本文選題：可信網(wǎng)絡(luò)　切入點：信任模型　出處：《電子科技大學(xué)》2014年碩士論文

【摘要】：互聯(lián)網(wǎng)在人們的工作、生活、娛樂中的必需性越來越重。由于傳統(tǒng)網(wǎng)絡(luò)具有IP地址雙重語義、用戶接入缺乏認(rèn)證機制等安全缺陷,保證網(wǎng)絡(luò)安全、可靠、可信、可控與可生存顯得尤為重要。首先,論文基于名址分離技術(shù)和分布式信任模型原理構(gòu)建一體化可信網(wǎng)絡(luò)控制系統(tǒng)。該系統(tǒng)從接入、傳輸和路由三個層面出發(fā),在每個層面均采用可行有效的可信控制技術(shù):接入層使用可信認(rèn)證機制、數(shù)字簽名和名址分離的可信接入控制策略保證接入用戶的身份安全,傳輸層使用逐條分組驗證機制和分組可信度檢測機制保證數(shù)據(jù)完整性和安全性,路由層使用名址分離的可信路由控制策略保證路由安全可靠。然后,論文基于OPNET構(gòu)建一體化可信控制系統(tǒng)仿真平臺,結(jié)合可信控制原理,詳細(xì)設(shè)計了系統(tǒng)內(nèi)部信息交互內(nèi)容以及通信協(xié)議,完整構(gòu)建了仿真平臺網(wǎng)絡(luò)、節(jié)點和進(jìn)程三個層面的模型。最后,論文對傳統(tǒng)網(wǎng)絡(luò)中常見網(wǎng)絡(luò)攻擊事件進(jìn)行分類、分析并引入仿真平臺,設(shè)計了23種攻擊事件場景進(jìn)行仿真,仿真主要從兩方面進(jìn)行結(jié)果考察,一方面是可信控制系統(tǒng)對網(wǎng)絡(luò)攻擊事件的有效抵御性,主要考察節(jié)點可信度變化趨勢、惡意節(jié)點路由規(guī)避能力,另一方面基于網(wǎng)絡(luò)負(fù)載、端到端傳播時延、可信連接建立時間、丟包率和含惡意節(jié)點路由比例五個指標(biāo)考察可信控制系統(tǒng)的整體網(wǎng)絡(luò)性能。仿真結(jié)果表明,在網(wǎng)絡(luò)接入、傳輸和路由三個層面引入多種可信控制策略以構(gòu)建可信控制系統(tǒng)能夠及時檢測到這23種攻擊事件的出現(xiàn)并通過調(diào)整可信度予以規(guī)避、消除危害,與此同時,可信控制策略增加的額外網(wǎng)絡(luò)負(fù)載、時延以及可信連接建立時間并不顯著,而網(wǎng)絡(luò)丟包率和含惡意節(jié)點路由比例有明顯降低。
[Abstract]:Internet is becoming more and more important in people's work, life and entertainment.Because the traditional network has the double semantics of IP address and the user access lacks authentication mechanism, it is particularly important to ensure the network security, reliability, credibility, controllability and survivability.Firstly, an integrated trusted network control system is constructed based on name-address separation technology and distributed trust model.The system is based on three layers: access, transmission and routing. In each layer, a feasible and effective trusted control technique is adopted: the access layer uses trusted authentication mechanism.The trusted access control strategy, which separates digital signature and address, ensures the identity security of the access user, and the transport layer uses the packet by packet authentication mechanism and the packet confidence detection mechanism to ensure the data integrity and security.The routing layer uses a trusted routing control strategy based on name-address separation to ensure the safety and reliability of the route.Then, the paper constructs the simulation platform of integrated trusted control system based on OPNET. Combining with the principle of trusted control, the information exchange content and communication protocol within the system are designed in detail, and the network of simulation platform is constructed.Model of node and process at three levels.Finally, the paper classifies the common network attack events in the traditional network, analyzes and introduces the simulation platform, designs 23 attack event scenes to simulate, the simulation results are mainly from two aspects.On the one hand, it is the effective resistance of the trusted control system to the network attack event. It mainly studies the change trend of the node credibility, the routing evading ability of the malicious node, on the other hand, based on the network load, the end-to-end propagation delay, the time of establishing the trusted connection.The overall network performance of the trusted control system is evaluated by five indexes: packet loss rate and routing ratio of malicious nodes.The simulation results show that a variety of trusted control strategies are introduced into the network access, transmission and routing layers to construct a trusted control system, which can detect the occurrence of these 23 attack events in time and avoid them by adjusting the credibility to eliminate the harm.At the same time, the additional network load, delay and the time of establishing trusted connection caused by the trusted control strategy are not significant, while the packet loss rate and the routing ratio of malicious nodes are significantly reduced.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 歐陽毅,周立峰,張紹蓮,黃皓;安全可信網(wǎng)絡(luò)系統(tǒng)的標(biāo)準(zhǔn)與實現(xiàn)[J];計算機應(yīng)用與軟件;2002年11期

相關(guān)博士學(xué)位論文 前1條

1 肖躍雷;可信網(wǎng)絡(luò)連接關(guān)鍵技術(shù)研究及其應(yīng)用[D];西安電子科技大學(xué);2013年

，

本文編號：1709647