CN117295071A - Mobile node security management method and system for IPV6 network - Google Patents

Mobile node security management method and system for IPV6 network Download PDF

Info

Publication number
CN117295071A
CN117295071A CN202311579293.9A CN202311579293A CN117295071A CN 117295071 A CN117295071 A CN 117295071A CN 202311579293 A CN202311579293 A CN 202311579293A CN 117295071 A CN117295071 A CN 117295071A
Authority
CN
China
Prior art keywords
communication
mobile
transmission
indexes
probability
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202311579293.9A
Other languages
Chinese (zh)
Other versions
CN117295071B (en
Inventor
于乐
白瑞双
赵锦阳
石战
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yixun Technology Co ltd
Original Assignee
Yixun Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yixun Technology Co ltd filed Critical Yixun Technology Co ltd
Priority to CN202311579293.9A priority Critical patent/CN117295071B/en
Publication of CN117295071A publication Critical patent/CN117295071A/en
Application granted granted Critical
Publication of CN117295071B publication Critical patent/CN117295071B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/659Internet protocol version 6 [IPv6] addresses
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a mobile node security management method and a system for an IPV6 network, which relate to the technical field of data processing, and the method comprises the following steps: acquiring a home address and a mobile address of a first mobile node in a target IPV6 network; establishing a moving channel; outputting a communication quality degradation rate after the first mobile node is represented to move; identifying historical communication transmission data samples to generate a first communication sample group; calculating communication anomaly probability according to the communication quality degradation rate and the first communication sample group, and outputting first anomaly probability; when the first anomaly probability is larger than the preset anomaly probability, generating first reminding information, wherein the first reminding information is used for reminding that the communication safety degree of the mobile address does not meet the preset safety degree. The invention solves the technical problems of low reliability of safety analysis and low management efficiency of the mobile node in the transmission process in the prior art, and achieves the technical effects of improving the safety management quality of the mobile node and improving the management reliability.

Description

Mobile node security management method and system for IPV6 network
Technical Field
The invention relates to the technical field of data processing, in particular to a mobile node security management method and system for an IPV6 network.
Background
With the improvement of life quality, people have higher requirements on the efficiency and safety of data transmission of equipment. When the physical location of a mobile node in an IPV6 network changes, the corresponding IP address will also change accordingly, and the links, communications stored at the previous address will drop. Because the address changes, the safety in the data transmission process can not be ensured, and the phenomena such as data loss and the like are caused. The mobile node in the prior art has the technical problems of low reliability of safety analysis and low management efficiency in the transmission process.
Disclosure of Invention
The application provides a mobile node safety management method and system for an IPV6 network, which are used for solving the technical problems of low safety analysis reliability and low management efficiency of a mobile node in the transmission process in the prior art.
In view of the foregoing, the present application provides a mobile node security management method and system for an IPV6 network.
In a first aspect of the present application, there is provided a mobile node security management method for an IPV6 network, the method comprising:
acquiring a home address and a mobile address of a first mobile node in a target IPV6 network;
establishing a mobile channel according to routing equipment between the home address and the mobile address, wherein the mobile channel at least comprises one routing equipment;
carrying out route security identification according to the route equipment on the mobile channel;
the route security identification according to the route equipment on the mobile channel comprises the following steps:
acquiring a plurality of communication indexes after movement and comparing the communication indexes with a plurality of communication indexes before movement, and outputting a communication quality degradation rate after movement of the first mobile node;
collecting historical communication transmission data samples of the first mobile node, identifying the historical communication transmission data samples, and generating a first communication sample group;
calculating communication anomaly probability according to the communication quality degradation rate and the first communication sample group, and outputting first anomaly probability;
when the first anomaly probability is larger than the preset anomaly probability, generating first reminding information, wherein the first reminding information is used for reminding that the communication safety degree of the mobile address does not meet the preset safety degree.
In a second aspect of the present application, there is provided a mobile node security management system for an IPV6 network, the system comprising:
the address acquisition module is used for acquiring a home address and a mobile address of a first mobile node in the target IPV6 network;
the mobile channel establishment module is used for establishing a mobile channel according to the routing equipment between the home address and the mobile address, wherein the mobile channel at least comprises one routing equipment;
the descending rate output module is used for carrying out route safety identification according to the route equipment on the mobile channel and comprises the following components: acquiring a plurality of communication indexes after movement and comparing the communication indexes with a plurality of communication indexes before movement, and outputting a communication quality degradation rate after movement of the first mobile node;
the communication sample group generation module is used for collecting historical communication transmission data samples of the first mobile node, identifying the historical communication transmission data samples and generating a first communication sample group;
the abnormal probability output module is used for carrying out communication abnormal probability calculation according to the communication quality degradation rate and the first communication sample group and outputting a first abnormal probability;
the mobile address communication system comprises a reminding information generation module, a mobile address communication module and a mobile address communication module, wherein the reminding information generation module is used for generating first reminding information when the first abnormality probability is larger than a preset abnormality probability, and the first reminding information is used for reminding that the communication safety of the mobile address does not meet the preset safety.
One or more technical solutions provided in the present application have at least the following technical effects or advantages:
the method comprises the steps of obtaining a home address and a mobile address of a first mobile node in a target IPV6 network, then establishing a mobile channel according to routing equipment between the home address and the mobile address, wherein the mobile channel at least comprises one routing equipment, and further carrying out route security identification according to the routing equipment on the mobile channel, and comprises the following steps: the method comprises the steps of obtaining a plurality of communication indexes after movement and comparing the communication indexes with a plurality of communication indexes before movement, outputting a communication quality degradation rate representing the movement of a first mobile node, identifying historical communication transmission data samples by collecting the historical communication transmission data samples of the first mobile node, generating a first communication sample group, then calculating communication anomaly probability according to the communication quality degradation rate and the first communication sample group, outputting a first anomaly probability, and generating first reminding information when the first anomaly probability is larger than a preset anomaly probability, wherein the first reminding information is used for reminding that the communication safety degree of a mobile address does not meet the preset safety degree. The technical effects of improving the safety management quality of the mobile node and improving the management reliability are achieved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a mobile node security management method for an IPV6 network according to an embodiment of the present application;
fig. 2 is a schematic flow chart of outputting a first abnormal probability in the mobile node security management method for an IPV6 network according to an embodiment of the present application;
fig. 3 is a schematic flow chart of generating second reminding information in the mobile node security management method for an IPV6 network according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a mobile node security management system for an IPV6 network according to an embodiment of the present application.
Reference numerals illustrate: the system comprises an address acquisition module 11, a mobile channel establishment module 12, a descent rate output module 13, a communication sample group generation module 14, an abnormal probability output module 15 and a reminding information generation module 16.
Detailed Description
The application provides a mobile node safety management method and system for an IPV6 network, which are used for solving the technical problems of low safety analysis reliability and low management efficiency of a mobile node in the transmission process in the prior art.
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present application based on the embodiments herein.
It should be noted that the terms "comprises" and "comprising," along with any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus, but may include other steps or modules not expressly listed or inherent to such process, method, article, or apparatus.
Embodiment one: as shown in fig. 1, the present application provides a mobile node security management method for an IPV6 network, wherein the method includes:
s100: acquiring a home address and a mobile address of a first mobile node in a target IPV6 network;
in one possible embodiment, the first mobile node has a home address and a mobile address after movement. Wherein the first mobile node is any one mobility device in the target IPV6 network. The target IPV6 network is a sixth version of the internet protocol, and can provide a plurality of network addresses, and can also solve the obstacle that a plurality of different access devices connect to the internet. The home address is obtained from a home link configured with a home subnet prefix of the first mobile node in the target IPV6 network, a permanent address of the first mobile node in the target IPV6 network. The mobile address is a new IP address obtained from the foreign link subnet after the first mobile node attaches to the foreign link. And by obtaining the home address and the mobile address of the first mobile node, a channel between the home address and the mobile address is constructed for a subsequent router.
S200: establishing a mobile channel according to routing equipment between the home address and the mobile address, wherein the mobile channel at least comprises one routing equipment;
in one embodiment, the mobile channel is established by using the routing equipment between the home address and the mobile address, so that the communication content and the IP address can be correspondingly transmitted to provide an implementation channel when the first mobile node moves at different addresses in the target IPV6 network. The routing device is a computer network device, and is used for transmitting the packed data through different networks in a transmission path in a packing mode, and at least one routing device is included on the mobile channel.
S300: carrying out route security identification according to the route equipment on the mobile channel, wherein the route security identification comprises the following steps:
S310A: acquiring a plurality of communication indexes after movement and comparing the communication indexes with a plurality of communication indexes before movement, and outputting a communication quality degradation rate after movement of the first mobile node;
S320A: collecting historical communication transmission data samples of the first mobile node, identifying the historical communication transmission data samples, and generating a first communication sample group;
S330A: calculating communication anomaly probability according to the communication quality degradation rate and the first communication sample group, and outputting first anomaly probability;
S340A: when the first anomaly probability is larger than the preset anomaly probability, generating first reminding information, wherein the first reminding information is used for reminding that the communication safety degree of the mobile address does not meet the preset safety degree.
In one possible embodiment, whether the mobile node security management of the target IPV6 network is reliable depends on whether anomalies of the mobile node can be accurately identified, and therefore, routing security identification of routing devices on the mobile path is required. Preferably, the communication quality degradation rate is determined according to the comparison result by comparing the plurality of communication indexes after the first mobile node moves with the plurality of communication indexes before the first mobile node does not move. Wherein the communication quality degradation rate reflects degradation of communication quality after the movement of the first mobile node. And providing basic data for the subsequent communication anomaly probability calculation by obtaining the communication quality degradation rate.
Furthermore, in order to analyze the communication anomaly probability caused by the decrease of the communication quality of the mobile node after the mobile node moves, the data transmitted by the first mobile node in the historical time needs to be collected, and the historical communication transmission data sample is obtained, so that the analysis of the current situation according to the historical sample data is laid. Wherein the historical communication transmission data sample reflects a data transmission condition of the first mobile node. And determining a sample with highest complexity as the first communication sample group by carrying out complexity identification on the historical communication transmission data sample. The first communication sample group reflects the data condition with highest complexity in the data transmission process of the first mobile node, that is, the first communication sample group is sample data capable of representing the most complex data transmission condition of the first mobile node.
In one possible embodiment, the probability of occurrence of communication abnormality of the first mobile node after moving to a transition address is determined by performing communication abnormality probability calculation according to the obtained communication quality degradation rate and the first communication sample group, thereby obtaining the first abnormality probability. The first anomaly probability reflects the probability of anomaly occurrence of the first mobile node after movement, and the greater the first anomaly probability is, the greater the anomaly occurrence probability is.
In one embodiment, the preset anomaly probability is an anomaly probability value set by a person skilled in the art when the mobile address communication security of the first mobile node cannot meet the requirement. When the first abnormal probability is larger than the preset abnormal probability, the first mobile node is indicated that the safety of data transmission at the mobile address cannot be guaranteed, and therefore first reminding information is obtained. The first reminding information is used for reminding that the communication safety degree of the mobile address does not meet the preset safety degree. The method and the device realize the aim of carrying out safety identification on the mobile node of the target IPV6 network, and achieve the technical effects of carrying out reliable calculation on the probability of abnormality of the mobile node and improving the reliability of safety identification.
Further, the step S310A of the embodiment of the present application further includes:
S310A-1: acquiring a plurality of communication indexes before movement, and establishing an initial index matrix according to the plurality of communication indexes before movement, wherein the plurality of communication indexes comprise anti-interference performance in a data communication process, delay rate of batch data transmission, single-time compatible communication data peak value and encryption data communication risk;
S310A-2: acquiring a plurality of communication indexes after movement, and establishing a movement index matrix by using the plurality of communication indexes after movement;
S310A-3: and generating a descending index matrix according to the initial index matrix and the moving index matrix, performing matrix calculation on the descending index matrix, and outputting the communication quality descending rate.
Preferably, the communication index is used for describing the quality of communication in the data communication process from different angles. The plurality of communication indexes comprise interference resistance, delay rate of batch data transmission, single-time compatible communication data peak value and encryption data communication risk. The initial index matrix is constructed by constructing the initial index matrix according to a plurality of communication indexes of the first mobile node before moving. That is, the plurality of communication index matrixes of the first mobile node before moving are stored in a matrix mode, so that subsequent analysis and calling are facilitated. Wherein the initial indicator matrix reflects a communication quality condition of the first mobile node before movement.
Optionally, a plurality of communication indexes of the first mobile node after moving are collected, and the moving index matrix is constructed according to collected index results. And comparing and fusing the initial index matrix and the moving index matrix by comparing indexes of the same type in the initial index matrix and the moving index matrix to generate the descending index matrix. Wherein each element in the degradation indicator matrix reflects degradation of communication quality of one communication indicator before and after the movement of the first mobile node. Further, the descent rate calculation is performed for each element in the descent index matrix, that is, a difference value between the post-movement communication index and the pre-movement communication index of each communication index in the descent index matrix is calculated, and then a ratio of the difference value to the pre-movement communication index is taken as the descent rate. And then taking the result of matrix calculation as the communication quality degradation rate. Wherein the communication quality degradation rate reflects a communication quality degradation of a plurality of communication indexes of the first mobile node from an overall dimension.
Further, the identifying the historical communication transmission data sample to generate a first communication sample set, and step S320A in the embodiment of the present application further includes:
S320A-1: identifying the historical communication transmission data sample to acquire a data type, a data size and a transmission mode;
S320A-2: and carrying out complexity recognition on the historical communication transmission samples according to the data type, the data size and the transmission mode to obtain the first communication sample group, wherein the first communication sample group is the sample group with the highest complexity in the communication transmission samples.
Further, the step S320A-2 of the embodiment of the present application further includes:
S320A-21: judging the transmission mode, wherein the transmission mode comprises encrypted transmission and non-encrypted transmission;
S320A-22: when the transmission mode is non-encryption transmission, carrying out complexity identification on the historical communication transmission sample according to the data type and the data size, and obtaining a communication sample based on non-encryption transmission;
S320A-23: when the transmission mode is encryption transmission, carrying out complexity identification on the historical communication transmission sample according to the data type, the data size and the corresponding encryption parameters, and obtaining a communication sample based on encryption transmission;
S320A-24: and acquiring the first communication sample group by using the communication sample of the unencrypted transmission and the communication sample of the encrypted transmission.
In one embodiment, the sample description is performed from multiple angles after the historical communication transmission data sample is obtained, and the data type, the data size and the transmission mode are obtained. Wherein the data type is used for describing a data format of the historical communication transmission data sample, and the data format comprises PDF, xml, word. The data size is used to describe the amount of data bytes in the historical sample communication transmission data samples. The transmission mode is used for describing whether the historical sample communication transmission data sample is encrypted transmission or not, and the transmission mode comprises encrypted transmission and non-encrypted transmission. And further, carrying out complexity recognition on the historical communication transmission samples according to the data type, the data size and the transmission mode, and taking the sample group with the highest complexity as the first communication sample group according to the recognition result.
In one possible embodiment, the transmission mode is determined, and when the transmission mode is non-encryption transmission, the data type and the data size are input into a non-encryption complexity identification network layer to perform complexity identification, so as to obtain a plurality of non-encryption complexities. Preferably, the non-encryption complexity identification network layer is a functional network layer for performing intelligent complexity identification on the communication transmission sample. And performing supervised training on a framework constructed based on the convolutional neural network by acquiring a plurality of sample data types, a plurality of sample data sizes and a plurality of sample non-encryption complexity as construction data until output reaches convergence, so as to acquire the non-encryption complexity identification network layer after training is completed. Further, a sample corresponding to a maximum value of the plurality of unencrypted complexities is taken as the communication sample based on the unencrypted transmission.
Preferably, when the transmission mode is encryption transmission, the corresponding data type, the data size and the corresponding encryption parameters are input into an encryption complexity identification network layer, intelligent complexity identification is performed, and a plurality of encryption complexities are obtained. And taking a sample corresponding to the maximum value in the plurality of encryption complexities as the communication sample based on the encryption transmission. Optionally, the encryption complexity identification network layer is a functional network layer for performing intelligent complexity identification on the communication transmission sample. And performing supervision training on a framework constructed based on the convolutional neural network by acquiring a plurality of sample data types, a plurality of sample data sizes, a plurality of sample encryption parameters and a plurality of sample encryption complexity as construction data until output reaches convergence, so as to acquire the encryption complexity identification network layer after training is completed. And further, summarizing the communication samples of the unencrypted transmission and the communication samples of the encrypted transmission to form the first communication sample group.
Further, as shown in fig. 2, the calculating of the communication anomaly probability by using the communication quality degradation rate and the first communication sample set outputs a first anomaly probability, and step S330A of the embodiment of the present application further includes:
S330A-1: acquiring the communication quality degradation rate, wherein the communication quality degradation rate comprises degradation rates corresponding to a plurality of communication indexes, and the degradation rates corresponding to the plurality of communication indexes can call data acquisition in a degradation index matrix;
S330A-2: performing communication quality prediction on the first communication sample group at the communication quality degradation rate, and outputting a plurality of communication anomaly probabilities based on the corresponding degradation rates of a plurality of communication indexes;
S330A-3: and carrying out conditional probability fusion according to the communication abnormal probabilities, and outputting the first abnormal probability.
Further, the conditional probability fusion is performed according to the communication anomaly probabilities, and the expression of the first anomaly probability is output as follows:
wherein,for the first anomaly probability, +.>Representing the abnormal probability of the current communication index under the abnormal condition of the previous communication index; />Representing the abnormal probability of the next communication index under the abnormal condition of the current communication index; />For weights based on the current communication index +.>Is a weight based on the next communication index; />N is a positive integer of 1 or more, which is the number of communication indexes.
In a possible embodiment, the degradation rate of communication quality is obtained by performing matrix calculation according to the degradation indicator matrix, where the degradation rate of communication quality includes degradation rates corresponding to a plurality of communication indicators, and the degradation rates corresponding to the plurality of communication indicators can invoke data acquisition in the degradation indicator matrix. And constructing a degradation rate-anomaly probability mapping relationship by acquiring a plurality of sample communication degradation rates and a plurality of sample communication anomaly probabilities as mapping data. And searching the degradation rate-anomaly probability mapping relation by taking the degradation rate of the communication quality as an index to obtain a plurality of communication anomaly probabilities of the degradation rates corresponding to the plurality of communication indexes. Wherein the plurality of communication anomaly probabilities reflect the possibility of anomaly in communication of the first mobile node when anomaly occurs in different communication indexes alone.
And further, carrying out conditional probability fusion on the communication abnormal probabilities by using an expression, and obtaining the first abnormal probability according to a fusion result. Wherein the first anomaly probability is used to analyze the likelihood of anomaly of the first mobile node as a whole based on a plurality of communication metrics. The influence of the abnormality of the previous communication index on the current communication index can be comprehensively analyzed through the conditional probability, and the possibility degree of the abnormality of the next communication index under the abnormal condition of the current communication index. The method and the device realize the goal of overall analysis of the abnormal probability of the first mobile node, and achieve the technical effect of improving the reliability of abnormal analysis.
In another possible implementation manner of the present application, as shown in fig. 3, the route security identification is performed according to the routing device on the mobile channel, and step S300 in the embodiment of the present application further includes:
S310B: acquiring N routing devices on the mobile channel, wherein N is a positive integer greater than or equal to 1;
S320B: obtaining N routing security indexes by carrying out routing security identification on each of the N routing devices;
S330B: performing mobile security identification according to the N routing security indexes, and outputting a mobile security index, wherein the mobile security index is used for identifying the security degree of the first mobile node in the process of moving from the home address to the mobile address;
S340B: and generating second reminding information according to the mobile safety index, wherein the second reminding information is used for reminding that the transfer safety degree moving to the mobile address does not meet the preset safety degree.
In one possible embodiment, the security degree of the mobile node is identified from the dimension of transit security in the movement of the routing device, so as to achieve the goal of accurately performing reliable security management on the mobile node of the target IPV6 network. After a mobile channel is established, the number of routing devices in the mobile channel is acquired, and N routing devices are generated. Since the security degree of the routing device has an important influence on the data transmission security of the first mobile node on the mobile channel, it is necessary to perform route security identification on the security degrees of the N routing devices, so as to obtain N routing security indexes capable of reflecting the transmission security conditions of the N routing devices. The routing security index is used for describing equipment operation security conditions of the routing equipment, including equipment invasion frequency, equipment data transmission interruption frequency and the like. And further, acquiring the service lives and the design lives of the N routing devices, respectively taking the ratio of the service lives to the design lives as a weight value in mobile security identification, carrying out weighted calculation on N routing security indexes, and acquiring the mobile security indexes according to a calculation result. Wherein the mobility security index is a security level identifying the first mobile node in the process of moving from the home address to the mobile address. Judging whether the mobile safety index meets the preset safety degree, and if not, generating second reminding information. The second reminding information is used for reminding that the transfer safety degree moving to the mobile address does not meet the preset safety degree. The preset security is a mobile security index to be satisfied by communication intermediation preset by a person skilled in the art. The technical effects of reliably analyzing the transit safety, improving the safety identification accuracy and improving the safety management quality are achieved.
In summary, the embodiments of the present application have at least the following technical effects:
according to the method, the home address before the first mobile node in the target IPV6 network moves and the mobile address after the first mobile node moves are acquired, then a mobile channel is constructed based on routing equipment between the home address and the mobile address, the communication quality degradation rate is determined through route safety identification, historical communication transmission samples are identified and screened, a first communication sample group with the highest complexity is obtained, the communication anomaly probability is calculated, the first anomaly probability is obtained, the first anomaly probability is used as the basis for safety management of the mobile node, the first anomaly probability is compared with the preset anomaly probability, when the first anomaly probability is larger than the preset anomaly probability, first reminding information is generated, and the first reminding information is used for reminding that the communication safety of the mobile address does not meet the preset safety degree. The technical effects of reliably managing the safety of the mobile node and improving the management efficiency and quality are achieved.
Embodiment two: based on the same inventive concept as the mobile node security management method for IPV6 network in the foregoing embodiments, as shown in fig. 4, the present application provides a mobile node security management system for IPV6 network, and the system and method embodiments in the embodiments of the present application are based on the same inventive concept. Wherein the system comprises:
an address obtaining module 11, where the address obtaining module 11 is configured to obtain a home address and a mobile address of a first mobile node in the target IPV6 network;
a mobile channel establishment module 12, where the mobile channel establishment module 12 is configured to establish a mobile channel according to a routing device between the home address and the mobile address, and the mobile channel includes at least one routing device;
a drop rate output module 13, where the drop rate output module 13 is configured to perform route security identification according to a routing device on the mobile channel, and includes: acquiring a plurality of communication indexes after movement and comparing the communication indexes with a plurality of communication indexes before movement, and outputting a communication quality degradation rate after movement of the first mobile node;
a communication sample group generation module 14, where the communication sample group generation module 14 is configured to collect a historical communication transmission data sample of the first mobile node, identify the historical communication transmission data sample, and generate a first communication sample group;
an anomaly probability output module 15, where the anomaly probability output module 15 is configured to perform communication anomaly probability calculation with the communication quality degradation rate and the first communication sample set, and output a first anomaly probability;
the reminding information generation module 16 is configured to generate first reminding information when the first anomaly probability is greater than a preset anomaly probability, where the first reminding information is used to remind that the communication security of the mobile address does not meet the preset security.
Further, the system further comprises:
acquiring N routing devices of the mobile channel, wherein N is a positive integer greater than or equal to 1;
obtaining N routing security indexes by carrying out routing security identification on each of the N routing devices;
performing mobile security identification according to the N routing security indexes, and outputting a mobile security index, wherein the mobile security index is used for identifying the security degree of the first mobile node in the process of moving from the home address to the mobile address;
and generating second reminding information according to the mobile safety index, wherein the second reminding information is used for reminding that the transfer safety degree moving to the mobile address does not meet the preset safety degree.
Further, the drop rate output module 13 is configured to perform the following method:
acquiring a plurality of communication indexes before movement, and establishing an initial index matrix according to the plurality of communication indexes before movement, wherein the plurality of communication indexes comprise anti-interference performance in a data communication process, delay rate of batch data transmission, single-time compatible communication data peak value and encryption data communication risk;
acquiring a plurality of communication indexes after movement, and establishing a movement index matrix by using the plurality of communication indexes after movement;
and generating a descending index matrix according to the initial index matrix and the moving index matrix, performing matrix calculation on the descending index matrix, and outputting the communication quality descending rate.
Further, the communication sample group generating module 14 is configured to perform the following method:
identifying the historical communication transmission data sample to acquire a data type, a data size and a transmission mode;
and carrying out complexity recognition on the historical communication transmission samples according to the data type, the data size and the transmission mode to obtain the first communication sample group, wherein the first communication sample group is the sample group with the highest complexity in the communication transmission samples.
Further, the communication sample group generating module 14 is configured to perform the following method:
judging the transmission mode, wherein the transmission mode comprises encrypted transmission and non-encrypted transmission;
when the transmission mode is non-encryption transmission, carrying out complexity identification on the historical communication transmission sample according to the data type and the data size, and obtaining a communication sample based on non-encryption transmission;
when the transmission mode is encryption transmission, carrying out complexity identification on the historical communication transmission sample according to the data type, the data size and the corresponding encryption parameters, and obtaining a communication sample based on encryption transmission;
and acquiring the first communication sample group by using the communication sample of the unencrypted transmission and the communication sample of the encrypted transmission.
Further, the anomaly probability output module 15 is configured to perform the following method:
acquiring the communication quality degradation rate, wherein the communication quality degradation rate comprises degradation rates corresponding to a plurality of communication indexes, and the degradation rates corresponding to the plurality of communication indexes can call data acquisition in a degradation index matrix;
performing communication quality prediction on the first communication sample group at the communication quality degradation rate, and outputting a plurality of communication anomaly probabilities based on the corresponding degradation rates of a plurality of communication indexes;
and carrying out conditional probability fusion according to the communication abnormal probabilities, and outputting the first abnormal probability.
Further, the expression of the first abnormality probability in the abnormality probability output module 15 is as follows:
wherein,for the first anomaly probability, +.>Representing the abnormal probability of the current communication index under the abnormal condition of the previous communication index; />Representing the abnormal probability of the next communication index under the abnormal condition of the current communication index; />For weights based on the current communication index +.>Is a weight based on the next communication index; />N is a positive integer of 1 or more, which is the number of communication indexes.
It should be noted that the sequence of the embodiments of the present application is merely for description, and does not represent the advantages and disadvantages of the embodiments. And the foregoing description has been directed to specific embodiments of this specification. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
The foregoing description of the preferred embodiments of the present application is not intended to limit the invention to the particular embodiments of the present application, but to limit the scope of the invention to the particular embodiments of the present application.
The specification and drawings are merely exemplary of the application and are to be regarded as covering any and all modifications, variations, combinations, or equivalents that are within the scope of the application. It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the present application and the equivalents thereof, the present application is intended to cover such modifications and variations.

Claims (8)

1. A method for mobile node security management for an IPV6 network, the method comprising:
acquiring a home address and a mobile address of a first mobile node in a target IPV6 network;
establishing a mobile channel according to routing equipment between the home address and the mobile address, wherein the mobile channel at least comprises one routing equipment;
carrying out route security identification according to the route equipment on the mobile channel;
the route security identification according to the route equipment on the mobile channel comprises the following steps:
acquiring a plurality of communication indexes after movement and comparing the communication indexes with a plurality of communication indexes before movement, and outputting a communication quality degradation rate after movement of the first mobile node;
collecting historical communication transmission data samples of the first mobile node, identifying the historical communication transmission data samples, and generating a first communication sample group;
calculating communication anomaly probability according to the communication quality degradation rate and the first communication sample group, and outputting first anomaly probability;
when the first anomaly probability is larger than the preset anomaly probability, generating first reminding information, wherein the first reminding information is used for reminding that the communication safety degree of the mobile address does not meet the preset safety degree.
2. The method of claim 1, wherein the route security identification based on the routing device on the mobile channel further comprises:
acquiring N routing devices of the mobile channel, wherein N is a positive integer greater than or equal to 1;
obtaining N routing security indexes by carrying out routing security identification on each of the N routing devices;
performing mobile security identification according to the N routing security indexes, and outputting a mobile security index, wherein the mobile security index is used for identifying the security degree of the first mobile node in the process of moving from the home address to the mobile address;
and generating second reminding information according to the mobile safety index, wherein the second reminding information is used for reminding that the transfer safety degree moving to the mobile address does not meet the preset safety degree.
3. The method of claim 1, wherein the acquiring and comparing the plurality of communication indicators after movement with the plurality of communication indicators before non-movement comprises:
acquiring a plurality of communication indexes before movement, and establishing an initial index matrix according to the plurality of communication indexes before movement, wherein the plurality of communication indexes comprise anti-interference performance in a data communication process, delay rate of batch data transmission, single-time compatible communication data peak value and encryption data communication risk;
acquiring a plurality of communication indexes after movement, and establishing a movement index matrix by using the plurality of communication indexes after movement;
and generating a descending index matrix according to the initial index matrix and the moving index matrix, performing matrix calculation on the descending index matrix, and outputting the communication quality descending rate.
4. The method of claim 1, wherein the identifying the historical communication transmission data samples to generate the first set of communication samples comprises:
identifying the historical communication transmission data sample to acquire a data type, a data size and a transmission mode;
and carrying out complexity recognition on the historical communication transmission samples according to the data type, the data size and the transmission mode to obtain the first communication sample group, wherein the first communication sample group is the sample group with the highest complexity in the communication transmission samples.
5. The method of claim 4, wherein said complexity identifying the historical communication transmission samples based on the data type, the data size, and the transmission mode comprises:
judging the transmission mode, wherein the transmission mode comprises encrypted transmission and non-encrypted transmission;
when the transmission mode is non-encryption transmission, carrying out complexity identification on the historical communication transmission sample according to the data type and the data size, and obtaining a communication sample based on non-encryption transmission;
when the transmission mode is encryption transmission, carrying out complexity identification on the historical communication transmission sample according to the data type, the data size and the corresponding encryption parameters, and obtaining a communication sample based on encryption transmission;
and acquiring the first communication sample group by using the communication sample of the unencrypted transmission and the communication sample of the encrypted transmission.
6. The method of claim 1, wherein said calculating a communication anomaly probability at said communication quality degradation rate and said first communication sample group, outputting a first anomaly probability, comprises:
acquiring the communication quality degradation rate, wherein the communication quality degradation rate comprises degradation rates corresponding to a plurality of communication indexes, and the degradation rates corresponding to the plurality of communication indexes can call data acquisition in a degradation index matrix;
performing communication quality prediction on the first communication sample group at the communication quality degradation rate, and outputting a plurality of communication anomaly probabilities based on the corresponding degradation rates of a plurality of communication indexes;
and carrying out conditional probability fusion according to the communication abnormal probabilities, and outputting the first abnormal probability.
7. The method of claim 6, wherein the conditional probability fusion is based on the plurality of communication anomaly probabilities, and wherein the expression for outputting the first anomaly probability is as follows:
wherein (1)>For the first anomaly probability, +.>Representing the abnormal probability of the current communication index under the abnormal condition of the previous communication index; />Representing the abnormal probability of the next communication index under the abnormal condition of the current communication index; />For weights based on the current communication index +.>Is a weight based on the next communication index; />N is a positive integer of 1 or more, which is the number of communication indexes.
8. A mobile node security management system for an IPV6 network, the system comprising:
the address acquisition module is used for acquiring a home address and a mobile address of a first mobile node in the target IPV6 network;
the mobile channel establishment module is used for establishing a mobile channel according to the routing equipment between the home address and the mobile address, wherein the mobile channel at least comprises one routing equipment;
the descending rate output module is used for carrying out route safety identification according to the route equipment on the mobile channel and comprises the following components: acquiring a plurality of communication indexes after movement and comparing the communication indexes with a plurality of communication indexes before movement, and outputting a communication quality degradation rate after movement of the first mobile node;
the communication sample group generation module is used for collecting historical communication transmission data samples of the first mobile node, identifying the historical communication transmission data samples and generating a first communication sample group;
the abnormal probability output module is used for carrying out communication abnormal probability calculation according to the communication quality degradation rate and the first communication sample group and outputting a first abnormal probability;
the mobile address communication system comprises a reminding information generation module, a mobile address communication module and a mobile address communication module, wherein the reminding information generation module is used for generating first reminding information when the first abnormality probability is larger than a preset abnormality probability, and the first reminding information is used for reminding that the communication safety of the mobile address does not meet the preset safety.
CN202311579293.9A 2023-11-24 2023-11-24 Mobile node security management method and system for IPV6 network Active CN117295071B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311579293.9A CN117295071B (en) 2023-11-24 2023-11-24 Mobile node security management method and system for IPV6 network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311579293.9A CN117295071B (en) 2023-11-24 2023-11-24 Mobile node security management method and system for IPV6 network

Publications (2)

Publication Number Publication Date
CN117295071A true CN117295071A (en) 2023-12-26
CN117295071B CN117295071B (en) 2024-02-02

Family

ID=89257557

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311579293.9A Active CN117295071B (en) 2023-11-24 2023-11-24 Mobile node security management method and system for IPV6 network

Country Status (1)

Country Link
CN (1) CN117295071B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022083093A1 (en) * 2020-10-23 2022-04-28 平安科技(深圳)有限公司 Probability calculation method and apparatus in graph, computer device and storage medium
CN116016150A (en) * 2022-12-02 2023-04-25 中国电信股份有限公司 Early warning method and device for physical network, electronic equipment and storage medium
CN116467667A (en) * 2023-06-20 2023-07-21 图观(天津)数字科技有限公司 Power failure monitoring and early warning method and system based on data fusion
CN116528226A (en) * 2023-01-29 2023-08-01 浙江万胜智能科技股份有限公司 Security monitoring method and system based on remote module wireless communication
CN116707924A (en) * 2023-06-16 2023-09-05 武汉船舶职业技术学院 Network security detection method and system based on big data analysis
CN116827658A (en) * 2023-07-17 2023-09-29 青岛启弘信息科技有限公司 AI intelligent application security situation awareness prediction system and method
CN116962093A (en) * 2023-09-21 2023-10-27 江苏天创科技有限公司 Information transmission security monitoring method and system based on cloud computing
WO2023216457A1 (en) * 2022-05-11 2023-11-16 中电信数智科技有限公司 Method for predicting and positioning abnormity of transmission network between core network and base station

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022083093A1 (en) * 2020-10-23 2022-04-28 平安科技(深圳)有限公司 Probability calculation method and apparatus in graph, computer device and storage medium
WO2023216457A1 (en) * 2022-05-11 2023-11-16 中电信数智科技有限公司 Method for predicting and positioning abnormity of transmission network between core network and base station
CN116016150A (en) * 2022-12-02 2023-04-25 中国电信股份有限公司 Early warning method and device for physical network, electronic equipment and storage medium
CN116528226A (en) * 2023-01-29 2023-08-01 浙江万胜智能科技股份有限公司 Security monitoring method and system based on remote module wireless communication
CN116707924A (en) * 2023-06-16 2023-09-05 武汉船舶职业技术学院 Network security detection method and system based on big data analysis
CN116467667A (en) * 2023-06-20 2023-07-21 图观(天津)数字科技有限公司 Power failure monitoring and early warning method and system based on data fusion
CN116827658A (en) * 2023-07-17 2023-09-29 青岛启弘信息科技有限公司 AI intelligent application security situation awareness prediction system and method
CN116962093A (en) * 2023-09-21 2023-10-27 江苏天创科技有限公司 Information transmission security monitoring method and system based on cloud computing

Also Published As

Publication number Publication date
CN117295071B (en) 2024-02-02

Similar Documents

Publication Publication Date Title
KR102418969B1 (en) System and method for predicting communication apparatuses failure based on deep learning
US20220172076A1 (en) Prediction of network events via rule set representations of machine learning models
US9491186B2 (en) Method and apparatus for providing hierarchical pattern recognition of communication network data
US11381471B2 (en) System and method for predicting and handling short-term overflow
CN112165484B (en) Network encryption traffic identification method and device based on deep learning and side channel analysis
CN111866024A (en) Network encryption traffic identification method and device
CN111181923A (en) Flow detection method and device, electronic equipment and storage medium
US9936409B2 (en) Analyzing and classifying signaling sets or calls
Janabi et al. Convolutional neural network based algorithm for early warning proactive system security in software defined networks
US20200257602A1 (en) High Order Layer Intrusion Detection Using Neural Networks
CN114253799A (en) Fault processing system, method, server and readable storage medium
US11736504B2 (en) Method and system to detect abnormal message transactions on a network
CN117295071B (en) Mobile node security management method and system for IPV6 network
Camacho et al. Networkmetrics: multivariate big data analysis in the context of the internet
Zhai et al. Detection of TCP covert channel based on Markov model
Cheng et al. Development of deep packet inspection system for network traffic analysis and intrusion detection
US11552867B1 (en) System, device, and method of classifying encrypted network communications
CN115174435A (en) Comprehensive evaluation method for performance of power communication transmission network
WO2023041992A1 (en) Systems and methods for performing root cause analysis
CN114866431A (en) Method and device for predicting SFC network fault based on INT and processor
CN114268451A (en) Method, device, equipment and medium for constructing power monitoring network security buffer area
CN112398900A (en) Storing and retaining information in a mobile network
Qiu et al. Abnormal Traffic Detection Method of Internet of Things Based on Deep Learning in Edge Computing Environment
CN112738808B (en) DDoS attack detection method in wireless network, cloud server and mobile terminal
CN115022082B (en) Network security detection method, network security detection system, terminal and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant