WO2022180691A1 - Système de communication, dispositif de communication, procédé de détermination de fraude et programme - Google Patents

Système de communication, dispositif de communication, procédé de détermination de fraude et programme Download PDF

Info

Publication number
WO2022180691A1
WO2022180691A1 PCT/JP2021/006880 JP2021006880W WO2022180691A1 WO 2022180691 A1 WO2022180691 A1 WO 2022180691A1 JP 2021006880 W JP2021006880 W JP 2021006880W WO 2022180691 A1 WO2022180691 A1 WO 2022180691A1
Authority
WO
WIPO (PCT)
Prior art keywords
node
data
sub
received data
pub
Prior art date
Application number
PCT/JP2021/006880
Other languages
English (en)
Japanese (ja)
Inventor
弘樹 長山
将浩 白石
知暁 鷲尾
麻美 宮島
Original Assignee
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電信電話株式会社 filed Critical 日本電信電話株式会社
Priority to PCT/JP2021/006880 priority Critical patent/WO2022180691A1/fr
Publication of WO2022180691A1 publication Critical patent/WO2022180691A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures

Definitions

  • the present invention relates to technology for detecting fraud such as falsification of data sent and received on a network.
  • pub/sub communication Publish/subscribe communication
  • pub/sub communication there are a publisher that is a client on the sending side that creates and sends a message called an event, and a subscriber that is a client on the receiving side of the message.
  • Pub/Sub communication has three characteristics: “spatial separation”, “temporal separation”, and “asynchronous processing”. With “spatial separation,” Publishers and Subscribers do not need to know of each other's existence. “Temporal separation” allows data to be sent and received without the Publisher and Subscriber being on the network at the same time. Also, by “asynchronous processing", transmission and reception of events can be processed asynchronously with other processing of the Publisher or Subscriber.
  • a broker-type configuration is a configuration in which a function called a broker, which is responsible for spatial separation, temporal separation, and asynchronous processing properties, is placed between Pub and Sub.
  • a brokerless configuration is a distributed configuration in which all nodes (Pub and Sub) have the ability to assume spatial separation, temporal separation, and asynchronous processing properties.
  • DDS Data Distribution Service
  • the present invention has been made in view of the above points, and an object thereof is to provide a technique that makes it possible to detect fraud such as data falsification in a communication system that performs Pub/Sub communication.
  • a communication system comprising a distributor node and a subscriber node, when the subscribing side node detects an order abnormality based on the sequence number of the received data, sending an audit request including information on the received data to the distributing side node;
  • the delivery node determines whether there is an abnormality based on the information about the received data, and transmits the determination result to the subscriber node;
  • a communication system is provided in which the subscribing node determines whether or not fraud has occurred based on the result of communication monitoring and the determination result received from the distributing node.
  • a technique that enables detection of fraud such as data falsification in a communication system that performs Pub/Sub communication.
  • FIG. 3 is a diagram for explaining Pub/Sub communication using DDS; It is a figure which shows the system configuration example in which DDS is incorporated.
  • 1 is a diagram illustrating a configuration example of a system having multiple nodes;
  • FIG. 2 is a diagram for explaining the outline of Example 1;
  • 1 is a diagram illustrating a system configuration example in Example 1;
  • FIG. 4 is a diagram showing a processing flow in Example 1.
  • FIG. 1 is a diagram illustrating a configuration example of a system having multiple nodes;
  • FIG. 11 is a diagram showing a configuration example of an APP-DDS functional unit in Example 2;
  • FIG. 4 is a diagram showing a configuration example of a DDS operation function unit;
  • FIG. 4 is a diagram showing a configuration example of a DDS operation function unit
  • FIG. 10 is a diagram showing a processing flow in Example 2-1; It is a figure for demonstrating the inspection processing example. It is a figure for demonstrating the inspection processing example. It is a figure for demonstrating the inspection processing example.
  • FIG. 13 is a diagram showing a processing flow in Example 2-2; It is a figure which shows the hardware configuration example of an apparatus.
  • the above-described brokerless configuration is adopted, and the brokerless type is realized by the DDS having a function corresponding to the broker.
  • DDS adds a NW for delivery to the NW I/F owned by the node.
  • the delivery range set by the user is operated by this delivery NW and the filters inside the DDS, enabling the appropriate data transmission/reception for applications functioning as Pub or Sub.
  • the DDS assigns a multicast address to the NW I/F that can be used within the node and prepares the delivery NW.
  • the distribution range it is possible to set whether to distribute by unicast using the existing IP address of the node or to use a newly assigned multicast address, making it possible to determine the physical data distribution range.
  • FIG. 1 An example of the delivery range is shown in Figure 1.
  • domain A and domain B are set as the delivery range.
  • a delivery range for topic [i] and a delivery range for topic [ro] are set.
  • the delivery range of key [II] is set within the delivery range of topic [I].
  • a DDS is a program that functions as middleware in a node (which may also be called a computer or communication device).
  • a processing program that is the basis for communication in DDS is prepared as a library.
  • a DDS program can be generated from a communication program generation data definition file that has parameters for data definitions (type, size, name, QoS, etc.) to be sent by an application (described as "APP"). can be generated.
  • APP application
  • FIG. 2 is a diagram showing a system configuration example in which the DDS is incorporated.
  • FIG. 2 physically shows a configuration in which a plurality of nodes (computers) to which sensors and control valves are connected are connected to a bus-type network.
  • a sensor is connected to each of nodes 1 and 2, and an APP that generates data to be published and a DDS are installed.
  • Control valves are connected to nodes 2 and 3, respectively, and APP and DDS for utilizing subscribed data are installed.
  • the example in FIG. 2 shows an example in which a Pub/Sub configuration with redundant QoS settings is realized using DDS.
  • the DDS of node 1 constitutes a primary Pub and a sub 1 Pub
  • the DDS of node 2 constitutes a sub 2 Pub.
  • the DDS of the node 3 constitutes the first Sub and the second Sub
  • the DDS of the node 4 constitutes the third Sub.
  • FIG. 2 shows an example in which the APP is written in python and the DDS is written in C++, these are just examples, and any programming language may be used. Also, when changing the Pub/Sub configuration, there are those that can be partially dynamically changed such as QoS, and those that require process restart (including program modification).
  • Example 1 and 2 will be described below as examples of the technology according to the present embodiment. In addition, Example 1 and Example 2 can be implemented in combination.
  • one node may have both Pub/Sub, and one node may have Pub/Sub across multiple domains.
  • one APP may have multiple Pubs or multiple Subs.
  • each Pub and each Sub in the same APP can be identified.
  • the communication system that is the base in the first embodiment the communication is in plain text.
  • FIG. 3 shows a configuration example of a communication system that serves as a base in the first embodiment. As shown in FIG. 3, this communication system has nodes 10 to 18, L2SW (Layer 2 switches) 20 and 21, L3SW (Layer 3 switch) 30, a packet analyzer 40, and a detector 50.
  • L2SW Layer 2 switches
  • L3SW Layer 3 switch
  • nodes 10, 11, 12, 15, 16, and 17 belong to domain D1
  • nodes 12, 13, 14, 17, and 18 belong to domain D2.
  • D1 of "DDS_D1" of node 10 indicates the domain to which the node belongs.
  • Nodes 12 and 17 belong to both domain D1 and domain D2.
  • Pub1 (APP I) is an application that publishes data on topic [I], and functions as Pub1 (Publisher1) in Pub/Sub communication.
  • Pub1 (APP) Pub1
  • Pub2 (APP) Pub2
  • node 11 has both Pub and Sub as Pub3 and Sub4.
  • Nodes 12 and 14 have multiple APPs functioning as multiple Pubs, and nodes 17 and 18 have multiple APPs functioning as multiple Subs.
  • the Internet 55 is connected to the end of the L3SW 30, and each node can communicate with the Internet 400.
  • a packet analysis device 40 is connected to each L2SW, and for example, the detection unit 50 can perform anomaly detection based on packet analysis results.
  • Embodiment 1 provides a mechanism for solving the above problems. A configuration and operation example of the first embodiment will be described with reference to FIG.
