CN105721301A - Routing computation method supporting credibility classification - Google Patents

Routing computation method supporting credibility classification Download PDF

Info

Publication number
CN105721301A
CN105721301A CN201610105624.9A CN201610105624A CN105721301A CN 105721301 A CN105721301 A CN 105721301A CN 201610105624 A CN201610105624 A CN 201610105624A CN 105721301 A CN105721301 A CN 105721301A
Authority
CN
China
Prior art keywords
credible
network node
node
path
credibility
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610105624.9A
Other languages
Chinese (zh)
Other versions
CN105721301B (en
Inventor
徐恪
杨帆
赵玉东
沈蒙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
Original Assignee
Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University filed Critical Tsinghua University
Priority to CN201610105624.9A priority Critical patent/CN105721301B/en
Publication of CN105721301A publication Critical patent/CN105721301A/en
Application granted granted Critical
Publication of CN105721301B publication Critical patent/CN105721301B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/12Shortest path evaluation
    • H04L45/123Evaluation of link metrics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/021Ensuring consistency of routing table updates, e.g. by using epoch numbers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a routing computation method supporting credibility classification. The method comprises the steps of initializing credible security attribute grade values of each network node and connected link; establishing credible adjacency relations based on a link state protocol; storing a credibility grade value announcement in a link state database with credible security attribute, and forwarding and dispersing the credibility grade value announcement to network nodes supporting the credible security attribute in the whole network in a flooding manner; computing the optimal credible path according to a credibility classification routing computation method; respectively obtaining the path results based on the credibility classification routing computation method, and generating a credible routing list according to the path results by the network nodes; and if the credibility topology of the whole network changes, sending a new credibility grade value announcement to the outside from the changed position, thus facilitating the update of the link state database with the credible security attribute in the whole network, and achieving the recomputation of the credible routing list. The computation method provided by the invention has the advantages of rapid convergence rate, small extra overhead and wide application range.

Description

Support the route computing method of credibility classification
Technical field
The present invention relates to Internet technical field, particularly to a kind of route computing method supporting credibility classification.
Background technology
Now in the network world of highly interconnection, safety issue is facing huge challenge, malicious person's attack means is changeful, the harm that virus wooden horse causes constantly is upgraded, Symantec of American Network safe practice supplier year internet security threaten in report and point out, it within 2013, it is the year that large-scale data leaks, within 2014, zero-day vulnerability quantity records high, top news is climbed up in major safety risks again and again, mobile rogue program quantity continuous rise in 2015, extorts the security threat impacts such as software rise more far-reaching.Internet security vulnerability is brought by its opening in a sense, opening causes the complexity of network, the uncertainty of secure border, safety product relies on sees that trick tears trick upgrading open constantly, result fire wall is built higher and higher, intrusion detection is done more complicated and more complicated, malicious code storehouse is done bigger and bigger, and input for safety is continuously increased therewith, and the service efficiency of information system is but substantially reduced, these problems cause network security management and safeguard extremely difficult, it is difficult to realize unified secure and trusted mechanism.
Summary of the invention
It is contemplated that one of technical problem solved at least to a certain extent in above-mentioned correlation technique.
For this, it is an object of the invention to propose a kind of route computing method supporting credibility classification, the method has that convergence rate is very fast, obtain credible attribute overhead less, flexible adaptation different network environments and advantage applied widely.
To achieve these goals, embodiments of the invention propose a kind of route computing method supporting credibility classification, comprise the following steps: S1: the credible and secure attribute of each network node and connecting link is carried out grade point division and initialization, to respectively obtain the confidence level value of each network node and connecting link, wherein, described confidence level value is the integer more than or equal to 0;S2: described route computing method is polymerized with network routing protocol, and the neighbours with credible and secure attribute are found based on link-state protocol, and set up credible syntopy, and send the notice of confidence level value to the network node of the credible syntopy of all formation;S3: the network node of described formation is credible syntopy receives described confidence level value and notices, and the notice of described confidence level value is stored in the LSD with credible and secure attribute, and in flooding mode, the notice forwarding of described confidence level value being diffused to the network node supporting credible and secure attribute in the whole network, the described LSD with credible and secure attribute is synchronized to obtain the credible topology of the whole network by the network node of the credible and secure attribute of described support;S4: calculate network node to other each network node credible optimal path when difference credibility reference value Φ according to credibility hierarchical routing computational methods;S5: described network node is each based on credibility hierarchical routing computational methods and obtains route result, and generates credible routing table according to described route result;And S6: judge whether the credible topology of described the whole network changes, if, the position then changed is sent out new confidence level value and notices, there is the renewal of the LSD of credible and secure attribute to promote the whole network to carry out, and jump to described step S3 and continue executing with, rerun realizing credible routing table.
The route computing method of support credibility classification according to embodiments of the present invention, the each network role (including the network user, network node, connecting link etc.) participating in network activity is carried out credible and secure attribute ratings value divide, and complete the synchronization of credible and secure attribute the whole network in conjunction with real network running status, finally provide the desired best trusted path of laminating user according to computational methods.The method can under centerized fusion network environment, solve according to the credible topology of the whole network, it also is able under decentralized management network environment, easily realize being polymerized with network routing protocol, the overhead obtaining credible attribute is less, computational methods convergence rate is very fast, provides controlled guarantee to realize delivery safety for data transmission and lays the foundation, and provides technical support for a new generation's secure and trusted network architecture further.
It addition, the route computing method of support credibility classification according to the above embodiment of the present invention can also have following additional technical characteristic:
In some instances, wherein, described connecting link is the link between direct neighbor network node, the confidence level value of described each connecting link is determined by the credible and secure attribute of corresponding two end nodes of described connecting link respectively, and using the value less for confidence level value in the said two end node confidence level value as described connecting link.
In some instances, described S4 farther includes: chooses starting point and point of destination from described network node, and judges whether described starting point exists delivery safety path between point of destination;If there is delivery safety path between point of destination in described starting point, then obtain from the delivery safety path of the described starting point of all connections and point of destination and pay the minimum delivery safety path of cost summation, and using delivery safety path minimum for described payment cost summation as credible optimal path.
In some instances, wherein, if able to find the path connecting described starting point and point of destination, and meet each link confidence level value link-C on described path and be all not less than the credibility reference value Φ in this path, then judge that described starting point exists delivery safety path between point of destination, wherein, Φ > 0.
In some instances, minimum payment cost summation is obtained by equation below:
Wherein, link-C represents that connection starting point is to the confidence level value of each link on a certain paths Path of point of destination, and Cost represents each link cost on this path,Represent the payment cost of each link on this path,Represent the payment cost summation of all links on this path P ath.
In some instances, described S4 farther includes: S41: scanning one network node RAAnd the different values of other each network node confidence level value C, will less than or equal to described network node RAConfidence level value CRAAll values charge to setWherein,S42: extract a untreated path credibility reference value in described set ZAnd according to describedThe credible topology of described the whole network is carried out pretreatment, and obtains pre-processed results topologyS43: according to described pre-processed results topologyMinimum payment cost method for solving is adopted to calculate described network node RAAnd minimum payment cost E and with R between other each network nodeAFor the credible optimal path result Path of starting point, and record corresponding credibility reference valueIntroductory path result;S44: judge whether there is reference value in set ZNot processed, continue with if it is present jump to described step S42, otherwise, calculate complete, and export final described network node RATo other each network node credible optimal path when different credibility reference value Φ.
In some instances, according to describedThe credible topology of described the whole network is carried out pretreatment, farther includes: perform link cost Cost and link confidence level value link-C binaryparameter ratio result and round downwards calculating to obtain syntopy correspondingWherein, the value of the link cost Cost in the credible topology of described the whole network is that ∞ and link-C value is lower than credibility reference valueIn situation, pre-processed results is directly set to
In some instances, also include: if described network node RAAnd in credibility reference value between another network nodeDelivery safety path it is absent from, then by credibility reference value under conditionDescribed network node R under conditionAAnd between another network node described, minimum payment cost E is set to ∞, and by described network node RACredible optimal path result Path to another network node described is set to sky ^.In some instances, described network node R is calculatedAAnd minimum payment cost E between other each network node, specifically includes: a. is by described network node RAAdd and selected set of node N, other network node is added set of node N to be selectedother, initialize described network node RARoute result estimation condition to other each network node is that delivery safety is unreachable, and minimum payment cost E is set to ∞ respectively;B. according to described pretreatment topologyIn credible annexation and described route result estimation condition, at set of node N to be selectedotherMiddle searching and described network node RABetween pay the minimum node R of cost EX, and record < RA、RX> minimum payment cost E<RA、RX>, the described R of corresponding renewalAAnd RXRoute result estimate, and by network node RXAdd and selected set of node N, wherein, described node RXTo described node RARoute result estimate that a permission approach has selected set of node N select node;C. set of node N to be selected is judged successivelyotherIn all the other nodes when allowing the up-to-date set of node N of approach, to RARoute result estimate whether change, if route result estimate from unreachable become up to or minimum payment cost E reduce, then update estimated result between corresponding node;D. set of node N to be selected is judgedotherWhether it is empty, if not being empty, then jumps to described step b, otherwise, solve complete, and export in credibility reference valueCondition lower network node RAAnd minimum payment cost E and with R between other each network nodeAOptimal path result Path for starting point.
In some instances, described b farther includes: if described set of node N to be selectedotherIn residue node and RABetween minimum payment cost E be ∞, then by set of node N to be selectedotherIn residue node all add described in selected set of node N.
In some instances, described c farther includes: if a node and RABetween minimum payment cost E when have mulitpath, then few one of selecting paths approach nodes, if path approach nodes is also identical, then select simple path cost andMinimum one.
The additional aspect of the present invention and advantage will part provide in the following description, and part will become apparent from the description below, or is recognized by the practice of the present invention.
Accompanying drawing explanation
Above-mentioned and/or the additional aspect of the present invention and advantage are from conjunction with will be apparent from easy to understand the accompanying drawings below description to embodiment, wherein:
Fig. 1 is the flow chart of the route computing method supporting credibility classification according to an embodiment of the invention;
Fig. 2 is current network topology structure and the running status schematic diagram of one embodiment of the invention;
Fig. 3 is the schematic diagram of the credible topology of the whole network obtained under the current network conditions of one embodiment of the invention;
Fig. 4 is the schematic diagram of pre-processed results topology according to an embodiment of the invention;
Fig. 5 is pre-processed results topology schematic diagram in accordance with another embodiment of the present invention;And
Fig. 6 is the pre-processed results topology schematic diagram of another embodiment of the present invention.
Detailed description of the invention
Being described below in detail embodiments of the invention, the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or has the element of same or like function from start to finish.The embodiment described below with reference to accompanying drawing is illustrative of, and is only used for explaining the present invention, and is not considered as limiting the invention.
The route computing method of support credibility classification according to embodiments of the present invention is described below in conjunction with accompanying drawing.
Fig. 1 is the flow chart of the route computing method supporting credibility classification according to an embodiment of the invention.As it is shown in figure 1, support the route computing method of credibility classification according to an embodiment of the invention, comprise the following steps:
Step S1: the credible and secure attribute of each network node and connecting link is carried out grade point division and initialization, to respectively obtain the confidence level value of each network node and connecting link, wherein, confidence level value is the integer more than or equal to 0.
Specifically, the different network users has different credible and secure attributes based on self true identity and authority, equally, each network node also has different credible and secure attributes under trusted mechanism is checked, and these credible and secure attributes can be extracted and carry out the division of confidence level value C (Credit).The span of confidence level value C is greater than or equal to the integer of 0, when C value shows that more greatly confidence levels is more high, when C value is defined as insincere rank equal to 0.
In one embodiment of the invention, connecting link is the link between direct neighbor network node, the confidence level value of each connecting link is determined by the credible and secure attribute of corresponding two end nodes of this connecting link respectively, and using the value less for confidence level value in two end nodes confidence level value as this connecting link.It should be noted that in the whole network confidence level value initialization procedure, do not support that network role (including the network user, network node, connecting link etc.) its confidence level value of credible and secure attribute is designated 0.
Step S2: route computing method is polymerized with network routing protocol, and the neighbours with credible and secure attribute are found based on link-state protocol, and set up credible syntopy, and send the notice of confidence level value to the network node of the credible syntopy of all formation, for instance be denoted as CA.Specifically, CA notices for identifying network node self C value, connected all trusted neighbor C values and to the link-C value of link between neighbours.This CA data cell and link-state information LSA are overlapped, such as forming tlv triple (network node ID [C value], neighbours ID [C value] and link cost Cost [link-C value]), wherein (network node ID, neighbours ID, link cost Cost) keeps the original implication of link-state information LSA constant.
Step S3: the network node forming credible syntopy receives confidence level value notice CA (i.e. tlv triple data cell), and the notice of confidence level value be stored in the LSD with credible and secure attribute, and in flooding mode, the notice CA forwarding of confidence level value is diffused to the network node supporting credible and secure attribute in the whole network.Wherein, if all working is normal, so each network node all can form the same LSD with credible and secure attribute, after the LSD with credible and secure attribute is synchronized by the network node then supporting credible and secure attribute, a credible topology of the whole network can be obtained, such as it is denoted as T, the concrete example such as shown in table 1 below of the whole network is credible topology T.
RA RB RC RD RE
RA 0[CRA] Cost[link-C] Cost[link-C] Cost[link-C] Cost[link-C]
RB Cost[link-C] 0[CRB] Cost[link-C] Cost[link-C] Cost[link-C]
RC Cost[link-C] Cost[link-C] 0[CRC] Cost[link-C] Cost[link-C]
RD Cost[link-C] Cost[link-C] Cost[link-C] 0[CRD] Cost[link-C]
RE Cost[link-C] Cost[link-C] Cost[link-C] Cost[link-C] 0[CRE]
Table 1
Step S4: calculate network node to other each network node credible optimal path when difference credibility reference value Φ according to credibility hierarchical routing computational methods.
In one embodiment of the invention, with some network node RAFor example, credibility hierarchical routing computational methods are described, specifically include:
Within network nodes with RAChoose different points of destination for starting point, and judge whether starting point exists delivery safety path between point of destination.Specifically, if it is possible to find connection starting point RAWith the path of a certain point of destination, and meet each link confidence level value link-C on path and be all not less than the credibility reference value Φ in this path, then judge starting point RADelivery safety path is there is between this point of destination, wherein, Φ > 0.It should be noted that the credibility reference value Φ in path can be self-defined by actual demand, it is also possible to take confidence level value relatively low in starting point and point of destination.
If starting point RADelivery safety path is there is, then from all connection starting point R between a certain point of destinationAPay the minimum delivery safety path of cost summation with the delivery safety path of this point of destination obtains, and the minimum delivery safety path of cost summation will be paid as credible optimal path.Wherein, the target of this is credible optimal path is to meet equally to ensure when user expects confidence level value link-C that link cost Cost is relatively low as far as possible, or ensures that network trusted grade point link-C is higher as far as possible when same link cost Cost.
Wherein, for instance obtain minimum payment cost summation by equation below:
Wherein, link-C represents that connection starting point is to the confidence level value of each link on a certain paths Path of point of destination, and Cost represents each link cost on this path P ath,Represent the payment cost of each link on this path,Represent the payment cost summation of all links on this path P ath.
In one embodiment of the invention, S4 farther includes:
S41: scan a network node RAAnd the different values of other each network node confidence level value C, will less than or equal to network node RAConfidence level value CRAAll values charge to setWherein,Set Z is used for representing network node RAIt is likely to all paths credibility reference range supported.
S42: extract a untreated path credibility reference value in set ZAnd according toThe whole network credible topology T is carried out pretreatment, and obtains pre-processed results topologyPre-processed resultsConcrete example such as shown in table 2 below, wherein, in the pre-processed results topology shown in table 2In example, it is assumed that network node REConfidence level value CRE=0.Wherein, the process of pretreatment is such as: performs link cost Cost and link confidence level value link-C binaryparameter ratio result and rounds downwards calculating and obtain adjacent chain road relation and pay cost accordinglyWherein, the value of link cost Cost in the whole network credible topology T is that ∞ (namely unreachable) and link confidence level value link-C value are lower than credibility reference value(namely do not supportLevel security is paid, including link-C=0) in situation, pre-processed results is directly set to
Table 2
S43: according to pre-processed results topologyAdopt minimum payment cost method for solving computing network node RAAnd minimum payment cost E and with R between other each network nodeAFor the credible optimal path result Path of starting point, and record corresponding credibility reference valueIntroductory path result.
S44: judge whether there is reference value in set ZNot processed, continue with if it is present jump to step S42, otherwise, calculate complete, and export final network node RATo other each network node credible optimal path when different credibility reference value Φ, concrete example is as shown in table 3 below, wherein, at the network node R shown in table 3AIn optimal path result example when different credibility reference value Φ, it is assumed that network node REConfidence level value CRE=0.Further, if network node RAAnd in credibility reference value between another network nodeBeing absent from delivery safety path under condition, namely credible optimal path solves failure, then by credibility reference valueCondition lower network node RAAnd minimum payment cost E is set to ∞ and network node R between this network nodeACredible optimal path result Path to this network node is set to sky ^.
Table 3
Wherein, computing network node RAAnd the concrete solution procedure of minimum payment cost E is as follows between other each network node:
A. by network node RAAdd and selected set of node N, other network node is added set of node N to be selectedother, initialize network node RARoute result estimation condition to other each network node is that delivery safety is unreachable, and minimum payment cost E is set to ∞ respectively.
B. according to pretreatment topologyIn credible annexation and existing route result estimation condition, at set of node N to be selectedotherMiddle searching and network node RABetween pay Least-costNode RX, wherein node RXTo node RARoute result estimate that a permission approach has selected set of node N select node;Then record < RA、RX> minimum payment cost E<RA、RX>, corresponding renewal RAAnd RXRoute result estimate, and by network node RXAdd and selected set of node N, it is necessary to explanation, if the attempt to set of node N to be selectedotherMiddle residue node and RABetween minimum payment cost E be ∞, just residue node is all added and has selected set of node N.
C. set of node N to be selected is judged successivelyotherIn all the other nodes when allowing the up-to-date set of node N of approach, to RARoute result estimate whether change, if route result estimate from unreachable become up to or minimum payment cost E reduce (i.e. route result estimate become excellent), then estimated result between renewal corresponding node.Need to say, if there is a node and RABetween minimum payment cost E when have mulitpath, then few one of selecting paths approach nodes, if path approach nodes is also identical, then select simple path cost andMinimum one.
D. set of node N to be selected is judgedotherWhether it is empty, if not being empty, then jumps to step b and continue executing with, otherwise, solve complete, and export in credibility reference valueCondition lower network node RAAnd minimum payment cost E and with R between other each network nodeAOptimal path result Path for starting point.
Step S5: network node is each based on credibility hierarchical routing computational methods and obtains route result, and generate credible routing table according to route result, wherein, credible routing table such as comprise can delivery safety all destination addresses, arrive the information such as credible next hop address and output interface that each destination address to pass through.
Step S6: judge whether the credible topology of the whole network changes, if the whole network is credible, topology changes, such as certain network role confidence level value change etc., the position then changed is sent out new confidence level value and notices CA, there is the renewal of the LSD of credible and secure attribute to promote the whole network to carry out, and jump to step S3 and continue executing with, rerun realizing credible routing table.
Based on the route computing method of the support credibility classification of the above embodiment of the present invention, network node can generate a credible routing table, and the packet for arriving provides routing decision to forward service.For existing network framework, there is the network user of credible class-of-service demand, demand for services can be converted into path this parameter of credibility reference value Φ embedding data packet header, when network node receives packet, read respective entries in credible routing table by extracting this parameter, the classification delivery safety of packet can be ensured.
For a new generation's secure and trusted network architecture, at present under the trusted technology background such as existing such as network true source address verification technique and two dimension route technology, path this parameter of credibility reference value Φ can be grouped source address space by this technology embedding data, or network node directly calculates acquisition based on source address, destination address in two dimension routing procedure, the routing decision easily realizing credibility classification forwards.
For the ease of understanding the route computing method of the support credibility classification of the embodiment of the present invention, below in conjunction with accompanying drawing, with specific embodiment, the method is described in detail.
As specific embodiment, it is assumed that current network topology structure and running status are as in figure 2 it is shown, network node RATo RIRespective syntopy and link cost Cost mark in fig. 2.In the present embodiment, the method such as comprises the following steps:
Step 1: each network role carries out credible and secure attribute ratings value and divides and initialize.Dividing and confidence level value C after known division it is assumed herein that the modes such as network role identity-based, authority, testing mechanism all complete credible and secure attribute ratings, respectively the ask for lower value of both link ends node confidence level value of middle connecting link confidence level value charges to link-C.Such as network node RAConfidence level value be 3, network node RBConfidence level value be 1, the confidence level value of connecting link AB takes 1.
Step 2: be polymerized with network routing protocol, it has been found that there are the neighbours of credible and secure attribute and set up credible syntopy.Such as network node RASend confidence level value to the network node of the credible syntopy of all formation and notice CA, notice CA data cell by network node RBRelevant credible and secure attribute information embeds link-state information LSA, forms tlv triple (RA[CRA=3], RB[CRB=1], Cost=3 [link-C=1]).
Step 3: notice CA and forward the network node diffusing to the whole network credible and secure attribute of support in flooding mode, obtains the whole network credible topology T after each network node state synchronized.If under reference performance, each network node all can form the same LSD (i.e. the whole network credible topology T) with credible and secure attribute, with network node RAFor example, the whole network credible topology T obtained under current network conditions is such as shown in Fig. 3, and correspondence has the LSD of credible and secure attribute such as shown in table 4 below.
RA RB RC RD RE RF RG RH RI
RA 0[3] 3[1] 3[2] 4[3] 1[2] ∞[0] ∞[0] 3[3] ∞[0]
RB 3[1] 0[1] 7[1] ∞[0] ∞[0] ∞[0] ∞[0] ∞[0] ∞[0]
RC 3[2] 7[1] 0[2] 5[2] ∞[0] ∞[0] ∞[0] ∞[0] ∞[0]
RD 4[3] ∞[0] 5[2] 0[4] 2[2] 3[3] ∞[0] ∞[0] ∞[0]
RE 1[2] ∞[0] ∞[0] 2[2] 0[2] 5[2] 5[2] ∞[0] ∞[0]
RF ∞[0] ∞[0] ∞[0] 3[3] 5[2] 0[3] 3[3] ∞[0] 1[0]
RG ∞[0] ∞[0] ∞[0] ∞[0] 5[2] 3[3] 0[5] 7[4] 1[0]
RH 3[3] ∞[0] ∞[0] ∞[0] ∞[0] ∞[0] 7[4] 0[4] ∞[0]
RI ∞[0] ∞[0] ∞[0] ∞[0] ∞[0] 1[0] 1[0] ∞[0] 0[0]
Table 4
Step 4: perform credibility hierarchical routing computational methods, calculates optimal path.With network node R in the present embodimentAIt is described for example, specific as follows:
1) scanning network node RAAnd the different values of other each network node confidence level value C, will less than or equal to node RAAll values of confidence level value 3 charge to set Z={1,2,3}.
2) in set Z, a untreated path credibility reference value is extractedGained the whole network credible topology T is carried out pretreatment, and preprocessing process performs link cost Cost and link confidence level value link-C binaryparameter ratio result rounds downwards calculating, obtains adjacent link relation and pays cost accordinglyValue, output pre-processed results topologyIntuitively show in the way of as shown in Figure 4.
3) according to pretreatment topologyMinimum payment cost method for solving is adopted to carry out network node RAAnd minimum payment cost E and with R between other each network nodeAOptimal path result Path for starting point calculates.Specifically include:
A. by network node RAAdd and selected set of node N={RA, other network node adds set of node N to be selectedother={ RB、RC、RD、RE、RF、RG、RH、RI, initialize network node RAIt is unreachable that route result to other each network node is estimated as delivery safety, and namely minimum payment cost E is set to ∞ respectively, and initial procedure record is such as shown in table 5 below.
Table 5
B. with reference to pretreatment topologyIn credible annexation and existing route result estimation condition, at set of node N to be selectedotherMiddle searching and RABetween pay Least-costNode be RE(only allowing to have selected node in approach set of node N), records < RA、RE> minimum payment costThe corresponding route result updating both is estimated, and by node REAdd and selected set of node N={RA、RE}。
C. set of node N to be selected is judged successivelyotherIn all the other nodes allow the up-to-date set of node N={R of approachA、REUnder condition, to RARoute result estimate whether change, wherein, RB~RHThe path of node is paid cost and is estimated all to diminish, and updates estimated result between corresponding node, and solution procedure record is such as shown in table 6 below.
Table 6
D. current set of node N to be selected is judgedotherNot being empty, circulation proceeds to above-mentioned sub-step B and continues executing with, until attempting set of node N to be selectedother={ RIIn only remain node RIAnd and RABetween minimum payment cost E be ∞, just will remain node RIAdd and selected set of node N, set of node N to be selectedotherSolve complete for sky, output is in credibility reference valueCondition lower network node RAAnd minimum payment cost E and with R between other each network nodeAFor the optimal path result Path of starting point, solution procedure record is such as shown in table 6.
4) judge set Z still suffers from reference valueNot processed, circulation proceeds to above-mentioned steps 2) continue with, and extract path credibility reference valueGained the whole network credible topology T is carried out pretreatment, and preprocessing process performs link cost Cost and link confidence level value link-C binaryparameter ratio result rounds downwards calculating, obtains adjacent link relation and pays cost accordinglyValue, output pre-processed results topologySuch as intuitively show in the way shown in fig. 5.
5) according to pretreatment topologyMinimum payment cost method for solving is adopted to carry out network node RAAnd minimum payment cost E and with R between other each network nodeAOptimal path result Path for starting point calculates.Ibid, initial procedure record is such as shown in table 7 below, and solution procedure record is such as shown in table 8 below for calculating process.
Table 7
Table 8
6) judge set Z still suffers from reference valueNot processed, circulation proceeds to above-mentioned steps 2) continue with, extract path credibility reference valueGained the whole network credible topology T is carried out pretreatment, and preprocessing process performs link cost Cost and link confidence level value link-C binaryparameter ratio result rounds downwards calculating, obtains adjacent link relation and pays cost accordinglyValue, output pre-processed results topologySuch as intuitively show in the manner depicted in FIG. 6.
7) according to pretreatment topologyMinimum payment cost method for solving is adopted to carry out network node RAAnd minimum payment cost E and with R between other each network nodeAOptimal path result Path for starting point calculates.Ibid, initial procedure record is such as shown in table 9 below, and solution procedure record is such as shown in table 10 below for calculating process.
Table 9
Table 10
8) judge set Z is absent from reference valueNot processed, calculate complete, export final network node RATo other each network node credible optimal path when different credibility reference value Φ, for instance shown in table 11 below.As can be seen from Table 11, when path credibility reference valueUnder condition, RATo RFAnd RATo RGOptimal path result compareSituation has moved to ADF and AHG respectively, such result ensure on path each of the links confidence level value link-C all >=3 and confidence level high as far as possible, simultaneously path through nodes the least possible and simple cost summation low as far as possible (particularly all flows are not pooled on a certain paths as not being pooled on ADFG).
Table 11
Step 5: network node is each based on credibility hierarchical routing computational methods and obtains route result, generates credible routing table.Such as RANode, according to table 11 gained route result, each destination address of inquiry correspondence and interface IP address, generates credible routing table, and concrete example is as shown in table 12 below.
Table 12
Step 6: if the credible topology of the whole network there occurs change, such as network node RIConfidence level value C raises and becomes 1, the nodes of locations R changedINew confidence level value can be sent out and notice CA, i.e. tlv triple (RI[CRI=1], RF[CRF=3], Cost=1 [link-C=1]), promote the whole network carry out having credible and secure attribute LSD update, circulation proceed to above-mentioned steps 3 and perform subsequent action, finally realize reruning of credible routing table 12.
To sum up, the route computing method of support credibility classification according to embodiments of the present invention, the each network role (including the network user, network node, connecting link etc.) participating in network activity is carried out credible and secure attribute ratings value divide, and complete the synchronization of credible and secure attribute the whole network in conjunction with real network running status, finally provide the desired best trusted path of laminating user according to computational methods.The method can under centerized fusion network environment, solve according to the credible topology of the whole network, it also is able under decentralized management network environment, easily realize being polymerized with network routing protocol, the overhead obtaining credible attribute is less, computational methods convergence rate is very fast, provides controlled guarantee to realize delivery safety for data transmission and lays the foundation, and provides technical support for a new generation's secure and trusted network architecture further.
In describing the invention, it will be appreciated that, term " " center ", " longitudinal direction ", " transverse direction ", " length ", " width ", " thickness ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end " " interior ", " outward ", " clockwise ", " counterclockwise ", " axially ", " radially ", orientation or the position relationship of the instruction such as " circumference " are based on orientation shown in the drawings or position relationship, it is for only for ease of the description present invention and simplifies description, rather than the device of instruction or hint indication or element must have specific orientation, with specific azimuth configuration and operation, therefore it is not considered as limiting the invention.
Additionally, term " first ", " second " are only for descriptive purposes, and it is not intended that indicate or imply relative importance or the implicit quantity indicating indicated technical characteristic.Thus, define " first ", the feature of " second " can express or implicitly include at least one this feature.In describing the invention, " multiple " are meant that at least two, for instance two, three etc., unless otherwise expressly limited specifically.
In the present invention, unless otherwise clearly defined and limited, the term such as term " installation ", " being connected ", " connection ", " fixing " should be interpreted broadly, for instance, it is possible to it is fixing connection, it is also possible to be removably connect, or integral;Can be mechanically connected, it is also possible to be electrical connection;Can be joined directly together, it is also possible to be indirectly connected to by intermediary, it is possible to be connection or the interaction relationship of two elements of two element internals, unless otherwise clear and definite restriction.For the ordinary skill in the art, it is possible to understand above-mentioned term concrete meaning in the present invention as the case may be.
In the present invention, unless otherwise clearly defined and limited, fisrt feature second feature " on " or D score can be that the first and second features directly contact, or the first and second features are by intermediary mediate contact.And, fisrt feature second feature " on ", " top " and " above " but fisrt feature directly over second feature or oblique upper, or be merely representative of fisrt feature level height higher than second feature.Fisrt feature second feature " under ", " lower section " and " below " can be fisrt feature immediately below second feature or obliquely downward, or be merely representative of fisrt feature level height less than second feature.
In the description of this specification, specific features, structure, material or feature that the description of reference term " embodiment ", " some embodiments ", " example ", " concrete example " or " some examples " etc. means in conjunction with this embodiment or example describe are contained at least one embodiment or the example of the present invention.In this manual, the schematic representation of above-mentioned term is necessarily directed to identical embodiment or example.And, the specific features of description, structure, material or feature can combine in one or more embodiments in office or example in an appropriate manner.Additionally, when not conflicting, the feature of the different embodiments described in this specification or example and different embodiment or example can be carried out combining and combining by those skilled in the art.
Although above it has been shown and described that embodiments of the invention, it is understandable that, above-described embodiment is illustrative of, it is impossible to be interpreted as limitation of the present invention, and above-described embodiment can be changed, revises, replace and modification by those of ordinary skill in the art within the scope of the invention.

Claims (11)

1. the route computing method supporting credibility classification, it is characterised in that comprise the following steps:
S1: the credible and secure attribute of each network node and connecting link is carried out grade point division and initialization, to respectively obtain the confidence level value of each network node and connecting link, wherein, described confidence level value is the integer more than or equal to 0;
S2: described route computing method is polymerized with network routing protocol, and the neighbours with credible and secure attribute are found based on link-state protocol, and set up credible syntopy, and send the notice of confidence level value to the network node of the credible syntopy of all formation;
S3: the network node of described formation is credible syntopy receives described confidence level value and notices, and the notice of described confidence level value is stored in the LSD with credible and secure attribute, and in flooding mode, the notice forwarding of described confidence level value being diffused to the network node supporting credible and secure attribute in the whole network, the described LSD with credible and secure attribute is synchronized to obtain the credible topology of the whole network by the network node of the credible and secure attribute of described support;
S4: calculate network node to other each network node credible optimal path when difference credibility reference value Φ according to credibility hierarchical routing computational methods;
S5: described network node is each based on credibility hierarchical routing computational methods and obtains route result, and generates credible routing table according to described route result;And
S6: judge whether the credible topology of described the whole network changes, if, the position then changed is sent out new confidence level value and notices, there is the renewal of the LSD of credible and secure attribute to promote the whole network to carry out, and jump to described step S3 and continue executing with, rerun realizing credible routing table.
2. the route computing method of support credibility classification according to claim 1, it is characterized in that, wherein, described connecting link is the link between direct neighbor network node, the confidence level value of described each connecting link is determined by the credible and secure attribute of corresponding two end nodes of described connecting link respectively, and using the value less for confidence level value in the said two end node confidence level value as described connecting link.
3. the route computing method of support credibility classification according to claim 1, it is characterised in that described S4 farther includes:
From described network node, choose starting point and point of destination, and judge whether described starting point exists delivery safety path between point of destination;
If there is delivery safety path between point of destination in described starting point, then obtain from the delivery safety path of the described starting point of all connections and point of destination and pay the minimum delivery safety path of cost summation, and using delivery safety path minimum for described payment cost summation as credible optimal path.
4. the route computing method of support credibility classification according to claim 3, it is characterized in that, wherein, if able to find the path connecting described starting point and point of destination, and meet each link confidence level value link-C on described path and be all not less than the credibility reference value Φ in this path, then judge that described starting point exists delivery safety path between point of destination, wherein, Φ > 0.
5. the route computing method of support credibility classification according to claim 4, it is characterised in that obtain minimum payment cost summation by equation below:
Wherein, link-C represents that connection starting point is to the confidence level value of each link on a certain paths Path of point of destination, and Cost represents each link cost on this path P ath,Represent the payment cost of each link on this path,Represent the payment cost summation of all links on this path P ath.
6. the route computing method of support credibility classification according to claim 3, it is characterised in that described S4 farther includes:
S41: scanning one network node RAAnd the different values of other each network node confidence level value C, will less than or equal to described network node RAConfidence level value CRAAll values charge to setWherein,
S42: extract a untreated path credibility reference value in described set ZAnd according to describedThe credible topology of described the whole network is carried out pretreatment, and obtains pre-processed results topology
S43: according to described pre-processed results topologyMinimum payment cost method for solving is adopted to calculate described network node RAAnd minimum payment cost E and with R between other each network nodeAFor the credible optimal path result Path of starting point, and record corresponding credibility reference valueIntroductory path result;
S44: judge whether there is reference value in set ZNot processed, continue with if it is present jump to described step S42, otherwise, calculate complete, and export final described network node RATo other each network node credible optimal path when different credibility reference value Φ.
7. the route computing method of support credibility classification according to claim 6, it is characterised in that according to describedThe credible topology of described the whole network is carried out pretreatment, farther includes:
Perform link cost Cost and link confidence level value link-C binaryparameter ratio result to round downwards calculating to obtain syntopy correspondingWherein, the value of the link cost Cost in the credible topology of described the whole network is that ∞ and link-C value is lower than credibility reference valueIn situation, pre-processed results is directly set to
8. the route computing method of support credibility classification according to claim 6, it is characterised in that also include: if described network node RAAnd in credibility reference value between another network nodeDelivery safety path it is absent from, then by credibility reference value under conditionDescribed network node R under conditionAAnd between another network node described, minimum payment cost E is set to ∞, and by described network node RACredible optimal path result Path to another network node described is set to sky ^.
9. the route computing method of support credibility classification according to claim 6, it is characterised in that calculate described network node RAAnd minimum payment cost E between other each network node, specifically includes:
A. by described network node RAAdd and selected set of node N, other network node is added set of node N to be selectedother, initialize described network node RARoute result estimation condition to other each network node is that delivery safety is unreachable, and minimum payment cost E is set to ∞ respectively;
B. according to described pretreatment topologyIn credible annexation and described route result estimation condition, at set of node N to be selectedotherMiddle searching and described network node RABetween pay the minimum node R of cost EX, and record < RA、RX> minimum payment cost E<RA、RX>, the described R of corresponding renewalAAnd RXRoute result estimate, and by network node RXAdd and selected set of node N, wherein, described node RXTo described node RARoute result estimate that a permission approach has selected set of node N select node;
C. set of node N to be selected is judged successivelyotherIn all the other nodes when allowing the up-to-date set of node N of approach, to RARoute result estimate whether change, if route result estimate from unreachable become up to or minimum payment cost E reduce, then update estimated result between corresponding node;
D. set of node N to be selected is judgedotherWhether it is empty, if not being empty, then jumps to described step b, otherwise, solve complete, and export in credibility reference valueCondition lower network node RAAnd minimum payment cost E and with R between other each network nodeAOptimal path result Path for starting point.
10. the route computing method of support credibility classification according to claim 9, it is characterised in that described b farther includes:
If described set of node N to be selectedotherIn residue node and RABetween minimum payment cost E be ∞, then by set of node N to be selectedotherIn residue node all add described in selected set of node N.
11. the route computing method of support credibility classification according to claim 9, it is characterised in that described c farther includes:
If a node and RABetween there is mulitpath in minimum payment cost E situation, then few one of selecting paths approach nodes, if path approach nodes is also identical, then select simple path cost andMinimum one.
CN201610105624.9A 2016-02-25 2016-02-25 Support the route computing method of confidence level classification Active CN105721301B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610105624.9A CN105721301B (en) 2016-02-25 2016-02-25 Support the route computing method of confidence level classification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610105624.9A CN105721301B (en) 2016-02-25 2016-02-25 Support the route computing method of confidence level classification

Publications (2)

Publication Number Publication Date
CN105721301A true CN105721301A (en) 2016-06-29
CN105721301B CN105721301B (en) 2018-08-03

Family

ID=56156070

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610105624.9A Active CN105721301B (en) 2016-02-25 2016-02-25 Support the route computing method of confidence level classification

Country Status (1)

Country Link
CN (1) CN105721301B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106856406A (en) * 2016-11-18 2017-06-16 北京航空航天大学 The update method and decoder of check-node in a kind of interpretation method
CN106878172A (en) * 2017-01-10 2017-06-20 清华大学 The credible classification dynamic adjusting method of router in credible route system
CN109102123A (en) * 2018-08-17 2018-12-28 安吉汽车物流股份有限公司 Share-car route optimization method and device, calculate equipment at storage medium
CN110502888A (en) * 2019-07-19 2019-11-26 清华大学 A kind of mobile office method of the mobile software white list mechanism based on credible measurement
WO2020000708A1 (en) * 2018-06-29 2020-01-02 北京金山安全软件有限公司 Blockchain node synchronization method and device using trust mechanism
CN111200590A (en) * 2019-12-09 2020-05-26 杭州安恒信息技术股份有限公司 Algorithm for checking consistency of multiple period statistical data
CN112688882A (en) * 2021-03-11 2021-04-20 广东省新一代通信与网络创新研究院 Network flow control method and system based on equipment trust
CN112910778A (en) * 2021-02-03 2021-06-04 北京明未科技有限公司 Network security routing method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101296181A (en) * 2008-06-26 2008-10-29 电子科技大学 IP network two-stage fault-tolerance intrusion-tolerance routing mechanism based on faith
CN101888328A (en) * 2010-03-02 2010-11-17 北京邮电大学 Trust management system based trusted reconstructing method of IP routing protocol
CN102006284A (en) * 2010-11-02 2011-04-06 南京邮电大学 Credibility based QoS (Quality of Service) route selection method
CN102104550A (en) * 2011-03-10 2011-06-22 中国人民解放军信息工程大学 Method for building and maintaining trust relation between autonomy systems in inter-domain routing system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101296181A (en) * 2008-06-26 2008-10-29 电子科技大学 IP network two-stage fault-tolerance intrusion-tolerance routing mechanism based on faith
CN101888328A (en) * 2010-03-02 2010-11-17 北京邮电大学 Trust management system based trusted reconstructing method of IP routing protocol
CN101888328B (en) * 2010-03-02 2013-07-24 北京邮电大学 Trust management system based trusted reconstructing method of OSPF routing protocol
CN102006284A (en) * 2010-11-02 2011-04-06 南京邮电大学 Credibility based QoS (Quality of Service) route selection method
CN102104550A (en) * 2011-03-10 2011-06-22 中国人民解放军信息工程大学 Method for building and maintaining trust relation between autonomy systems in inter-domain routing system
CN102104550B (en) * 2011-03-10 2012-07-04 中国人民解放军信息工程大学 Method for building and maintaining trust relation between autonomy systems in inter-domain routing system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
赵玉东等: "一种路由设备服务可信属性定义方法与可信路由协议设计", 《技术研究》 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106856406A (en) * 2016-11-18 2017-06-16 北京航空航天大学 The update method and decoder of check-node in a kind of interpretation method
CN106856406B (en) * 2016-11-18 2020-05-15 北京航空航天大学 Method for updating check node in decoding method and decoder
CN106878172A (en) * 2017-01-10 2017-06-20 清华大学 The credible classification dynamic adjusting method of router in credible route system
CN106878172B (en) * 2017-01-10 2019-08-09 清华大学 The credible classification dynamic adjusting method of router in credible route system
WO2020000708A1 (en) * 2018-06-29 2020-01-02 北京金山安全软件有限公司 Blockchain node synchronization method and device using trust mechanism
CN109102123A (en) * 2018-08-17 2018-12-28 安吉汽车物流股份有限公司 Share-car route optimization method and device, calculate equipment at storage medium
CN110502888A (en) * 2019-07-19 2019-11-26 清华大学 A kind of mobile office method of the mobile software white list mechanism based on credible measurement
CN110502888B (en) * 2019-07-19 2021-07-20 清华大学 Mobile office method of mobile software white list mechanism based on credibility measurement
CN111200590A (en) * 2019-12-09 2020-05-26 杭州安恒信息技术股份有限公司 Algorithm for checking consistency of multiple period statistical data
CN111200590B (en) * 2019-12-09 2022-08-19 杭州安恒信息技术股份有限公司 Algorithm for checking consistency of multiple period statistical data
CN112910778A (en) * 2021-02-03 2021-06-04 北京明未科技有限公司 Network security routing method and system
CN112688882A (en) * 2021-03-11 2021-04-20 广东省新一代通信与网络创新研究院 Network flow control method and system based on equipment trust

Also Published As

Publication number Publication date
CN105721301B (en) 2018-08-03

Similar Documents

Publication Publication Date Title
CN105721301A (en) Routing computation method supporting credibility classification
Rahman et al. Smartblock-sdn: An optimized blockchain-sdn framework for resource management in iot
Khan et al. Topology discovery in software defined networks: Threats, taxonomy, and state-of-the-art
Qureshi et al. Anomaly detection and trust authority in artificial intelligence and cloud computing
CN101095321B (en) Method of operating a network
Di Stasi et al. Routing payments on the lightning network
Hemmati et al. A new approach to name-based link-state routing for information-centric networks
Zhang et al. Blockchain-empowered efficient data sharing in Internet of Things settings
Siddiqui et al. A survey on the recent efforts of the Internet Standardization Body for securing inter-domain routing
Beigi-Mohammadi et al. An intrusion detection system for smart grid neighborhood area network
Uhlig et al. Quantifying the BGP routes diversity inside a tier-1 network
Li et al. SRDPV: secure route discovery and privacy-preserving verification in MANETs
KR102041717B1 (en) Methdo for calculating turst parameter between nodes in wireless network, method and apparatus for establishment of routing path using turst parameter
Zhang et al. Cuckoo-RPL: cuckoo filter based RPL for defending AMI network from blackhole attacks
CN107124365A (en) A kind of acquisition system of the routing policy based on machine learning
Gopinath et al. Secure location aware routing protocol with authentication for data integrity
CN115102166A (en) Active power distribution network dynamic defense performance optimization method based on game theory
US20220182243A1 (en) Method and Apparatus for Distributed Ledger
Shao et al. Verifying policy-based routing at internet scale
Ahlawat et al. A cost‐effective attack matrix based key management scheme with dominance key set for wireless sensor network security
Yang et al. Path stability in partially deployed secure BGP routing
MohanaPriya et al. Restricted Boltzmann machine‐based cognitive protocol for secure routing in software defined wireless networks
Kush et al. Secured Routing Scheme for Adhoc Networks
Rohrer et al. Path diversification for future internet end-to-end resilience and survivability
Shala et al. Trust integration for security optimisation in P2P-based M2M applications

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant