CN111163055A - Weak authentication method and device for non-ground network access - Google Patents
Weak authentication method and device for non-ground network access Download PDFInfo
- Publication number
- CN111163055A CN111163055A CN201911236045.8A CN201911236045A CN111163055A CN 111163055 A CN111163055 A CN 111163055A CN 201911236045 A CN201911236045 A CN 201911236045A CN 111163055 A CN111163055 A CN 111163055A
- Authority
- CN
- China
- Prior art keywords
- information
- time delay
- weak authentication
- access
- request information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
- H04L67/63—Routing a service request depending on the request content or context
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a non-ground network access weak authentication method and a device, wherein the method comprises the following steps: when the access request information exceeds the load of the current source node, acquiring auxiliary node load information; constructing a time delay optimization model according to the access request information and the auxiliary node load information, and determining a weak authentication scheme according to the time delay optimization model; and determining calculation request target difficulty information according to the weak authentication scheme, and sending the calculation request information of the target difficulty back to the application terminal. When the access request information exceeds the source node load, the calculation request target difficulty information which changes in real time is determined according to the access request information and the auxiliary node load information, so that the access delay under low attack intensity is greatly reduced, the delay is effectively reduced on the premise of the same calculation capacity, and the delay required by finishing weak authentication when a normal user accesses is improved.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a non-ground network access weak authentication method and device.
Background
Denial of Service (DoS) attacks refer to an attack mode in which the implementation of an attack network protocol is flawed or the resources of an attacked object are exhausted by various means, so that the attacked computer or network cannot provide normal services until the system stops responding or even crashes. In a communication network, some nodes/servers with limited computing power are very easy to be targets of DoS attacks. With the continuous improvement of 5G technology and the gradual exploration of 6G technology, network architecture of non-terrestrial network has become one of the important points of research, and for satellite nodes, the feature of limited computing power is very easy to be the attack target of DoS attack.
Aiming at the DoS attack, a certain difficulty of calculation can be carried out before a source node sends an access application through a CPP protocol, so that the application frequency of an attacker is reduced.
Therefore, how to optimize the time delay of each normal user in the non-terrestrial network has become an urgent problem to be solved in the industry.
Disclosure of Invention
Embodiments of the present invention provide a method and an apparatus for weak authentication of non-terrestrial network access, so as to solve the technical problems mentioned in the foregoing background art, or at least partially solve the technical problems mentioned in the foregoing background art.
In a first aspect, an embodiment of the present invention provides a method for weak authentication of non-terrestrial network access, including:
when the access request information exceeds the load of the current node, acquiring auxiliary node load information;
constructing a time delay optimization model according to the access request information and the auxiliary node load information, and determining a weak authentication scheme according to the time delay optimization model;
and determining calculation request target difficulty information according to the weak authentication scheme, and sending the calculation request information of the target difficulty back to the application terminal.
More specifically, the weak authentication scheme includes: the optimal time delay information, the calculation request target difficulty information corresponding to the optimal time delay and the target request distribution scheme corresponding to the optimal time delay.
More specifically, after the step of determining calculation request target difficulty information according to the weak authentication scheme and sending the calculation request information of the target difficulty back to the application terminal, the method further includes:
acquiring solution information corresponding to the calculation request information of the target difficulty;
distributing the solution information to each auxiliary node according to a target request distribution scheme corresponding to the optimal time delay so that each auxiliary node can verify the solution information;
and if the solution information passes the verification, performing strong authentication.
More specifically, the step of constructing a delay optimization model according to the access request information and the auxiliary node load information specifically includes:
obtaining access application time interval information according to the access request information, and determining average arrival rate information of each node according to the access application time interval information;
obtaining the average stay time delay of each access request information in the system according to the average arrival rate information of each node;
and constructing a time delay optimization model according to the average stay time delay of each piece of access request information in the system.
More specifically, the step of determining the weak authentication scheme according to the delay optimization model specifically includes:
acquiring a plurality of preset calculation request difficulty information;
and traversing all preset difficulty request information according to the access request information and the time delay optimization model to obtain target optimal time delay information, calculation request target difficulty information corresponding to the optimal time delay and a target request distribution scheme corresponding to the optimal time delay.
More specifically, the delay optimization model specifically includes:
St.
0≤j≤N
λ′0i(j)<μi
wherein, tpuzzle-n(j) Computing power for normal users, Wsi(j) Average dwell time delay at the system for each access request, j is preset calculation request difficulty information, lambda'0i(j) Average arrival rate information for each node, aiThe ratio of the number of processing requests for each node.
In a second aspect, an embodiment of the present invention provides a non-terrestrial network access weak authentication apparatus, including:
the acquisition module is used for acquiring auxiliary node load information when the access request information exceeds the load of the current node;
the processing module is used for constructing a time delay optimization model according to the access request information and the auxiliary node load information so as to determine a weak authentication scheme according to the time delay optimization model;
and the authentication module is used for determining calculation request target difficulty information according to the weak authentication scheme and sending the calculation request information of the target difficulty back to the application terminal.
In a third aspect, an embodiment of the present invention provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the steps of the non-terrestrial network access weak authentication method according to the first aspect when executing the program.
In a fourth aspect, an embodiment of the present invention provides a non-transitory computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the steps of the non-terrestrial network access weak authentication method according to the first aspect.
According to the non-ground network access weak authentication method and device provided by the embodiment of the invention, when the access request information exceeds the source node load, the calculation request target difficulty information which changes in real time is determined according to the access request information and the auxiliary node load information, so that the access time delay under low attack intensity is greatly reduced, the time delay is effectively reduced on the premise of the same calculation capacity, and the time delay required by completing weak authentication when a normal user accesses is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a block diagram of a weak authentication flow described in one embodiment of the present invention;
fig. 2 is a flowchart illustrating a method for weak authentication of non-terrestrial network access according to an embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating a normal user arrival rate principle described in an embodiment of the present invention;
FIG. 4 is a simulation diagram illustrating the comparison of the fixed difficulty described in one embodiment of the present invention and the delay of the solution of the embodiment of the present invention under different attack strengths;
fig. 5 is a schematic structural diagram of a non-terrestrial network access weak authentication apparatus according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
FIG. 1 is a flowchart illustrating a weak authentication flow process according to an embodiment of the present invention, as shown in FIG. 1, a DoS attacker controls several puppet hosts to send a large number of invalidation requests to an attacked node, and attempts to disable a node from processing an access request from a normal user by occupying computing resources and storage resources of the node, thereby achieving the purpose of node paralysis.
Fig. 2 is a flowchart illustrating a method for weak authentication of non-terrestrial network access according to an embodiment of the present invention, as shown in fig. 2, including:
step S1, when the access request information exceeds the current source node load, the auxiliary node load information is obtained;
step S2, constructing a time delay optimization model according to the access request information and the auxiliary node load information, and determining a weak authentication scheme according to the time delay optimization model;
and step S3, determining calculation request target difficulty information according to the weak authentication scheme, and sending the calculation request information of the target difficulty back to the application terminal.
Specifically, the source node described in the embodiment of the present invention is an attacked satellite node, and the auxiliary node described in the embodiment of the present invention is another satellite node or a ground auxiliary node near the attacked node, and the attacked node acquires information of surrounding satellite nodes, and determines whether the satellite node can be used as an auxiliary node according to transmission delay from the surrounding satellite to the current attacked node and the remaining computing resources of the satellite. And after the judgment is finished, establishing a proper network topology structure containing the auxiliary node according to the judgment condition.
The source node load in the embodiment of the invention refers to the limit of the access request which can be processed by the source node, and the auxiliary node load information refers to the current load condition of each auxiliary node, and determines the load information which can be used for assisting the source node.
The optimal delay described in the embodiments of the present invention is the minimum average delay.
The delay optimization model described in the embodiments of the present invention is used to determine the minimum average delay of each request in the entire system under the condition of the current access request information and the auxiliary node load information, and determine the calculation request target difficulty information corresponding to the minimum average delay and the target request allocation scheme corresponding to the minimum average delay.
The calculation request target difficulty information described in the embodiment of the present invention is not fixed, and may change in real time according to the actual access request and the change of the auxiliary node load information.
The time delay optimization model described in the embodiment of the invention specifically refers to obtaining access application time interval information according to the access request information, and determining average arrival rate information of each node according to the access application time interval information; obtaining the average stay time delay of each access request information in the system according to the average arrival rate information of each node; and constructing a time delay optimization model according to the average stay time delay of each piece of access request information in the system.
The weak authentication scheme determined according to the time delay optimization model specifically means that attack strength is determined according to access request information and auxiliary node load information, all preset calculation request difficulty information j is traversed, and the minimum time delay and a corresponding target request distribution scheme a are solved0:a1:…:am-1And finally, the minimum value of the minimum time delay under all difficulties is obtained through comparison.
After the calculation request target difficulty information corresponding to the minimum time delay is determined, the calculation request information, namely a cost function puzzle, is constructed according to the calculation request target difficulty information corresponding to the minimum time delay, then the cost function puzzle is sent back to the application terminal, the application terminal is waited to solve the calculation request information to obtain solution information, the solution information is exerted to the source node and is forwarded to the auxiliary node for verification, and if the verification is passed, the next strong authentication link is carried out.
According to the embodiment of the invention, when the access request information exceeds the source node load, the calculation request target difficulty information which changes in real time is determined according to the access request information and the auxiliary node load information, so that the access delay under low attack intensity is greatly reduced, the delay is effectively reduced on the premise of the same calculation capacity, and the delay required by finishing weak authentication when a normal user is accessed is improved.
On the basis of the above embodiment, the weak authentication scheme includes: the optimal time delay information, the calculation request target difficulty information corresponding to the optimal time delay and the target request distribution scheme corresponding to the optimal time delay.
After the step of determining calculation request target difficulty information according to the weak authentication scheme and sending the calculation request information of the target difficulty back to the application terminal, the method further includes:
acquiring solution information corresponding to the calculation request information of the target difficulty;
distributing the solution information to each auxiliary node according to a target request distribution scheme corresponding to the optimal time delay so that each auxiliary node can verify the solution information;
and if the solution information passes the verification, performing strong authentication.
Specifically, the optimal delay information described in the embodiment of the present invention refers to the minimum value of the minimum delays under all the preset calculation request difficulty information.
The source node obtains solution information corresponding to the calculation request information of the target difficulty, specifically, the solution information is a result obtained by the application terminal after calculating resources are consumed and solved for the preset calculation request difficulty information sent back by the source node.
The target distribution scheme information described in the embodiment of the invention refers to a distribution scheme for distributing the access request information to the source node and each auxiliary node, and after the solution scheme information returned by the terminal is applied, the access request information is distributed to each auxiliary node according to the target distribution scheme information, so that the auxiliary node helps the source node to verify, and the calculation pressure of the source node is reduced.
If the solution information passes the verification, strong authentication is carried out, and if the solution information fails to pass the verification, the access request corresponding to the solution information is rejected.
On the basis of the foregoing embodiment, the step of constructing a delay optimization model according to the access request information and the auxiliary node load information specifically includes:
obtaining access application time interval information according to the access request information, and determining average arrival rate information of each node according to the access application time interval information;
obtaining the average stay time delay of each access request information in the system according to the average arrival rate information of each node;
and constructing a time delay optimization model according to the average stay time delay of each piece of access request information in the system.
Specifically, when the user terminal requests to first reach the source node n0The arrival time follows an exponential distribution, with an average arrival rate of λ0=λu+λaWhen the user terminal processes the calculation request target difficulty information, the average arrival rate is changed and is recorded as lambda'0(j) In that respect With an average arrival rate of λ 'assigned to each node'0i(j)=ai*λ′0(j),i∈,[0,N],aiThe number of processing requests for each node is a proportion of the total number.
Fig. 3 is a schematic diagram of a normal user arrival rate principle described in an embodiment of the present invention, as shown in fig. 3, for a normal application terminal, a frequency of applying for access is very low, and computation of puzzle does not consume too much computing resources of a user, that is, a time consumed for computing puzzle is far shorter than a time interval for sending an access application, so that it can be roughly considered that adding of puzzle and changing of puzzle difficulty does not affect an access frequency of the normal application terminal. For an attack application terminal, one computer needs to send a large number of access applications, and the computing resources are limited, so that the number of puzzles which can be computed is reduced, and the number of applications sent by an attacker is reduced.
For the access application of the normal application terminal, calculating puzzle does not change the arrival rate of the puzzle, namely lambda'u=λuFor the attack application terminal, limited by the computing power, computing puzzle causes the reduction of the arrival rate, and requestsMay be approximated by tpuzzle-a(j) Therefore, it is
The time taken to process puzzle is related to puzzle difficulty j and is limited by the computing power C of each attacking hostai(bit/s), assuming that the computation resource that needs to be consumed by the puzzle with the solution difficulty j is f (j) (bit), the time required by the attacker to process the puzzle can be expressed as:
wherein the content of the first and second substances,
suppose the average service rate per node server is mui(is a constant). And the puzzle difficulties are the same, for each node, an M/M/1 queue model can be used for analysis, the M/M/1 queue model specifically means that the 1 st M represents the arrival interval of the exponential distribution, the 2 nd M represents the service time of the exponential distribution, and 1 represents that only one processing resource exists. Meanwhile, in consideration of transmission delay, the transmission process of the access request in the channel can also use the M/M/1 model to carry out simulation setting on the message from the node n0To node niAverage service rate of transmission is μ'i。
The process from the source node to the assisting node can be modeled by using two M/M/1 models connected in series, and meanwhile, the transmission delay is considered, and as the transmission delay between satellites and the transmission delay between satellites are more different, the transmission delay between satellites can be ignored, and only the transmission delay between satellites and the ground is considered, so that the average residence time delay of each request in the whole system is as follows:
the average latency per request over the entire system is thus:
wherein the content of the first and second substances,
Cai-nis the computing power of a normal user.
The time delay optimization model is specifically constructed as follows:
wherein, tpuzzle-n(j) Computing power for normal users, Wsi(j) Average dwell time delay at the system for each access request, j is preset calculation request difficulty information, lambda'0i(j) Average arrival rate information for each node, aiThe ratio of the number of processing requests for each node.
On the basis of the foregoing embodiment, the step of determining the weak authentication scheme according to the delay optimization model specifically includes:
acquiring a plurality of preset calculation request difficulty information;
and traversing all preset difficulty request information according to the access request information and the time delay optimization model to obtain target optimal time delay information, calculation request target difficulty information corresponding to the optimal time delay and a target request distribution scheme corresponding to the optimal time delay.
The preset calculation request difficulty information described in the embodiment of the present invention refers to all preset request difficulty information that can be set.
If the number of the assisting nodes is m-1, n1,n2,…,nm-1And the flow ratio of all m nodes after the flow distribution is a0:a1:…:am-1I.e. n0The flow arrival rate is a lambda'0(j)。
The time delay optimization model specifically comprises the following steps:
St.
0≤j≤N
λ′0i(j)<μi
traversing all the difficulties j, and solving the minimum time delay and the corresponding flow distribution ratio a0:a1:…:am-1And finally, the minimum value of the minimum time delay under all difficulties is obtained through comparison.
According to the embodiment of the invention, when the access request information exceeds the source node load, the calculation request target difficulty information which changes in real time is determined according to the access request information and the auxiliary node load information, so that the access delay under low attack intensity is greatly reduced, the delay is effectively reduced on the premise of the same calculation capacity, and the delay required by finishing weak authentication when a normal user is accessed is improved.
In another embodiment of the present invention, fig. 4 is a simulation diagram comparing the fixed difficulty described in an embodiment of the present invention with the time delay of the scheme of the embodiment of the present invention under different attack strengths, as shown in fig. 4, the user access time delay in the scheme of the embodiment of the present invention is an access time delay always smaller than the fixed difficulty, and it can be seen from the simulation result diagram that, after the fixed difficulty, if the attack strength is large, the user access time delay increases exponentially. The invention can effectively optimize the access time delay of normal users on the basis of ensuring the safety.
Fig. 5 is a schematic structural diagram of a non-terrestrial network access weak authentication apparatus according to an embodiment of the present invention, as shown in fig. 5, including an obtaining module 510, a processing module 520, and an authentication module 530; the obtaining module 510 is configured to obtain auxiliary node load information when the access request information exceeds a current node load; the processing module 520 is configured to construct a delay optimization model according to the access request information and the auxiliary node load information, so as to determine a weak authentication scheme according to the delay optimization model; the authentication module 530 is configured to determine calculation request target difficulty information according to the weak authentication scheme, and send the calculation request information of the target difficulty back to the application terminal.
The apparatus provided in the embodiment of the present invention is used for executing the above method embodiments, and for details of the process and the details, reference is made to the above embodiments, which are not described herein again.
According to the embodiment of the invention, when the access request information exceeds the source node load, the calculation request target difficulty information which changes in real time is determined according to the access request information and the auxiliary node load information, so that the access delay under low attack intensity is greatly reduced, the delay is effectively reduced on the premise of the same calculation capacity, and the delay required by finishing weak authentication when a normal user is accessed is improved.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 6, the electronic device may include: a processor (processor)610, a communication Interface (Communications Interface)620, a memory (memory)630 and a communication bus 640, wherein the processor 610, the communication Interface 620 and the memory 630 communicate with each other via the communication bus 640. The processor 610 may call logic instructions in the memory 630 to perform the following method: when the access request information exceeds the load of the current source node, acquiring auxiliary node load information; constructing a time delay optimization model according to the access request information and the auxiliary node load information, and determining a weak authentication scheme according to the time delay optimization model; and determining calculation request target difficulty information according to the weak authentication scheme, and sending the calculation request information of the target difficulty back to the application terminal.
In addition, the logic instructions in the memory 630 may be implemented in software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
An embodiment of the present invention discloses a computer program product, which includes a computer program stored on a non-transitory computer readable storage medium, the computer program including program instructions, when the program instructions are executed by a computer, the computer can execute the methods provided by the above method embodiments, for example, the method includes: when the access request information exceeds the load of the current source node, acquiring auxiliary node load information; constructing a time delay optimization model according to the access request information and the auxiliary node load information, and determining a weak authentication scheme according to the time delay optimization model; and determining calculation request target difficulty information according to the weak authentication scheme, and sending the calculation request information of the target difficulty back to the application terminal.
Embodiments of the present invention provide a non-transitory computer-readable storage medium storing server instructions, where the server instructions cause a computer to execute the method provided in the foregoing embodiments, for example, the method includes: when the access request information exceeds the load of the current source node, acquiring auxiliary node load information; constructing a time delay optimization model according to the access request information and the auxiliary node load information, and determining a weak authentication scheme according to the time delay optimization model; and determining calculation request target difficulty information according to the weak authentication scheme, and sending the calculation request information of the target difficulty back to the application terminal.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (9)
1. A non-terrestrial network access weak authentication method is characterized by comprising the following steps:
when the access request information exceeds the load of the current source node, acquiring auxiliary node load information;
constructing a time delay optimization model according to the access request information and the auxiliary node load information, and determining a weak authentication scheme according to the time delay optimization model;
and determining the calculation request target difficulty according to the weak authentication scheme, and sending the calculation request information of the target difficulty back to the application terminal.
2. The weak authentication method for non-terrestrial network access according to claim 1, wherein the weak authentication scheme comprises: the optimal time delay information, the calculation request target difficulty corresponding to the optimal time delay and the target request distribution scheme corresponding to the optimal time delay.
3. The weak authentication method for accessing the non-terrestrial network according to claim 2, wherein after the steps of determining a target difficulty of the calculation request according to the weak authentication scheme and sending calculation request information of the target difficulty back to the application terminal, the method further comprises:
acquiring solution information corresponding to the calculation request information of the target difficulty;
distributing the solution information to each auxiliary node according to a target request distribution scheme corresponding to the optimal time delay so that each auxiliary node can verify the solution information;
and if the solution information passes the verification, performing strong authentication.
4. The weak authentication method for non-terrestrial network access according to claim 2, wherein the step of constructing the delay optimization model according to the access request information and the auxiliary node load information specifically includes:
obtaining access application time interval information according to the access request information, and determining average arrival rate information of each node according to the access application time interval information;
obtaining the average stay time delay of each access request information in the system according to the average arrival rate information of each node;
and constructing a time delay optimization model according to the average stay time delay of each piece of access request information in the system.
5. The weak authentication method for non-terrestrial network access according to claim 2, wherein the step of determining the weak authentication scheme according to the delay optimization model specifically includes:
acquiring a plurality of preset calculation request difficulty information;
and traversing all preset difficulty request information according to the access request information and the time delay optimization model to obtain target optimal time delay information, calculation request target difficulty information corresponding to the optimal time delay and a target request distribution scheme corresponding to the optimal time delay.
6. The weak authentication method for non-terrestrial network access according to claim 5, wherein the delay optimization model specifically comprises:
St.
0≤j≤N
λ′0i(j)<μi
wherein, tpuzzle-n(j) Computing power for normal users, Wsi(j) Average dwell time delay at the system for each access request, j is preset calculation request difficulty information, lambda'0i(j) Average arrival rate information for each node, aiThe ratio of the number of processing requests for each node.
7. A non-terrestrial network access weak authentication apparatus, comprising:
the acquisition module is used for acquiring auxiliary node load information when the access request information exceeds the load of the current node;
the processing module is used for constructing a time delay optimization model according to the access request information and the auxiliary node load information so as to determine a weak authentication scheme according to the time delay optimization model;
and the authentication module is used for determining the calculation request target difficulty according to the weak authentication scheme and sending the calculation request information of the target difficulty back to the application terminal.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program performs the steps of the method for weak authentication of non-terrestrial network access according to any of claims 1 to 6.
9. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor, performs the steps of the non-terrestrial network access weak authentication method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911236045.8A CN111163055B (en) | 2019-12-05 | 2019-12-05 | Weak authentication method and device for non-ground network access |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911236045.8A CN111163055B (en) | 2019-12-05 | 2019-12-05 | Weak authentication method and device for non-ground network access |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111163055A true CN111163055A (en) | 2020-05-15 |
| CN111163055B CN111163055B (en) | 2021-07-02 |
Family
ID=70556488
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911236045.8A Active CN111163055B (en) | 2019-12-05 | 2019-12-05 | Weak authentication method and device for non-ground network access |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111163055B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208655A (en) * | 2022-07-11 | 2022-10-18 | 成都信息工程大学 | Equipment authentication processing method applied to industrial internet cloud service platform |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102196432A (en) * | 2011-06-10 | 2011-09-21 | 西安电子科技大学 | Quadratic congruence equation-based method for resisting denial-of-service attacks of wireless network |
| CN102421094A (en) * | 2011-08-31 | 2012-04-18 | 浙江大学 | Distributed safety reprogramming method of wireless sensor network |
-
2019
- 2019-12-05 CN CN201911236045.8A patent/CN111163055B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102196432A (en) * | 2011-06-10 | 2011-09-21 | 西安电子科技大学 | Quadratic congruence equation-based method for resisting denial-of-service attacks of wireless network |
| CN102421094A (en) * | 2011-08-31 | 2012-04-18 | 浙江大学 | Distributed safety reprogramming method of wireless sensor network |
Non-Patent Citations (3)
| Title |
|---|
| LEONAM S. D. PECLY 等: "Model-Reference Model-Mediated Control for Time-Delayed Teleoperation Systems", 《2018 IEEE HAPTICS SYMPOSIUM》 * |
| 关汉男: "基于LEO的空间网络安全体系及关键技术研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 邱科宁 等: "Client Puzzle协议在防御资源耗尽型DoS攻击中的应用", 《计算机工程与应用》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208655A (en) * | 2022-07-11 | 2022-10-18 | 成都信息工程大学 | Equipment authentication processing method applied to industrial internet cloud service platform |
| CN115208655B (en) * | 2022-07-11 | 2023-09-26 | 成都信息工程大学 | Equipment authentication processing method applied to industrial Internet cloud service platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111163055B (en) | 2021-07-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108595207B (en) | Gray scale publishing method, rule engine, system, terminal and storage medium | |
| WO2020173287A1 (en) | Systems and methods for determining network shards in blockchain network | |
| CN108833450B (en) | Method and device for preventing server from being attacked | |
| CN111726303A (en) | Flow control method and device and computing equipment | |
| CN112202750B (en) | Control method for policy execution, policy execution system and computing device | |
| CN110460650B (en) | Decision-making method and device for computation unloading in multi-edge server scene | |
| CN108449368A (en) | A kind of application layer attack detection method, device and electronic equipment | |
| CN113381975A (en) | Internet of things security access control method based on block chain and fog node credit | |
| CN111163055B (en) | Weak authentication method and device for non-ground network access | |
| CN105978938A (en) | Service processing equipment service status determining method and scheduling equipment | |
| CN108600145A (en) | A kind of method and device of determining ddos attack equipment | |
| CN105357239A (en) | Method and device for providing service, and method and device for acquiring service | |
| CN113379539A (en) | Committee rights and interests certification consensus method and device based on block chain | |
| CN111901321A (en) | Authentication method, device, electronic equipment and readable storage medium | |
| CN109361712B (en) | Information processing method and information processing device | |
| CN108494805B (en) | CC attack processing method and device | |
| CN112948812B (en) | Verification code distribution method, computing device and storage medium | |
| CN111092864B (en) | Session protection method, device, equipment and readable storage medium | |
| CN111580975B (en) | Memory optimization method and system for speech synthesis | |
| CN111078414B (en) | Request response method, apparatus, device and storage medium | |
| CN113472825B (en) | NB-IoT terminal transaction processing method and device based on block chain | |
| CN109510816B (en) | Service request validity verification method, client and server | |
| CN112312165A (en) | Video distribution method and device and computer readable storage medium | |
| Li et al. | Optimal placement of web proxies for tree networks | |
| CN111083143A (en) | Request response method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |