0中路径为P,标识为Sign(P),如果P相对于uj是有效的,执行步骤2.3,否则转步骤2.5;2.2 The node u j that has received the notification information M 0 first checks the validity of the path in M 0 , set the path in M 0 as P, and sign it as Sign(P), if P is valid relative to u j , execute the step 2.3, otherwise go to step 2.5; 2.3uj将P添加到自己的路径表中,并删除路径表中与P的差异系数大于K且比P长的其它路径;2.3u j adds P to its own path table, and deletes other paths in the path table whose difference coefficient with P is greater than K and longer than P; 2.4uj构造新的路径和标识:uj将自己添加到P的尾部构成新的路径P′,若P={u1,u2...ul},则P′={u1,u2...ul,uj},1≤l≤N,N为网络中节点个数,并使用uj自己的加密算法Cryptuj()对Sign(P)加密,构成新的路径标识,即Sogn(P′)=Cryptuj(Sign(P));2.4 u j constructs a new path and identity: u j adds itself to the tail of P to form a new path P′, if P={u 1 , u 2 ... u l }, then P′={u 1 , u 2 ... u l , u j }, 1≤l≤N, N is the number of nodes in the network, and use u j 's own encryption algorithm Crypt uj () to encrypt Sign(P) to form a new path identifier , namely Sogn(P′)=Crypt uj (Sign(P)); 2.5uj发送新的通告信息M1:使用原通告信息M0中K和L的值,与新的路径P′和标识Sign(P′)一起构成新的通告信息M1并发送给uj关系列表中的成员,并发送通告提醒给v,转步骤2.6;通告提醒的内容为uj的节点标识uj2.5u j sends new notification information M 1 : use the values of K and L in the original notification information M 0 to form new notification information M 1 together with the new path P′ and the sign Sign(P′) and send it to u j Members in the relationship list, and send a notification reminder to v, go to step 2.6; the content of the notification reminder is the node identifier u j of u j ; 2.6如果uj接收到新的通告信息M1,将M0的内容更新为M1,转步骤2.2,否则转步骤2.7;2.6 If u j receives new announcement information M 1 , update the content of M 0 to M 1 , go to step 2.2, otherwise go to step 2.7; 2.7验证节点v根据网络规模定义提醒时间间隔,并初始化提醒计时器并开始计时;设置提醒时间间隔τ,如果在τ时间内接收到了通告提醒,则重置计时器为零并转步骤2.2;如果计时器超出提醒时间间隔且没有接收到任何通告提醒,则执行第三步;2.7 Verification node v defines the reminder time interval according to the network scale, and initializes the reminder timer and starts counting; set the reminder time interval τ, if the notification reminder is received within τ time, reset the timer to zero and go to step 2.2; if If the timer exceeds the reminder interval and does not receive any notification reminder, then perform the third step; 第三步,所有待验证节点发送包含可达路径的验证请求给验证节点v,使所有的可达路径聚集到验证节点v处,然后由验证节点v检查所有可达路径是否可信,方法是:In the third step, all the nodes to be verified send verification requests containing reachable paths to the verification node v, so that all reachable paths are gathered at the verification node v, and then the verification node v checks whether all the reachable paths are credible, the method is : 3.1所有待验证节点采用步骤2.4的方法构造新的路径和标识,并将新的路径和标识发送给验证节点v;3.1 All the nodes to be verified use the method of step 2.4 to construct new paths and identifiers, and send the new paths and identifiers to the verification node v; 3.2接收到来自所有待验证节点的验证请求后,验证节点v对所有路径按照长度排序,并依次进行路径可信性验证,方法为:3.2 After receiving the verification requests from all the nodes to be verified, the verification node v sorts all the paths according to the length, and performs the path credibility verification in turn, the method is as follows: 3.2.1验证节点v将接收到的所有路径按照长度排序,加入待验证表unverified_table中,unverified_table的数据结构与路径表相同,每一项都由路径和标识组成,区别是unverified_table是按照路径长度排序的;3.2.1 The verification node v sorts all the received paths according to the length, and adds them to the unverified table to be verified. The data structure of the unverified_table is the same as that of the path table, and each item is composed of a path and an identifier. The difference is that the unverified_table is sorted according to the length of the path of; 3.2.2从unverified_table中取出最短路径Ps及其对应的标识Sign(Ps),设Ps={u1,u2...ut},2≤t≤N,首先验证Ps是否可信,方法为:3.2.2 Take out the shortest path P s and its corresponding sign Sign(P s ) from the unverified_table, set P s ={u 1 , u 2 ...u t }, 2≤t≤N, first verify whether P s Credible, the method is: 3.2.2.1如果u1为验证节点v,转步骤3.2.2.2,否则转步骤3.2.2.8;3.2.2.1 If u 1 is the verification node v, go to step 3.2.2.2, otherwise go to step 3.2.2.8; 3.2.2.2如果Ps的长度等于2,转步骤3.2.2.3;否则转步骤3.2.2.4;3.2.2.2 If the length of P s is equal to 2, go to step 3.2.2.3; otherwise go to step 3.2.2.4; 3.2.2.3如果u2存在于v的关系表中,由u2利用自己的解密算法
Figure FDA0000462578670000021
()对Sign(Ps)解密,并令结果 Res ( P s ) = Decrypt u 2 ( Sign ( P s ) ) , 如果结果Res(Ps)等于初始字符串T0,则验证成功,转3.2.2.7;否则验证失败转步骤3.2.2.8;如果ut不存在于v的关系表中,说明有人假冒路径,验证失败,转步骤3.2.2.8;3.2.2.3 If u 2 exists in the relationship table of v, u 2 uses its own decryption algorithm
Figure FDA0000462578670000021
() Decrypt Sign(P s ), and make the result Res ( P the s ) = Decrypt u 2 ( sign ( P the s ) ) , If the result Res(P s ) is equal to the initial string T 0 , then the verification is successful, go to 3.2.2.7; otherwise, go to step 3.2.2.8 if the verification fails; if u t does not exist in the relational table of v, it means someone faked the path, go to step 3.2.2.8; Fail, go to step 3.2.2.8; 3.2.2.4检查Ps-1={u1,u2,...,ut-1}是否存在于verified_table中,如果不存在,验证失败转步骤3.2.2.8;否则进入步骤3.2.2.5;3.2.2.4 Check whether P s-1 = {u 1 , u 2 , ..., u t-1 } exists in the verified_table, if not, the verification fails and go to step 3.2.2.8; otherwise, go to step 3.2.2.5; 3.2.2.5将Ps-1和Sign(Ps)发送给Ps的最末端节点ut3.2.2.5 Send P s-1 and Sign(P s ) to the end node u t of P s ; 3.2.2.6ut首先检查Ps-1={u1,u2...ut-1}是否在ut的路径表中,然后使用ut的解密算法
Figure FDA0000462578670000031
对Sign(Ps)进行解密,方法为Ren(Ps)=
Figure FDA0000462578670000032
(Sign(Ps)),并将结果与Ps-1的标识Sign(Ps-1)对比,如果Res(Ps)=Sign(Ps-1)则说明该路径未被篡改过,返回正反馈消息给v,转步骤3.2.2.7;否则说明路径被篡改,给出负反馈,转步骤3.2.2.8。3.2.2.6 u t first checks whether P s-1 = {u 1 , u 2 ...u t-1 } is in the path table of u t , and then uses the decryption algorithm of u t
Figure FDA0000462578670000031
To decrypt Sign(P s ), the method is Ren(P s )=
Figure FDA0000462578670000032
(Sign(P s )), and compare the result with the sign of P s-1 Sign(P s-1 ), if Res(P s )=Sign(P s-1 ), it means that the path has not been tampered with, Return a positive feedback message to v, go to step 3.2.2.7; otherwise, it means that the path has been tampered with, give negative feedback, go to step 3.2.2.8. 3.2.2.7验证成功,转3.3;3.2.2.7 Verification is successful, go to 3.3; 3.2.2.8验证失败,转3.4;3.2.2.8 Verification failed, go to 3.4; 3.3将Ps从unverified_table移动到verified_table中,转步骤3.5;3.3 Move P s from unverified_table to verified_table, go to step 3.5; 3.4将Ps从unverified_table中删除,转步骤3.5;3.4 Delete P s from unverified_table, go to step 3.5; 3.5如果unverified_table非空,转步骤3.2.2,否则转第四步;3.5 If unverified_table is not empty, go to step 3.2.2, otherwise go to step 4; 第四步,由验证节点根据每个节点的可信路径数量判断该节点是否为Sybil节点:In the fourth step, the verification node judges whether the node is a Sybil node according to the number of trusted paths of each node: 4.1验证节点v将所有提交验证请求的节点加入待验证集合unverified_set,初始化Sybil集合sybil_set为空集,并设定判断阀值α,α根据需求自由调整;4.1 Verification node v adds all nodes that submit verification requests to the set unverified_set to be verified, initializes the Sybil set sybil_set to an empty set, and sets the judgment threshold α, which can be adjusted freely according to requirements; 4.2从unverified_set取出一个节点u,计算可信路径集trusted_table(u)=path_table(u)∩verified_table,其中path_table(u)为u提交的路径表,如果trusted_table(u)中元素个数大于α则转步骤4.3,否则转步骤4.4;4.2 Take out a node u from unverified_set, calculate the trusted path set trusted_table(u)=path_table(u)∩verified_table, where path_table(u) is the path table submitted by u, if the number of elements in trusted_table(u) is greater than α, turn to Step 4.3, otherwise go to step 4.4; 4.3验证成功即u不是Sybil节点,将u从unverified_set删除,转4.5;4.3 The verification is successful, that is, u is not a Sybil node, delete u from unverified_set, and go to 4.5; 4.4验证失败即u是Sybil节点,将u从unverified_set删除并加入sybil_set中,转4.5;4.4 Verification failure means that u is a Sybil node, delete u from unverified_set and add it to sybil_set, go to 4.5; 4.5如果unverified_set非空,转4.2,否则转4.6;4.5 If unverified_set is not empty, go to 4.2, otherwise go to 4.6; 4.6结束,集合sybil_set中的节点都为Sybil节点。At the end of 4.6, the nodes in the set sybil_set are all Sybil nodes. 2.如权利要求1所述的在线社会网络中Sybil攻击检测方法,其特征在于所述节点定义的加解密算法为DES即Data Encryption Standard、AES即Advanced Encryption Standard、MD5、RSA或自定义算法。2. Sybil attack detection method in the online social network as claimed in claim 1, it is characterized in that the encryption and decryption algorithm of described node definition is DES namely Data Encryption Standard, AES namely Advanced Encryption Standard, MD5, RSA or self-defined algorithm. 3.如权利要求1所述的在线社会网络中Sybil攻击检测方法,其特征在于如果满足以下条件,则判定Pi相对于uj是有效的:3. Sybil attack detection method in the online social network as claimed in claim 1, is characterized in that if satisfy following condition, then judge that P i is effective with respect to u j : (1)Pi的长度小于可接受的最长路径长度L;(1) The length of P i is less than the longest acceptable path length L; (2)Pi与uj的路径表中的任一路径的差异系数小于K,或者虽然uj的路径表中存在与Pi差异系数大于或等于K的路径,但Pi更短。(2) The difference coefficient between P i and any path in the path table of u j is less than K, or although there is a path with a difference coefficient greater than or equal to K in the path table of u j , P i is shorter. 4.如权利要求1所述的在线社会网络中Sybil攻击检测方法,其特征在于所述差异系数指:如果路径P1和P2是k相似的,k最大取值为K,1≤K≤min(m,n),那么P1和P2是(K+1)差异的,差异系数为(K+1),m是路径P1的长度,n是路径P2的长度。4. Sybil attack detection method in the online social network as claimed in claim 1, is characterized in that described coefficient of difference refers to: if path P 1 and P 2 are k similar, the maximum value of k is K, 1≤K≤ min(m, n), then P 1 and P 2 are (K+1) different, and the difference coefficient is (K+1), m is the length of path P 1 , and n is the length of path P 2 . 5.如权利要求1所述的在线社会网络中Sybil攻击检测方法,其特征在于所述判断阀值5. Sybil attack detection method in the online social network as claimed in claim 1, is characterized in that described judgment threshold α=15*(logN)2,N为网络中节点个数。α=15*(logN) 2 , where N is the number of nodes in the network. 6.如权利要求1所述的在线社会网络中Sybil攻击检测方法,其特征在于所述提醒时间间隔τ=10*logN秒,N为网络中节点个数。6. Sybil attack detection method in online social network as claimed in claim 1, is characterized in that described reminding time interval τ=10*logN second, and N is the node number in the network. 7.如权利要求1所述的在线社会网络中Sybil攻击检测方法,其特征在于所述最大差异系数K=4,可接受的最大路径长度L=7。7. The Sybil attack detection method in an online social network according to claim 1, wherein the maximum difference coefficient K=4, and the acceptable maximum path length L=7.
CN201410037921.5A 2014-01-26 2014-01-26 Sybil attack detection method in online community network Expired - Fee Related CN103812864B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410037921.5A CN103812864B (en) 2014-01-26 2014-01-26 Sybil attack detection method in online community network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410037921.5A CN103812864B (en) 2014-01-26 2014-01-26 Sybil attack detection method in online community network

Publications (2)

Publication Number Publication Date
CN103812864A true CN103812864A (en) 2014-05-21
CN103812864B CN103812864B (en) 2016-09-14

Family

ID=50709065

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410037921.5A Expired - Fee Related CN103812864B (en) 2014-01-26 2014-01-26 Sybil attack detection method in online community network

Country Status (1)

Country Link
CN (1) CN103812864B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105635072A (en) * 2014-11-06 2016-06-01 阿里巴巴集团控股有限公司 Controlled account identification method and device
CN107896191A (en) * 2017-11-27 2018-04-10 深信服科技股份有限公司 A kind of virtual secure component based on container is across cloud system and method
CN108183888A (en) * 2017-12-15 2018-06-19 恒安嘉新(北京)科技股份公司 A kind of social engineering Network Intrusion path detection method based on random forests algorithm
CN108696713A (en) * 2018-04-27 2018-10-23 苏州科达科技股份有限公司 Safety detecting method, device and the test equipment of code stream
CN110598128A (en) * 2019-09-11 2019-12-20 西安电子科技大学 A Community Detection Method for Large-Scale Networks Against Sybil Attacks
CN112055012A (en) * 2018-07-24 2020-12-08 中国计量大学 Distributed system
CN112839025A (en) * 2020-11-26 2021-05-25 北京航空航天大学 Sybil attack detection method and electronic device based on node attention and forwarding features

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070094494A1 (en) * 2005-10-26 2007-04-26 Honeywell International Inc. Defending against sybil attacks in sensor networks
CN101478756A (en) * 2009-01-16 2009-07-08 南京邮电大学 Method for detecting Sybil attack
CN102186171A (en) * 2011-03-11 2011-09-14 北京工业大学 Anti-attack reliable wireless sensor network node positioning method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070094494A1 (en) * 2005-10-26 2007-04-26 Honeywell International Inc. Defending against sybil attacks in sensor networks
CN101478756A (en) * 2009-01-16 2009-07-08 南京邮电大学 Method for detecting Sybil attack
CN102186171A (en) * 2011-03-11 2011-09-14 北京工业大学 Anti-attack reliable wireless sensor network node positioning method

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105635072A (en) * 2014-11-06 2016-06-01 阿里巴巴集团控股有限公司 Controlled account identification method and device
CN105635072B (en) * 2014-11-06 2018-11-27 阿里巴巴集团控股有限公司 Regulated account recognition methods and device
CN107896191A (en) * 2017-11-27 2018-04-10 深信服科技股份有限公司 A kind of virtual secure component based on container is across cloud system and method
CN107896191B (en) * 2017-11-27 2020-11-27 深信服科技股份有限公司 Container-based virtual security component cross-cloud system and method
CN108183888A (en) * 2017-12-15 2018-06-19 恒安嘉新(北京)科技股份公司 A kind of social engineering Network Intrusion path detection method based on random forests algorithm
CN108183888B (en) * 2017-12-15 2020-09-15 恒安嘉新(北京)科技股份公司 Social engineering intrusion attack path detection method based on random forest algorithm
CN108696713A (en) * 2018-04-27 2018-10-23 苏州科达科技股份有限公司 Safety detecting method, device and the test equipment of code stream
CN112055012A (en) * 2018-07-24 2020-12-08 中国计量大学 Distributed system
CN110598128A (en) * 2019-09-11 2019-12-20 西安电子科技大学 A Community Detection Method for Large-Scale Networks Against Sybil Attacks
CN110598128B (en) * 2019-09-11 2022-08-09 西安电子科技大学 Community detection method for large-scale network for resisting Sybil attack
CN112839025A (en) * 2020-11-26 2021-05-25 北京航空航天大学 Sybil attack detection method and electronic device based on node attention and forwarding features
CN112839025B (en) * 2020-11-26 2022-04-12 北京航空航天大学 Sybil attack detection method based on node attention and forwarding characteristics and electronic equipment

Also Published As

Publication number Publication date
CN103812864B (en) 2016-09-14

Similar Documents

Publication Publication Date Title
Shayan et al. Biscotti: A blockchain system for private and secure federated learning
Guan et al. Towards secure and efficient energy trading in IIoT-enabled energy internet: A blockchain approach
CN103812864A (en) Sybil attack detection method in online social network
US11455627B2 (en) System of security using blockchain protocol
Yang et al. SDAP: A secure hop-by-hop data aggregation protocol for sensor networks
EP3896638A1 (en) Distributed transaction propagation and verification system
Feng et al. Blockchain-based data management and edge-assisted trusted cloaking area construction for location privacy protection in vehicular networks
Xu et al. A secure and computationally efficient authentication and key agreement scheme for internet of vehicles
Alzahrani et al. A new product anti‐counterfeiting blockchain using a truly decentralized dynamic consensus protocol
Gupta et al. Game theory-based authentication framework to secure internet of vehicles with blockchain
CN106878318A (en) A kind of block chain real time polling cloud system
Samuel et al. An anonymous IoT-based E-health monitoring system using blockchain technology
Li et al. Logisticschain: a blockchain‐based secure storage scheme for logistics data
Samuel et al. GarliChain: A privacy preserving system for smart grid consumers using blockchain
Wang et al. An Efficient Data Sharing Scheme for Privacy Protection Based on Blockchain and Edge Intelligence in 6G‐VANET
Zhu et al. Anonymous voting scheme for boardroom with blockchain
CN111091380B (en) Block chain asset management method based on friend hidden verification
Oh et al. A secure content trading for cross-platform in the metaverse with blockchain and searchable encryption
Hashim Blockchain technology, methodology behind it, and its most extensively used encryption techniques.
Islam et al. A federated unlearning-based secure management scheme to enable automation in smart consumer electronics facilitated by digital twin
Anil et al. Achieving effective secrecy based on blockchain and data sharing in cloud computing
Brandão A blockchain-based protocol for message exchange in a ICS network: student research abstract
CN103248492A (en) Verifiable distributed private data comparing and sequencing method
Chen et al. A digital copyright protection system based on Blockchain and with Sharding network
Tang et al. PSSBP: A privacy-preserving scope-query searchable encryption scheme based on blockchain for parking lots sharing in vehicular networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20160914

Termination date: 20220126

CF01 Termination of patent right due to non-payment of annual fee