本文選題：內容中心網絡　切入點：興趣包泛洪攻擊　出處：《北京交通大學》2014年博士論文

【摘要】：摘要：隨著信息技術的飛速發(fā)展和新型網絡應用的不斷涌現,互聯網的通信模式已經由以主機網絡地址為中心的互聯互通,逐漸演變?yōu)橐詢热轂橹行牡男畔⒐蚕?這催生了內容中心網絡架構的興起。內容中心網絡直接依據內容的名字完成信息的分發(fā)和獲取,網絡中傳輸的興趣包/數據包不攜帶用戶的位置或身份信息,具有一定的安全優(yōu)勢。然而,內容中心網絡仍難免遭受某些網絡攻擊的侵害,例如,以易于發(fā)動且危害巨大而著稱的興趣包泛洪攻擊。本文圍繞興趣包泛洪攻擊的兩種不同類型——主流的虛假興趣包泛洪攻擊(Interest Flooding Attack with Fake Interests,IFA-F)和非主流的真實興趣包泛洪攻擊(Interest Flooding Attack with Real Interests,IFA-R),研究相應的對抗策略。論文主要工作和創(chuàng)新點如下： 1)提出了IFA-F攻擊危害分析理論模型。本文采用興趣包拒絕概率表征IFA-F攻擊導致的網絡危害程度,推導了IFA-F攻擊時單路由器和小型網絡拓撲的興趣包拒絕概率�；诖四Ｐ�,本文從理論上分析了內容中心網絡內容流行度分布、路由器緩存空間大小、路由器待定興趣表大小及其條目生存時間等關鍵參數對IFA-F攻擊所造成興趣包拒絕概率的影響,并進行了相應的仿真驗證。模型分析和仿真結果表明,IFA-F攻擊導致網絡興趣包拒絕概率顯著增大,降低了網絡性能；網絡中訪問高流行度內容的興趣包拒絕概率較低；增大路由器緩存空間或待定興趣表容量,降低待定興趣表條目的生存時間,均可降低IFA-F攻擊時網絡的興趣包拒絕概率。 2)本文首次提出了一種可行的IFA-F攻擊探測和抑制實現方法——基于限速機制的惡意興趣包路由器對抗策略。該對策充分利用內容中心網絡路由器待定興趣表記錄興趣包狀態(tài)的特征,基于路由器待定興趣表條目的超時情況統(tǒng)計IFA-F惡意興趣包名字前綴,并通過動態(tài)調整惡意名字前綴對應的興趣包準入速率,減輕IFA-F攻擊對路由器內存資源的惡意消耗程度。性能評估結果表明,惡意興趣包路由器對抗策略可以通過探測IFA-F惡意興趣包的名字前綴信息,有效抑制惡意興趣包的準入速率,從而使得路由器在遭受IFA-F攻擊時仍保持基本的興趣包轉發(fā)能力。 3)為實現細粒度的IFA-F攻擊探測和抑制方案,本文提出了基于模糊邏輯和路由器協作的惡意興趣包協同對抗策略。該對策在路由器上監(jiān)測待定興趣表使用率以及條目超時比率,并基于模糊邏輯綜合判別IFA-F攻擊的存在性,以實現對IFA-F攻擊的探測功能；同時,通過路由器協作機制,將預警消息從探測到IFA-F攻擊的路由器反饋至網絡的接入路由器,最終在接入路由器處阻斷惡意興趣包,達到抑制IFA-F攻擊危害的效果�；谡鎸嵕W絡拓撲和用戶行為模型的仿真表明,惡意興趣包協同對抗策略減輕了IFA-F攻擊對路由器內存資源的惡意消耗,提高了合法興趣包的內容獲取成功率,并降低了興趣包的內容獲取時延。 4)在分析內容中心網絡現有典型興趣包轉發(fā)策略安全性的基礎上,本文首次提出了一種對抗IFA-F攻擊的興趣包／數據包安全轉發(fā)策略。該策略引入一種新的基于包標記技術、不依賴于待定興趣表的興趣包/數據包轉發(fā)機制,將IFA-F惡意興趣包從路由器待定興趣表中徹底解耦合,并以較小的網絡帶寬消耗,從本質上切斷了IFA-F惡意興趣包對路由器待定興趣表內存資源的消耗。仿真結果表明,相比基于限速機制的IFA-F攻擊對抗方法,本文提出的興趣包／數據包安全轉發(fā)策略可以明顯減小路由器內存資源消耗量,提高內容中心網絡的IFA-F攻擊對抗能力。 5)針對非主流類型的真實興趣包泛洪攻擊——IFA-R攻擊,本文提出了一種雙閾值]IFA-R攻擊探測方法。該方法基于探測周期內的路由器待定興趣表超時條目數量閾值以及網絡接口數據流量閾值,推斷可能存在的網絡流量異常,以探測IFA-R攻擊的存在。仿真結果表明,雙閾值IFA-R攻擊探測方法在短時間內即可探測到IFA-R攻擊,并成功識別出惡意興趣包流經的路由器接口或對應網絡鏈路。
[Abstract]:Abstract : With the rapid development of information technology and the continuous emergence of new network applications , the communication mode of the Internet has evolved into information sharing based on the network address of hosts , which has resulted in the rise of the content center network architecture .

1 ) The theory model of the damage analysis of IFA - F attack is proposed . The probability of interest packet rejection caused by IFA - F attack is deduced by the rejection probability of interest packet . Based on this model , this paper analyzes the influence of the core network content popularity distribution , router cache space size , router to be determined interest table size and its entry survival time on the rejection probability of the interest packet caused by IFA - F attack . The model analysis and simulation results show that IFA - F attack results in a significant increase in the rejection probability of the network ' s interest packet , and the network performance is reduced .
the interest packet rejection probability of accessing high popularity content in the network is low ;
increasing the buffer space of the router or the capacity of the pending interest table , reducing the survival time of the pending interest table entry , and reducing the probability of the rejection probability of the interest package of the network when the IFA - F attack is reduced .

In this paper , a feasible method for detecting and suppressing malicious interest packet router based on speed limit mechanism is put forward for the first time . The countermeasure makes full use of the characteristic of the active packet state of the content center network router . The method makes full use of the characteristic of the active packet ' s state of the content center network router , and reduces the malicious consumption level of the IFA - F attacks on the router memory resources . The performance evaluation results show that the malicious interest packet router counter policy can effectively suppress the admission rate of the malicious interest packet by detecting the prefix information of the IFA - F malicious interest packet , so that the router can still maintain the basic interest packet forwarding capability when subjected to the IFA - F attack .

3 ) In order to realize the detection and suppression scheme of IFA - F attack with fine granularity , this paper puts forward a malicious interest packet cooperation countermeasure strategy based on fuzzy logic and router cooperation . The countermeasure monitors pending interest table usage rate and entry time - out ratio on the router , and comprehensively discriminates the existence of IFA - F attack based on fuzzy logic , so as to realize the detection function of IFA - F attack ;
At the same time , through the router cooperation mechanism , the router that detects the attack from the IFA - F is fed back to the access router of the network , the malicious interest packet is blocked at the access router , and the effect of inhibiting the IFA - F attack hazard is achieved . Simulation of the real network topology and the user behavior model shows that the malicious interest packet cooperation countermeasure strategy reduces the malicious consumption of the IFA - F attack on the router memory resources , improves the content acquisition success rate of the legitimate interest package , and reduces the content acquisition time delay of the interest package .

This paper proposes a new packet / packet security forwarding strategy against IFA - F attacks . This strategy introduces a new packet - based technique , which does not rely on the interested packet / packet forwarding mechanism of the list of interest . The simulation results show that the packet / packet security forwarding strategy proposed in this paper can significantly reduce the memory resource consumption of the router and improve the IFA - F attack countermeasure capability of the content center network .

5 ) Aiming at the flooding attack _ IFA - R attack of the real interest packet of non - mainstream type , this paper proposes a dual - threshold IFA - R attack detection method . The method is based on the number threshold of the time - out entries of the router to be determined in the probe cycle and the data flow threshold of the network interface . The possible network traffic anomaly is inferred to detect the existence of IFA - R attack . The simulation results show that the dual - threshold IFA - R attack detection method can detect the IFA - R attack in a short time and successfully identify the router interface or the corresponding network link through which the malicious interest packet flows .

【學位授予單位】：北京交通大學
【學位級別】：博士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前3條

1 張宏科;羅洪斌;;智慧協同網絡體系基礎研究[J];電子學報;2013年07期

2 蘇偉;陳佳;周華春;張宏科;;智慧協同網絡中的服務機理研究[J];電子學報;2013年07期

3 郜帥;王洪超;王凱;張宏科;;智慧網絡組件協同機制研究[J];電子學報;2013年07期

，

本文編號：1691167