面向域间路由控制的信任机制研究

发布时间：2018-05-26 12:10

本文选题：面向域间路由系统的信任模型 + 自治域路由行为预测　；参考：《东南大学》2016年博士论文

【摘要】：可信可控网络旨在实现网络中系统行为的可监测、可评估、可预期,并在此基础上通过构建统一的控制层面来实现网络的可信可控。作为互联网运行的基石,域间路由系统肩负着维护网络可达的责任,在可信可控网络研究中具有极其重要的地位。在该系统中,自治域间通过边界网关协议交换路由通告以实现域问路由收敛,然而该协议的运行基于对自治域所发布路由通告的可信假设,使得域问路由系统易遭受虚假路由通告的干扰,导致网络中断事件频发。因此,如何有效抑制虚假路由信息的产生和传播是当前面向域间路由系统的研究所亟待解决的问题。由于域问路由协议的安全性解决以及路由信息诊断方法难以有效的抑制虚假路由信息的产生和传播,目前信任机制已逐渐被用于对自治域路由行为进行可信评估,评估结果可以作为路由决策规避路由风险的有效依据。然而,现有的面向域间路由系统的信任机制仍然存在一些问题,导致评估结果不能准确反映自治域的路由行为,影响了评估结果作为路由决策依据的有效性,主要问题如下：(1)现有研究没有基于对自治域路由行为的预测来进行信任评估,导致评估结果不能准确反映自治域的路由行为；(2)现有研究缺乏激励自治域积极参与信任推荐的机制,不能保障评估自治域可获取足够的信任信息来实现准确评估；(3)现有研究未采取有效的限制不可靠信任信息对信任评估影响的方法。本文为实现对自治域路由行为的准确信任评估,分别从构建面向域问路由系统的信任模型、对自治域路由行为进行预测以及促进自治域积极参与信任推荐这三个方面展开理论研究。首先,提出一种面向域间路由系统的信任模型,通过基于对自治域路由行为进行预测的信任评估方法、综合多方信任信息、信任推荐激励机制、有效限制不可靠信任信息对信任评估的影响来实现对自治域路由行为的准确评估,其次,为实现对自治域路由行为的准确预测,还提出了一种自治域路由行为预测算法。最后,提出一种自治域信任推荐激励机制,可有效促进自治域相互积极分享信任信息,以保障信任评估结果的全面性和准确性。基于上述理论研究工作,在东南大学可信可控网络实验平台上设计并实现面向域问路由控制的信任机制模块,对模块功能进行全面测试,验证本文理论工作的有效性和可行性。本文对面向域问路由控制的信任机制进行了深入研究,为有效抑制虚假路由信息的产生与传播,提出了可对自治域路由行为进行准确信任评估的方案,评估结果可为域间路由决策规避路由风险提供有效支持,因此,本文工作可为保障域问路由系统的稳定运行以及为互联网的安全运作做出贡献。
[Abstract]:Trusted controllable network is designed to monitor, evaluate and predict the system behavior in the network. On the basis of this, the trusted and controllable network can be realized by constructing a unified control layer. As the cornerstone of Internet operation, inter-domain routing systems shoulder the responsibility of maintaining network accessibility, and play an extremely important role in the research of trusted and controllable networks. In this system, routing notices are exchanged between autonomous domains through a boundary gateway protocol to realize domain routing convergence. However, the operation of the protocol is based on the trusted assumption of routing notices issued by autonomous domains. The system is vulnerable to the interference of false routing notices, which leads to frequent network interruptions. Therefore, how to effectively suppress the generation and propagation of false routing information is an urgent problem to be solved in the research of inter-domain routing systems. Because the security solution of domain routing protocol and the method of routing information diagnosis are difficult to effectively suppress the generation and propagation of false routing information, trust mechanisms have been gradually used to evaluate the routing behavior of autonomous domains. The evaluation results can be used as an effective basis for routing decisions to avoid routing risks. However, there are still some problems in the existing trust mechanisms for inter-domain routing systems, which result in the evaluation results can not accurately reflect the routing behavior of autonomous domains, and affect the effectiveness of the evaluation results as the basis for routing decisions. The main problem is as follows: 1) there is no trust assessment based on the prediction of routing behavior in autonomous domains. As a result, the evaluation results can not accurately reflect the routing behavior of autonomous domains. (2) the existing research lacks a mechanism to encourage autonomous domains to actively participate in trust recommendation. There is no guarantee that evaluation autonomous domains can obtain enough trust information to realize accurate evaluation. Existing research has not adopted effective methods to limit the impact of unreliable trust information on trust assessment. In order to realize the accurate trust evaluation of autonomous domain routing behavior, the trust model of domain-oriented routing system is constructed in this paper. This paper makes theoretical research on the prediction of autonomous domain routing behavior and the promotion of autonomous domain active participation in trust recommendation. First of all, a trust model for inter-domain routing system is proposed, which integrates multi-party trust information and trust recommendation incentive mechanism through a trust evaluation method based on prediction of autonomous domain routing behavior. The influence of unreliable trust information on trust evaluation is effectively restricted to realize accurate evaluation of autonomous domain routing behavior. Secondly, an autonomous domain routing behavior prediction algorithm is proposed to accurately predict autonomous domain routing behavior. Finally, an autonomous trust recommendation incentive mechanism is proposed, which can effectively promote the autonomous domains to actively share trust information with each other, so as to ensure the integrity and accuracy of the results of trust evaluation. Based on the above theoretical research work, a trust mechanism module based on the trusted controllable network of Southeast University is designed and implemented, and the function of the module is tested comprehensively, which verifies the validity and feasibility of the theoretical work in this paper. In this paper, the trust mechanism of domain-oriented routing control is deeply studied. In order to effectively suppress the generation and propagation of false routing information, an accurate trust evaluation scheme for autonomous domain routing behavior is proposed. The evaluation results can provide an effective support for inter-domain routing decisions to avoid routing risks. Therefore, this paper can contribute to the stable operation of the system and the safe operation of the Internet.
【学位授予单位】：东南大学
【学位级别】：博士
【学位授予年份】：2016
【分类号】：TP393.08

【相似文献】