JP2016111664A - Computer packaging system, and secure path selection method utilizing network evaluation - Google Patents

Abstract

PROBLEM TO BE SOLVED: To solve the problem, in a communication network, that a data packet has to be transmitted securely on a network.SOLUTION: A system provides high security and throughput while keeping integration of network channels. The system operates intelligently and solves the problem of fragility. In the case where adverse influences are exerted upon a part of the network by an intruder, the system automatically bypasses this portion and detours a data packet. On the basis of statistical data of transactions, the system identifies secure, reliable and safe networks, network paths and network nodes. In addition, ranking of the nodes regarding network reliability is also provided. The system also identifies strong, exiguous and fragile nodes. Further, the system calculates risk probabilities of network paths and selects the most superior transmission path. Moreover, on the basis of abnormal or suspicious traffic or data transactions, the system detects a violation in the communication network.SELECTED DRAWING: Figure 1

Description

  The present disclosure relates to the field of network security.

  With the advent of the latest network technology, information security has become a vital role for ensuring the safety of communication networks. In communication networks, reliability and security are very important factors. There is a need for systems and security measures that recognize, prevent and detect vulnerabilities that have the potential to adversely affect them. There are several techniques for testing vulnerabilities to ensure network reliability and security. Vulnerability testing counters vulnerabilities and attacks that normally exist in network paths. Currently, several vulnerability scanning software and security products are in the market for examining security weaknesses in the network itself and the network path. However, these software and security products provide only limited fixes and solutions for detected vulnerabilities.

  In the current situation, data exists everywhere, and obtaining correct data at the right place at the right time on the communication network is a difficult task. And there is a demand for a network model that can protect against vulnerabilities. These network models maintain network integrity, security, and processing power even when parts of the network are adversely affected by intruders or when they are adversely affected by vulnerabilities. Is done. Even if a large amount of data is encrypted by a strong algorithm or protocol, it cannot be guaranteed that the data received by the user through the network path will be corrupted, interrupted and not split .

  For example, in financial institutions and banks, a large amount of payments and various transactions are performed between institutions and customers. Such transactions and financial data communications require scalable security and privacy protection mechanisms. Even if financial data contains sufficiently strong encrypted data, it may happen that data cannot reach the beneficiary of the transaction on a network path that is vulnerable to snooping or hijacking.

  Therefore, in order to eliminate such drawbacks, there is a need for a system that provides intelligent and reliable network communication that protects communication and bypasses nodes that are vulnerable and may violate security. Is done.

  One problem of the present disclosure is to provide a network that protects against vulnerabilities in network nodes and network paths.

  Another problem of the present disclosure is to protect data in a communication channel.

  A further challenge of the present disclosure is to maintain the integrity, reliability, confidentiality, security and processing power of the communication network.

  A further challenge of the present disclosure is to increase network capabilities by dynamically evolving along with communication statistics.

  Another problem of the present disclosure is to reduce the operating cost of a dedicated VPN (virtual private network).

  Another problem of the present disclosure is to provide an effective message broadcast system.

  Other problems and advantages of the present invention will be clarified by the following description together with the attached charts, but these charts and explanations do not limit the scope of the present invention.

  First, terms used in this disclosure are defined.

  The term “reliability value” used in the present disclosure refers to a numerical value indicating the degree of certainty and reliability of a network node on a communication network.

  The term “source node” used in the present disclosure refers to a node on a network to which data is transmitted (transmits data).

  As used in this disclosure, the term “destination node” refers to a node on the network that receives data (receives data).

  The expression “performance index rating” used in the present disclosure refers to a value indicating the ability of a node to be exerted on a communication path with respect to a certain node.

  The expression “security index rating” used in the present disclosure refers to a value indicating the standard and status of security measures required for secure transmission for a certain node. This value also indicates whether the node is susceptible to third-party attacks, its vulnerability, or whether it can easily break through the security of the node.

  The expression “credit index rating” used in the present disclosure is a value indicating the performance of a certain node throughout its execution lifetime. This value also indicates how cooperative and useful the node is for communication with neighboring nodes.

  The expression “neighboring node index rating” used in the present disclosure refers to a value indicating the reliability reflected on neighboring (closely adjacent) nodes for a certain node. This value also indicates the ratio of compatibility and compatibility with the nearest adjacent node.

  The above definitions are used in accordance with definitions used in the technical field.

  The present disclosure provides a computer-implemented system and method for selecting a secure path (secure route) using network evaluation.

  As a standard, according to the present disclosure, details of a system for selecting a secure path for data transmission from one node to another node on a communication network having a plurality of nodes are provided. The system includes a server configured to calculate the reliability value of each node, calculate the probability of all possible path risks, and select a secure path.

  The reliability value of each node in the network is calculated based on the characteristics of “performance index rating”, “security index rating”, “credit index rating”, and “neighboring node index rating”.

  The reliability value is calculated based on the following characteristics (components). For nodes present in the network, an evaluation unit set to evaluate performance index characteristics, an average value calculation unit set to calculate the average of the evaluated performance index characteristics and security index characteristics, and performance A grant unit configured to assign an index rating and a security index rating and send it to the server is included.

FIG. 3 is a schematic diagram of a computer-implemented system that implements a technique for selecting a secure path using a reliability value in accordance with the present disclosure. FIG. 10 is a first flowchart illustrating a stage when performing secure path selection according to the present disclosure. FIG. 10 is a second flowchart illustrating a stage when performing secure path selection according to the present disclosure. Fig. 4 illustrates an exemplary embodiment for explaining the risk probability calculation for each selected path.

  A secure path selection method using network evaluation and its computer-implemented system will be described with reference to the embodiments shown in the attached chart. The embodiments do not limit the scope or region of the present disclosure. This description merely relates to examples of the present disclosure and preferred embodiments and encouraged applications.

  Details of the system of the present disclosure and its many features and advantages are described below with reference to embodiments, which do not limit the present disclosure. Descriptions of known parameters and processing techniques are omitted so as not to obscure the description of the embodiments unnecessarily. The examples shown here are merely to facilitate understanding when implementing the embodiments and to enable one skilled in the art to implement the present disclosure. Thus, these examples are not intended to limit the scope of the embodiments.

  FIG. 1 shows data from one node to another node on a communication network 110 having a plurality of nodes (112A, 112B ... 112N, 114A, 114B ... 114N, 192A, 192B ... 192N, etc.) 1 illustrates a system 100 that selects a secure path for transmission. This system 100 includes an evaluation unit (112A1, 112B1 ... 112N1, 114A1, 114B1 ... 114N1, 192A1, 192B1 ... 192N1) and an average value calculation unit (112A2, 112B2 ... 112N2, 114A2, 114B2. ..114N2, 192A2, 192B2 ... 192N2) and grant units (112A3, 112B3 ... 112N3, 114A3, 114B3 ... 114N3, 192A3, 192B3 ... 192N3), and server 120. The evaluation unit, the average value calculation unit, the grant unit, and the server 120 are connected to the first repository (112RA, 112RB ... 112RN, 114RA, 114RB ... 114RN, 192RA, 192RB ... 192RN in each node. Etc.). According to an embodiment, the plurality of nodes may be a network of any shape such as a bus, star, ring, tree, mesh, hybrid, etc.

  The evaluation unit (112A1, 112B1 ... 112N1, 114A1, 114B1 ... 114N1, 192A1, 192B1 ... 192N1) evaluates performance index characteristics and security index characteristics for the nodes. The performance index has, as its characteristics, a transmission delay rate, a transaction success to failure ratio, a response time, a bandwidth, and an adjustment according to the time. The security indicator has, as its characteristics, a firewall setting and a security status of the firewall, an anti-virus program and a program status, and a status of a medium connected to a port opened in the node. The evaluation units (112A1, 112B1 ... 112N1, 114A1, 114B1 ... 114N1, 192A1, 192B1 ... 192N1) evaluate the numerical values of each performance index characteristic and security index characteristic.

  The average value calculation unit (112A2, 112B2 ... 112N2, 114A2, 114B2 ... 114N2, 192A2, 192B2 ... 192N2) calculates the average value of the performance index characteristic and security index characteristic evaluated for the corresponding node To do.

  The granting unit (112A3, 112B3 ... 112N3, 114A3, 114B3 ... 114N3, 192A3, 192B3 ... 192N3) gives the performance index rating and security index rating assignment for the corresponding node, the calculated performance index Based on the average value of the characteristic and the security index characteristic, the assigned performance index rating and security index rating are transmitted to the server 120.

  The server 120 includes a first processor 20, an input module 10, a second repository 32, a second processor 34, a receiving module 36, an active node detection module 40, a path detection module 50, a history data collector 55, a confidence index module 60. , A third processor 65, a risk detection module 70, a fourth processor 75, a comparator 80, a fifth processor 85, and a resource detection module 90.

  The input module 10 obtains a risk probability threshold value from the user (which may be any node existing in the network), and calculates the user's security needs. If the user needs high data security, a high value is set for the risk probability threshold.

According to an exemplary embodiment, data can be classified based on a risk probability threshold. Table 1 shows up to five risk probability thresholds and corresponding data classifications (confidential, confidential, etc.).

  Thus, according to this embodiment, when two nodes are involved in communication for sharing confidential information, data cannot pass through a path having a risk probability threshold value of 4.5 or less.

  According to a certain other embodiment, the data is classified by the risk probability threshold value so that only the node whose reliability value of the node is larger than the threshold value can pass.

  According to yet another embodiment, if the user selects a very high risk probability threshold, the network behaves logically like a virtual private network (VPN).

  The history data collector 55 is set to acquire history data after each transaction for each node to which data is transferred from the transmission source node to the destination node. This history data includes performance history, average performance index, attack history, transaction loss / failure history.

  The second repository 32 is set to store the performance history, average performance index, attack history, transaction loss / failure history, and neighboring node evaluation for each node. Neighboring node evaluation is based on the history of services obtained from a node with which the neighboring node is a transaction partner.

  The history data collector 55 updates the second repository each time the node to which data is transmitted transmits.

  The second processor 34 is configured to process the data stored in the second repository for calculating and transmitting the credit index rating and the neighborhood node index rating to the confidence index module 60.

  The receiving module 36 is set to receive the performance index rating and the security index rating for each node. The grant unit existing in each node assigns a performance index rating and a security index rating to each node.

  The active node detection module 40 is set to detect an active node that exists among a plurality of nodes on the network 110. There are a large number of nodes in the network, some of which are inactive (not located to send or receive data). Therefore, it is necessary to detect an active node that can transmit data.

  The path detection module 50 is configured to detect all possible paths between the source node and the destination node that are constituted by active nodes. All nodes present on the network can be source nodes and destination nodes.

  The confidence index module 60 is configured to calculate a reliability value for each active node present in a particular path. The reliability index module calculates a reliability value of the node based on the performance index rating, the security index rating, the credit index rating, and the neighborhood node index rating.

  The third processor 65 receives the performance index rating and the security index rating of the specific node from the receiving module 36, receives the credit index rating and the neighboring node index rating from the second processor 34, and receives the current reliability value. Is set to calculate

  The risk detection module 70 is set to calculate the risk probability of each path detected by the path detection module 50 based on the average of the reliability values of the nodes existing in the path. The risk detection module 70 includes a fourth processor 75 for receiving the current confidence value from the confidence index module 60 and additionally receiving a set of detected paths from the path detection module 50. The risk probability of each detected path is obtained by calculating an average of reliability values of all nodes forming the path.

  FIG. 3 illustrates an exemplary embodiment for calculating the risk probability of a possible path.

Node A is a transmission source node, from which data is transmitted to node B, which is a destination node. In order to transmit data from node A to node B, the following possible paths exist.
・ A → C → F → B
・ A → C → E → B
・ A → D → G → B

The reliability value of the node involved in the transmission is calculated by the above procedure. The reliability value of each node is as follows.
C = 4.2
D = 4.7
E = 3.5
F = 4.3
G = 4.2

This time, the risk probability of possible paths is calculated for all possible paths. The calculation is performed by adding the reliability values of intermediate nodes involved in transmission.
・ A → C → F → B = 4.2 + 4.3 = (8.5 / 10) ・ 100 = 85%
⇒ Secure, risk probability = 15%
・ A → C → E → B = 4.2 + 3.5 = (7.7 / 10) ・ 100 = 77%
⇒ Secure, risk probability = 23%
A → D → G → B = 4.7 + 4.2 = (8.9 / 10) 100 = 89%
⇒ Secure, risk probability = 11%

  The comparator 80 compares the risk probability threshold with the risk probability of each path detected by the path detection module 50, and identifies a path with a risk probability lower than the risk probability threshold. The comparator 80 has a fifth processor 85, which receives the risk probability threshold from the input module 10 and receives the risk probability of each path through the risk detection module 70. The fifth processor 85 identifies paths whose risk probability value is lower than the risk probability threshold.

  The resource detection module 90 is configured to detect resources that the identified path requires for data transfer. The resource detection module 90 cooperates with the comparator to identify a path having a risk probability lower than the risk probability threshold, detect a resource required by the identified path, and identify a path having the minimum required resource. The In a typical embodiment, a case where three paths A, B, and C exist between a source node and a destination node will be described. For each path, the resource detection module 90 detects necessary resources such as the number of nodes that data must pass through to reach the destination node and the time required for data transmission.

  FIGS. 2A and 2B illustrate steps required for secure path selection in data transfer from one node to another node in a communication network having multiple nodes, in accordance with the present disclosure, according to flowchart 200. FIG. is there.

  In step 202, performance index characteristics and security index characteristics are evaluated. The performance index includes, as its characteristics, a transmission delay rate, a transaction success / failure ratio, a response time, a bandwidth, and an adjustment according to the time. The security indicators include, as characteristics, firewall settings and firewall security status, status of installed antivirus programs and programs, status of media connected to open ports on the node, related input devices and their Includes scope.

  In step 204, an average value of the performance index characteristic and the security index characteristic is calculated.

  In step 206, a performance index rating and a security index rating are assigned to the node based on the calculated average value.

Table 2 illustrates one exemplary embodiment in which performance index ratings are calculated along stages 202, 204, 206. According to certain embodiments, the highest values shown in Table 2 can be set manually or generated automatically.

In Table 2 above, the node's transmission delay rate is 4 out of 5 maximum, the success to failure ratio is 85 out of 100, the response time is 4 out of 5 and the bandwidth and time are adjusted accordingly Is 4.5 out of 5. The ratio of each characteristic is calculated, and the average is calculated as follows based on the ratio.
{(80 + 85 + 80 + 90) / 400} .100 = 83.75%
In addition, the overall performance index rating is calculated as follows:
5 * 83.75% = 4.18

  In the above calculation, 5 is the highest performance index rating. This maximum value can be set by the user or automatically generated.

Table 3 illustrates one exemplary embodiment in which security index ratings were calculated along stages 202, 204, 206. According to certain embodiments, the maximum values shown in Table 3 can be set manually or generated automatically.

In Table 3 above, the firewall settings and firewall security statuses are 4 out of 5 maximum, the installed anti-virus programs and program statuses are 85 out of 100 maximum, and are connected to open ports on the node. The media status is 4 out of 5, the associated input device and its scope is 4.5 out of 5. The ratio of each characteristic is calculated, and the average is calculated as follows based on the ratio.
{(80 + 85 + 80 + 90) / 400} .100 = 83.75%
In addition, the overall performance index rating is calculated as follows:
5 * 83.75% = 4.18

  In the above calculation, 5 is the highest security index rating. This maximum value can be set by the user or automatically generated.

  In step 208, a risk probability threshold is obtained by the user. The risk probability threshold makes it easy to set the data transmission security needs and levels desired by the user. According to one embodiment, the user sets a desired level of security by specifying a number in the range of 1 to 5. According to certain other embodiments, the risk probability threshold allows the user to determine the path on which data transmission is desired (advanced or moderate secure path). On the other hand, in the advanced secure path, each node selects the highest secure path and performs transmission, so congestion is expected.

  In step 210, the performance history, average performance index, attack history (attack type and damage level, presence / absence of intrusion), transaction loss / failure history, and neighboring node evaluation for each of the nodes are stored in the second repository. (See figure). The historical data collector (shown in Figure 1) collects performance history, average figure of merit, attack history, transaction loss / failure history every time a transaction is performed, and updates the second repository for each node involved in the transaction To do. The neighborhood node evaluation is an evaluation value related to a node in the vicinity of the node involved in the transaction, and is obtained based on the history of mutual operation.

  In step 212, a credit metric rating and a neighborhood node metric rating are calculated. The credit metric rating is calculated in a second processor (shown in FIG. 1). If the node has a history of attacks, the credit indicator rating is calculated low. The calculation of this value is also based on the rating of neighboring nodes of a specific node. It depends on how cooperative and useful the node is with respect to neighboring nodes in terms of communication. At the same time, however, a node is given a chance to recover reliability if it continues to gain good performance and security ratings over time.

  Neighboring nodes can perform transmission with a specific node, and can rank a transmission partner based on the background. In the rating by the neighboring nodes, the network efficiency can be one of the characteristics referred to by the rating. The rating performed by neighboring nodes is also useful for determining the reliability of a particular node on the network. This value also indicates compatibility (ratio) with the nearest neighbor node. According to a typical embodiment, a network node with a specific system setting can perform high-performance communication, but the nearest communication node supports the equivalent communication bandwidth required for this. There may not be. Consider a case where a node can communicate at a rate of 1 GBPS, but the nearest node supports only 100 MBPS.

  The rating of neighboring nodes from the viewpoint of the node is a many-to-one relationship (rating), and also indicates the most suitable node for connection for inbound traffic and easy and efficient data transmission. It also helps to determine the safest node to replace the affected node when a failure or violation occurs.

  According to other embodiments, the neighborhood node index rating is calculated along step 212. According to an embodiment, the highest rating value may be a value manually set by the user or may be automatically generated.

The network efficiency of the node is calculated as follows:
Network efficiency = {(received packet−damaged packet) / total number of transmitted packets} × (total time required / standard arrival time) × 100

In an exemplary embodiment, when node B transmits data via node A, it calculates the network efficiency of node A. Consider the case where the total number of packets sent is 40, the number of received packets (at the destination host) is 38, the total required time is 4 ms, the number of corrupted packets is 2, and the standard arrival time is 5 seconds. In this case, the network efficiency is calculated as follows.
Network efficiency = {(38-2) / 40} × (4/5) × 100 = 80
Node B gives a rating of 5 * 80% = 4 to Node A (standard rating is 5).

  For each transaction that node B transmits to node A, the above evaluation given to node A always changes based on the service provided by node A to node B. If node A performs a good service by sending and receiving all packets without loss or corruption and receiving hijacking, the rating given by neighboring nodes will continue to rise. Otherwise, the rating is reduced or maintained.

Similarly, node D and node C also rank node A.
・ Node B → Node A = Rating 4
Node C → Node A = Rating 3.5
Node D → Node A = Rating 4
Average of ratings by neighboring nodes of node A (4 + 3.5 + 4) /3=3.83

  Similarly, node A also evaluates neighboring nodes that are counterparts during transmission. This neighborhood rating system with neighboring nodes helps to determine suitable nodes for transmission.

  In step 214, a performance index rating and a security index rating are obtained from the grant module at each node.

  In step 216, active nodes on the network are detected. There are a large number of nodes in the network, some of which are inactive (not located to send or receive data). Therefore, it is necessary to detect an active node existing on the network before transmitting data.

  In step 218, all possible paths between the source node and the destination node are detected. All nodes present on the network can be source nodes and destination nodes.

  In step 220, the reliability value of a node in the path is calculated. First, the average value of the performance index rating, the security index rating, the credit index rating, and the neighborhood node index rating are calculated, and the reliability value of the node is assigned based on these.

Table 4 shows an exemplary embodiment in which an average value is calculated along step 220 and a reliability value is given. According to an embodiment, the specific gravity shown in Table 4 can be set based on the user's security needs. Here, the user can set the specific gravity manually or can automatically generate it.

This time, the average value and the reliability value are calculated based on the average value. According to certain embodiments, the highest value of node reliability may be set manually or generated automatically.
Average value = {(12.54 + 12.54 + 4.00 + 11.49) / (3 × 5 + 3 × 5 + 1 × 5 + 3 × 5)} × 100 = (40.57 / 50) × 100 = 81.14
Reliability value = highest value of node reliability × average value = 5 × 81.14 = 4.057

  In step 222, the risk probability of the path determined based on the average of the reliability values of the active nodes present in the path is calculated.

  FIG. 3 illustrates an exemplary embodiment for calculating the risk probability of a selected possible path.

Node A is a transmission source node, from which data is transmitted to node B, which is a destination node. There are the following possible paths for data transmission from node A to node B:
・ A → C → F → B
・ A → C → E → B
・ A → D → G → B

The reliability value of the node involved in the transmission is calculated by the above procedure. The node reliability values are as follows.
C = 4.2
D = 4.7
E = 3.5
F = 4.3
G = 4.2

Now calculate the risk probability of a possible path. The calculation is performed by adding the reliability values of intermediate nodes involved in transmission.
・ A → C → F → B = 4.2 + 4.3 = (8.5 / 10) ・ 100 = 85%
⇒ Secure, risk probability = 15%
・ A → C → E → B = 4.2 + 3.5 = (7.7 / 10) ・ 100 = 77%
⇒ Secure, risk probability = 23%
A → D → G → B = 4.7 + 4.2 = (8.9 / 10) 100 = 89%
⇒ Secure, risk probability = 11%

  In step 224, the risk probability of each path is compared with a risk probability threshold to detect all secure paths sufficient for the user's needs and desires. First, the risk probability threshold is acquired from the input module 10 (shown in FIG. 1), and the current risk probability of each detected path is acquired from the risk detection module 80 (shown in FIG. 1). Then, a path lower than the risk probability threshold is detected.

  In step 226, resources required by a path having sufficient security for the user's needs are calculated. In step 224, it may be detected that there are a plurality of paths having a lower risk probability than the level desired by the user. This stage helps to select the best path that can transfer data that requires the least resources.

<Technological inventive step>
The technical inventive step in the system provided by the present disclosure includes the following realizations.
A system that protects against network node vulnerabilities. Another problem of the present disclosure is to protect data in a communication channel.
A system that maintains the integrity, reliability, confidentiality, security, and processing power of a communications network.
A system that dynamically evolves according to communication statistics and enhances network capabilities.
-A system that can reduce the operating cost of a dedicated VPN (virtual private network).
A system that provides a logical VPN that can handle high-value financial data with the same protocol even when using a third-party network.
-A system that provides an effective message delivery system.

  The description of the embodiment of the invention expresses all the general properties of the embodiment, and based on the current knowledge, it can be easily changed and applied, and immediately without starting from the basic concept. These are shown for their wide application, and therefore these modifications are also included in the main body of the present invention. The claims of this disclosure and equivalent claims also cover these modifications and are intended to be included within the scope and body of the present invention. The terms and expressions used in this disclosure are for purposes of explanation and are not intended to be limiting. Further, although the embodiments have taken up the preferred ones, a skilled person will recognize that the embodiments can be modified and applied while inheriting the intent and scope of the embodiments. .

In an exemplary embodiment, when node B transmits data via node A, it calculates the network efficiency of node A. Consider the case where the total number of packets sent is 40, the number of received packets (at the destination host) is 38, the total required time is 4 ms, the number of corrupted packets is 2, and the standard arrival time is 5 seconds. In this case, the network efficiency is calculated as follows.
Network efficiency = {(38-2) / 40} × (4/5) × 100 = 72
Node B gives node A a rating of 5 * 72% = 3.6 (standard rating is 5).

Similarly, node D and node C also rank node A.
Node B → Node A = Rating 3.6
Node C → Node A = Rating 3.5
Node D → Node A = Rating 4
Average rating by neighboring nodes of node A ( 3.6 + 3.5 + 4) /3=3.70

Table 4 shows an exemplary embodiment in which an average value is calculated along step 220 and a confidence value is given. According to one embodiment, the specific gravity shown in Table 4 can be set based on the user's security needs. Here, the user can set the specific gravity manually or can automatically generate it.

This time, the average value and the reliability value are calculated based on the average value. According to certain embodiments, the maximum value of node reliability may be set manually or generated automatically.
Average value = {(12.54 + 12.54 + 4.00 + 11.10 ) / (3 × 5 + 3 × 5 + 1 × 5 + 3 × 5)} × 100 = ( 40.18 / 50) × 100 = 80.36
Reliability value = maximum value of node reliability × average value = 5 × 80.36 = 4.018

Claims (7)

A computer-implemented system for selecting a secure path for data transmission from one node to another node on a communication network having a plurality of nodes, comprising:
An evaluation unit, an average value calculation unit, a grant unit, and a first repository that is set in each of the plurality of nodes and sets these three units;
The evaluation unit is installed in a node and evaluates performance index characteristics and security index characteristics of the node;
The average value calculation unit is installed in the node, receives performance index characteristics and security index characteristics evaluated by the evaluation unit, and calculates an average value thereof;
The assigning unit is configured to receive an average value of the performance index characteristic and the security index characteristic of the node, and to assign a performance index rating and a security index rating to the node;
Having a server and a first processor connected to the server for communicating with each of the nodes;
The first processor controls the operation of these three units by sending operation signals to the evaluation unit, the average value calculation unit, and the grant unit of each node, and each node has a performance index rating. Providing a security index rating and transmitting the rating to the server;
The server has an input module for obtaining a risk probability threshold from a user in order to calculate a security need seen from the user in data transmission performed between two nodes of the plurality of nodes. Being;
The server has a second repository for dynamically storing performance history, average figure of merit, attack history, transaction loss / failure history and neighborhood node ratings for each node;
The server has a second processor that computes a current credit index rating and a neighbor node index rating for each of the nodes by processing information stored in the second repository;
The server has a receiving module for obtaining a performance index rating and a security index rating from each of the nodes;
The server has an active node detection module configured to detect active nodes present in the plurality of nodes;
The server has a path detection module for detecting a path existing between active nodes detected by the active node detection module;
The server receives a performance index rating and a security index rating of a specific node from the receiving module, and receives a credit index rating and a neighbor node index rating from the second processor, and each active node present in the communication network Having a confidence index module with a third processor configured to calculate a current confidence value of;
The server receives a current reliability value of each active node and a set of paths detected between the current active nodes, and for each path in the set, the reliability of the active nodes constituting the path is received. Having a risk detection module with a fourth processor configured to average the values and calculate the risk probability of the path;
The server obtains the risk probability threshold from the input module, obtains the current risk probability of each detected path, and detects a risk probability lower than the risk probability threshold from the set of paths. Having a comparator with a fifth processor adapted to: and, in cooperation with the comparator, the server to determine the path with the least resource requirement Having a resource detection module for calculating a resource required for data transmission via the path detected by the fifth processor;
A computer-implemented system characterized by The computer-implemented system of claim 1,
The computer-implemented system, wherein the performance index characteristic includes transmission delay rate, transaction success to failure ratio, response time, bandwidth and adjustment according to the time. The computer-implemented system of claim 1,
The security indicator characteristics include firewall settings and firewall security status, installed antivirus programs and program status, status of media connected to open ports on the node, associated input devices and their scope. Including computer-implemented system. The computer-implemented system of claim 1,
Further comprising a history data collector configured to obtain history data after each transaction and send it to the second repository for each node to which data is transferred;
The computer-implemented system, wherein the historical data includes a performance history, an average figure of merit, an attack history, and a transaction loss / failure history. A method of selecting a secure path by a computer-implemented system configured to enable data transmission between nodes in a network composed of a plurality of nodes,
Evaluate performance index characteristics and security index characteristics;
Calculating the average value of the evaluated performance index characteristics and security index characteristics;
Assign performance index ratings and security index ratings;
Obtaining as a user data a risk probability threshold that sets security requirements in network data transmission;
Dynamically storing performance history, average performance index, attack history, transaction loss / failure history and neighborhood node evaluation for each node of the plurality of nodes;
Processing the performance history, average performance index, attack history, transaction loss / failure history and neighborhood node evaluation to calculate the current credit indicator rating and neighborhood node indicator rating of each node;
Obtaining performance index ratings and security index ratings;
Detecting an active node present in the plurality of nodes;
Detecting a path between the active nodes present in the network;
Calculating a reliability value by obtaining a performance index rating and a security index rating and calculating a current reliability value for each active node;
Obtaining a current reliability value of each active node and a set of detected paths, and calculating an average value of the reliability values of the nodes constituting the path. Calculating the risk probability;
Performing a risk probability comparison by obtaining a risk probability threshold of the detected path and a current risk probability, and identifying a path having a risk probability lower than the risk probability threshold; and via the path A method for selecting a secure path, characterized by detecting a resource necessary for data transmission and identifying a path having the lowest resource use request. The method of selecting a secure path according to claim 5,
The method of selecting a secure path, wherein the performance index characteristic includes a transmission delay rate, a transaction success to failure ratio, a response time, a bandwidth, and an adjustment according to the time. The method of selecting a secure path according to claim 5,
The security indicator characteristics include firewall settings and firewall security status, installed antivirus programs and program status, status of media connected to open ports on the node, associated input devices and their scope. How to select the included secure path.

Images