Research On Key Technologies Of Security On Service Mechanisms In Smart Identifier Network

With the increasing scale of the Internet,the limitations of traditional network architectures can not satisfy the communication needs brought by diversified new business.Therefore,designing new network architectures to fundamentally solve the shortcomings of the traditional networks has become one of the most urgent research contents in the information field.Smart Identifier Network(SINET)is a novel and promising network architecture,which can realize intelligent and collaborative control of networks through flexible connection scheduling.However,due to the strong openness of the Internet,attackers can still explore new attacks based on analyzing the characteristics of new network architectures.Therefore,we focuse on the key technologies of security on service mechanisms in SINET,analyze its security advantages and threats.In addition,we put forward solutions to defend the service request flooding(SRF)attacks in SINET.The main work and innovation of this dissertation are as follows:(1)The key technologies of service mechanism and the latest research progress of SINET are classified and summarized.Furthermore,the security advantages of SINET are analyzed,and the main security threats are given.Firstly,starting from the architecture model of SINET,the service mechanisms of SINET with the characteristics of three layers and two domains are expounded.Then,the research progress of the service mechanisms in terms of service naming and resolution,routing,caching,transmission control,mobility,security,scalability and green energy saving are discussed.Finally,the security advantages of SINET are analyzed in detail,and the main security threats to SINET in service resolution and service caching are given,providing the basis and direction for the follow-up research on key technologies of security on service mechanisms in SINET.(2)To defend the fake-service request flooding attack(F-SRF)in SINET,an attack detection and defense mechanism based on gini impurity is proposed,which can effectively reduce the resource consumption of the routers caused by the attack.Firstly,an attack defense deployment mechanism based on the close centrality of the network component is proposed.Secondly,an attack detection mechanism based on the gini impurity of service identifier(SID)is proposed.By counting the distribution of the gini impurity of SID,the possibility of the router suffering from the F-SRF can be judged.An identification mechanism of the malicious service request is proposed,and the admission rate of the malicious request is restrained.The performance of the gini impurity based attack defending mechanism is evaluated.Experiments show that when the accuracy of attack detection is 88%,the false alarm rate is less than 10%.The results show that the mechanism can effectively resist F-SRF attack in SINET.(3)To defend the real-service request flooding(R-SRL)attack in SINET,a defense mechanism based on support vector machine(SVM)and Jensen Shannon(JS)divergence is proposed.While ensuring high accuracy of the attack detection,the satisfaction rate of the legitimate service request is improved.Firstly,the attack is detected through feature extracting,feature tagging and SVM classifying.An incremental learning method based on KKT condition is used to update SVM.Secondly,in order to achieve a fine-grained attack defense function,a malicious SID prefix recognition mechanism based on JS divergence is proposed.Besides,a notification message is designed to notify the malicious prefix to downstream routers to prevent malicious service requests from accessing the network.Finally,the performance of the SVM based attack defense mechanism is evaluated.The simulation results show that when the attack detection rate of the trained SVM is 99%,the false alarm rate is 1%.The results verify the accuracy and effectiveness of the proposed mechanism against the R-SRL attack in SINET.(4)To defend the collusive SRF attack between users and service providers in SINET,a reputation based early detection mechanism is proposed to alleviate the network congestion caused by the attack and to reduce the service acquisition delay of legitimate users.Firstly,the timeout resolution mechanism of the service request list(SRL)entry in the attack model is analyzed.Based on the attack model,it is proposed to dynamically adjust the thresholds of the SRL occupancy according to the reputation value of interfaces,and different packet dropping probabilities of service requests are adopted for different interfaces.Simulation results show that the mechanism can reduce the service acquisition delay of legitimate users from 6.49 seconds to 0.14 seconds,and the satisfaction rate of the service request can be increased from 0.78% to a value higher than 80.77%.The results show that the reputation based mechanism can successfully improve the invulnerability of SINET to the collusive SRF attack.