| Trusted network, composed of trusted network access control and dynamic assessment of trusted network after access, is introduced for the purpose of improving network control and management. At present, trusted network access control is represented by TNC(Trusted Network Connect), among other approaches, which, however are deficient in many ways, as exemplified in the fact that TNC conducts only ID authentication and integrity verification. In addition, accurate dynamic assessment of network status after access remains a challenge in trusted network research due to complexity of network status, large amount of data and real-time requirements.Failure to ensure the security of network access and accuracy in its dynamic assessment is bound to take a toll on the security of network and user information. Given the critical significance of the trustworthy network, trustworthy access and trust assessment has become a hot issue in the field of network security research.In this dissertation we put forward an omni-distance trust mechanism of terminal to realize trusted network, and investigate trust evaluation approaches based on such attributes of trust as timeliness, concentration, fuzziness and roughness. The main contents are as follows:A trusted access model is proposed based on the integrated trust model in this dissertation, because the traditional TNC model, which only verifies the identity and integrity, falls short in guarding against the threats of network. Integrated trust consists of direct trust and indirect trust. Indirect trust resembles the reputation model, which conducts evaluation of terminals by other entities. Such evaluation often follows certain rules and is subject to mild changes. This dissertation proposes a trust evaluation method that calculates indirect trust based on the combination of volatility, consistency of recommendation and trusted grouping. Volatility indicates the continuity and time character of individual evaluation while consistency reflects the continuity and time character of group evaluation, hence assigning indirect weighted assessment continuity and time character, which helps avoid malicious evaluations of malicious nodes. In the calculation of direct trust, the AHP(Analytic Hierarchy Process) method and the graininess of attribute values are applied or examined to respectively determine the static and dynamic weight of attributes, reflecting both the static and dynamic nature of the attributes. The direct trust value is the weighted average of the two factors, and the integrated trust value is the aggregate of indirect trust value and direct trust value. Simulation results show the algorithm to be stronger in resisting malicious nodes than other weighted arithmetics.This dissertation puts forward an evaluation method of trusted network based on rule matching. The rule antecedents are the terminal states, indicated by the trusted attribute sets and their values, and the consequents of the rules are the results of the evaluation. The number of rules generated through network data will expand quickly and need to be reduced. In this dissertation, we turn the trusted network evaluation system into a rough decision system because trust is fuzzy and rough as indicated by the analysis of the trusted attribute sets. In the decision making system, we propose a kind of equivalence partitioning strategy based on minimum risk decision, thereby generating a lower approximation and positive region division, and then make attribute reduction according to the positive domain and attribute independence. The algorithm matches the decision rules, which are stored in a special database, with the trusted rules using the weighted projection vector to select the optimal results. The classification model has a simple structure and effective semantic interpretation, and its effectiveness is proved by the results of experiments.A rule mining algorithm is proposed based on the attribute inclusion degree in this dissertation. Firstly, the algorithm analyzes the measure method of inclusion degree of information systems and the relationship between inclusion degree and rule confidence. Secondly, the algorithm converts all of the rules into Boolean rules, and then presents a rule extraction method based on support and confidence thresholds.A decision tree matching algorithm is proposed based on multi classifier integration. Multiple individual classifiers are then generated from multiple trusted rule sets through the Bootstrap Sampling method. Each individual classification result is represented by a multi-tree, each node of multi-tree determining the importance of the attributes. Finally, the matching of trusted rules is achieved via multi-tree matching. The algorithm boasts not only easy implementation and low time complexity but also improved accuracy thanks to the integration of multiple classifiers. Experimental results demonstrate higher algorithm accuracy than the other attribute reduction algorithm.
|
PDF Full Text Request