网络可信控制技术及仿真系统研究

发布时间：2018-04-04 10:54

本文选题：可信网络　切入点：信任模型　出处：《电子科技大学》2014年硕士论文

【摘要】：互联网在人们的工作、生活、娱乐中的必需性越来越重。由于传统网络具有IP地址双重语义、用户接入缺乏认证机制等安全缺陷,保证网络安全、可靠、可信、可控与可生存显得尤为重要。首先,论文基于名址分离技术和分布式信任模型原理构建一体化可信网络控制系统。该系统从接入、传输和路由三个层面出发,在每个层面均采用可行有效的可信控制技术:接入层使用可信认证机制、数字签名和名址分离的可信接入控制策略保证接入用户的身份安全,传输层使用逐条分组验证机制和分组可信度检测机制保证数据完整性和安全性,路由层使用名址分离的可信路由控制策略保证路由安全可靠。然后,论文基于OPNET构建一体化可信控制系统仿真平台,结合可信控制原理,详细设计了系统内部信息交互内容以及通信协议,完整构建了仿真平台网络、节点和进程三个层面的模型。最后,论文对传统网络中常见网络攻击事件进行分类、分析并引入仿真平台,设计了23种攻击事件场景进行仿真,仿真主要从两方面进行结果考察,一方面是可信控制系统对网络攻击事件的有效抵御性,主要考察节点可信度变化趋势、恶意节点路由规避能力,另一方面基于网络负载、端到端传播时延、可信连接建立时间、丢包率和含恶意节点路由比例五个指标考察可信控制系统的整体网络性能。仿真结果表明,在网络接入、传输和路由三个层面引入多种可信控制策略以构建可信控制系统能够及时检测到这23种攻击事件的出现并通过调整可信度予以规避、消除危害,与此同时,可信控制策略增加的额外网络负载、时延以及可信连接建立时间并不显著,而网络丢包率和含恶意节点路由比例有明显降低。
[Abstract]:Internet is becoming more and more important in people's work, life and entertainment.Because the traditional network has the double semantics of IP address and the user access lacks authentication mechanism, it is particularly important to ensure the network security, reliability, credibility, controllability and survivability.Firstly, an integrated trusted network control system is constructed based on name-address separation technology and distributed trust model.The system is based on three layers: access, transmission and routing. In each layer, a feasible and effective trusted control technique is adopted: the access layer uses trusted authentication mechanism.The trusted access control strategy, which separates digital signature and address, ensures the identity security of the access user, and the transport layer uses the packet by packet authentication mechanism and the packet confidence detection mechanism to ensure the data integrity and security.The routing layer uses a trusted routing control strategy based on name-address separation to ensure the safety and reliability of the route.Then, the paper constructs the simulation platform of integrated trusted control system based on OPNET. Combining with the principle of trusted control, the information exchange content and communication protocol within the system are designed in detail, and the network of simulation platform is constructed.Model of node and process at three levels.Finally, the paper classifies the common network attack events in the traditional network, analyzes and introduces the simulation platform, designs 23 attack event scenes to simulate, the simulation results are mainly from two aspects.On the one hand, it is the effective resistance of the trusted control system to the network attack event. It mainly studies the change trend of the node credibility, the routing evading ability of the malicious node, on the other hand, based on the network load, the end-to-end propagation delay, the time of establishing the trusted connection.The overall network performance of the trusted control system is evaluated by five indexes: packet loss rate and routing ratio of malicious nodes.The simulation results show that a variety of trusted control strategies are introduced into the network access, transmission and routing layers to construct a trusted control system, which can detect the occurrence of these 23 attack events in time and avoid them by adjusting the credibility to eliminate the harm.At the same time, the additional network load, delay and the time of establishing trusted connection caused by the trusted control strategy are not significant, while the packet loss rate and the routing ratio of malicious nodes are significantly reduced.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】