CN105100016A - Cloud computing router platform DDoS attack defense method based on VHSAP - Google Patents

Cloud computing router platform DDoS attack defense method based on VHSAP Download PDF

Info

Publication number
CN105100016A
CN105100016A CN201410208329.7A CN201410208329A CN105100016A CN 105100016 A CN105100016 A CN 105100016A CN 201410208329 A CN201410208329 A CN 201410208329A CN 105100016 A CN105100016 A CN 105100016A
Authority
CN
China
Prior art keywords
node
nodes
cloud computing
attack
hash
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410208329.7A
Other languages
Chinese (zh)
Inventor
吴志军
崔奕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Civil Aviation University of China
Original Assignee
Civil Aviation University of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Civil Aviation University of China filed Critical Civil Aviation University of China
Priority to CN201410208329.7A priority Critical patent/CN105100016A/en
Publication of CN105100016A publication Critical patent/CN105100016A/en
Pending legal-status Critical Current

Links

Abstract

Provided is a cloud computing router platform DDoS (Distributed Denial of Service) attack defense method based on a VHSAP. DDoS is a key problem in cloud computing platform security guard. Based on the SOS (Secure Overlay Services) method of defending against DDoS attack employed by a present large scale network, and according to the three-layer configuration of a cloud computing router platform, the invention modifies the consistent hashing algorithm employed by the SOS, and shortens time delay under the condition of guaranteeing the filtering of attack flow. Meanwhile the invention discloses the vulnerability of an exit mechanism employed when SOS nodes are attached, introduces a virtual machine and a heartbeat mechanism, provides a VHSAP for a cloud computing router platform, realizes seamless switching among attacked nodes, and guarantees user security access to the cloud computing platform. The research of the invention is focused on the performance of the VHSAP defending against DDoS under the parameters of attack node numbers, switching time delay, etc., and compares the VHSAP with the SOS method. According to test results, under DDoS attack, the VHSAP has a higher data passing rate, and can improve the security of the cloud computing platform.

Description

Based on the cloud computing route platform defending DDoS (Distributed Denial of Service) attacks method of virtual Hash secure access path VHSAP
Technical field
The present invention is a kind of core algorithm being applied to the defending DDoS (Distributed Denial of Service) attacks of cloud computing route platform.This invention effectively can defend the ddos attack for cloud computing center and cloud computing route platform.This invention belongs to computer skill network safety filed refusal service attack defending technical field.
Background technology
Distributed denial of service attack (DDoS) attacks the class that the network information security has grave danger at present, and its is destructive strong and be easy to start, again because there is multilayer puppet machine to make springboard, and the person's identity that can be good at hiding attack.Cloud computation data center carries the task of the client of all use cloud services, and all cloud service users need to communicate with cloud computing center, once cloud computing center breaks down, all users can be affected.This concerning some use cloud services large enterprise impact particularly huge.So the threat of distributed denial of service attack to cloud computing center is very huge, it is instant for carrying out defending distributed denial of service attack for cloud computing center.
For the method for defending DDoS (Distributed Denial of Service) attacks, existing achievement in research is a lot, and many scholars propose the method for novelty.Mainly contain based on the research in secure access path SAP (SecurityAccessPath) following some.IEEE member AngelosD.Keromytis, VishalMisra, DanRubenstein proposes a kind of safe overlay network service (SecureOverlayServices, SOS), utilize powerful filtering function and secure tunnel technology, effectively can stop ddos attack, and for access point likely victim scan and attack and propose a solution.Afterwards, AngelosD.Keromytis again hypothesize attack person may carry out concentrating attack for the access node in SOS method, and propose to improve the access way of client, make user can enter SOS structure by multiple access node at random, and then avoid victim to track.Chi-HyungIn, ChoongSeonHong, JiangWei, KojiOkamura attack to improve attack efficiency with gradual change type for the leak proposition burst type attack of the safety measure of former overlay network, and propose to use clustering method detection Traffic Anomaly to network traffics.IEEE member XunWang, SriramChellappan, PhillipBoyer, DongXuan proposes Network Intrusion for the structure of former overlay network and congestedly attacks the new attack mode combined, and by the change structure number of plies, map the number of degrees, the parameters such as nodes analyze safe overlay network service performance.
Summary of the invention
The present invention is by the design feature according to the general route platform of the cloud computing between client to cloud computing center, after modifying to consistency Hash link access strategy structure, it is incorporated.The present invention is again by the research of consistency Hash link access strategy, propose may run into after being combined with cloud computing route platform some attack targetedly, and original strategy is improved, propose by incorporated for virtual and heartbeat mechanism virtual-Hash secure path, the protection effect of Hash secure path self can be improved while paring down expenses.Main contents of the present invention are:
1, carry out three layers of abstract to the topological structure of cloud computing route platform to extract
The data transfer platform of cloud computing is also referred to as general route platform.It is the data transfer platform of carrying cloud computing, by access and the traffic handing capacity of each hierarchy routing equipment, meets High Availabitity, easy-to-use, extensibility that cloud computation data center provides end-user service.Cloud computing route platform has the feature of stratification, mostly can be divided into core layer, intermediate layer and Access Layer three layers.User sends request via Access Layer by intermediate layer route, and core layer route, finally arrives cloud computing center.
Former consistency Hash link access structure is applied in the P2P network of non-hierarchical structure, completely according to the routing mode ignoring physical topology of chord algorithm, although this routing mode can be good at filtering attack stream, also bring very large delay problem simultaneously.By the structure of research level cloud computing route platform, in conjunction with the former consistency Hash link access strategy being applied to P2P network, propose the Hash secure access path based on cloud computing route platform, the application layer routing mode of application chord algorithm while, the feature of binding hierarchy network topology structure, makes routing mode be suitable for the physical topology of stratification while guarantee filtering attack stream as far as possible.Hash secure access path structure schematic diagram as shown in Figure 1.
2, consistency Hash link access strategy is applied to cloud computing route platform three-decker.
Using cloud computing center as the target in Hash secure path structure, respectively in core layer, intermediate layer, arranges part of nodes as the secret node in Hash secure path in Access Layer, guides node and secure accessing node.If user will access cloud computing center, first Access Layer node can be sent the request to.This node, then can by request forward on adjacent secure accessing node if not secure accessing node.Guide node to carry out routing forwarding according to consistency hash algorithm to last layer after secure accessing node carries out authentication to it, guide node again packet to be forwarded to secret node.Finally, packet is forwarded to target by secret node again.Filter settings around target rule only allows the packet coming from secret node to pass through.The transmitting procedure of the packet of validated user is all the routing mode set up on the application layer, and if assailant to cloud computing center offensive attack, just can only will carry out according to the Routing Protocol of network layer.
Rule should be set on the router be connected with the guide node and secret node of Hash secure path simultaneously, abandon the node do not belonged in Hash secure path structure to forward and next packet, the attack stream that such assailant starts can both select in just must forwarding at 3 layers in the node of Hash secure path just likely arrive target, but this probability is very little.If the node of taking-up 30% is in each layer as the node of Hash secure path, and assailant forwards according to network layer routing mode Stochastic choice node, then assailant is 30% at each layer attacks to the probability of Hash secure path node, the attack stream started on average only has left and right to arrive target, and this is very little on the impact of target.And Hash secure path only needs the redirect between three physical levels by cloud computing route platform arrival cloud computing center, compare the redirect repeatedly ignoring physical topological structure of query script in SOS structure and can save a large amount of time, shorten time delay.
3, innovatory algorithm for the chord algorithm in consistency Hash link access strategy is proposed.
Hash mapping is carried out in the nodal information of nodes all in network such as IP address by chord, then by node identifier from small to large arranged clockwise become a ring-type, the next node in arrangement is exactly next node along clockwise direction in annular.
Because former consistency Hash link access strategy is applied in the network of P2P, in order to the network configuration enabling the link-access strategy of consistency Hash be applied to three layers, the query steps of the routing algorithm of chord is decomposed by this method, only get first three redirect, make it meet the structure of secure path.First need to carry out Hash operation to the address of node of cloud computing route platform and the address of destination server, draw identifier, be all mapped on chord ring.Choose afterwards the backward node of object identifier clockwise after a region, this region is called secure accessing district, and the size in region can be chosen arbitrarily according to the needs choosing node number within half ring.Node identifier in secure accessing district and the node being positioned at cloud computing route platform Access Layer can choose as secure accessing node.Be called in clockwise 180 ° of corresponding other a part of regions in this secure accessing district and guide district.Node identifier is guiding in district and the node being positioned at cloud computing route platform intermediate layer can be chosen as guide node.The region formed backward node from last node in guide district to object identifier is then called secret zones.Node identifier in secret zones and the node being positioned at cloud computing route platform core layer can choose as secret node.Secret node all preserves the address information of destination node.When packet arrives secret node, secret node need not continue down to search according to the routing mode of former chord again, but directly packet is sent to destination address.The not selected node got then, not in Hash secure path structure, excludes chord ring, does not participate in chord routing procedure.
Pointer gauge for the node of chord also has the place needing adjustment.When the backward node of node corresponding to the maximum list item of secure accessing querying node procedure pointer table does not exist in pointer district or breaks down, so according to former chord algorithm, in pointer gauge, the pointer gauge of these secure accessing nodes will exceed the scope in guide district using the object of the node of secret zones as inquiry.Therefore, we need on secure accessing node, carry out a judgement, if the value of the backward node that its query aim is corresponding has exceeded the scope of the identifier in pointer district, can not continue to select next node clockwise, but identifier the maximum in select finger district.This just ensures that this strategy is time under attack, there will not be secure accessing node to forward and next packet maps directly on the node of secret zones owing to guiding rolling off the production line of node, but the node that still can also normally work in guide district transmits.Fig. 2 is total nodes when being 64 based on the schematic diagram of this method of chord ring, supposes that K61 is object identifier.And the pointer gauge that table 1 is node N16 changes the contrast table of front and back.
The pointer gauge of table 1 node N16 changes the contrast table of front and back
In fig. 2, the packet of the validated user after certification will transmit by Access Layer node N16 clockwise.Can be found out by its pointer gauge, the node of its next redirect is 58, has exceeded the scope guiding district.According to the above, this method is here revised as to guide in district identifier the maximum that is 46.When to be forwarded to identifier be on the node of 46 to packet time, the node that this node finds out down hop by pointer gauge is again N3.No matter oneself be then whether the backward node of object identifier when node N3 receives packet, directly packet is forwarded the address to the destination server self preserved.By this forwarding process, the three layer routing forwarding of packet in Hash secure path just can be completed.
4, Virtual Machine Mechanism and heartbeat mechanism is introduced
Adopt the mode of consistency hash algorithm effectively can alleviate the impact of malicious data bag on destination server.But cloud computing route platform self also may become the target of assailant.Hypothesize attack person can grasp the information of cloud computing route platform node in real time, and namely assailant can to all node offensive attacks be in cloud computing route platform three-decker.According to the description of Keromytis in the service of safe overlay network, one of characteristic of safe overlay network service be exactly in overlay network any one node attacked, this node all can exit overlay network simply.That give assailant's chance to attack.For the leak in this safety measure, a kind of new attack mode is proposed, namely assailant periodically selects a part of node as object of attack, when next cycle arrives, by the means such as intercepting, hypothesize attack person can recognize in the node oneself attacked, which node is not in Hash secure path, and the direction of attack of these nodes is changed when next cycle, reselect attack node.Meanwhile, the self-regeneration characteristic of consistency Hash link strategy can complete the eliminating of malfunctioning node by periodic stabilization procedures, prevent malfunctioning node from affecting network proper communication.These two kinds of mechanism all can cause the quick consumption of nodes number above.We can from simple analysis probability under novel attack the problem of former safe overlay network.
First set the nodes of every one deck as N 1, N 2, N 3.In secure access structure, the nodes of every one deck is respectively u s, u b, u o.Assailant can attack P simultaneously dindividual node.
First hypothesize attack person analyzes after having carried out once attacking.
The assailant of every one deck is after first time attacks, and when being about to start second time to attack, the probability can attacking Hash secure path interior joint is respectively u s N 1 - P d × N 1 N 1 + N 2 + N 3 , u b N 2 - P d × N 2 N 1 + N 2 + N 3 u o N 3 - P d × N 3 N 1 + N 2 + N 3 .
Suppose that cloud computing route platform in the meantime carry out self-regeneration, eliminate malfunctioning node.The node that every one deck is got rid of is respectively a, b, c.In so attacking for the probability can attacking the node of Hash secure path every one deck be u s N 1 - a - P d × N 1 N 1 + N 2 + N 3 , u b N 2 - b - P d × N 2 N 1 + N 2 + N 3 , u o N 3 - c - P d × N 3 N 1 + N 2 + N 3 .
By that analogy, promote along with assailant carries out the number of times attacked, can after hypothesize attack person attacks N time, three layers respectively repaired a ', b ', c '.The probability attacking secure path interior joint becomes u s N 1 - a ′ - P d × N 1 × N N 1 + N 2 + N 3 , u b N 2 - b ′ - P d × N 2 × N N 1 + N 2 + N 3 , u o N 3 - c ′ - P d × N 3 × N N 1 + N 2 + N 3 . As can be seen here, along with assailant constantly attacks, the probability that assailant attacks secure access structure node can become increasing, and the probability of the user data packet loss caused also will be larger.Namely allow to monitor whole cloud computing route platform in real time and the method adopting computer to restart can not settle the matter once and for all, and restart the loss of computer hardware also very large frequently.
By above analysis, under the visible attack pattern being subject to above-mentioned this continuous Transformation Attack direction, if safe overlay network or according to original mode, node under attack simply being carried out process of rolling off the production line, is so larger on the impact of transport communication.Utilize present popular virtual machine technique, when not increasing legacy network structure expense, virtualized transformation is carried out to the node of whole network, each host separates multiple stage virtual machine, so just the node in network is converted to a large amount of dummy nodes.The present invention proposes the backup node of most dummy node as safeguard construction interior joint, by the Real-Time Monitoring to safeguard construction interior joint state, is replaced by the dummy node of backup existing by attack node in time, adds in chord ring and carry out work.Wherein in order to ensure that in secure path, dummy node for subsequent use can take over the work of origin node on chord ring, the virtual node identifiers on every platform host should be continuous arrangement together.By the seamless switching of new and old node, just can attack be reduced to minimum on the impact of node, ensure that communication is carried out smoothly.
In order to monitor the health status of whole cloud computing route platform node in real time, adopt heartbeat mechanism, schematic diagram as shown in Figure 3.
This mechanism regularly sends detection packet to target and waits for that it is responded, if still without response after target time-out, just represent target and lost efficacy, report to the police.Now, the standby virtual node in secure path starts to add chord ring according to chord algorithm, obtains the backward node of self and changes the forward direction node of backward node.And chord ring also can get rid of the node losing response in the pointer table in periodic stabilization procedures, and add new node, complete and once repair.Malfunctioning node, owing to being virtualized, so it is very convenient to reconfigure process, can complete very easily within the time that new node adds network.
Accompanying drawing explanation
Fig. 1 is the Hash secure access path structure figure in cloud computing route platform of the present invention;
Fig. 2 is that three layers of chord ring of the present invention divide schematic diagram;
Fig. 3 is virtual machine of the present invention and heartbeat mechanism schematic diagram;
Embodiment
The present invention utilizes OMNET++ software to establish a network analysis model according to the structure simulation of Hash secure path, analyze four kinds of parameters: total nodes (N), attack nodes (Na), attack and repairing efficiency ratio (w), when the handover delay (t) of backup node, the situation of change of data pass rate, and compare with former method.
(1) model emulation of the total nodes of network and network success communication packet proportionate relationship
In this model, the present invention mainly studies the relation of the total nodes of network and packet loss.Experiment parameter is set as follows: attack nodes and choose 30, the attack cycle is 1s, and repairing efficiency is 1s, and the nodes of each layer Hash secure path is respectively 12,6,3.
(2) model emulation of network attack nodes and network success communication packet proportionate relationship
In this model, the present invention mainly studies the relation of network attack nodes and packet loss.Experiment parameter is set as follows: total nodes N is set to 1000, and attacking with the ratio of the speed of repairing is 1, and the nodes of each layer Hash secure path is respectively 120,60,30.
(3) attack and the model emulation repairing speed ratio and network success communication packet proportionate relationship
In this model, the present invention mainly studies the relation between the ratio of the speed of attacking and repair and data pass rate.Experiment parameter is set as follows: total nodes N is set to 1000, and attacking nodes Na is 300, keeps repairing interval 1s constant, and attack interval and change from 0.1s to 10s, the nodes of each layer Hash secure path is respectively 120,60,30.
(4) model emulation of node handover delay and network success communication packet proportionate relationship
In this model, the present invention mainly studies the relation between the time delay of node switching and data pass rate.Experiment parameter is set as follows: total nodes N is set to 1000, and attacking nodes Na is 300, and the nodes of each layer Hash secure path is respectively 120,60,30.
Table 2 is at the total nodes N of change, attacks nodes A, attacks and compares with the data pass rate of former consistency Hash link access structure with virtual Hash secure path when the period ratio w repaired.
Under table 2 different parameters, VHSAP compares with the data pass rate of former method
VHSAP SOS
N=100,A=30,w=1 60% 11%
N=1000,A=30,w=1 91% 65%
N=1000,A=100,w=1 90% 60%
N=1000,A=500,w=1 62% 2%
N=1000,A=300,w=1 60% 14%
N=1000,A=300,w=2 93% 30%
Can be found out by table 2 result, at the total nodes of change, attack nodes, when attacking with repairing efficiency ratio, adopt the access strategy of seamless switching to be all better than former strategy in network access data percent of pass.And as can be seen from the relation of node handover delay and data pass rate, increasing namely from seamlessly switching to without the process switched along with node handover delay is started from scratch, network data percent of pass presents and reduces trend gradually.In sum, the method for virtual Hash secure path is adopted can to tackle attack preferably.

Claims (2)

1., based on a cloud computing route platform defending DDoS (Distributed Denial of Service) attacks method of virtual Hash secure access path VHSAP, this algorithm is realized by following steps:
(1) carry out three layers of abstract to the topological structure of cloud computing route platform to extract, be respectively core layer, intermediate layer, Access Layer;
(2) consistency Hash link access strategy is applied to cloud computing route platform three-decker, using cloud computing center as the target in Hash secure path structure, respectively in core layer, intermediate layer, arrange part of nodes as the secret node in Hash secure path in Access Layer, guide node and secure accessing node, rule should be set on the router be connected with the guide node and secret node of Hash secure path simultaneously, abandon the node do not belonged in Hash secure path structure and forward and next packet;
(3) improve for the chord algorithm in consistency Hash link access strategy, make it more be applicable to the three-decker of cloud computing route platform, the Routing Loop region of chord is decomposed, is divided into secure accessing district, guide district, secret zones; Need on secure accessing node, carry out a judgement simultaneously, if the value of backward node corresponding to its query aim has exceeded the scope of the identifier in pointer district, can not continue to select next node clockwise, but identifier the maximum in select finger district;
(4) present popular virtual machine technique is utilized, when not increasing legacy network structure expense, virtualized transformation is carried out to the node of whole network, each host separates multiple stage virtual machine, so just the node in network is converted to a large amount of dummy nodes;
(5) heartbeat mechanism is introduced, this mechanism regularly sends detection packet to target and waits for that it is responded, if still without response after target time-out, just represent target to lose efficacy, report to the police, now, standby virtual node in secure path starts to add chord ring according to chord algorithm, obtain the backward node of self and change the forward direction node of backward node, and chord ring also can get rid of the node losing response in the pointer table in periodic stabilization procedures, and add new node, complete and once repair.
2. the cloud computing route platform defending DDoS (Distributed Denial of Service) attacks method based on virtual Hash secure access path VHSAP according to claim 1, is characterized in that:
Step 1) utilize OMNet++ Network Simulation Software, build simulated environment wherein, simulate the work of virtual Hash secure path in cloud computing route platform and under attack time state;
Step 2) attack nodes choose 30, the attack cycle is 1s, repairing efficiency is 1s, the nodes of each layer Hash secure path is respectively 12,6,3, change network total nodes from 100 to 1000 changes, and compare and improve one's methods herein, former method, do not adopt the total nodes of any method lower network and network success communication packet proportionate relationship;
Step 3) total nodes N is set to 1000, attacking with the ratio of the speed of repairing is 1, the nodes of each layer Hash secure path is respectively 120,60,30, change and attack nodes ratio shared in total nodes, and compare and improve one's methods herein, former method, do not adopt any method lower network to attack nodes and network success communication packet proportionate relationship;
Step 4) total nodes N is set to 1000, attacking nodes Na is 300, keep repairing interval 1s constant, be interposed between attack on transverse axis and change from 0.1s to 10s, the nodes of each layer Hash secure path is respectively 120,60,30, change the period ratio attacked with repairing, and compare and improve one's methods herein, former method, do not adopt and to attack under any method and to repair speed ratio and network success communication packet proportionate relationship;
Step 5) total nodes N is set to 1000, attacking nodes Na is 300, the nodes of each layer Hash secure path is respectively 120,60,30, the handover delay of concept transfer, and compares and to improve one's methods herein and former method node handover delay and network success communication packet proportionate relationship.
CN201410208329.7A 2014-05-12 2014-05-12 Cloud computing router platform DDoS attack defense method based on VHSAP Pending CN105100016A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410208329.7A CN105100016A (en) 2014-05-12 2014-05-12 Cloud computing router platform DDoS attack defense method based on VHSAP

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410208329.7A CN105100016A (en) 2014-05-12 2014-05-12 Cloud computing router platform DDoS attack defense method based on VHSAP

Publications (1)

Publication Number Publication Date
CN105100016A true CN105100016A (en) 2015-11-25

Family

ID=54579575

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410208329.7A Pending CN105100016A (en) 2014-05-12 2014-05-12 Cloud computing router platform DDoS attack defense method based on VHSAP

Country Status (1)

Country Link
CN (1) CN105100016A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106254312A (en) * 2016-07-15 2016-12-21 浙江宇视科技有限公司 A kind of method and device being realized server attack protection by virtual machine isomery
CN106357661A (en) * 2016-09-30 2017-01-25 中国人民解放军信息工程大学 Switch-rotation-based distributed denial of service attach defending method
CN108521449A (en) * 2018-03-22 2018-09-11 于洋 Network device operation records remote backup method and system
CN110891050A (en) * 2019-10-24 2020-03-17 中国科学技术大学 Full-chain atomic-level active safe routing method
CN112447076A (en) * 2020-11-05 2021-03-05 贵州数安汇大数据产业发展有限公司 Real-network attack and defense drilling system with controllable risk

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106254312A (en) * 2016-07-15 2016-12-21 浙江宇视科技有限公司 A kind of method and device being realized server attack protection by virtual machine isomery
CN106254312B (en) * 2016-07-15 2019-12-13 浙江宇视科技有限公司 method and device for achieving server attack prevention through virtual machine heterogeneous
CN106357661A (en) * 2016-09-30 2017-01-25 中国人民解放军信息工程大学 Switch-rotation-based distributed denial of service attach defending method
CN106357661B (en) * 2016-09-30 2019-09-06 中国人民解放军信息工程大学 A kind of distributed refusal service attack defending method based on interchanger rotation
CN108521449A (en) * 2018-03-22 2018-09-11 于洋 Network device operation records remote backup method and system
CN108521449B (en) * 2018-03-22 2020-05-05 于洋 Remote backup method and system for operation records of network equipment
CN110891050A (en) * 2019-10-24 2020-03-17 中国科学技术大学 Full-chain atomic-level active safe routing method
CN112447076A (en) * 2020-11-05 2021-03-05 贵州数安汇大数据产业发展有限公司 Real-network attack and defense drilling system with controllable risk

Similar Documents

Publication Publication Date Title
CN103929422B (en) Trusted inter-domain safety certificate protocol based on SDN
CN105100016A (en) Cloud computing router platform DDoS attack defense method based on VHSAP
Wenhua et al. Identification method of attack path based on immune intrusion detection
CN106454815B (en) A kind of wireless sensor network routing method based on LEACH agreement
CN102244658B (en) Partitioned type dynamic safety routing method for wireless sensor network on basis of hash chains
CN103701700B (en) Node discovery method in a kind of communication network and system
Han et al. CASLP: A confused arc-based source location privacy protection scheme in WSNs for IoT
CN107682195A (en) The communication network robustness appraisal procedure combined based on complex network with big data
CN108900549A (en) A kind of safe block chain networking technology
CN105812372A (en) Single-packet tracing method based on label switching
Wen et al. Are the popular users always important for information dissemination in online social networks?
CN107124365A (en) A kind of acquisition system of the routing policy based on machine learning
CN108632267A (en) A kind of topology pollution attack defense method and system
CN105072036B (en) A kind of mimicry route decision method of more example routing units
Vatambeti et al. Identifying and detecting black hole and gray hole attack in MANET using gray wolf optimization
Wu et al. I-CIFA: An improved collusive interest flooding attack in named data networking
Wang et al. Deep learning for securing software-defined industrial internet of things: attacks and countermeasures
CN109194505A (en) A kind of power network security defence warning system
Guo et al. MAF-SAM: An effective method to perceive data plane threats of inter domain routing system
CN106332131B (en) A kind of clone's nodal test method and system of wireless sensor network
Nowak et al. Cognitive packet networks for the secure internet of things
Marvel et al. A framework to evaluate cyber agility
Yang et al. Authentication Techniques for Improving the Reliability of the Nodes in the MANET
CN110601878B (en) Method for constructing stealth network
Yu DDoS attacks defense mechanism based on secure routing alliance

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20151125