  • FIG. 4 shows a configuration in which a node on the Pub side and a node on the Sub side are connected by a NW.
  • a node on the Pub side is connected with a sensor that is a source of data to be published, and a node on the Sub side is connected with a control valve that is a destination of the subscribed data.
  • Three Pubs are configured by the DDS function of the Pub-side node, and three Subs are configured by the DDS function of the Sub-side node.
  • an APP-DDS function unit 100 is provided between the APP and the DSS.
  • an APP-DDS functional unit 200 is provided between APP and DSS.
  • the APP-DDS function unit 100 in the Pub side node has a route control unit 110, a route condition recording unit 120, and a route condition arbitration unit 130.
  • the APP-DDS functional unit 200 in the Sub-side node has a route control unit 210, a route condition recording unit 220, and a route condition arbitration unit 230. FIG. The operation of each unit will be explained in the sequence to be described later.
  • Example 1 when distributing data from nodes on the Pub side, the same data (sensor values, etc.) is distributed as multiple different topics.
  • a node on the Pub side stores and distributes the same data to topic A, topic B, and topic C.
  • the data (payload) of a topic has the identification information of the topic (eg topic A) and a value.
  • the path control unit 210 in the Sub-side node that subscribes to the data compares the received data of the three topics to determine whether or not there is fraud, and determines which topic data is actually processed (that is, the APP pass).
  • Pub1 is set as the Pub for Topic B
  • Pub2 is set as the Pub for Topic B
  • Pub3 is set as the Pub for Topic C.
  • two of the three Pubs are set as dummies.
  • the routing control unit 210 sets Sub1 as the Sub for Topic A, Sub2 as the Sub for Topic B, and Sub3 as the Sub for Topic C by controlling the DDS. do. However, two of the three Subs are set as dummies.
  • Pub1 distributes topic A data, and Sub1 receives (subscribes to) topic A data.
  • Pub2 distributes topic B data and Sub2 receives topic B data.
  • Pub3 distributes topic C data, and Sub3 receives topic C data.
  • a Pub-Sub pair that publishes/subscribes to the same topic may be called a "path".
  • the node on the Sub side (specifically, the route control unit 210) compares the distribution data between the routes. By doing so, it is possible to detect and defend against attacks other than when the multiple routes are hijacked at the same time. For example, if at least one data among the plurality of data is different from other data, it may be determined that fraud has been committed.
  • the path control unit 210 detects that any two of topic A, topic B, and topic C have the same value and the remaining one is different from the other two, the two data having the same value are It judges it to be normal and passes the data to the APP. Also, it is determined that an abnormality (illegal) has occurred in one different data path.
  • the path control unit 210 detects that the value of any of the data of Topic A, Topic B, and Topic C is different from the value of the other data, all of the three data are determined to be abnormal. does not pass any data to the APP. Also, it is determined that an abnormality has occurred in three routes.
  • FIG. 5 shows a configuration example of a communication system according to the first embodiment. As shown in FIG. 5, each node is provided with an APP-to-DDS function for the base communication system shown in FIG. The internal configuration of each APP-DDS functional unit is as shown in FIG.
  • route conditions are stored in each of the route condition recording unit 120 and the route condition recording unit 220.
  • the route condition is, for example, "use N routes from time X to time Y", "use M routes when the value of the data output from the APP is K or more", and the like. is a condition for using
  • the route condition arbitration unit 130 of the Pub-side node searches the route condition recording unit 120 and acquires the current route conditions as search results.
  • the route condition arbitration unit 230 of the Sub-side node searches the route condition recording unit 220 and acquires the current route conditions as search results.
  • the route condition arbitration units 130 and 230 hash the current route conditions obtained by searching (S105, S106). In S107, arbitration is performed by transmitting and receiving hashed route conditions between the route condition arbitration unit 130 and the route condition arbitration unit 230.
  • FIG. Specifically, each of the route condition arbitration unit 130 and the route condition arbitration unit 230 compares the route condition on its own side with the route condition on the other party's side and checks whether they match. If they match, it decides to use that route condition, and registers it in the route condition recording unit 120/220 as an arbitration result (S108/S109).
  • the Pub-side route condition arbitration unit 130 registers its own route conditions in the route condition recording unit 120 as the arbitration result (S108).
  • the route condition arbitration unit 230 on the side acquires the route condition on the Pub side from the Pub side and registers it in the route condition recording unit 220 as the arbitration result (S109).
  • the route control units 110/210 acquire the latest arbitrated route conditions from the route condition recording units 120/220 (S110 to S113). Further, the route control units 110/220 construct routes according to the route conditions. Specifically, for example, as shown in FIG. 4, when the route condition is to use three routes, the route control unit 110 controls the DDS 270 so that three routes are available. For example, add two dummy Pubs. Also, the path control unit 210 on the Sub side adds, for example, two dummy Subs so as to create three paths by controlling the DDS 270 . Note that this process is unnecessary if there are already three routes (three Pubs and three Subs).
  • the route control unit 110 receives data from the APP150.
  • the route control unit 110 duplicates the data received from the APP 150 by the number of routes.
  • the route control unit 110 notifies the DDS 270 of the duplicated data. For example, when using 3 paths, the same 3 data are posted to the DDS 270 .
  • the DDS 270 notifies the route control unit 210 on the Sub side of each data received through a plurality of routes.
  • the route control unit 210 compares the data between the routes as described above, determines whether or not the data is illegal, and determines whether or not to send the data to the APP 250 and which data to send to the APP 250. . If it is determined to send certain data to APP 250, the routing control unit 210 sends the data to APP 250 in S119.
  • Example 2 (Communication system that is the basis of the second embodiment, problems) Next, Example 2 will be described. Example 2 can also be implemented independently and can also be implemented in combination with Example 1.
  • FIG. FIG. 7 shows a communication system on which the second embodiment is based. As shown in FIG. 7, the communication system on which the second embodiment is based has the same configuration as the communication system on which the first embodiment is based shown in FIG.
  • an attacker analyzes data of a certain topic on a communication channel, and transmits malicious data generated by rewriting QoS guarantee information (sequence No. related to Reliability in this embodiment). It is conceivable that the malfunction of the assurance function (in this case, Reliability QoS Policy) is pushed.
  • attacking sequence No. >Normal Sequence No.
  • SN a number indicating the order of data
  • an attacker intercepts topic data distributed by multicast on the network and confirms the current latest SN of Pub. Then, based on the confirmed SN, incorrect data is inserted so as not to cause sequence anomaly.
  • the DDS on the Sub side only discards the data corresponding to the SN that has been received once, and does not cause an order abnormality, so it is impossible to detect that there has been unauthorized data insertion.
  • each node is provided with an APP-DDS function unit 100/200 and a DDS operation function unit 300/400.
  • the Pub-side APP-DDS functional unit 100 may not be provided.
  • FIG. 9 shows a configuration example of the APP-DDS function unit 200 on the Sub side.
  • the APP-DDS functional unit 200 has a notification control unit 240.
  • FIG. FIG. 10 shows a configuration example of the DDS operation function unit 300 on the Pub side.
  • the DDS operation function unit 300 has a pub-side audit unit 310 .
  • FIG. 11 shows a configuration example of the DDS operation function unit 400 on the Sub side.
  • the DDS operation function section 400 has a monitoring management section 410 and a Sub-side auditing section 420 . The operation of each unit will be explained in the sequence to be described later.
  • Example 2-1 an example of an anomaly determination method for attacks that cause sequence anomalies
  • Example 2-2 an example of an anomaly determination method for attacks that will not cause sequence anomalies
  • Example 2-1 and Example 2-2 will be described separately below, in actual operation, both Example 2-1 and Example 2-2 are performed. However, only the operation of Example 2-1 or only the operation of Example 2-2 may be executed.
  • the DDS internal data and traffic of Pub and Sub are detected by the sequence assurance function that the DDS has as its basic function. to determine whether the data loss that occurred was an attack by a malicious Pub. In addition, data is not passed to the APP when it is determined to be an attack.
  • Each DDS is equipped with a queue that records the transmitted/received data and its sequence (SN), which makes it possible to determine whether or not there is a sequence abnormality.
  • the DDS 340 on the Sub side when the DDS 340 on the Sub side detects the occurrence of a sequence abnormality, it transmits a sequence abnormality notification to the audit management unit 410 in S201.
  • the audit management unit 410 that has received the sequence abnormality notification transmits an audit request to each of the pub-side audit unit 310 and the sub-side audit unit 420 (S202, S203).
  • the audit request contains information about the data received on the Sub side.
  • the information about the received data is, for example, the SN of the latest data received by the Sub and the data.
  • the pub-side auditing unit 310 Upon receiving the audit request, the pub-side auditing unit 310 confirms the presence of the latest SN data received from the sub-side with respect to the DDS 330 (S204), and based on the confirmation result, determines whether or not there is an abnormality (S205). ). In S207, the pub-side auditing unit 310 transmits the determination result to the sub-side audit management unit 410.
  • FIG. 1 the pub-side auditing unit 310 confirms the presence of the latest SN data received from the sub-side with respect to the DDS 330 (S204), and based on the confirmation result, determines whether or not there is an abnormality (S205). ).
  • the pub-side auditing unit 310 transmits the determination result to the sub-side audit management unit 410.
  • the Sub side auditing unit 420 performs communication monitoring based on the latest SN received in S203 to determine whether there is an abnormality (S206). Notify 410.
  • the audit management unit 410 that has received the determination results from the pub-side audit unit 310 and the sub-side audit unit 420 makes a final determination of the presence or absence of an abnormality (unfairness), and transmits the audit result to the notification control unit 240 in S209.
  • the communication control unit 240 determines whether or not to transmit data to the APP 350 based on the inspection result. When it is determined to transmit data to APP 350, the data is transmitted to APP 350 in S211.
  • FIG. 13 An example of inspection processing will be described with reference to FIGS. 13, 14, and 15.
  • FIG. 13 In the examples of FIGS. 13, 14, and 15, it is assumed that there are Pub (publisher) and Sub (subscriber) that transmit and receive data, and there is an attacker (attacker). However, in the case of FIG. 13, it is assumed that the attacker has not attacked.
  • queues in which SNs and data are recorded are provided as functions of the DDS 330/340 on the pub side and the sub side, respectively.
  • the publisher queue stores data A to D of SN1 to 4, and the Pub-side DDS 330 puts a check mark on the data for which Ack or NACK has been received after transmission. Also, the DDS 340 on the Sub side records the received data and puts a checkmark in the subscriber queue.
  • the DDS 340 on the Sub side detects that an order abnormality has occurred, and notifies the audit management unit 410 of the order Notify anomalies.
  • the Sub side monitoring unit 420 determines that there is no abnormality, and sends the result of the determination that there is no abnormality to the audit management unit 410 on the Sub side. to notify.
  • the audit management unit 410 notifies the notification control unit 240 that there is no abnormality (no fraud) as the audit result. to the APP 350.
  • the DDS 340 on the Sub side detects that an order abnormality has occurred and notifies the audit management unit 410 of the order abnormality. do.
  • the DDS 340 on the Sub side detects that an order abnormality has occurred and notifies the audit management unit 410 of the order abnormality. do.
  • Example 2-2 Next, Example 2-2 will be described. Embodiment 2-2 will explain a mechanism capable of detecting fraud even when fraudulent data is inserted so as not to cause sequence anomaly.
  • Example 2-2 The system configuration in Example 2-2 is the same as in Example 2-1. The operation on the Sub side in embodiment 2-2 will be described with reference to the sequence diagram of FIG. In the example of FIG. 16, the DDS 340, the audit management unit 410, the Sub-side audit unit 420, the notification control unit 240, and the APP 350 in the Sub-side node are shown. Also, the DDS 340 is shown connected to the network.
  • the DDS 340 receives data with SNs.
  • the DDS 340 causes the Sub-side audit section 420 to store the set of the received data and its SN.
  • S601 and S602 are executed each time data is received, and the Sub-side auditing unit 420 stores a set of data and its SN for all received data. However, data and SN pairs received earlier than a certain time may be deleted.
  • the Sub-side auditing unit 420 compares the SN of the newly received data with the SN of the stored received data, and determines whether data with the same SN as the already received data has been newly received. to judge whether
  • the audit management unit 410 requests the Sub-side audit unit 420 to audit. Specifically, it confirms whether or not the data value corresponding to the received SN and the data value of the same SN received again match, and if they do not match, it is requested to determine that there is an abnormality.
  • the notification control unit 240 is notified.
  • Each node (communication device) according to the present embodiment can be realized, for example, by causing a computer to execute a program describing the processing content described in the present embodiment.
  • the above program can be recorded on a computer-readable recording medium (portable memory, etc.), saved, or distributed. It is also possible to provide the above program through a network such as the Internet or e-mail.
  • FIG. 17 is a diagram showing a hardware configuration example of the computer.
  • the computer of FIG. 17 has a drive device 1000, an auxiliary storage device 1002, a memory device 1003, a CPU 1004, an interface device 1005, a display device 1006, an input device 1007, an output device 1008, etc., which are interconnected by a bus BS.
  • a program that implements the processing in the computer is provided by a recording medium 1001 such as a CD-ROM or memory card, for example.
  • a recording medium 1001 such as a CD-ROM or memory card
  • the program is installed from the recording medium 1001 to the auxiliary storage device 1002 via the drive device 1000 .
  • the program does not necessarily need to be installed from the recording medium 1001, and may be downloaded from another computer via the network.
  • the auxiliary storage device 1002 stores installed programs, as well as necessary files and data.
  • the memory device 1003 reads and stores the program from the auxiliary storage device 1002 when a program activation instruction is received.
  • the CPU 1004 implements functions related to nodes according to programs stored in the memory device 1003 .
  • the interface device 1005 is used as an interface for connecting to the network.
  • a display device 1006 displays a GUI (Graphical User Interface) or the like by a program.
  • An input device 1007 is composed of a keyboard, a mouse, buttons, a touch panel, or the like, and is used to input various operational instructions.
  • the output device 1008 outputs the calculation result. Note that at the node Either or both of the display device 1006 and the input device 1007 may be omitted.
  • a communication system comprising a distributor node and a subscriber node, said delivery side node transmits a plurality of data obtained by duplicating one piece of data to said subscriber node through a plurality of routes; The subscribing node determines whether fraud has occurred by comparing the plurality of data received from the plurality of paths.
  • the plurality of routes are three or more routes, and the subscribing side node is deemed to be fraudulent when at least one data among the plurality of data received from the plurality of routes is different from other data.
  • the communication system according to item 1. (Section 3) 3. The communication system according to claim 1 or 2, wherein the subscribing node passes the data received from the plurality of paths to an application in the subscribing node when it is determined that fraud has not occurred.
  • (Section 4) 4. The method according to any one of claims 1 to 3, wherein route conditions are arbitrated between the distributor node and the subscriber node, and the plurality of routes are determined based on the arbitration result. Communications system.
  • (Section 5) A communication device used as the distributor node in a communication system comprising a distributor node and a subscriber node, a route condition arbitration unit that arbitrates route conditions with the subscribing node; a route control unit that transmits a plurality of data obtained by duplicating one piece of data to the subscribing node through a plurality of routes based on the route conditions arbitrated by the route condition arbitration unit;
  • a communication device comprising: (Section 6) A communication device used as the subscriber node in a communication system comprising a distributor node and a subscriber node, Route control for determining whether or not fraudulent activity has occurred by receiving a plurality of data obtained by duplicating one piece of data at the delivery side node from a plurality of routes and comparing the plurality of data.
  • a communication device comprising: (Section 7) A data distribution method in a communication system comprising a distributor node and a subscriber node, a step in which the delivery side node transmits a plurality of data obtained by duplicating one piece of data to the subscribing side node through a plurality of routes; and determining, by said subscribing node, whether or not fraud has occurred by comparing the plurality of data received from said plurality of paths. (Section 8) A program for causing a computer to function as each unit in the communication device according to item 5 or 6.
  • a communication system comprising a distributor node and a subscriber node, when the subscribing side node detects an order abnormality based on the sequence number of the received data, sending an audit request including information on the received data to the distributing side node;
  • the delivery node determines whether there is an abnormality based on the information about the received data, and transmits the determination result to the subscriber node;
  • the communication system wherein the subscribing side node determines whether or not fraudulent activity has occurred, based on a communication monitoring result and the determination result received from the delivery side node.
  • the distributing node determines that there is an abnormality when detecting that the subscribing node has received data that has not been transmitted by the distributing node based on the information about the received data.
  • the communication system according to item 1. (Section 3) If the subscribing node detects that data not transmitted by the distributing node is received based on the communication monitoring result and the judgment result received from the distributing node, the subscribing node commits fraud.
  • the communication system according to Clause 1 or 2. (Section 4) wherein the subscribing side node passes the data received from the distributing side node to an application in the subscribing side node if it is determined that no fraud has been committed; Communication system as described.
  • a communication device used as the distributor node in a communication system comprising a distributor node and a subscriber node, When the subscribing node detects a sequence abnormality based on the sequence number of the received data, the subscribing node receives an audit request including information on the received data from the subscribing node, and A communication device comprising: an auditing unit that determines the presence or absence of an abnormality based on information and transmits a determination result to the subscriber node.
  • a communication device used as the subscriber node in a communication system comprising a distributor node and a subscriber node, an audit management unit that transmits an audit request including information about the received data to the delivery side node when an order abnormality is detected based on the sequence number of the received data; receiving, from the delivery side node, a determination result as to whether or not there is an abnormality based on information relating to the received data at the delivery side node, and based on the determination result and the result of communication monitoring, whether fraud has been committed; an audit department that determines whether A communication device comprising: (Section 8) A fraud determination method in a communication system comprising a distributor node and a subscriber node, a step of sending an audit request including information on the received data to the delivery node when the subscriber node detects an order abnormality based on the sequence number of the received data; a step in which the delivery node determines whether there is an abnormality based on the information about the received data, and transmits the determination result to

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Dans un système de communication ayant un nœud côté publication et un nœud côté abonnement, lors de la détection d'une anomalie dans l'ordre sur la base du nombre de séquences de données reçues, l'invention concerne un nœud côté abonnement qui transmet, au nœud côté publication, une demande d'inspection incluant des informations concernant les données reçues, le nœud côté publication détermine s'il existe ou non une anomalie sur la base des informations concernant les données reçues et transmet le résultat de détermination au nœud côté abonnement et le nœud côté abonnement détermine si une fraude a été commise ou non sur la base d'un résultat de surveillance de communication et du résultat de détermination reçu à partir du nœud côté publication.
PCT/JP2021/006880 2021-02-24 2021-02-24 Système de communication, dispositif de communication, procédé de détermination de fraude et programme WO2022180691A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/006880 WO2022180691A1 (fr) 2021-02-24 2021-02-24 Système de communication, dispositif de communication, procédé de détermination de fraude et programme

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/006880 WO2022180691A1 (fr) 2021-02-24 2021-02-24 Système de communication, dispositif de communication, procédé de détermination de fraude et programme

Publications (1)

Publication Number Publication Date
WO2022180691A1 true WO2022180691A1 (fr) 2022-09-01

Family

ID=83047853

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/006880 WO2022180691A1 (fr) 2021-02-24 2021-02-24 Système de communication, dispositif de communication, procédé de détermination de fraude et programme

Country Status (1)

Country Link
WO (1) WO2022180691A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003509970A (ja) * 1999-09-16 2003-03-11 ブリティッシュ・テレコミュニケーションズ・パブリック・リミテッド・カンパニー パケット認証
JP2020092318A (ja) * 2018-12-04 2020-06-11 株式会社東芝 中継装置、中継方法及びコンピュータプログラム

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003509970A (ja) * 1999-09-16 2003-03-11 ブリティッシュ・テレコミュニケーションズ・パブリック・リミテッド・カンパニー パケット認証
JP2020092318A (ja) * 2018-12-04 2020-06-11 株式会社東芝 中継装置、中継方法及びコンピュータプログラム

Similar Documents

Publication Publication Date Title
US7076801B2 (en) Intrusion tolerant server system
AU2015270231B2 (en) Secured network bridge
US20110066841A1 (en) Platform for policy-driven communication and management infrastructure
JP4195480B2 (ja) コンピュータ端末がネットワークに接続して通信することを管理・制御するための装置および方法。
Hubballi et al. LAN attack detection using discrete event systems
US11689543B2 (en) System and method for detecting transmission of a covert payload of data
US20200167342A1 (en) System for Secure Software Defined Networking Based on Block-Chain and Method Thereof
Yuan et al. A practical byzantine-based approach for faulty switch tolerance in software-defined networks
US10303565B2 (en) Multicasting system voting on server data
US6779038B1 (en) System and method for extending virtual synchrony to wide area networks
Correia et al. Worm-IT–a wormhole-based intrusion-tolerant group communication system
US20170223045A1 (en) Method of forwarding data between computer systems, computer network infrastructure and computer program product
WO2022180691A1 (fr) Système de communication, dispositif de communication, procédé de détermination de fraude et programme
WO2022180690A1 (fr) Système de communication, dispositif de communication, procédé de distribution de données et programme
Xiao et al. Modeling and verifying SDN under Multi‐controller architectures using CSP
US7558210B1 (en) Publish-subscribe looping detection and correction
JPWO2006043327A1 (ja) 中継装置及びネットワークシステム
KR101518852B1 (ko) Ips 장치 및 ids 장치를 포함하는 보안 시스템 및 그것의 동작 방법
JP2018098727A (ja) サービスシステム、通信プログラム、及び通信方法
WO2022208855A1 (fr) Système de communication, dispositif de détection d'anomalie, procédé de détection d'anomalie et programme
US20240187428A1 (en) Communication system, switching apparatus, switching method, and program
Abdallah et al. Performance analysis of SDN vs OSPF in diverse network environments
Pandey Reliable delivery and ordering mechanisms for an intrusion-tolerant group communication system
WO2022208857A1 (fr) Système de communication, dispositif d'inspection, procédé d'inspection et programme
US7669207B2 (en) Method for detecting, reporting and responding to network node-level events and a system thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21927794

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21927794

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP