CN115277717A - Method and device for discovering communication pillar node and preventing network attack - Google Patents
Method and device for discovering communication pillar node and preventing network attack Download PDFInfo
- Publication number
- CN115277717A CN115277717A CN202210908666.1A CN202210908666A CN115277717A CN 115277717 A CN115277717 A CN 115277717A CN 202210908666 A CN202210908666 A CN 202210908666A CN 115277717 A CN115277717 A CN 115277717A
- Authority
- CN
- China
- Prior art keywords
- node
- network
- structured
- nodes
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000006854 communication Effects 0.000 title claims abstract description 128
- 238000004891 communication Methods 0.000 title claims abstract description 124
- 238000000034 method Methods 0.000 title claims abstract description 93
- 238000004422 calculation algorithm Methods 0.000 claims description 20
- 238000003860 storage Methods 0.000 claims description 13
- 238000012545 processing Methods 0.000 claims description 11
- 230000004044 response Effects 0.000 claims description 6
- 230000008569 process Effects 0.000 description 18
- 238000010586 diagram Methods 0.000 description 16
- 230000006870 function Effects 0.000 description 14
- 230000006872 improvement Effects 0.000 description 9
- 238000004590 computer program Methods 0.000 description 8
- 230000002411 adverse Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000002265 prevention Effects 0.000 description 3
- 206010033799 Paralysis Diseases 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 108010001267 Protein Subunits Proteins 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 239000007795 chemical reaction product Substances 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 229920001296 polysiloxane Polymers 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/12—Shortest path evaluation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1042—Peer-to-peer [P2P] networks using topology management mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1061—Peer-to-peer [P2P] networks using node-based peer discovery mechanisms
- H04L67/1065—Discovery involving distributed pre-established resource-based relationships among peers, e.g. based on distributed hash tables [DHT]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The specification provides a method and a device for discovering a communication support node and preventing network attacks. The method for preventing network attacks is applied to a first node in a structured P2P network, a node list maintained by the first node is used for recording node information of at least one other node in the structured P2P network, and the node information of all nodes in the structured P2P network can be used for determining the network structure of the structured P2P network, and the method comprises the following steps: receiving a node discovery request initiated by a second node, wherein the node discovery request is used for requesting to acquire all node information recorded in the node list; and returning the node information of part of other nodes recorded in the node list to the second node.
Description
Technical Field
The embodiment of the specification belongs to the technical field of network security, and particularly relates to a method and a device for discovering a communication support node and preventing network attacks.
Background
At present, the attack events for the communication network are layered endlessly, and the attack methods are different. For a blockchain network, an attacker can design an attack algorithm according to the self characteristics of the underlying structured P2P network, so as to attack the blockchain network.
Disclosure of Invention
The invention aims to provide a method and a device for discovering a communication support node and preventing network attacks.
According to a first aspect of one or more embodiments of the present specification, a method for discovering a communication pillar node is provided, where the method is applied to a first node in a structured P2P network, a node list maintained by the first node is used to record node information of at least one other node in the structured P2P network, and node information of all nodes in the structured P2P network is used to determine a network structure of the structured P2P network, and the method includes:
receiving a node discovery request initiated by a second node, wherein the node discovery request is used for requesting to acquire all node information recorded in the node list;
and returning part of the node information of other nodes recorded in the node list to the second node.
According to a second aspect of one or more embodiments of the present specification, a method for protecting against network attacks is provided, where the communication support nodes are nodes in a structured P2P network, and a node list respectively maintained by each node in the structured P2P network is used to record node information of at least one other node in the structured P2P network, the method includes:
acquiring node information of other nodes recorded in a node list respectively maintained by each node in the structured P2P network, and determining a network architecture of the structured P2P network according to a logical distance between different nodes contained in the acquired node information;
determining a shortest path set of the structured P2P network according to the network architecture, wherein the shortest path set comprises shortest paths between any two nodes in the structured P2P network;
determining a longest common subsequence based on the shortest path set, and determining nodes belonging to the longest common subsequence as communication strut nodes of the structured P2P network.
According to a third aspect of one or more embodiments of the present specification, an apparatus for protecting against network attacks is provided, where the apparatus is applied to a first node in a structured P2P network, a node list maintained by the first node is used to record node information of at least one other node in the structured P2P network, and node information of all nodes in the structured P2P network is used to determine a network structure of the structured P2P network, and the apparatus includes:
a request receiving unit, configured to receive a node discovery request initiated by a second node, where the node discovery request is used to request to acquire all node information recorded in the node list;
and the information returning unit is used for returning the node information of part of other nodes recorded in the node list to the second node.
According to a fourth aspect of one or more embodiments of the present specification, an apparatus for discovering a communication pillar node is provided, where the communication pillar node is a node in a structured P2P network, and a node list respectively maintained by each node in the structured P2P network is used for recording node information of at least one other node in the structured P2P network, the apparatus includes:
the information acquisition unit is used for acquiring node information of other nodes recorded in a node list maintained by each node in the structured P2P network respectively, and determining a network architecture of the structured P2P network according to the logic distance between different nodes contained in the acquired node information;
a path set determining unit, configured to determine a shortest path set of the structured P2P network according to the network architecture, where the shortest path set includes a shortest path between any two nodes in the structured P2P network;
and the node determining unit is used for determining the longest common subsequence based on the shortest path set and determining the nodes belonging to the longest common subsequence as the communication strut nodes of the structured P2P network.
According to a fifth aspect of one or more embodiments herein, there is provided an electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of any of the first or second aspects by executing the executable instructions.
According to a sixth aspect of one or more embodiments of the present description, there is provided a computer-readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method according to any one of the first or second aspects.
Based on the foregoing embodiments of the present specification, in a structured P2P network, a node list respectively maintained by each node is used to record node information of at least one other node in the network. Based on this, the node information of other nodes recorded in the node list respectively maintained by each node can be obtained first, and the network architecture of the network is determined according to the logical distance between different nodes contained in the obtained node information; then, determining a shortest path set of the network according to the network architecture, wherein the shortest path set comprises the shortest paths between any two nodes in the network; and finally, determining the longest public subsequence according to the shortest path set, and determining the nodes belonging to the sequence as the communication support nodes of the structured P2P network.
Therefore, the real network architecture of the network can be estimated by collecting the node information of each node in the network, so that the longest public subsequence can be obtained based on the shortest path set determined according to the architecture, and the communication strut nodes in the network can be further determined. Obviously, the above-mentioned manner discovers that the communication post node can be used by a plurality of nodes in the structured P2P network for the process of message forwarding, i.e. the communication post node is an important node playing a key role in the normal operation of the network.
If an attacker wants to launch a network attack on the structured P2P network, the attacker can discover the communication pillar node through the aforementioned methods (such as masquerading as a node of the network), and further attack the above key node by using methods such as DOS attack, which can seriously affect the normal operation of the structured P2P network and even cause network paralysis. According to the scheme for discovering the communication support node, the key point is to prevent an attacker from acquiring node information of all nodes in the network to prevent the network attack.
In this regard, when receiving a node discovery request initiated by the second node and requesting to acquire all node information recorded in the node list, the first node in the structured P2P network may only return node information of some other nodes recorded in the node list to the second node, that is, the first node does not return all node information maintained by itself to the second node. It is to be understood that the first node may be any node in the structured P2P network. Assuming that the second node is indeed an attacker node, the node cannot acquire node information of all nodes (except itself) in the network from other nodes, so that it cannot determine the communication support node by means of the aforementioned network architecture speculation, and naturally cannot attack the structured P2P network by means of attacking the communication support node. Therefore, the prevention method can prevent the second node from deducing the communication strut nodes in the structured P2P network by hiding the node information of part of the nodes from the second node, thereby effectively preventing an attacker from attacking the structured P2P network by acquiring and attacking the communication strut nodes.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments in the present specification, the drawings required to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments described in the present specification, and it is obvious for those skilled in the art that other drawings may be obtained according to these drawings without inventive labor.
Fig. 1 is a schematic diagram illustrating logical distances between nodes in a structured P2P network according to an exemplary embodiment.
Fig. 2 is a flowchart of a method for discovering a communication backbone node according to an exemplary embodiment.
Fig. 3 is a schematic diagram of a method for determining a longest common subsequence according to an exemplary embodiment.
Fig. 4 is a flowchart of a method for protecting against a network attack according to an exemplary embodiment.
Fig. 5 is a schematic structural diagram of an apparatus provided in an exemplary embodiment.
Fig. 6 is a block diagram of an apparatus for discovering a communication backbone node according to an example embodiment.
Fig. 7 is a block diagram of an apparatus for protecting against a network attack according to an exemplary embodiment.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
P2P (Peer to Peer) networks, i.e., peer-to-Peer networks; the structured P2P network described in this specification is a peer-to-peer network with a certain structure, where each node in the network is logically and fixedly distributed, and a position of any node in the network, which is determined by a preset algorithm, is fixed.
Based on the network characteristics of the structured P2P network, the present specification provides a method for discovering a communication support node, and also provides a method for preventing a network attack, so as to prevent an attacker from discovering the communication support node in the foregoing manner and further aiming at the network attack initiated by the structured P2P network. The above-mentioned scheme is explained in detail with reference to the attached drawings. The network characteristics of the structured P2P network described in this specification are explained below.
The structured P2P network includes a plurality of network nodes (hereinafter referred to as nodes), each node has a corresponding node identifier, and the node identifier of any node may be a public key of the node or a digest (e.g., a hash) of the public key, which is not limited in this specification. For each node in the network, a hash value of a fixed length corresponding to each node identifier may be calculated by a hash function, so that each node identifier is mapped to each hash value, and a list for recording hash values (for example, a hash value is used as an index) is referred to as a hash table. Based on the hash value, the logic distance between each node can be further determined, and based on the logic distance, the tree distance table corresponding to each node can be drawn.
For any node, it may maintain a hash table for recording node information of its neighbor nodes, and the hash table may record node information of other nodes with a hash value corresponding to a node identifier of each neighbor node as an index. It is assumed that node identifiers of nodes in the structured P2P network can be converted into binary values of three bits, where binary data corresponding to the node identifiers of nodes a to G are 111, 110, 101, 100, 010, 001, and 000, respectively. On this basis, for the node B with the binary value of 110, the corresponding tree-like distance table can be seen in fig. 1.
As shown in fig. 1, if the same bit of the binary values corresponding to the neighboring nodes is different from 110, the number of bits from right to left of the bit is the logical distance between the neighboring nodes and the node B. E.g., the first bit on the right side of 111 (i.e., 1) is different from the first bit on the right side of 110 (i.e., 0), so the logical distance between node A and node B is 1; the second bits on the right (i.e., 0) of 100 and 101 are different from the second bits on the right (i.e., 1) of 110, so the logical distances between nodes C-D and node B are all 2; 000. the third bit on the right of 001 and 110 (i.e., 0) is different from the third bit on the right of 110 (i.e., 1), so the logical distances between nodes E-G and node B are all 3. The structured P2P network is constructed based on a distributed hash table DHT (distributed hash table), and the DHT is implemented by using a Kademlia algorithm, the nodes with different logical distances may be represented by using a K-bucket (K-bucket) concept, for example, for a node B, a sub-tree with bucket =1 (that is, the logical distance is 1, the same below) is a sub-tree with a right node a, a sub-tree with bucket =2 is a sub-tree with nodes C to D, and a sub-tree with bucket =3 is a sub-tree with nodes E to G.
Based on the above logical distances, node B may locally maintain a node list (i.e., the aforementioned hash table), which may be used to record node information of other nodes (e.g., nodes a and C-G) in the structured P2P network. For example, the node B may record node information of each node in a node list according to a logical distance. For example, the node B can record the node information of the node A in the K-bucket 1, record the node information of the nodes C-D in the K-bucket 2 and record the node information of the nodes E-G in the K-bucket 3. The node information of the K nodes can be recorded at most in any K-bucket, and the specific value of K can be preset according to actual conditions, which is not limited in this specification.
As can be seen from the foregoing process, the logical distance between any two nodes is determined only by the node identifications of the two nodes, and is independent of the actual network connection relationship between the two nodes in the structured P2P network. Therefore, each node recorded in the node list of the node B may be any node in the structured P2P network. Of course, in view of the fact that the recorded nodes may be used by the node B for message transmission, to ensure reliable transmission of the message, each node recorded in the node list of the node B may also be a neighbor node of the node B, which is a node with which it is able to establish a connection or has established a connection, in other words, with which the node B may communicate. For example, for any node or any neighboring node, the node B may query the node in a network routing table maintained by itself (corresponding to an actual network connection relationship between itself and other nodes), and in a case that the node is determined to be a next-hop node having a connection relationship with itself, record node information of the node in a node list maintained by itself.
It can be understood that the above process only takes the nodes a to G as an example, and actually, each node in the structured P2P network may maintain its own corresponding node list. Moreover, the number of K-packets recorded in the node list of any node may be determined according to the number of bits of the hash value after the node identifier conversion. If the node identifier of each node in the structured P2P network is 32bit, the range of the logical distance between any node in the node B and other nodes is [1,32], at this time, 32K-packets can be recorded in the node list of any node at most, and node information of K nodes can be recorded in any K-packet.
The node information of any other node recorded in any node may include a node identifier of any other node, a hash value corresponding to the node identifier, a network address (e.g., an IP address, a port number, etc.) of the node, identity information (e.g., a public key) of the node, and the like, which is not limited in this specification. In fact, each node in the structured P2P network may determine a forwarding path according to the node list that is maintained separately, that is, the node list is used as a routing table for forwarding a message according to the node information recorded therein.
In general, nodes in a structured P2P network may follow a shortest path algorithm for message forwarding. There may be multiple forwarding paths from any node to another node in the structured P2P network, and any forwarding path may need to pass through intermediate nodes, for example, the forwarding path between node a and node B may be a-C-D-E-B, or a-C-D-G-F-B, etc. Among the multiple forwarding paths, the path with the least number of nodes is the shortest path between the two paths. Obviously, the shortest path between any two nodes is the forwarding path with the least number of spaced nodes between the two nodes, and any shortest path may include at least one intermediate node.
So far, the network characteristics of the structured P2P network have been introduced, and a method for discovering a communication backbone node is described below.
Referring to fig. 2, fig. 2 is a flowchart of a method for discovering a communication backbone node according to an exemplary embodiment. As shown in fig. 2, the communication support node is a node in a structured P2P network, and a node list maintained by each node in the structured P2P network is used to record node information of at least one other node in the structured P2P network, and the method may include the following steps 202 to 206.
The structured P2P network described in this specification may be constructed based on a distributed hash table DHT, and the HDT may be specifically implemented based on algorithms such as Kademlia, chord, constellation, tapestry, and the like, which is not limited in this specification.
In addition, the structured P2P network may be a blockchain network, and each node in the structured P2P network is a blockchain node in the blockchain network at this time. At this time, any node may be implemented as a P2P module in the corresponding blockchain node, which is not described in detail.
The executing party of the method for discovering the communication support node in the present specification may be any node in the structured P2P network, or may be a management device used by a manager of the network, and the present specification does not limit this. Under the condition that the structural P2P network is constructed based on a DHT (distributed hash table) and the DHT is realized through a Kademlia algorithm, the executive party can initiate a node discovery request (such as a FindNode message) following a FindNode protocol to other nodes in the structural P2P network so as to acquire node information returned by the opposite party in response to the request.
If the executing party is node a in fig. 1, when node a joins the structured P2P network through node B, node a only knows that node B exists in the network, so node a may initiate a node discovery request to node B. In response to the request, node B may return all node information recorded in the node list maintained by itself to node a, e.g., may return the list to node a. As is apparent from the above description, node information of other nodes, such as nodes C to D, is recorded in the node list maintained by node B according to the logical distance (between node B and the other nodes), so that node a can determine the logical distance between node B and nodes C to D based on the information.
Further, the node a may respectively initiate the same node discovery request to the node C and the node D according to the node information, so as to respectively obtain the node information recorded in the node lists maintained by the node C and the node D, thereby further obtaining the logical distance between the node C and the node D as well as other nodes. At this time, the node discovery request may be initiated again to the other nodes indicated by the newly acquired node information. And the steps are repeated for many times, and the node discovery request can be stopped from being initiated until the node information returned by each node is acquired by the node discovery request, namely the node information of all the nodes is acquired.
It should be noted that, in the related art, after any node acquires the node information of any other node through the node discovery mechanism, it is usually not all saved in a locally maintained node list, but a logical distance between itself and the node is calculated through the foregoing manner, and if the node information of the node is already saved in the K-bucket corresponding to the logical distance or the number of the saved node information reaches K, the node information is discarded; and only under the condition that the node information is not stored in the K-bucket corresponding to the logical distance and the stored node information does not reach K, storing the node information in the K-bucket. In addition, the any node can further judge the network connection state between the node and the any other node according to the node information, and the node information is saved under the condition that the connection between the node and the other node is normal; if the connection is not normal, the information is not usually saved and is not described in detail.
However, since the node in the present solution aims to acquire node information of all nodes in the structured P2P network, the node may locally store the acquired node information. Of course, on one hand, all the received node information may also be stored in a full information list, so as to be used for determining the network architecture of the structured P2P network; and on the other hand, all the information is processed, so that the node information meeting the conditions is stored in the corresponding K-bucket of the node list, and the description is omitted.
As can be seen from the foregoing description, by respectively initiating a node discovery request to each node, any node can acquire the node information of other nodes recorded in the node list maintained by each node, that is, the node information of each node in the network. At this time, the any node may determine the network architecture of the structured P2P network according to the logical distance included in the node information, that is, determine the connection relationship between each node and other nodes in the network. It can be understood that, the process of determining the network architecture, that is, the process of any node simulating (or inferring) the network architecture of the structured P2P network through the node information of all nodes, is not repeated herein.
Under the condition that the network architecture of the structured P2P network is determined, the executing party can traverse the shortest path between each node and other nodes. For example, for the node a, the shortest paths between the node a and the nodes B to G can be calculated in sequence through the shortest path algorithm; similarly, the shortest paths between each node and other nodes in the structured P2P network may be sequentially traversed, so as to obtain the shortest paths between any two nodes in the structured P2P network, and a set formed by all the shortest paths is the shortest path set.
Based on the shortest path set determined in the above manner, the executing party may further determine the longest common subsequence. In one embodiment, the shortest path set may be processed using MLCS (multiple Longest Common Subsequence) algorithm to determine the Longest Common Subsequence therein. At this time, the nodes in the longest common subsequence can be regarded as communication pillar nodes of the structured P2P network. The specific implementation process of the MLCS algorithm may refer to the records in the related art, and is not described in detail.
As shown in fig. 3, assuming that the shortest path 1 between node a and node B is "a-C-D-E-B", the shortest path 2 between node a and node D is "a-G-C-E-B-D", and the shortest path 2 between node C and node B is "C-E-F-B", the longest common subsequence can be determined to be "C-E-B" by the MLCS algorithm. As can be seen, node B, node C, and node E are communication support nodes of the structured P2P network.
Of course, when determining the longest common subsequence, the longest common subsequence among all shortest paths in the shortest path set may be used to perform a unified calculation, that is, the longest common subsequence between all shortest paths is calculated — the calculated communication support node is the global support node of the structured P2P network. Or, the shortest paths in the shortest path set may be divided into a plurality of subsets, and the longest common subsequence corresponding to each subset is calculated by using all the shortest paths in each subset, where the longest common subsequence corresponding to any subset is the local strut node corresponding to the subset. It can be understood that, during the operation of the structured P2P network, any global pillar node may affect most or all nodes in the network, and any subset of corresponding local pillar nodes may affect all or part of the subset of corresponding local pillar nodes, so if any global pillar node and any local pillar node are attacked respectively, the adverse effect of the former on the structured P2P network is relatively generally greater. Therefore, the longest common subsequence can be determined by adopting different calculation modes according to actual situations. In addition, the longest common subsequence calculated in the above manner may include only one node, which is not limited in this specification.
It can be understood that, since the longest common subsequence is determined according to the shortest path in the shortest path set, any communication strut node that is finally determined is in at least one shortest path. It can be seen that the communication support node is discovered based on the shortest path between nodes in the structured P2P network, that is, the method for discovering the communication support node described in this specification is implemented based on the shortest path principle.
And finishing the process of determining the communication pillar nodes in the structured P2P network. It can be understood that the communication support node is an important node playing a key role in the normal operation of the structured P2P network, and therefore, if an attacker purposefully attacks the communication support node, the operation of the network may be adversely affected, and even the network may be broken down. According to the scheme for discovering the communication support node, the key point is to prevent an attacker from acquiring node information of all nodes in the network to prevent the network attack. Therefore, in order to prevent the attack which can be initiated by an attacker, the executor can inform the identity information of the communication post node to the security node which confirms the security (non-attacker) in the structured P2P network so as to be used by the security node.
For example, an executing party may determine a security node satisfying a security rule in the structured P2P network, where the security rule may be formulated according to various factors such as a historical communication record, a user identity corresponding to the node, and a security protection level of a node device. The security node meeting the security rule can be regarded as a node which has confirmed security in the structured P2P network, and the node cannot attack the structured P2P network with high probability, so that the executing party can trust the security node and send the identity information of the communication support node determined by the above method to the security node. Correspondingly, when receiving a node discovery request (the request is used for requesting to acquire all node information recorded in a node list maintained by the security node) initiated by any node, the security node may return node information of other nodes except the communication strut node to the any node, that is, avoid informing the node of the identity of the communication strut node, thereby avoiding the node from initiating a network attack on the communication strut node, and implementing prevention of the network attack to a certain extent.
Actually, as can be seen from the foregoing analysis, the attacker can obtain node information of all nodes in the structured P2P network, and thus discover the communication support node, because each node in the network returns all node information recorded in the node list maintained by the attacker to the other node after receiving the node discovery request. Therefore, to prevent network attacks initiated to the structured P2P network through the communication support node, the node discovery mechanism of the structured P2P network may be improved to control each node not to return all node information maintained by itself to the other node after receiving the node discovery request.
Based on this precaution idea, the present specification proposes a method of discovering a communication pillar node. Referring to fig. 4, fig. 4 is a flowchart of a method for preventing a network attack according to an exemplary embodiment, as shown in fig. 4, the method is applied to a first node in a structured P2P network, a node list maintained by the first node is used to record node information of at least one other node in the structured P2P network, the node information of all nodes in the structured P2P network is used to determine a network structure of the structured P2P network, and the method includes steps 402-404.
As described above, the structured P2P network may be constructed based on the DHT, and the HDT may be specifically implemented based on algorithms such as Kademlia, chord, schema, tapestry, and the like, which is not limited in this specification.
In addition, the structured P2P network may be a blockchain network, and each node in the structured P2P network is a blockchain node in the blockchain network. At this time, any node may be implemented as a P2P module in the corresponding blockchain node, which is not described in detail.
In this specification, the first node and the second node may be any node in a structured P2P network, respectively. For example, the second node may be a node that newly joins the network, while the first node may be a node that the second node joins is already present in the network. Of course, the second node may also be a node already existing in the structured P2P network, and the node may initiate the above-mentioned node discovery request to the first node at any time, so as to request the first node to acquire all node information recorded in the node list maintained by the first node. For example, in the case that the structured P2P network is constructed based on a DHT implemented by Kademlia algorithm, the node discovery request initiated by the second node may follow the FindNode protocol.
If the second node is an attacker, the second node may initiate the node discovery request to other nodes in the network in a short time so as to acquire all node information as soon as possible. In this regard, the first node may limit the frequency of received node discovery requests. For example, after the first node receives the node discovery request any time, the number of the historical node discovery requests initiated by the second node in a preset time period before the receiving time of the request may be determined, for example, the statistics may be performed according to its request receiving record. The historical node discovery request is a node discovery request initiated by a second node and received by a first node before receiving the node discovery request, in other words, the node discovery request is different from the historical node discovery request in the receiving time. Based on this, if the number exceeds the second number threshold, it may be determined that the second node has initiated the node discovery request too frequently, and therefore the second node may have an attacker, and at this time, the first node may avoid responding to the node discovery request, for example, directly discarding the request. Or, the request can be responded after a period of time, so as to slow down the speed of the second node for acquiring all the node information, even if the second node is an attacker, the time consumed by the preparation phase of the network attack can be prolonged as much as possible.
In summary, the real network architecture of the network can be estimated by collecting node information of each node in the network, so that the longest common subsequence can be obtained based on the shortest path set determined according to the architecture, and the communication strut node in the network can be determined. Obviously, the above-mentioned manner discovers that the communication post node can be used by a plurality of nodes in the structured P2P network for the process of message forwarding, i.e. the communication post node is an important node playing a key role in the normal operation of the network.
If an attacker wants to launch a network attack on the structured P2P network, the attacker can discover the communication pillar node through the aforementioned methods (such as masquerading as a node of the network), and further attack the above key node by using methods such as DOS attack, which can seriously affect the normal operation of the structured P2P network and even cause network paralysis. According to the scheme for discovering the communication support node, the key point is to prevent an attacker from acquiring node information of all nodes in the network to prevent the network attack.
In this regard, when receiving a node discovery request initiated by the second node and requesting to acquire all node information recorded in the node list, the first node in the structured P2P network may only return node information of some other nodes recorded in the node list to the second node, that is, the first node does not return all node information maintained by itself to the second node. It is to be understood that the first node may be any node in the structured P2P network. Assuming that the second node is indeed an attacker node, the node cannot acquire node information of all nodes (except itself) in the network from other nodes, so that it cannot determine the communication support node by means of the aforementioned network architecture speculation, and naturally cannot attack the structured P2P network by means of attacking the communication support node. Therefore, the prevention method can prevent the second node from estimating the communication support node in the structured P2P network by hiding the node information of part of the nodes from the second node, thereby effectively preventing an attacker from attacking the structured P2P network by acquiring and attacking the communication support node.
The first node may be determined in a number of ways for the corresponding portion of other nodes of the returned node information. In an embodiment, the part of other nodes may be randomly selected from among other nodes corresponding to the node list, and the part of other nodes is randomly selected, so that the node information obtained by the second node from the first node every time is different, thereby increasing the confusion of the node information to the second node. Of course, if the number of times that the second node sends the node discovery request to the first node is sufficient, the second node may be able to obtain all the node information maintained by the first node according to the returned node information at each time. In this regard, the first node may also specify the determined partial node in advance, so that even if the second node sends the node discovery request to the first node multiple times, the first node can ensure that the same partial node information is returned to the second node every time, and the rest of the node information is never acquired by the node.
In another embodiment, the first node may also determine the communication pillar node in the structured P2P network in advance, so as to determine at least one other node except the communication pillar node in each other node corresponding to the node list as the part of other nodes. The first node may determine the communication pillar node according to the received identity information of the communication pillar node. For example, in the case that the first node is a security node that satisfies the security rule, the first node may obtain the identity information of the communication pillar node from another device (e.g., the aforementioned executor), which is not described again.
As another example, the first node may also discover itself the communication backbone node in the structured P2P network. For example, the first node may first acquire node information of other nodes recorded in a node list maintained by each node in the structured P2P network, and determine a network architecture of the structured P2P network according to a logical distance between different nodes included in the acquired node information; then determining a shortest path set of the structured P2P network according to the network architecture, wherein the shortest path set comprises shortest paths between any two nodes in the structured P2P network; and finally, determining the longest common subsequence based on the shortest path set, and determining the nodes belonging to the longest common subsequence as the communication strut nodes in the structured P2P network. Wherein the first node may process the shortest path set using a multiple longest common subsequence MLCS algorithm to determine a longest common subsequence therein. The specific process of discovering the communication pillar node in this way can be referred to the description of the foregoing embodiments, and is not described here again.
The foregoing embodiments are all to prevent the second node from acquiring node information of all nodes in the structured P2P network, so as to prevent the second node from inferring an identity of the communication support node according to all the node information, thereby protecting the second node from a network attack that may be initiated by using the communication support node. It can be understood that, just because each node in the network participates in communication according to the foregoing shortest path principle, the communication post nodes in the structured P2P network may have a great adverse effect after being attacked — because most nodes rely on the communication post nodes for communication. In fact, the network attack initiated by the attacker may not be completely protected, so the scheme for reducing the adverse effect on the network function after the network is attacked also has a certain practical value. In view of the above, the present invention provides a scheme for increasing the path randomness during the process of participating in message transmission in the network, so as to achieve the above object.
In an embodiment, in a case that there is a communication requirement for the third node (if a message needs to be sent to the third node or a message sent by another node needs to be forwarded to the third node), the first node may first determine whether path randomness needs to be increased. For example, in the case of forwarding a message, the first node may determine whether to add path randomness to the message according to randomness information recorded in the message. For another example, the first node may be locally preconfigured with a randomness judgment rule, for example, whether to increase the path randomness is determined according to the message sending statistical information of the third node, or whether to increase the path randomness is determined according to a random algorithm, and the like, which is not described again. Further, in a case that it is determined that the randomness of the path does not need to be increased, the first node may determine a next hop node from other paths different from the shortest path between the first node and the third node, and send a communication message corresponding to the communication requirement to the next hop node. At this time, the communication message is transmitted through a path other than the shortest path log (hereinafter referred to as non-shortest path), which does not pass through the communication post node.
As described above, the method for discovering the communication strut nodes described in this specification is implemented based on the shortest path principle, so that an attacker who adopts the method described above substantially determines each communication strut node according to the shortest path principle. The first node increases the path randomness in the communication process, so that the message transmission process which is realized by the first node is not completely dependent on the speech segment path, and even if the communication pillar node is attacked, the communication message can still be smoothly forwarded to the third node, thereby reducing adverse effects which are possibly brought to the communication process between the first node and the third node by the attack of the communication pillar node to a certain extent. In addition, since the first node is any node in the network, each node in the network can increase the path randomness to the communication process in which the node participates, and each node can reduce the interference caused by the attack function as much as possible while following the shortest path principle by setting a proper randomness upper limit, so that the availability of the whole network is improved.
And the first node can select the next hop node according to the logical distance. As described above, the node information of any other node recorded in the node list maintained by the first node includes the node identifier of the any other node and the logical distance between the first node and the any other node. Based on this, the first node may calculate a target logical distance between the first node and the third node according to the node identifiers of the first node and the third node, and then select a next hop node from other nodes whose logical distances are not equal to the target logical distance. As described above with respect to the embodiment of FIG. 1, node B may record node information of node A in K-bucket 1, node information of nodes C-D in K-bucket 2, and node information of nodes E-G in K-bucket 3. If the first node is a node B, if the node B calculates that the target logical distance between the first node and the third node is 3, the node B can select any node from nodes corresponding to K-bucket 2 or K-bucket 3 as a next hop node, namely the next hop node is selected from nodes A, C and D, wherein the nodes A, C and D are not on the shortest path between the node B and the third node.
When determining the next hop node, the first node may first determine a historical next hop node selected when performing historical communication between the first node and the third node; and then selecting any other node different from the historical next hop node as the next hop node from other nodes with the logical distance not equal to the target logical distance. For example, in the case that node a is used as the next node in the history communication process between node B and the third node (i.e., node a is the history next hop node), node B may select the next hop node for forwarding the communication message at nodes C and D, and avoid selecting node a again. Of course, the judgment of the historical next hop node may set a certain time range, which is not described again.
Of course, in the case that it is determined that there is no need to increase the path randomness, the first node may send the message according to the shortest path principle, such as determining the next hop node from the shortest path between the first node and the third node, where the shortest path is the forwarding path with the least number of spaced nodes between the first node and the third node. If the node B calculates that the target logical distance between the node B and the third node is 3, it may select any node from the nodes corresponding to K-bucket 1 as the next-hop node, that is, select the next-hop node from the nodes E to G — the nodes E to G may be on the shortest path between the node B and the third node.
FIG. 5 is a schematic block diagram of an apparatus provided in an exemplary embodiment. Referring to fig. 5, at the hardware level, the apparatus includes a processor 502, an internal bus 504, a network interface 506, a memory 508 and a non-volatile memory 510, but may also include hardware required for other services. One or more embodiments of the present description may be implemented in software, such as by processor 502 reading corresponding computer programs from non-volatile storage 510 into memory 508 and then running. Of course, besides software implementation, the one or more embodiments in this specification do not exclude other implementations, such as logic devices or combinations of software and hardware, and so on, that is, the execution side of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
Fig. 6 is a block diagram of an apparatus for discovering a communication support node according to an exemplary embodiment, which may be applied to the device shown in fig. 5 to implement the technical solution of the present specification, as shown in fig. 6. The device is applied to a first node in a structured P2P network, a node list maintained by the first node is used for recording node information of at least one other node in the structured P2P network, and the node information of all nodes in the structured P2P network is used for determining the network structure of the structured P2P network, and the device comprises:
a request receiving unit 601, configured to receive a node discovery request initiated by a second node, where the node discovery request is used to request to acquire all node information recorded in the node list;
an information returning unit 602, configured to return node information of some other nodes recorded in the node list to the second node.
Optionally, the information returning unit 602 is further configured to:
randomly selecting the part of other nodes from other nodes corresponding to the node list; or,
and determining at least one other node except the communication support node in each other node corresponding to the node list as the partial other node, wherein the number of the shortest paths to which the communication support node belongs is not less than a first number threshold, and the shortest path between any two nodes is a forwarding path with the least number of spaced nodes between the two nodes.
Optionally, the information returning unit 602 is further configured to:
and determining the communication support column node according to the received identity information of the communication support column node.
Optionally, the information returning unit 602 is further configured to:
acquiring node information of other nodes recorded in a node list maintained by each node in the structured P2P network, and determining a network architecture of the structured P2P network according to a logic distance between different nodes contained in the acquired node information;
determining a shortest path set of the structured P2P network according to the network architecture, wherein the shortest path set comprises shortest paths between any two nodes in the structured P2P network;
determining a longest common subsequence based on the shortest path set, and determining nodes belonging to the longest common subsequence as communication strut nodes in the structured P2P network.
Optionally, the information returning unit 602 is further configured to:
and processing the shortest path set by adopting a Multiple Longest Common Subsequence (MLCS) algorithm to determine the longest common subsequence in the shortest path set.
Optionally, the method further includes:
an avoidance response unit 603, configured to avoid responding to the node discovery request if the number of the historical node discovery requests initiated by the second node exceeds the second number threshold within a preset time before the receiving time of the node discovery request.
Optionally, the method further includes:
a communication unit 604 for, in response to a communication demand for the third node,
under the condition that the randomness of the path does not need to be increased, determining a next hop node from a shortest path between the first node and a third node, wherein the shortest path is a forwarding path with the least number of spaced nodes between the first node and the third node;
under the condition that the randomness of the path needs to be increased, determining a next hop node from other paths which are different from the shortest path between the first node and the third node;
and sending the communication message corresponding to the communication requirement to the next hop node.
Optionally, the node information of any other node recorded in the node list includes a node identifier of the any other node and a logical distance between the first node and the any other node, and the communication unit 604 is further configured to:
calculating a target logic distance between the first node and the third node according to the node identifications of the first node and the third node;
and selecting the next hop node from other nodes with logical distances not equal to the target logical distance.
Optionally, the communication unit 604 is further configured to:
determining a history next hop node selected when history communication is carried out between the first node and the third node;
and selecting any other node different from the historical next hop node as the next hop node from other nodes with the logical distance not equal to the target logical distance.
Optionally, the structured P2P network is a block chain network.
Optionally, the structured P2P network is constructed based on a distributed hash table DHT.
Optionally, the DHT is implemented by a Kademlia algorithm, and the node discovery request follows a FindNode protocol.
Fig. 7 is a block diagram of another apparatus for protecting against network attacks according to an exemplary embodiment, which may be applied to the device shown in fig. 5 to implement the technical solution of the present specification, as shown in fig. 7. The communication support node is a node in a structured P2P network, and a node list maintained by each node in the structured P2P network is used for recording node information of at least one other node in the structured P2P network, and the apparatus includes:
an information obtaining unit 801, configured to obtain node information of other nodes recorded in a node list maintained by each node in the structured P2P network, and determine a network architecture of the structured P2P network according to a logical distance between different nodes included in the obtained node information;
a path set determining unit 702, configured to determine, according to the network architecture, a shortest path set of the structured P2P network, where the shortest path set includes a shortest path between any two nodes in the structured P2P network;
and the node determining unit is used for determining the longest common subsequence based on the shortest path set and determining the nodes belonging to the longest common subsequence as the communication strut nodes of the structured P2P network.
Optionally, the path set determining unit 702 is further configured to:
and processing the shortest path set by adopting a Multiple Longest Common Subsequence (MLCS) algorithm to determine the longest common subsequence in the shortest path set.
Optionally, the method further includes:
a security node determining unit 703 is configured to determine a security node in the structured P2P network that meets a security rule, and send identity information of the communication support node to the security node, so that the security node returns node information of other nodes except the communication support node to any node in response to a node discovery request initiated by the any node and used to request to acquire all node information recorded in a node list maintained by the security node.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical blocks. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually manufacturing an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as ABEL (Advanced Boolean Expression Language), AHDL (alternate Hardware Description Language), traffic, CUPL (core universal Programming Language), HDCal, jhddl (Java Hardware Description Language), lava, lola, HDL, PALASM, rhyd (Hardware Description Language), and vhigh-Language (Hardware Description Language), which is currently used in most popular applications. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller in purely computer readable program code means, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a server system. Of course, the present invention does not exclude that as future computer technology develops, the computer implementing the functionality of the above described embodiments may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device or a combination of any of these devices.
Although one or more embodiments of the present description provide method operation steps as described in the embodiments or flowcharts, more or fewer operation steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or end product executes, it may execute sequentially or in parallel (e.g., parallel processors or multi-threaded environments, or even distributed data processing environments) according to the method shown in the embodiment or the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. For example, the use of the terms first, second, etc. are used to denote names, but not to denote any particular order.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, when implementing one or more of the present description, the functions of each module may be implemented in one or more software and/or hardware, or a module implementing the same function may be implemented by a combination of multiple sub-modules or sub-units, etc. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of logical functional division, and other divisions may be realized in practice, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage, graphene storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
As will be appreciated by one skilled in the art, one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the present specification can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
All the embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description of the specification, reference to the description of "one embodiment," "some embodiments," "an example," "a specific example," or "some examples" or the like means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
The above description is merely exemplary of one or more embodiments of the present disclosure and is not intended to limit the scope of one or more embodiments of the present disclosure. Various modifications and alterations to one or more embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present specification should be included in the scope of the claims.
Claims (19)
1. A method for preventing network attack is applied to a first node in a structured P2P network, a node list maintained by the first node is used for recording node information of at least one other node in the structured P2P network, and the node information of all nodes in the structured P2P network is used for determining the network structure of the structured P2P network, and the method comprises the following steps:
receiving a node discovery request initiated by a second node, wherein the node discovery request is used for requesting to acquire all node information recorded in the node list;
and returning the node information of part of other nodes recorded in the node list to the second node.
2. The method of claim 1, determining the portion of other nodes, comprising:
randomly selecting the part of other nodes from other nodes corresponding to the node list; or,
and determining at least one other node except the communication support node in each other node corresponding to the node list as the partial other node, wherein the number of the shortest paths to which the communication support node belongs is not less than a first number threshold, and the shortest path between any two nodes is a forwarding path with the least number of spaced nodes between the two nodes.
3. The method of claim 2, determining a communication leg node in the structured P2P network, comprising:
and determining the communication support column node according to the received identity information of the communication support column node.
4. The method of claim 2, determining a communication leg node in the structured P2P network, comprising:
acquiring node information of other nodes recorded in a node list respectively maintained by each node in the structured P2P network, and determining a network architecture of the structured P2P network according to a logical distance between different nodes contained in the acquired node information;
determining a shortest path set of the structured P2P network according to the network architecture, wherein the shortest path set comprises shortest paths between any two nodes in the structured P2P network;
determining a longest common subsequence based on the shortest path set, and determining nodes belonging to the longest common subsequence as communication strut nodes in the structured P2P network.
5. The method of claim 4, the determining a longest common subsequence based on the set of shortest paths, comprising:
and processing the shortest path set by adopting a multi-longest common subsequence MLCS algorithm to determine a longest common subsequence in the shortest path set.
6. The method of claim 1, further comprising:
and if the number of the historical node discovery requests initiated by the second node exceeds a second number threshold value within a preset time before the receiving time of the node discovery request, avoiding responding to the node discovery request.
7. The method of claim 1, further comprising: in response to a communication demand for the third node,
under the condition that the randomness of the path does not need to be increased, determining a next hop node from a shortest path between the first node and a third node, wherein the shortest path is a forwarding path with the least number of spaced nodes between the first node and the third node;
under the condition that the randomness of the path needs to be increased, determining a next hop node from other paths which are different from the shortest path between the first node and the third node;
and sending the communication message corresponding to the communication requirement to the next hop node.
8. The method of claim 7, wherein the node information of any other node recorded in the node list includes a node identification of the any other node and a logical distance between the first node and the any other node, and the determining a next-hop node between the first node and a third node includes:
calculating a target logic distance between the first node and the third node according to the node identifications of the first node and the third node;
and selecting the next hop node from other nodes with logical distances not equal to the target logical distance.
9. The method of claim 8, wherein said selecting the next hop node from other nodes having a logical distance not equal to the target logical distance comprises:
determining a history next hop node selected when history communication is carried out between the first node and the third node;
and selecting any other node different from the historical next hop node as the next hop node from other nodes with the logical distance not equal to the target logical distance.
10. The method of claim 1, the structured P2P network is a blockchain network.
11. The method of claim 1, wherein the structured P2P network is constructed based on a DHT.
12. The method of claim 11, the DHT being implemented by Kademlia algorithm, the node discovery request following a FindNode protocol.
13. A method for discovering a communication backbone node, wherein the communication backbone node is a node in a structured P2P network, and a node list maintained by each node in the structured P2P network is used for recording node information of at least one other node in the structured P2P network, the method comprising:
acquiring node information of other nodes recorded in a node list respectively maintained by each node in the structured P2P network, and determining a network architecture of the structured P2P network according to a logical distance between different nodes contained in the acquired node information;
determining a shortest path set of the structured P2P network according to the network architecture, wherein the shortest path set comprises shortest paths between any two nodes in the structured P2P network;
determining a longest common subsequence based on the shortest path set, and determining nodes belonging to the longest common subsequence as communication strut nodes of the structured P2P network.
14. The method of claim 13, the determining a longest common subsequence based on the set of shortest paths, comprising:
and processing the shortest path set by adopting a Multiple Longest Common Subsequence (MLCS) algorithm to determine the longest common subsequence in the shortest path set.
15. The method of claim 13, further comprising:
and determining the security nodes meeting the security rules in the structured P2P network, and sending the identity information of the communication support node to the security nodes, so that the security nodes respond to a node discovery request initiated by any node and used for requesting to acquire all node information recorded in a node list maintained by the security nodes, and return node information of other nodes except the communication support node to any node.
16. A device for preventing network attack is applied to a first node in a structured P2P network, a node list maintained by the first node is used for recording node information of at least one other node in the structured P2P network, and the node information of all nodes in the structured P2P network is used for determining the network structure of the structured P2P network, the device comprises:
a request receiving unit, configured to receive a node discovery request initiated by a second node, where the node discovery request is used to request to acquire all node information recorded in the node list;
and the information returning unit is used for returning the node information of part of other nodes recorded in the node list to the second node.
17. An apparatus for discovering a communication backbone node, the communication backbone node being a node in a structured P2P network, a node list respectively maintained by each node in the structured P2P network being used for recording node information of at least one other node in the structured P2P network, the apparatus comprising:
the information acquisition unit is used for acquiring node information of other nodes recorded in a node list maintained by each node in the structured P2P network respectively, and determining a network architecture of the structured P2P network according to the logic distance between different nodes contained in the acquired node information;
a path set determining unit, configured to determine a shortest path set of the structured P2P network according to the network architecture, where the shortest path set includes a shortest path between any two nodes in the structured P2P network;
and the node determining unit is used for determining the longest common subsequence based on the shortest path set and determining the nodes belonging to the longest common subsequence as the communication strut nodes of the structured P2P network.
18. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of any one of claims 1-15 by executing the executable instructions.
19. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method according to any one of claims 1-15.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410593773.9A CN118487812A (en) | 2022-07-29 | 2022-07-29 | Method, apparatus, electronic device and computer readable storage medium for discovering communication strut node and preventing network attack |
| CN202210908666.1A CN115277717B (en) | 2022-07-29 | 2022-07-29 | Method, apparatus, electronic device and computer readable storage medium for discovering communication strut node and preventing network attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210908666.1A CN115277717B (en) | 2022-07-29 | 2022-07-29 | Method, apparatus, electronic device and computer readable storage medium for discovering communication strut node and preventing network attack |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410593773.9A Division CN118487812A (en) | 2022-07-29 | 2022-07-29 | Method, apparatus, electronic device and computer readable storage medium for discovering communication strut node and preventing network attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115277717A true CN115277717A (en) | 2022-11-01 |
| CN115277717B CN115277717B (en) | 2024-05-31 |
Family
ID=83771487
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210908666.1A Active CN115277717B (en) | 2022-07-29 | 2022-07-29 | Method, apparatus, electronic device and computer readable storage medium for discovering communication strut node and preventing network attack |
| CN202410593773.9A Pending CN118487812A (en) | 2022-07-29 | 2022-07-29 | Method, apparatus, electronic device and computer readable storage medium for discovering communication strut node and preventing network attack |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410593773.9A Pending CN118487812A (en) | 2022-07-29 | 2022-07-29 | Method, apparatus, electronic device and computer readable storage medium for discovering communication strut node and preventing network attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN115277717B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102916928A (en) * | 2011-08-01 | 2013-02-06 | 航天信息股份有限公司 | Method for protecting safety of nodes in P2P (peer-to-peer) system |
| US20160227394A1 (en) * | 2015-02-03 | 2016-08-04 | Alcatel-Lucent Canada Inc. | Hiding Diameter Network Topology |
| CN108156114A (en) * | 2016-12-02 | 2018-06-12 | 全球能源互联网研究院有限公司 | The key node of power information physical system network attack map determines method and device |
| CN109921939A (en) * | 2019-03-18 | 2019-06-21 | 中电科大数据研究院有限公司 | The choosing method and system of key node in a kind of communication network |
| CN111355691A (en) * | 2018-12-24 | 2020-06-30 | 国网信息通信产业集团有限公司 | Method for pseudo hiding of key nodes with heterogeneous redundant interference |
| CN111478811A (en) * | 2020-04-07 | 2020-07-31 | 中国人民解放军国防科技大学 | Network key point analysis method based on double-layer information flow transmission |
-
2022
- 2022-07-29 CN CN202210908666.1A patent/CN115277717B/en active Active
- 2022-07-29 CN CN202410593773.9A patent/CN118487812A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102916928A (en) * | 2011-08-01 | 2013-02-06 | 航天信息股份有限公司 | Method for protecting safety of nodes in P2P (peer-to-peer) system |
| US20160227394A1 (en) * | 2015-02-03 | 2016-08-04 | Alcatel-Lucent Canada Inc. | Hiding Diameter Network Topology |
| CN108156114A (en) * | 2016-12-02 | 2018-06-12 | 全球能源互联网研究院有限公司 | The key node of power information physical system network attack map determines method and device |
| CN111355691A (en) * | 2018-12-24 | 2020-06-30 | 国网信息通信产业集团有限公司 | Method for pseudo hiding of key nodes with heterogeneous redundant interference |
| CN109921939A (en) * | 2019-03-18 | 2019-06-21 | 中电科大数据研究院有限公司 | The choosing method and system of key node in a kind of communication network |
| CN111478811A (en) * | 2020-04-07 | 2020-07-31 | 中国人民解放军国防科技大学 | Network key point analysis method based on double-layer information flow transmission |
Also Published As
| Publication number | Publication date |
|---|---|
| CN118487812A (en) | 2024-08-13 |
| CN115277717B (en) | 2024-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN115277540B (en) | Method, device, electronic equipment and computer readable storage medium for optimizing structured P2P network | |
| US20040098502A1 (en) | Method, apparatus, and system for expressway routing among peers | |
| CN109032803B (en) | Data processing method and device and client | |
| EP3779692B1 (en) | Blockchain data processing | |
| CN112039775B (en) | Method and system for realizing KAD network node fast routing | |
| Moeini et al. | Routing in IoT network for dynamic service discovery | |
| Hassanzadeh-Nazarabadi et al. | DHT-based edge and fog computing systems: infrastructures and applications | |
| US7475128B2 (en) | Information processing device, information processing method, and computer program | |
| CN114731297B (en) | Ad hoc network group for message restriction for computing device peer matching | |
| EP3939236B1 (en) | Node and cluster management on distributed self-governed ecosystem | |
| CN115277717B (en) | Method, apparatus, electronic device and computer readable storage medium for discovering communication strut node and preventing network attack | |
| CN115834578A (en) | Method and device for joining block chain network, electronic equipment and storage medium | |
| CN116319827A (en) | Message broadcasting method and device | |
| CN115514800A (en) | Equipment network connection method, device, electronic equipment, server and system | |
| CN115277022A (en) | Method and device for preventing network attack | |
| CN115567541B (en) | Block chain network, node set maintenance method and device | |
| CN115567542B (en) | Method and device for maintaining node set | |
| CN115550251B (en) | Block chain network, node set maintenance method and device | |
| CN112954074B (en) | Block chain network connection method and device | |
| JP4689541B2 (en) | Information search system, apparatus, method and program | |
| Antoine et al. | A generic API for load balancing in distributed systems for big data management | |
| Liu et al. | A centralized service discovery approach for agent-based cloud computing system | |
| Kapoor et al. | Survey of various search mechanisms in unstructured peer-to-peer networks | |
| WO2023124743A1 (en) | Block synchronization | |
| CN108599991B (en) | Method for searching key nodes influencing trust transfer in social Internet of things |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |