CN115348070B - Data packet processing method and device, electronic equipment and storage medium - Google Patents

Data packet processing method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN115348070B
CN115348070B CN202210955830.4A CN202210955830A CN115348070B CN 115348070 B CN115348070 B CN 115348070B CN 202210955830 A CN202210955830 A CN 202210955830A CN 115348070 B CN115348070 B CN 115348070B
Authority
CN
China
Prior art keywords
data packet
node
random number
credibility
seed random
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210955830.4A
Other languages
Chinese (zh)
Other versions
CN115348070A (en
Inventor
刘刚
韩静远
周毅
刘涛
陈健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202210955830.4A priority Critical patent/CN115348070B/en
Publication of CN115348070A publication Critical patent/CN115348070A/en
Application granted granted Critical
Publication of CN115348070B publication Critical patent/CN115348070B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/12Avoiding congestion; Recovering from congestion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/23Bit dropping
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The disclosure provides a data packet processing method, a data packet processing device, electronic equipment and a storage medium, and relates to the technical field of communication. The data packet processing method comprises the following steps: when a first data packet sent by a first node to a second node enters a network layer, a first credibility of the first node and a first seed random number generated randomly are obtained, the first data packet is received or discarded based on the first credibility of the first node and the first seed random number, the data packet sent by a malicious node is prevented from being received, and the problem of large-scale and long-time congestion of the network caused by flooding the data packet is solved.

Description

Data packet processing method and device, electronic equipment and storage medium
Technical Field
The disclosure relates to the field of communication technologies, and in particular, to a data packet processing method, a device, an electronic device and a storage medium.
Background
A Home Network (Home Network) is a Home informatization platform integrating a Home control Network and a multimedia information Network, and is a system for realizing interconnection and management of information equipment, communication equipment, entertainment equipment, home appliances, automation equipment, lighting equipment, monitoring devices, water, electricity, gas and heat meter equipment, home help seeking alarm and other equipment and sharing data and multimedia information in a Home range.
The safety and credibility of the edge home network relates to the economic property and life safety of users, the prior art comprises a home network management console which is strongly coupled with equipment vendors, and the intercommunication of heterogeneous manufacturer equipment is difficult to support, so that users need to repeatedly purchase different manufacturer management consoles and multi-home network intermixing. From the technical perspective analysis, the key of preventing heterogeneous manufacturer devices from interconnection and intercommunication in an edge home network is that the prior art lacks a network credible mechanism, namely, devices of different manufacturers are difficult to mutually trust, wherein one of the reasons is that devices of other manufacturers can maliciously flood data packets to cause potential network safety hazards.
Based on this, how to solve the network problem caused by maliciously flooding the data packet becomes a technical problem to be solved.
It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the present disclosure and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The disclosure provides a data packet processing method, a device, an electronic device and a storage medium, which at least overcome network problems caused by malicious flooding of data packets in related technologies to a certain extent.
Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure.
According to one aspect of the present disclosure, there is provided a data packet processing method, including: when a first data packet sent by a first node to a second node enters a network layer, acquiring first credibility of the first node and a randomly generated first seed random number; and receiving or discarding the first data packet based on the first credibility of the first node and the first seed random number.
In one embodiment of the present disclosure, receiving or discarding the first data packet based on the first trust of the first node and the first seed random number includes: comparing the first confidence level with the first seed random number; and receiving the first data packet under the condition that the first credibility is larger than or equal to the first seed random number.
In one embodiment of the present disclosure, receiving or discarding the first data packet based on the first trust of the first node and the first seed random number includes: comparing the first confidence level with the first seed random number; and discarding the first data packet under the condition that the first credibility is smaller than the first seed random number.
In one embodiment of the present disclosure, the method further comprises: under the condition of receiving the first data packet, determining the position of the first data packet in a data packet queue based on the first credibility of the first node and the credibility of each data packet corresponding node in the data packet queue; and inserting the first data packet into the data packet queue according to the position of the first data packet in the data packet queue.
In one embodiment of the present disclosure, when receiving the first data packet, determining, based on the first reliability of the first node and the reliability of each data packet corresponding node in the data packet queue, the position of the first data packet in the data packet queue includes: sequentially comparing the first credibility with the credibility of each data packet corresponding node in the data packet queue, and determining a second data packet and a third data packet from the data packet queue, wherein the second data packet is adjacent to the third data packet in the data packet queue, the credibility of the second data packet corresponding node is greater than the first credibility, and the credibility of the third data packet corresponding node is less than the first credibility; and determining the position between the second data packet and the third data packet as the position of the first data packet in the data packet queue.
In one embodiment of the present disclosure, the method further comprises: under the condition of receiving the first data packet, acquiring second credibility of the second node and a second seed random number generated randomly; forwarding the first data packet to a third node or discarding the first data packet based on the second confidence level of the second node and the second seed random number.
In one embodiment of the disclosure, forwarding the first data packet to a third node or discarding the first data packet based on the second trustworthiness of the second node and the second seed nonce includes: comparing the second confidence level with the second seed random number; and forwarding the first data packet to a third node under the condition that the second credibility is larger than or equal to the second seed random number.
In one embodiment of the disclosure, forwarding the first data packet to a third node or discarding the first data packet based on the second trustworthiness of the second node and the second seed nonce includes: comparing the second confidence level with the second seed random number; and discarding the first data packet under the condition that the second credibility is smaller than the second seed random number.
According to another aspect of the present disclosure, there is provided a packet processing apparatus including: the system comprises a reliability and random number acquisition module, a first seed random number generation module and a second seed random number generation module, wherein the reliability and random number acquisition module is used for acquiring a first reliability of a first node and a first seed random number generated randomly when a first data packet sent by the first node to a second node enters a network layer; and the data packet processing module is used for receiving or discarding the first data packet based on the first credibility of the first node and the first seed random number.
In an embodiment of the disclosure, the data packet processing module is further configured to compare the first confidence level with the first seed random number; and receiving the first data packet under the condition that the first credibility is larger than or equal to the first seed random number.
In an embodiment of the disclosure, the data packet processing module is further configured to compare the first confidence level with the first seed random number; and discarding the first data packet under the condition that the first credibility is smaller than the first seed random number.
In one embodiment of the disclosure, the apparatus further includes a location determining module, configured to, when receiving the first data packet, determine a location of the first data packet in the data packet queue based on a first reliability of the first node and a reliability of a corresponding node of each data packet in the data packet queue; the device further comprises a data packet inserting module, wherein the data packet inserting module is used for inserting the first data packet into the data packet queue according to the position of the first data packet in the data packet queue.
In an embodiment of the present disclosure, the location determining module is further configured to sequentially compare a first reliability with a reliability of each packet corresponding node in the packet queue, determine a second packet and a third packet from the packet queue, where the second packet is adjacent to the third packet in the packet queue, the reliability of the second packet corresponding node is greater than the first reliability, and the reliability of the third packet corresponding node is less than the first reliability; and determining the position between the second data packet and the third data packet as the position of the first data packet in the data packet queue.
In an embodiment of the present disclosure, the above-mentioned reliability and random number obtaining module is further configured to obtain, when receiving the first data packet, a second reliability of the second node and a second seed random number that is randomly generated; the data packet processing module is further configured to forward the first data packet to a third node or discard the first data packet based on the second reliability of the second node and the second seed random number.
In an embodiment of the disclosure, the data packet processing module is further configured to compare the second confidence level with the second seed random number; and forwarding the first data packet to a third node under the condition that the second credibility is larger than or equal to the second seed random number.
In an embodiment of the disclosure, the data packet processing module is further configured to compare the second confidence level with the second seed random number; and discarding the first data packet under the condition that the second credibility is smaller than the second seed random number.
According to still another aspect of the present disclosure, there is provided an electronic apparatus including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the packet processing method described above via execution of the executable instructions.
According to yet another aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the above-described packet processing method.
The embodiment of the disclosure provides a data packet processing method, a device, an electronic device and a storage medium, wherein the data packet processing method comprises the following steps: when a first data packet sent by a first node to a second node enters a network layer, a first credibility of the first node and a first seed random number generated randomly are obtained, the first data packet is received or discarded based on the first credibility of the first node and the first seed random number, the data packet sent by a malicious node is prevented from being received, and the problem of large-scale and long-time congestion of the network caused by flooding the data packet is solved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure. It will be apparent to those of ordinary skill in the art that the drawings in the following description are merely examples of the disclosure and that other drawings may be derived from them without undue effort.
FIG. 1 is a schematic diagram of a packet processing system according to an embodiment of the present disclosure;
FIG. 2 is a flow chart of a method for processing a data packet according to an embodiment of the disclosure;
FIG. 3 is a schematic diagram of a method for processing a data packet according to an embodiment of the disclosure;
FIG. 4 is a schematic diagram of another method for processing data packets according to an embodiment of the disclosure;
FIG. 5 is a flow chart illustrating another method of packet processing in an embodiment of the present disclosure;
FIG. 6 is a schematic diagram of another method for processing data packets according to an embodiment of the disclosure;
FIG. 7 is a schematic diagram of another method for processing data packets according to an embodiment of the disclosure;
FIG. 8 is a flow chart illustrating another method of packet processing in an embodiment of the present disclosure;
FIG. 9 is a schematic diagram of another packet processing method according to an embodiment of the disclosure;
FIG. 10 is a schematic diagram of another method for processing data packets according to an embodiment of the disclosure;
FIG. 11 is a schematic diagram of a packet processing device according to an embodiment of the disclosure; and
fig. 12 shows a block diagram of an electronic device in an embodiment of the disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in software or in one or more hardware modules or integrated circuits or in different networks and/or processor devices and/or microcontroller devices.
As mentioned in the foregoing background, the current edge home network technology includes a home network management console that is strongly coupled to the vendor, and it is difficult to support trusted interworking of heterogeneous vendor devices. One of the reasons is that devices of other vendors may maliciously flood data packets, causing network security risks.
The decentralised trusted communication network realizes the co-treatment of network management by each node by constructing a network node credibility system model, and achieves the credible interconnection and intercommunication effect of heterogeneous manufacturer equipment. However, how to receive/transmit the data packet based on the node reliability achieves the effects that the source node of the malicious flooding data packet is difficult to transmit and the destination node is difficult to receive, and related patents are not mentioned at present.
The embodiment of the disclosure provides a data packet processing method, a device, electronic equipment and a storage medium, which can control the data packet of a node to be received or transmitted according to the reliability of the node, avoid a malicious node to transmit the data packet or receive the data packet from the malicious node, and solve the problem of large-scale and long-time congestion of a network caused by flooding the data packet.
Fig. 1 shows a schematic diagram of an exemplary system architecture to which the packet processing method or apparatus of embodiments of the present disclosure may be applied.
As shown in fig. 1, the system may include a packet parsing module 110, an ingress operation module 120, a queue management module 130, an egress operation module 140, and a packet reverse parsing module 150.
The packet parsing module 110 is configured to parse the packet bitstream into corresponding protocol fields according to a certain logic sequence, for example, parse the packet according to a protocol sequence of ethernet→ipv4→tcp, where the protocols include, but are not limited to, IPv4 (Internet Protocol version, internet protocol version 4) protocol, IPv6 (Internet Protocol Version, internet protocol version 6) protocol, and NDN (Named Data Networking ) protocol.
The ingress operation module 120 is configured to dynamically forward/discard the data packet according to the reliability of the node corresponding to the source address of the data packet, so as to achieve the effect that the destination node of the malicious flooding data packet receives the difficult data packet. Specifically, the input end operation module randomly generates seed numbers, compares and screens the seed numbers with the credibility of the data packet source node, and dynamically forwards/discards the data packet according to the comparison result. Because the reliability of the malicious flooding nodes is low, the malicious flooding data packets are difficult to pass through the contrast screening of the input end operation module, namely difficult to be received by the sink nodes, and further the large-scale long-time congestion of the network caused by the malicious flooding data packets is avoided.
The queue management module 130 is configured to sort the data packets according to the reliability value of the node corresponding to the source address of the data packet, so as to achieve the effect of low processing priority of the intermediate node of the malicious flooding data packet. Specifically, the queue management module performs bubble ordering on the data packets according to the reliability of the data packet source node, the data packets with large reliability values are scheduled to the head of the queue buff, and conversely, the data packets with small reliability values are scheduled to the tail of the queue buff. And when the data packets are dequeued, the data packets are processed according to the scheduled sequence, so that the data packets with large credibility values have high processing priority and the data packets with small credibility values have low processing priority. Because the reliability of the malicious flooding nodes is smaller, the effect of low processing priority of the intermediate nodes of the malicious flooding data packets can be achieved.
The output operation module 140 is configured to dynamically forward/discard the data packet according to the reliability of the current node, so as to achieve the effect that the source node of the malicious flooding data packet is difficult to send. Specifically, the output end operation module randomly generates seed numbers, compares and screens the seed numbers with the credibility of the current node, and dynamically forwards/discards the data packet according to the comparison result. Because the reliability of the malicious flooding node is smaller, the data packet sent by the malicious node is difficult to pass through the contrast screening of the output end operation module, namely the source node is difficult to send the malicious flooding data packet, and further the large-scale long-time congestion of the network caused by the malicious flooding data packet is avoided.
The packet reverse parsing module 150 is configured to translate the serialized packet protocol fields into a binary bit stream and forward the binary bit stream from the corresponding network interface.
The present exemplary embodiment will be described in detail below with reference to the accompanying drawings and examples.
First, in the embodiments of the present disclosure, a method for processing a data packet is provided, where the method may be applied to a second node, or may be executed by any electronic device having computing processing capability.
Fig. 2 shows a flowchart of a data packet processing method in an embodiment of the disclosure, and as shown in fig. 2, the data packet processing method provided in the embodiment of the disclosure includes the following steps:
s202, when a first data packet sent by a first node to a second node enters a network layer, acquiring first credibility of the first node and a randomly generated first seed random number;
it should be noted that the first node or the second node may be a physical network node, such as a data circuit termination device or a data terminal device, or may be a modem, a hub, a bridge, a switch, a terminal device, a printer, a router, a server, a host, or the like; the first credibility is an evaluation value of trust of all nodes in the network to which the first node belongs to the first node, and the first credibility of the first node can be obtained by a credibility calculation model; the first seed random number, namely the random seed, is a random number taking a random number as an object and taking a true random number (seed) as an initial condition, and can take a true random number (seed) as an initial condition, and then the seed random number is generated by a certain algorithm in a continuous iteration mode.
S204, receiving or discarding the first data packet based on the first credibility of the first node and the first seed random number.
It should be noted that, the first packet may be determined to be received or discarded by comparing the first confidence level with the first seed random number.
According to the data packet processing method provided by the embodiment of the disclosure, when a first data packet sent by a first node to a second node enters a network layer, a first credibility of the first node and a randomly generated first seed random number are obtained, the first data packet is received or discarded based on the first credibility of the first node and the first seed random number, the data packet sent by a malicious node is prevented from being received, and the problem of large-scale and long-time congestion of a network caused by flooding the data packet is solved.
In one embodiment of the present disclosure, receiving or discarding a first data packet based on a first trust of a first node and a first seed random number includes:
comparing the first confidence level with the first seed random number;
and receiving the first data packet under the condition that the first credibility is larger than or equal to the first seed random number.
In an embodiment of the present disclosure, referring to a schematic diagram of a data packet processing method shown in fig. 3, when the first reliability of the first node is 0.5 and the first seed random number generated randomly is 0.3, the first data packet sent by the first node is received at this time because the first reliability is greater than the first seed random number.
In one embodiment of the present disclosure, receiving or discarding a first data packet based on a first trust of a first node and a first seed random number includes:
comparing the first confidence level with the first seed random number;
and discarding the first data packet under the condition that the first credibility is smaller than the first seed random number.
In an embodiment of the present disclosure, referring to another schematic diagram of a packet processing method shown in fig. 4, in the case that the first reliability of the first node is 0.5 and the first seed random number generated randomly is 0.6, the first packet from the first node is rejected and the first packet sent by the first node is discarded because the first reliability is smaller than the first seed random number.
In one embodiment of the present disclosure, referring to another flowchart of a packet processing method shown in fig. 5, the method further includes:
s502, under the condition of receiving a first data packet, determining the position of the first data packet in a data packet queue based on the first credibility of the first node and the credibility of each data packet corresponding node in the data packet queue;
s504, inserting the first data packet into the data packet queue according to the position of the first data packet in the data packet queue.
According to the data packet processing method provided by the embodiment of the disclosure, the position of the data packet in the data packet queue can be dynamically adjusted according to the credibility of the corresponding node of the data packet, so that the higher the data packet processing priority of the higher the credibility value is, the lower the data packet processing priority of the lower the credibility value is.
In one embodiment of the present disclosure, in a case of receiving a first data packet, determining a position of the first data packet in a data packet queue based on a first reliability of the first node and a reliability of a corresponding node of each data packet in the data packet queue includes:
sequentially comparing the first credibility with the credibility of each data packet corresponding node in the data packet queue, and determining a second data packet and a third data packet from the data packet queue, wherein the second data packet and the third data packet are adjacent in the data packet queue, the credibility of the second data packet corresponding node is greater than the first credibility, and the credibility of the third data packet corresponding node is less than the first credibility;
and determining the position between the second data packet and the third data packet as the position of the first data packet in the data packet queue.
In an embodiment of the present disclosure, referring to another schematic diagram of a packet processing method shown in fig. 6, when the first reliability of the first node is 0.7, the reliability of the corresponding node of the packet in the packet queue and the first reliability may be compared in sequence from the end of the packet queue, as shown in fig. 6, where the reliability of the corresponding node of the last packet in the packet queue is 0.8, and the position of the first packet is determined to be the end of the packet queue because the first reliability is less than the reliability of the corresponding node of the last packet.
In an embodiment of the present disclosure, referring to another schematic data packet processing method shown in fig. 7, when the reliability of the first node is 0.8, the last first data packet of the data packet queue is obtained from the tail end of the data packet queue, if the reliability of the corresponding node of the last first data packet is 0.6, the last second data packet of the data packet queue is continuously obtained because the reliability of the first node is greater than the reliability of the corresponding node of the data packet, if the reliability of the corresponding node of the last second data packet is 0.9, and because the reliability of the first node is less than the reliability of the corresponding node of the last second data packet, the position of the first data packet is determined to be before the last first data packet of the data packet queue, and after the last second data packet of the data packet queue, that is, the position of the first determined data packet is intermediate between the last first data packet and the last second data packet of the data packet queue.
In one embodiment of the present disclosure, referring to another flowchart of a packet processing method shown in fig. 8, the method further includes:
s802, under the condition of receiving the first data packet, acquiring second credibility of a second node and a randomly generated second seed random number;
S804, forwarding the first data packet to the third node or discarding the first data packet based on the second credibility of the second node and the second seed random number.
It should be noted that, the second reliability is an evaluation value of trust of all nodes in the network to which the second node belongs to the second node, and the second reliability of the second node can be obtained by the reliability calculation model.
According to the data packet processing method provided by the embodiment of the disclosure, the node can be controlled to send the data packet according to the reliability of the sending end node, namely, when the reliability of the node meets the condition, the node is allowed to send the data packet, and when the reliability of the node does not meet the condition, the node is not allowed to send the data packet, so that the malicious node is difficult to send out the flooding data packet, and the network is prevented from being congested in a large scale for a long time.
In one embodiment of the present disclosure, forwarding the first data packet to the third node, or discarding the first data packet, based on the second confidence level of the second node and the second seed random number, includes:
comparing the second confidence level with the second seed random number;
and forwarding the first data packet to a third node under the condition that the second credibility is larger than or equal to the second seed random number.
In an embodiment of the present disclosure, referring to another schematic diagram of a packet processing method shown in fig. 9, when the second reliability of the second node is 0.8 and the randomly generated second seed random number is 0.4, the second node is granted to forward the request of the first packet to the third node because the second reliability is greater than the second seed random number.
In one embodiment of the present disclosure, forwarding the first data packet to the third node, or discarding the first data packet, based on the second confidence level of the second node and the second seed random number, includes:
comparing the second confidence level with the second seed random number;
and discarding the first data packet under the condition that the second credibility is smaller than the second seed random number.
In an embodiment of the present disclosure, referring to another schematic diagram of a packet processing method shown in fig. 10, when the second reliability of the second node is 0.1 and the randomly generated second seed random number is 0.2, the second node is rejected to send the request of the first packet and the first packet is discarded because the second reliability is smaller than the second seed random number.
Based on the same inventive concept, the embodiments of the present disclosure also provide a data packet processing device, as follows. Since the principle of solving the problem of the embodiment of the device is similar to that of the embodiment of the method, the implementation of the embodiment of the device can be referred to the implementation of the embodiment of the method, and the repetition is omitted.
Fig. 11 is a schematic diagram of a packet processing device according to an embodiment of the disclosure, where the device, as shown in fig. 11, may be applied to a second node side, and the device includes:
a reliability and random number obtaining module 1110, configured to obtain, when a first data packet sent by a first node to a second node enters a network layer, a first reliability of the first node and a first seed random number that is randomly generated;
the packet processing module 1120 is configured to receive or discard the first packet based on the first reliability of the first node and the first seed random number.
In an embodiment of the disclosure, the packet processing module 1120 is further configured to compare the first confidence level with a first seed random number; and receiving the first data packet under the condition that the first credibility is larger than or equal to the first seed random number.
In an embodiment of the disclosure, the packet processing module 1120 is further configured to compare the first confidence level with a first seed random number; and discarding the first data packet under the condition that the first credibility is smaller than the first seed random number.
In one embodiment of the disclosure, the apparatus further includes a location determining module, where the location determining module is configured to determine, when the first data packet is received, a location of the first data packet in the data packet queue based on a first reliability of the first node and a reliability of a corresponding node of each data packet in the data packet queue; the device further comprises a data packet inserting module, wherein the data packet inserting module is used for inserting the first data packet into the data packet queue according to the position of the first data packet in the data packet queue.
In an embodiment of the present disclosure, the location determining module is further configured to sequentially compare the first reliability with the reliability of each packet corresponding node in the packet queue, determine a second packet and a third packet from the packet queue, where the second packet is adjacent to the third packet in the packet queue, the reliability of the second packet corresponding node is greater than the first reliability, and the reliability of the third packet corresponding node is less than the first reliability; and determining the position between the second data packet and the third data packet as the position of the first data packet in the data packet queue.
In one embodiment of the present disclosure, the above-mentioned reliability and random number obtaining module 1110 is further configured to obtain, when receiving the first data packet, a second reliability of the second node and a second seed random number that is randomly generated; the data packet processing module is further configured to forward the first data packet to a third node or discard the first data packet based on the second reliability of the second node and the second seed random number.
In an embodiment of the disclosure, the packet processing module 1120 is further configured to compare the second confidence level with a second seed random number; and forwarding the first data packet to a third node under the condition that the second credibility is larger than or equal to the second seed random number.
In an embodiment of the disclosure, the packet processing module 1120 is further configured to compare the second confidence level with a second seed random number; and discarding the first data packet under the condition that the second credibility is smaller than the second seed random number.
Those skilled in the art will appreciate that the various aspects of the present disclosure may be implemented as a system, method, or program product. Accordingly, various aspects of the disclosure may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.
An electronic device 1200 according to such an embodiment of the present disclosure is described below with reference to fig. 12. The electronic device 1200 shown in fig. 12 is merely an example, and should not be construed as limiting the functionality and scope of use of the disclosed embodiments.
As shown in fig. 12, the electronic device 1200 is in the form of a general purpose computing device. Components of electronic device 1200 may include, but are not limited to: the at least one processing unit 1210, the at least one memory unit 1220, and a bus 1230 connecting the different system components (including the memory unit 1220 and the processing unit 1210).
Wherein the storage unit stores program code that is executable by the processing unit 1210 such that the processing unit 1210 performs steps according to various exemplary embodiments of the present disclosure described in the above-described "exemplary methods" section of the present specification. For example, the processing unit 1210 may perform the following steps of the method embodiment described above: when a first data packet sent by a first node to a second node enters a network layer, acquiring first credibility of the first node and a first seed random number generated randomly; the first data packet is received or discarded based on the first trustworthiness of the first node and the first seed random number.
In some embodiments, in the electronic device provided in the embodiments of the present disclosure, the processing unit 1210 is further configured to: comparing the first confidence level with the first seed random number; and receiving the first data packet under the condition that the first credibility is larger than or equal to the first seed random number.
In some embodiments, in the electronic device provided in the embodiments of the present disclosure, the processing unit 1210 is further configured to: comparing the first confidence level with the first seed random number; and discarding the first data packet under the condition that the first credibility is smaller than the first seed random number.
In some embodiments, in the electronic device provided in the embodiments of the present disclosure, the processing unit 1210 is further configured to: under the condition of receiving the first data packet, determining the position of the first data packet in the data packet queue based on the first credibility of the first node and the credibility of the corresponding node of each data packet in the data packet queue; and inserting the first data packet into the data packet queue according to the position of the first data packet in the data packet queue.
In some embodiments, in the electronic device provided in the embodiments of the present disclosure, the processing unit 1210 is further configured to: sequentially comparing the first credibility with the credibility of each data packet corresponding node in the data packet queue, and determining a second data packet and a third data packet from the data packet queue, wherein the second data packet and the third data packet are adjacent in the data packet queue, the credibility of the second data packet corresponding node is greater than the first credibility, and the credibility of the third data packet corresponding node is less than the first credibility; and determining the position between the second data packet and the third data packet as the position of the first data packet in the data packet queue.
In some embodiments, in the electronic device provided in the embodiments of the present disclosure, the processing unit 1210 is further configured to: under the condition of receiving the first data packet, acquiring second credibility of a second node and a randomly generated second seed random number; forwarding the first data packet to a third node or discarding the first data packet based on the second confidence level of the second node and the second seed random number.
In some embodiments, in the electronic device provided in the embodiments of the present disclosure, the processing unit 1210 is further configured to: comparing the second confidence level with the second seed random number; and forwarding the first data packet to a third node under the condition that the second credibility is larger than or equal to the second seed random number.
In some embodiments, in the electronic device provided in the embodiments of the present disclosure, the processing unit 1210 is further configured to: comparing the second confidence level with the second seed random number; and discarding the first data packet under the condition that the second credibility is smaller than the second seed random number.
The storage unit 1220 may include a readable medium in the form of a volatile storage unit, such as a Random Access Memory (RAM) 12201 and/or a cache memory 12202, and may further include a Read Only Memory (ROM) 12203.
Storage unit 1220 may also include a program/utility 12204 having a set (at least one) of program modules 12205, such program modules 12205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 1230 may be a local bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or using any of a variety of bus architectures.
The electronic device 1200 may also communicate with one or more external devices 1240 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a user to interact with the electronic device 1200, and/or any devices (e.g., routers, modems, etc.) that enable the electronic device 1200 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 1250. Also, the electronic device 1200 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the internet through the network adapter 1260. As shown, the network adapter 1260 communicates with other modules of the electronic device 1200 over bus 1230. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 1200, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a terminal device, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, a computer-readable storage medium, which may be a readable signal medium or a readable storage medium, is also provided. On which a program product is stored which enables the implementation of the method described above of the present disclosure. In some possible implementations, various aspects of the disclosure may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the disclosure as described in the "exemplary methods" section of this specification, when the program product is run on the terminal device. For example, when a computer program stored on a computer readable storage medium in an embodiment of the present disclosure is executed by a processor, the following steps of the following method may be implemented: when a first data packet sent by a first node to a second node enters a network layer, acquiring first credibility of the first node and a first seed random number generated randomly; the first data packet is received or discarded based on the first trustworthiness of the first node and the first seed random number.
In some embodiments, the computer program stored on the computer readable storage medium in the embodiments of the present disclosure may further implement the following steps of: comparing the first confidence level with the first seed random number; and receiving the first data packet under the condition that the first credibility is larger than or equal to the first seed random number.
In some embodiments, the computer program stored on the computer readable storage medium in the embodiments of the present disclosure may further implement the following steps of: comparing the first confidence level with the first seed random number; and discarding the first data packet under the condition that the first credibility is smaller than the first seed random number.
In some embodiments, the computer program stored on the computer readable storage medium in the embodiments of the present disclosure may further implement the following steps of: under the condition of receiving the first data packet, determining the position of the first data packet in the data packet queue based on the first credibility of the first node and the credibility of the corresponding node of each data packet in the data packet queue; and inserting the first data packet into the data packet queue according to the position of the first data packet in the data packet queue.
In some embodiments, the computer program stored on the computer readable storage medium in the embodiments of the present disclosure may further implement the following steps of: sequentially comparing the first credibility with the credibility of each data packet corresponding node in the data packet queue, and determining a second data packet and a third data packet from the data packet queue, wherein the second data packet and the third data packet are adjacent in the data packet queue, the credibility of the second data packet corresponding node is greater than the first credibility, and the credibility of the third data packet corresponding node is less than the first credibility; and determining the position between the second data packet and the third data packet as the position of the first data packet in the data packet queue.
In some embodiments, the computer program stored on the computer readable storage medium in the embodiments of the present disclosure may further implement the following steps of: under the condition of receiving the first data packet, acquiring second credibility of a second node and a randomly generated second seed random number; forwarding the first data packet to a third node or discarding the first data packet based on the second confidence level of the second node and the second seed random number.
In some embodiments, the computer program stored on the computer readable storage medium in the embodiments of the present disclosure may further implement the following steps of: comparing the second confidence level with the second seed random number; and forwarding the first data packet to a third node under the condition that the second credibility is larger than or equal to the second seed random number.
In some embodiments, the computer program stored on the computer readable storage medium in the embodiments of the present disclosure may further implement the following steps of: comparing the second confidence level with the second seed random number; and discarding the first data packet under the condition that the second credibility is smaller than the second seed random number.
More specific examples of the computer readable storage medium in the present disclosure may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
In this disclosure, a computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Alternatively, the program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
In particular implementations, the program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
Furthermore, although the steps of the methods in the present disclosure are depicted in a particular order in the drawings, this does not require or imply that the steps must be performed in that particular order or that all illustrated steps be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc.
From the description of the above embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any adaptations, uses, or adaptations of the disclosure following the general principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

Claims (11)

1. A method for processing a data packet, applied to a second node, comprising:
when a first data packet sent by a first node to the second node enters a network layer, acquiring first credibility of the first node and a randomly generated first seed random number;
and receiving or discarding the first data packet based on the first credibility of the first node and the first seed random number.
2. The method of claim 1, wherein receiving or discarding the first data packet based on the first confidence level of the first node and the first seed random number comprises:
comparing the first confidence level with the first seed random number;
and receiving the first data packet under the condition that the first credibility is larger than or equal to the first seed random number.
3. The method of claim 1, wherein receiving or discarding the first data packet based on the first confidence level of the first node and the first seed random number comprises:
comparing the first confidence level with the first seed random number;
and discarding the first data packet under the condition that the first credibility is smaller than the first seed random number.
4. The method of packet processing according to claim 1, further comprising:
under the condition of receiving the first data packet, determining the position of the first data packet in a data packet queue based on the first credibility of the first node and the credibility of each data packet corresponding node in the data packet queue;
and inserting the first data packet into the data packet queue according to the position of the first data packet in the data packet queue.
5. The method according to claim 4, wherein, in the case of receiving the first data packet, determining the position of the first data packet in the data packet queue based on the first reliability of the first node and the reliability of each data packet corresponding node in the data packet queue, includes:
sequentially comparing the first credibility with the credibility of each data packet corresponding node in the data packet queue, and determining a second data packet and a third data packet from the data packet queue, wherein the second data packet is adjacent to the third data packet in the data packet queue, the credibility of the second data packet corresponding node is greater than the first credibility, and the credibility of the third data packet corresponding node is less than the first credibility;
And determining the position between the second data packet and the third data packet as the position of the first data packet in the data packet queue.
6. The method of packet processing according to claim 1, further comprising:
under the condition of receiving the first data packet, acquiring second credibility of the second node and a second seed random number generated randomly;
forwarding the first data packet to a third node or discarding the first data packet based on the second confidence level of the second node and the second seed random number.
7. The method of claim 6, wherein forwarding the first data packet to a third node or discarding the first data packet based on the second confidence level of the second node and the second seed random number comprises:
comparing the second confidence level with the second seed random number;
and forwarding the first data packet to a third node under the condition that the second credibility is larger than or equal to the second seed random number.
8. The method of claim 6, wherein forwarding the first data packet to a third node or discarding the first data packet based on the second confidence level of the second node and the second seed random number comprises:
Comparing the second confidence level with the second seed random number;
and discarding the first data packet under the condition that the second credibility is smaller than the second seed random number.
9. A packet processing device, applied to a second node side, comprising:
the system comprises a reliability and random number acquisition module, a first seed random number generation module and a second seed random number generation module, wherein the reliability and random number acquisition module is used for acquiring a first reliability of a first node and a first seed random number generated randomly when a first data packet sent by the first node to a second node enters a network layer;
and the data packet processing module is used for receiving or discarding the first data packet based on the first credibility of the first node and the first seed random number.
10. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the packet processing method of any one of claims 1 to 8 via execution of the executable instructions.
11. A computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the method of data packet processing according to any of claims 1 to 8.
CN202210955830.4A 2022-08-10 2022-08-10 Data packet processing method and device, electronic equipment and storage medium Active CN115348070B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210955830.4A CN115348070B (en) 2022-08-10 2022-08-10 Data packet processing method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210955830.4A CN115348070B (en) 2022-08-10 2022-08-10 Data packet processing method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115348070A CN115348070A (en) 2022-11-15
CN115348070B true CN115348070B (en) 2024-01-30

Family

ID=83952493

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210955830.4A Active CN115348070B (en) 2022-08-10 2022-08-10 Data packet processing method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115348070B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008117012A1 (en) * 2007-03-28 2008-10-02 British Telecommunications Public Limited Company Identifying abnormal network traffic
CN101741842A (en) * 2009-12-07 2010-06-16 北京交通大学 Method for realizing dependable SSH based on dependable computing
CN104539601A (en) * 2014-12-19 2015-04-22 北京航空航天大学 Reliability analysis method and system for dynamic network attack process
CN106845281A (en) * 2016-12-22 2017-06-13 华南师范大学 A kind of dynamic credible measure of use nonce mechanism

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8286244B2 (en) * 2007-01-19 2012-10-09 Hewlett-Packard Development Company, L.P. Method and system for protecting a computer network against packet floods

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008117012A1 (en) * 2007-03-28 2008-10-02 British Telecommunications Public Limited Company Identifying abnormal network traffic
CN101741842A (en) * 2009-12-07 2010-06-16 北京交通大学 Method for realizing dependable SSH based on dependable computing
CN104539601A (en) * 2014-12-19 2015-04-22 北京航空航天大学 Reliability analysis method and system for dynamic network attack process
CN106845281A (en) * 2016-12-22 2017-06-13 华南师范大学 A kind of dynamic credible measure of use nonce mechanism

Also Published As

Publication number Publication date
CN115348070A (en) 2022-11-15

Similar Documents

Publication Publication Date Title
US10901470B2 (en) Power distribution unit self-identification
US8953479B2 (en) System and method for license enforcement for data center monitoring applications
US9787591B2 (en) Autonomic ingress traffic load balancing in link aggregation groups by modification of switch routing
US20120051236A1 (en) Mechanisms for Discovering Path Maximum Transmission Unit
CN107800626B (en) Data message processing method, device and equipment
CN112737871B (en) Link fault detection method and device, computer equipment and storage medium
US7430495B1 (en) Method and apparatus for representing, managing, analyzing and problem reporting in home networks
CN114828140B (en) Service flow message forwarding method and device, storage medium and electronic equipment
CN114629816B (en) Public network IP network state detection method and system
CN115348070B (en) Data packet processing method and device, electronic equipment and storage medium
US8423827B2 (en) Topology based correlation of threshold crossing alarms
CN111988221B (en) Data transmission method, data transmission device, storage medium and electronic equipment
CN116530067A (en) Edge computing data and service discovery using interior gateway protocol (interior gateway protocol, IGP)
CN114978632B (en) Message transmission detection method, device, equipment and medium
CN115348072B (en) Node credibility calculation method and device, electronic equipment and storage medium
CN115250254B (en) Netflow message distribution processing method and device
CN116887443A (en) Personal networking communication method, device, equipment and storage medium
US20230236795A1 (en) Data processing method implemented at edge switch, electronic device, and program product
CN108650267B (en) Block chain data transmission method, device, equipment and storage medium
US9917742B1 (en) Hardware connection management
CN116056144A (en) Scheduling method, device, equipment and storage medium
CN117040868A (en) Traffic processing method and system based on real-time strategy
CN117640189A (en) Access method, device, equipment and storage medium
CN116016317A (en) Network equipment layout method, device, equipment and storage medium
CN116059644A (en) Game data processing method and device, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant