[go: up one dir, main page]

CN111585885A - Multi-courtyard medical information security routing strategy based on online learning - Google Patents

Multi-courtyard medical information security routing strategy based on online learning Download PDF

Info

Publication number
CN111585885A
CN111585885A CN202010449124.3A CN202010449124A CN111585885A CN 111585885 A CN111585885 A CN 111585885A CN 202010449124 A CN202010449124 A CN 202010449124A CN 111585885 A CN111585885 A CN 111585885A
Authority
CN
China
Prior art keywords
node
router
formula
next hop
historical performance
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010449124.3A
Other languages
Chinese (zh)
Inventor
张明川
郑瑞娟
朱军龙
吴庆涛
孟萌
王琳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan University of Science and Technology
Original Assignee
Henan University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan University of Science and Technology filed Critical Henan University of Science and Technology
Priority to CN202010449124.3A priority Critical patent/CN111585885A/en
Publication of CN111585885A publication Critical patent/CN111585885A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/24Multipath
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/24Multipath
    • H04L45/245Link aggregation, e.g. trunking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/28Routing or path finding of packets in data switching networks using route fault recovery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明涉及一种基于在线学习的多院区医疗信息安全路由选择策略,包括以下步骤,步骤1、计算发送源AS抵抗前缀劫持攻击的弹性值;步骤2、通过在线学习的方法计算节点的历史性能;步骤3、结合节点弹性值和历史性能两个指标进行加权分配从而获得最佳下一跳节点;步骤4、选择节点权值较高的节点作为下一跳节点。借由上述技术方案,本发明引用了弹性的概念来衡量节点防御Prefix Interception攻击的防御能力,并且利用在线学习的方法来计算路由器节点的历史性能,该安全路由选择策略将计算所得的弹性值和历史性能通过加权计算,从而获得最佳的下一跳路由器,从而保证发送源的数据包能够安全送达正确源。

Figure 202010449124

The invention relates to a multi-hospital medical information security routing strategy based on online learning, which includes the following steps: Step 1: Calculate the elasticity value of a sending source AS against prefix hijacking attacks; Step 2: Calculate the history of nodes by means of online learning performance; Step 3, combine the two indicators of node elasticity value and historical performance to perform weighted allocation to obtain the best next hop node; Step 4, select a node with a higher node weight as the next hop node. With the above technical solution, the present invention refers to the concept of elasticity to measure the defense ability of the node against Prefix Interception attack, and uses the online learning method to calculate the historical performance of the router node, the security routing strategy will calculate the elasticity value and The historical performance is weighted to obtain the best next-hop router, so as to ensure that the data packets of the sending source can be safely delivered to the correct source.

Figure 202010449124

Description

基于在线学习的多院区医疗信息安全路由选择策略Online learning-based multi-hospital medical information security routing strategy

技术领域technical field

本发明属于网络通信安全技术领域,特别涉及一种抵御随机前缀劫持攻击的基于在线学习的多院区医疗信息安全路由选择策略。The invention belongs to the technical field of network communication security, in particular to an online learning-based multi-hospital medical information security routing strategy for resisting random prefix hijacking attacks.

背景技术Background technique

随着经济的发展,医疗设备在逐步的完善,一个医院通常都包含多个分院区。各个分院区之间的信息传输是必不可免的,且由于医疗信息的重要性,保证在信息传输时信息的安全性在当今社会是很重要的。每个分院区的网络构成一个自治系统(AS),AS之间进行信息交互主要通过边界网关协议(BGP)来实现,BGP将整个网络结合在了一起,它是AS之间交换路由信息和改变路由的重要标准。在BGP中,Internet Protocol(IP)包所采取的路由路径通常由前缀宣布来确定,由于路由器并不会去验证AS所宣布前缀的正确的源,所以BGP很容易受到Prefix Interception攻击。With the development of the economy and the gradual improvement of medical equipment, a hospital usually contains multiple branch areas. The transmission of information between various branch districts is unavoidable, and due to the importance of medical information, it is very important in today's society to ensure the security of information during information transmission. The network of each branch area constitutes an autonomous system (AS). The information exchange between ASs is mainly realized through the Border Gateway Protocol (BGP). BGP integrates the entire network. It is the exchange of routing information and changes between ASs. Important criteria for routing. In BGP, the routing path taken by Internet Protocol (IP) packets is usually determined by prefix announcement. Since routers do not verify the correct source of prefixes announced by AS, BGP is vulnerable to Prefix Interception attacks.

Prefix Interception攻击是指敌手AS宣布不属于自己的前缀码,而路由器并不会去验证该前缀正确的源AS,只根据本地路由策略来进行IP包的转发,从而导致数据包流入错误源AS。Prefix Interception攻击的攻击者在接收到数据包之后会发送数据包至正确源,致使该攻击难以被察觉。Prefix Interception attack means that the adversary AS announces the prefix code that does not belong to itself, but the router does not verify the correct source AS of the prefix, but only forwards the IP packet according to the local routing policy, which causes the data packet to flow into the wrong source AS. The attacker of the Prefix Interception attack sends the packet to the correct source after receiving the packet, making the attack difficult to detect.

鉴于缺乏关于互联网中前缀和AS的权威信息,实时伪造路由检测仍然是一个具有挑战性和开放性的问题。要检测前缀劫持和路径欺骗路由,必须知道因特网中分配的前缀及其合法来源AS以及AS与AS之间的导入/导出路由策略之间的连接。Given the lack of authoritative information about prefixes and ASs in the Internet, real-time forged route detection remains a challenging and open problem. To detect prefix hijacking and path spoofing routing, it is necessary to know the connections between the assigned prefixes in the Internet and their legitimate source ASs and the import/export routing policies between ASs.

发明内容SUMMARY OF THE INVENTION

为了抵御上述Prefix Interception攻击,本发明提供一种新的安全路由选择策略,该策略采用弹性评估算法和在线学习算法分别对节点抵抗Prefix Interception攻击的能力和节点BGP路由器的历史性能进行评估,并将这两个特性相结合从而选择最优路由,达到了抵御Prefix Interception攻击的目的。In order to resist the above-mentioned Prefix Interception attack, the present invention provides a new security routing strategy, which adopts an elastic evaluation algorithm and an online learning algorithm to evaluate the node's ability to resist the Prefix Interception attack and the historical performance of the node's BGP router, respectively. These two features are combined to select the optimal route and achieve the purpose of resisting the Prefix Interception attack.

本发明的目的及解决其技术问题是采用以下技术方案来实现。依据本发明提出的一种基于在线学习的多院区医疗信息安全路由选择策略,包括以下步骤:The purpose of the present invention and the technical problem to be solved are achieved by adopting the following technical solutions. A multi-hospital medical information security routing strategy based on online learning proposed according to the present invention includes the following steps:

步骤1、计算发送源AS抵抗前缀劫持攻击的弹性值;Step 1. Calculate the resilience value of the source AS against prefix hijacking attacks;

步骤2、通过在线学习的方法计算节点的历史性能;Step 2. Calculate the historical performance of the node by the method of online learning;

步骤3、结合节点弹性值和历史性能两个指标进行加权分配从而获得最佳下一跳节点;Step 3. Combine the two indicators of node elasticity value and historical performance for weighted allocation to obtain the best next-hop node;

步骤4、选择节点权值较高的节点作为下一跳节点。Step 4. Select the node with higher node weight as the next hop node.

进一步的,在步骤1中,利用α(m,j,f)表示节点被攻击的结果,因此在判断节点的弹性时使用以下公式计算弹性:Further, in step 1, α(m,j,f) is used to represent the result of the node being attacked, so the following formula is used to calculate the elasticity when judging the elasticity of the node:

Figure BDA0002506878370000021
Figure BDA0002506878370000021

在该公式中,l(j,m)是从发送源AS j到正确源AS m的路径数量,而l(j,f)是从发送源ASj到错误源AS f的路径数量;在一个网络中,当发送源AS和正确源AS是确定的,则发送源ASj的弹性值可通过聚合节点弹性来获得,公式为:In this formula, l(j,m) is the number of paths from the sending source AS j to the correct source AS m, and l(j,f) is the number of paths from the sending source ASj to the wrong source AS f; in a network , when the sending source AS and the correct source AS are determined, the elasticity value of the sending source ASj can be obtained by the elasticity of the aggregation node, and the formula is:

Figure BDA0002506878370000022
Figure BDA0002506878370000022

式中,H代表网络拓扑中所有节点的数量。In the formula, H represents the number of all nodes in the network topology.

进一步的,在步骤2中,节点历史性能的计算步骤如下:Further, in step 2, the calculation steps of the node historical performance are as follows:

A:计算t轮次,j节点的安全风险

Figure BDA0002506878370000027
公式如下:A: Calculate t rounds, the security risk of j node
Figure BDA0002506878370000027
The formula is as follows:

Figure BDA0002506878370000023
Figure BDA0002506878370000023

式中,T代表了第T轮次,1代表指示函数,因为攻击是具有时效性的,所以定义在时间间隔内的历史性能是有效的;In the formula, T represents the T-th round, and 1 represents the indicator function. Because the attack is time-sensitive, the historical performance defined in the time interval is valid;

B:利用在线学习的方法对历史性能进行计算时,将历史性能用以下公式进行总结:B: When using the online learning method to calculate the historical performance, summarize the historical performance with the following formula:

Figure BDA0002506878370000024
Figure BDA0002506878370000024

式中

Figure BDA0002506878370000025
代表路由器s已经选择过的下一跳路由器,
Figure BDA0002506878370000026
代表在t轮次路由器s可以选择的下一跳路由器集合,1代表指示函数,J代表可选择下一跳路由器集合,s代表当前所处的路由器集合;in the formula
Figure BDA0002506878370000025
represents the next-hop router that has been selected by router s,
Figure BDA0002506878370000026
represents the set of next-hop routers that can be selected by router s in round t, 1 represents the indicator function, J represents the set of selectable next-hop routers, and s represents the current set of routers;

C:假定路由器s选择下一跳路由器服从分布

Figure BDA0002506878370000031
那么问题可以转化为:C: Assume that router s chooses the next hop router to obey the distribution
Figure BDA0002506878370000031
Then the problem can be transformed into:

Figure BDA0002506878370000032
Figure BDA0002506878370000032

式中

Figure BDA0002506878370000033
代表了选择下一跳路由器集合概率,
Figure BDA0002506878370000034
代表了选择下一跳路由器风险值的矩阵向量,其中:in the formula
Figure BDA0002506878370000033
represents the probability of selecting the next hop router set,
Figure BDA0002506878370000034
A matrix vector representing the risk value of choosing a next-hop router, where:

Figure BDA0002506878370000035
Figure BDA0002506878370000035

Figure BDA0002506878370000036
代表了
Figure BDA0002506878370000037
的概率单纯形,p(j)代表节点s选择节点j作为下一跳的概率,
Figure BDA0002506878370000038
代表选择下一跳路由器集合J的概率,值为正;
Figure BDA0002506878370000036
represents
Figure BDA0002506878370000037
The probability simplex of , p(j) represents the probability that node s selects node j as the next hop,
Figure BDA0002506878370000038
represents the probability of selecting the next hop router set J, and the value is positive;

D:对于每一个路由器的历史性能的评估用以下公式进行计算:D: The evaluation of the historical performance of each router is calculated by the following formula:

Figure BDA0002506878370000039
Figure BDA0002506878370000039

其中

Figure BDA00025068783700000310
代表步长,
Figure BDA00025068783700000311
代表累积安全风险,累积安全风险的定义如下:in
Figure BDA00025068783700000310
represents the step length,
Figure BDA00025068783700000311
Represents cumulative security risk, which is defined as follows:

Figure BDA00025068783700000312
Figure BDA00025068783700000312

式中

Figure BDA00025068783700000313
代表安全风险估计值,其定义如下:in the formula
Figure BDA00025068783700000313
represents the security risk estimate, which is defined as follows:

Figure BDA00025068783700000314
Figure BDA00025068783700000314

式中

Figure BDA00025068783700000315
代表所有节点n和节点j相连的边都存在于
Figure BDA00025068783700000316
Figure BDA00025068783700000317
代表在线学习算法的学习率;
Figure BDA00025068783700000318
代表节点s的邻居节点n被选择的概率;
Figure BDA00025068783700000319
代表过去的轮次中所选择的下一跳路由器集合
Figure BDA00025068783700000320
与t轮次可以选择的下一跳路由器集合;下一跳路由器的集合
Figure BDA00025068783700000321
已经揭露,那么路由器s选择下一跳路由器j的概率为:in the formula
Figure BDA00025068783700000315
Represents that all edges connecting node n and node j exist in
Figure BDA00025068783700000316
Figure BDA00025068783700000317
represents the learning rate of the online learning algorithm;
Figure BDA00025068783700000318
The probability that the neighbor node n representing node s is selected;
Figure BDA00025068783700000319
Represents the set of next-hop routers selected in past rounds
Figure BDA00025068783700000320
The set of next-hop routers that can be selected in round t; the set of next-hop routers
Figure BDA00025068783700000321
It has been disclosed, then the probability that router s chooses the next hop router j is:

Figure BDA00025068783700000322
Figure BDA00025068783700000322

E:通过计算后悔值来分析在线学习算法的性能,定义如下:E: Analyze the performance of online learning algorithms by calculating regret values, defined as follows:

Figure BDA0002506878370000041
Figure BDA0002506878370000041

式中,

Figure BDA0002506878370000042
代表了最佳的下一跳路由器列表;In the formula,
Figure BDA0002506878370000042
represents the best next-hop router list;

后悔值定义是依赖于最佳可选择的下一跳路由器,而随机选择的下一跳路由器的后悔值的界为:The definition of regret value depends on the best selectable next-hop router, and the bound of regret value of randomly selected next-hop router is:

Figure BDA0002506878370000043
Figure BDA0002506878370000043

式中

Figure BDA0002506878370000044
为学习率。in the formula
Figure BDA0002506878370000044
is the learning rate.

在步骤3中,对节点弹性值和历史性能进行加权分配时,引入可调参数β∈[0,1]结合节点弹性值和历史性能,其计算公式为:In step 3, when the weighted distribution of node elasticity value and historical performance is carried out, the adjustable parameter β∈[0,1] is introduced to combine the node elasticity value and historical performance. The calculation formula is:

Figure BDA0002506878370000045
Figure BDA0002506878370000045

式中,Wj表示节点j结合弹性值与历史性能后的权值。In the formula, W j represents the weight of node j after combining the elasticity value and historical performance.

借由上述技术方案,本发明设计了一个基于在线学习的安全路由选择策略,网络级攻击者可以通过宣布不属于自己的IP前缀码来发起Prefix Interception攻击,所以当攻击者宣布拦截数据包的前缀码时,一部分发送源AS被错误源AS欺骗,并将数据包发送到错误源AS取代发送至正确源AS。该攻击者在接收到数据包之后徐会将数据包发送给正确源AS,这就导致了该攻击难以被察觉。本发明引用了弹性的概念来衡量节点防御PrefixInterception攻击的防御能力,并且利用在线学习的方法来计算路由器节点的历史性能,该安全路由选择策略将计算所得的弹性值和历史性能通过加权计算,从而获得最佳的下一跳路由器,从而保证发送源的数据包能够安全送达正确源。With the above technical solution, the present invention designs a secure routing strategy based on online learning. A network-level attacker can initiate a Prefix Interception attack by declaring an IP prefix code that does not belong to himself. When the code is received, a part of the sending source AS is deceived by the wrong source AS, and sends the data packet to the wrong source AS instead of sending the data packet to the correct source AS. After the attacker receives the data packet, Xu will send the data packet to the correct source AS, which makes the attack difficult to detect. The invention refers to the concept of elasticity to measure the defense ability of the node against PrefixInterception attack, and uses the online learning method to calculate the historical performance of the router node. Obtain the best next-hop router to ensure that the data packets from the sending source can be safely delivered to the correct source.

上述说明仅是本发明技术方案的概述,为了能更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为让本发明的上述和其他目的、特征和优点能够更明显易懂,以下特举较佳实施例,并配合附图,详细说明如下。The above description is only an overview of the technical solution of the present invention, in order to understand the technical means of the present invention more clearly, it can be implemented according to the content of the description, and in order to make the above and other objects, features and advantages of the present invention more obvious and easy to understand , the following specific preferred embodiments, and in conjunction with the accompanying drawings, are described in detail as follows.

附图说明Description of drawings

图1是本发明的流程示意图。FIG. 1 is a schematic flow chart of the present invention.

具体实施方式Detailed ways

以下结合附图及较佳实施例,对本发明的技术方案作进一步的详细说明。The technical solutions of the present invention will be further described in detail below with reference to the accompanying drawings and preferred embodiments.

首先网络级攻击者可以通过宣布不属于自己的IP前缀码来发起PrefixInterception攻击,所以当攻击者宣布拦截数据包的前缀码时,一部分AS被错误源AS欺骗,并将数据包发送到虚假源AS取代发送至真正源AS。该攻击者在接收到数据包之后会将数据包发送给正确源AS,这就导致了该攻击难以被察觉。在本发明中,引用弹性的概念来衡量节点防御Prefix Interception攻击的防御能力,并且利用在线学习的方法来计算路由器节点的历史性能。本申请设计一种基于在线学习的多院区医疗信息安全路由选择策略,该安全路由选择策略将计算所得的弹性值和历史性能通过加权计算,从而获得最佳的下一跳路由器,具体流程如图1所示。First of all, a network-level attacker can launch a PrefixInterception attack by declaring an IP prefix code that does not belong to him. Therefore, when the attacker announces the prefix code of intercepting packets, some ASs are deceived by the wrong source AS and send the packets to the fake source AS. Instead of sending to the real source AS. The attacker will send the packet to the correct source AS after receiving the packet, which makes the attack difficult to detect. In the present invention, the concept of elasticity is used to measure the defense ability of nodes against Prefix Interception attacks, and the online learning method is used to calculate the historical performance of router nodes. This application designs a multi-hospital medical information security routing strategy based on online learning. The security routing strategy uses the calculated elastic value and historical performance through weighted calculation to obtain the best next-hop router. The specific process is as follows Figure 1.

为了实现本设计方案的相关功能,需要设计计算节点弹性值的算法以及设计计算节点历史性能的算法。下面详细说明各模块的功能和方法步骤。In order to realize the relevant functions of this design scheme, it is necessary to design an algorithm for calculating the elastic value of a node and an algorithm for calculating the historical performance of the node. The functions and method steps of each module are described in detail below.

1、计算AS抵抗前缀劫持攻击的弹性值1. Calculate the resilience value of AS to resist prefix hijacking attacks

在这一部分中,引入弹性的概念用以评估节点抵抗Prefix Interception攻击的能力。AS级的敌手宣布不属于自己的AS前缀码用以发起Prefix Interception攻击,且每个节点都有多条路径通向错误源AS f和真源AS m。如果源ASj没有被错误源ASf欺骗,并且仍然将其流量发送到正确源AS m,则源AS j对该前缀劫持攻击具有弹性。每个节点被攻击的节点为成功或者失败,利用α(m,j,f)表示节点被攻击的结果。因此,在判断节点的弹性时,使用以下公式计算弹性:In this part, the concept of resilience is introduced to evaluate the ability of nodes to resist Prefix Interception attacks. An AS-level adversary announces an AS prefix code that does not belong to itself to launch a Prefix Interception attack, and each node has multiple paths leading to the wrong source AS f and the true source AS m. Source AS j is resilient to this prefix hijacking attack if source ASj is not spoofed by wrong source ASf, and still sends its traffic to correct source AS m. The attacked node of each node is success or failure, and α(m, j, f) is used to represent the attack result of the node. Therefore, when judging the resilience of a node, use the following formula to calculate resilience:

Figure BDA0002506878370000051
Figure BDA0002506878370000051

在该公式中,l(j,m)是从源AS j到正确源AS m的路径数量,而l(j,f)是从源AS j到错误源AS f的路径数量。在一个网络中,当源AS j和正确的源AS m是确定的,则源AS j的弹性可以通过聚合节点弹性来获得,公式如下所示:In this formula, l(j,m) is the number of paths from source AS j to correct source AS m, and l(j,f) is the number of paths from source AS j to faulty source AS f. In a network, when the source AS j and the correct source AS m are determined, the resiliency of the source AS j can be obtained by aggregating node resiliency, the formula is as follows:

Figure BDA0002506878370000052
Figure BDA0002506878370000052

式中,H代表网络拓扑中所有节点的数量。In the formula, H represents the number of all nodes in the network topology.

通过预测路由来衡量节点抵抗Prefix Interception攻击的弹性值,路由的选择由以下几个方面的条件决定:(1)消费者路由优先于对等网络路由,对等网络路由优先于供应商路由;(2)在本地优先级最高的路径中,将优先选择跳数最短的路径。在本发明中,基于上述优先级和特性,使用广度优先搜索遍历节点。首先,搜索优先级最高的路径,即提供者-消费者路由;其次,搜索对等网络路由;最后,搜索消费者-提供商路由。节点是从优先级最高的节点搜索到优先级最低的节点,这些搜索在相同的步骤中具有相同的优先级,并且这一顺序将加速弹性的计算。The resilience value of the node against Prefix Interception attack is measured by predicting the route. The choice of route is determined by the following conditions: (1) The consumer route takes precedence over the peer-to-peer network route, and the peer-to-peer network route takes precedence over the provider route; ( 2) Among the paths with the highest local priority, the path with the shortest hop count will be preferentially selected. In the present invention, nodes are traversed using breadth-first search based on the above-mentioned priorities and characteristics. First, the path with the highest priority is searched, that is, the provider-consumer route; second, the peer-to-peer route is searched; and finally, the consumer-provider route is searched. Nodes are searched from the highest priority node to the lowest priority node, these searches have the same priority in the same steps, and this order will speed up the calculation of elasticity.

2、通过在线学习计算路由器的历史性能2. Calculate the historical performance of the router through online learning

当本发明使用路由器进行信息交互时,应该注意最近几个轮次中流入AS内部的具有不同前缀数据包,本发明用

Figure BDA0002506878370000061
表示选择路由器的安全风险,其公式为:When the present invention uses routers for information exchange, it should be noted that the data packets with different prefixes flowing into the AS in recent rounds, the present invention uses
Figure BDA0002506878370000061
Indicates the security risk of choosing a router, and its formula is:

Figure BDA0002506878370000062
Figure BDA0002506878370000062

在该式中,T代表了第T轮次,1代表指示函数。因为攻击是具有时效性的,所以定义在时间间隔D内的历史性能是有效的。In this formula, T represents the T-th round, and 1 represents the indicator function. Because the attack is time-sensitive, the historical performance defined over time interval D is valid.

利用在线学习的方法对历史性能进行计算时,可将历史性能用以下公式进行总结:When using the online learning method to calculate the historical performance, the historical performance can be summarized by the following formula:

Figure BDA0002506878370000063
Figure BDA0002506878370000063

其中

Figure BDA0002506878370000064
代表路由器s已经选择过的下一跳路由器,
Figure BDA0002506878370000065
代表在t轮次路由器s可以选择的下一跳路由器集合,1代表指示函数,J代表可选择下一跳路由器集合,S代表当前所处的路由器集合。假定路由器s选择下一跳路由器服从分布
Figure BDA0002506878370000066
问题可以转化为:in
Figure BDA0002506878370000064
represents the next-hop router that has been selected by router s,
Figure BDA0002506878370000065
represents the set of next-hop routers that can be selected by router s in round t, 1 represents the indicator function, J represents the set of selectable next-hop routers, and S represents the set of routers currently located. Assume that router s chooses the next hop router to obey the distribution
Figure BDA0002506878370000066
The problem can be transformed into:

Figure BDA0002506878370000067
Figure BDA0002506878370000067

式中

Figure BDA0002506878370000068
代表了选择下一跳路由器集合概率,
Figure BDA0002506878370000069
代表了选择下一跳路由器风险值的矩阵向量,其中:in the formula
Figure BDA0002506878370000068
represents the probability of selecting the next hop router set,
Figure BDA0002506878370000069
A matrix vector representing the risk value of choosing a next-hop router, where:

Figure BDA00025068783700000610
Figure BDA00025068783700000610

Figure BDA00025068783700000611
代表了
Figure BDA00025068783700000612
的概率单纯形,p(j)代表节点s选择节点j作为下一跳的概率;
Figure BDA00025068783700000613
代表选择下一跳路由器集合J的概率,值为正。对于每一个路由器的历史性能的评估用以下公式进行计算:
Figure BDA00025068783700000611
represents
Figure BDA00025068783700000612
The probability simplex of , p(j) represents the probability that node s selects node j as the next hop;
Figure BDA00025068783700000613
Represents the probability of selecting the next hop router set J, and the value is positive. The evaluation of the historical performance of each router is calculated using the following formula:

Figure BDA0002506878370000071
Figure BDA0002506878370000071

其中

Figure BDA0002506878370000072
代表步长,
Figure BDA0002506878370000073
代表累积安全风险,累积安全风险的定义如下:in
Figure BDA0002506878370000072
represents the step length,
Figure BDA0002506878370000073
Represents cumulative security risk, which is defined as follows:

Figure BDA0002506878370000074
Figure BDA0002506878370000074

其中

Figure BDA0002506878370000075
代表安全风险估计值,其定义如下:in
Figure BDA0002506878370000075
represents the security risk estimate, which is defined as follows:

Figure BDA0002506878370000076
Figure BDA0002506878370000076

其中

Figure BDA0002506878370000077
代表所有节点n和节点j相连的边都存在于
Figure BDA0002506878370000078
Figure BDA0002506878370000079
代表该在线学习算法的学习率;
Figure BDA00025068783700000710
代表节点s的邻居节点n被选择的概率;
Figure BDA00025068783700000711
代表上过去的轮次中所选择的下一跳路由器集合
Figure BDA00025068783700000712
与t轮次可以选择的下一跳路由器集合。下一跳路由器的集合
Figure BDA00025068783700000713
已经揭露,那么路由器s选择下一跳路由器j的概率为:in
Figure BDA0002506878370000077
Represents that all edges connecting node n and node j exist in
Figure BDA0002506878370000078
Figure BDA0002506878370000079
represents the learning rate of the online learning algorithm;
Figure BDA00025068783700000710
The probability that the neighbor node n representing node s is selected;
Figure BDA00025068783700000711
Represents the set of next-hop routers selected in the last round
Figure BDA00025068783700000712
The set of next-hop routers that can be selected for round t. set of next-hop routers
Figure BDA00025068783700000713
It has been disclosed, then the probability that router s chooses the next hop router j is:

Figure BDA00025068783700000714
Figure BDA00025068783700000714

通过计算后悔值来分析在线学习算法的性能,定义如下:The performance of the online learning algorithm is analyzed by calculating the regret value, which is defined as follows:

Figure BDA00025068783700000715
Figure BDA00025068783700000715

其中,

Figure BDA00025068783700000716
代表了最佳的下一跳路由器列表。in,
Figure BDA00025068783700000716
Represents a list of best next-hop routers.

后悔值定义的基本原理是依赖于最佳可选择的下一跳路由器。而随机选择的下一跳路由器的后悔值的界为:The rationale for the definition of regret value is to rely on the best selectable next-hop router. The bound of the regret value of the randomly selected next-hop router is:

Figure BDA00025068783700000717
Figure BDA00025068783700000717

其中

Figure BDA00025068783700000718
为学习率。in
Figure BDA00025068783700000718
is the learning rate.

综上,历史性能的算法步骤如下:In summary, the algorithm steps of historical performance are as follows:

步骤一、计算t轮次,j节点的历史性能

Figure BDA00025068783700000719
Step 1. Calculate the historical performance of the j node for round t and j
Figure BDA00025068783700000719

步骤二、揭露可以选择的下一跳路由器集合;Step 2: Expose the set of next-hop routers that can be selected;

步骤三、计算节点s选择下一跳路由器的概率;Step 3: Calculate the probability that node s selects the next hop router;

步骤四、将各节点的安全风险

Figure BDA0002506878370000081
发送给邻居节点;Step 4. Identify the security risks of each node
Figure BDA0002506878370000081
Send to neighbor nodes;

步骤五、计算安全风险

Figure BDA0002506878370000082
Step 5. Calculate the security risk
Figure BDA0002506878370000082

步骤六、评估安全风险

Figure BDA0002506878370000083
Step 6. Assess security risks
Figure BDA0002506878370000083

步骤七、进入下一轮次的计算。Step 7: Enter the next round of calculation.

3、结合节点的弹性值和历史性能从而获得最佳下一跳路由器。3. Combine the elasticity value and historical performance of the node to obtain the best next-hop router.

上述已描述路由器的两个重要的性能指标:弹性和历史性能。如果只考虑弹性值,则路由的安全性得不到保障;若只考虑历史性能,则路由的可达性得不到保障。将路由器的弹性和历史性能相结合,从而保障路由的安全和可达性。首先,评估路由器的弹性值;然后评估路由器的历史性能;最后,引入可调参数β∈[0,1]结合这两个性能,公式如下所示:Two important performance indicators of routers have been described above: resilience and historical performance. If only the elasticity value is considered, the security of the route cannot be guaranteed; if only the historical performance is considered, the reachability of the route cannot be guaranteed. Combining the resiliency and historical performance of routers to ensure routing security and reachability. First, the resilience value of the router is evaluated; then the historical performance of the router is evaluated; finally, a tunable parameter β∈[0,1] is introduced to combine these two performances, and the formula is as follows:

Figure BDA0002506878370000084
Figure BDA0002506878370000084

式中,Wj表示节点j结合弹性值与历史性能后权值。In the formula, W j represents the weight of node j after combining elasticity value and historical performance.

综上,本实施例中路由选择策略的具体执行步骤如下:To sum up, the specific execution steps of the routing policy in this embodiment are as follows:

步骤一、根据本地路由优先级预测路由,从而计算节点弹性;Step 1: Predict the route according to the local route priority, so as to calculate the node elasticity;

步骤二、根据在线学习的方法计算节点的历史性能;Step 2: Calculate the historical performance of the node according to the online learning method;

步骤三、将节点弹性和历史性能两个指标进行加权分配;Step 3: Weighted allocation of node elasticity and historical performance;

步骤四、选择节点权值Wj较高的节点作为下一跳节点,从而使得发送源AS j的数据包安全发送至正确源。Step 4: Select a node with a higher node weight W j as the next hop node, so that the data packet of the sending source AS j is safely sent to the correct source.

以上所述,仅是本发明的较佳实施例而已,任何熟悉本专业的技术人员,在不脱离本发明技术方案范围内,依据本发明的技术实质对以上实施例所做的任何简单修改、等同变化与修饰,均仍属于本发明技术方案的范围内。The above are only the preferred embodiments of the present invention. Any person skilled in the art, without departing from the scope of the technical solution of the present invention, can make any simple modifications to the above embodiments according to the technical essence of the present invention, Equivalent changes and modifications still fall within the scope of the technical solutions of the present invention.

Claims (4)

1. The on-line learning-based multi-institution medical information security routing strategy is characterized by comprising the following steps:
step 1, calculating an elastic value of a sending source AS for resisting prefix hijack attack;
step 2, calculating the historical performance of the nodes by an online learning method;
step 3, combining two indexes of the node elasticity value and the historical performance to carry out weighting distribution so as to obtain the best next hop node;
and 4, selecting the node with the higher node weight value as the next hop node.
2. The online-learning-based multi-institution medical information security routing policy of claim 1, wherein: in step 1, the result of the node being attacked is represented by α (m, j, f), so the elasticity is calculated using the following formula when judging the elasticity of the node:
Figure FDA0002506878360000011
in this formula, l (j, m) is the number of paths from the transmission source AS j to the correct source ASm, and l (j, f) is the number of paths from the transmission source ASj to the error source AS f; in a network, when a sending source AS and a correct source AS are determined, the elasticity value of the sending source ASj can be obtained by aggregating node elasticity, with the formula:
Figure FDA0002506878360000012
in the formula, H represents the number of all nodes in the network topology.
3. The online-learning-based multi-institution medical information security routing policy of claim 2, wherein: in step 2, the calculation steps of the node historical performance are as follows:
a: calculating the safety risk r of the j node in the t roundt s(j) The formula is as follows:
Figure FDA0002506878360000013
in the formula, T represents the tth round, and 1 represents an indication function, since the attack is time-sensitive, it is effective to define the historical performance in the time interval;
b: when the on-line learning method is used for calculating the historical performance, the historical performance is summarized by the following formula:
Figure FDA0002506878360000014
in the formula
Figure FDA0002506878360000021
Representing the next hop router that router s has selected,
Figure FDA0002506878360000022
representing a set of next hop routers which can be selected by the router s in the t round, 1 representing an indication function, J representing a set of selectable next hop routers, and s representing a set of routers where the router is currently located;
c: assume that router s selects the next hop router obedient distribution
Figure FDA0002506878360000023
Figure FDA0002506878360000024
Then the problem can be translated into:
Figure FDA0002506878360000025
in the formula
Figure FDA0002506878360000026
Representing the probability of selecting the next hop router set,
Figure FDA0002506878360000027
a matrix vector representing risk values for selecting a next hop router, wherein:
Figure FDA0002506878360000028
Figure FDA0002506878360000029
represent
Figure FDA00025068783600000210
P (j) represents the probability that node s selects node j as the next hop,
Figure FDA00025068783600000211
represents the probability of selecting the next-hop router set J, and the value is positive;
d: the evaluation of the historical performance for each router is calculated using the following formula:
Figure FDA00025068783600000212
wherein
Figure FDA00025068783600000213
The step size is represented as a function of,
Figure FDA00025068783600000214
represents the cumulative security risk, which is defined as follows:
Figure FDA00025068783600000215
in the formula
Figure FDA00025068783600000216
Represents a security risk estimate, defined as follows:
Figure FDA00025068783600000217
in the formula
Figure FDA00025068783600000218
Representing that all edges connecting node n and node j exist
Figure FDA00025068783600000219
Figure FDA00025068783600000220
Represents a learning rate of an online learning algorithm;
Figure FDA00025068783600000221
probability that a neighbor node n representing a node s is selected;
Figure FDA00025068783600000222
representing the set of next hop routers selected in the past round
Figure FDA00025068783600000223
A set of next hop routers selectable with the t round; set of next hop routers
Figure FDA00025068783600000224
As already disclosed, the probability of router s selecting next hop router j is:
Figure FDA00025068783600000225
e: the performance of the online learning algorithm is analyzed by calculating the regret value, defined as follows:
Figure FDA0002506878360000031
in the formula,
Figure FDA0002506878360000035
represents the best next hop router list;
the regret value definition is dependent on the best selectable next hop router, and the regret value of a randomly selected next hop router is bounded by:
Figure FDA0002506878360000032
in the formula
Figure FDA0002506878360000033
Is the learning rate.
4. The online-learning-based multi-institution medical information security routing policy of claim 3, wherein: when the node elasticity value and the historical performance are weighted and distributed in the step 3, an adjustable parameter beta is introduced to be the [0,1] and is combined with the node elasticity value and the historical performance, and the calculation formula is as follows:
Figure FDA0002506878360000034
in the formula, WjAnd representing the weight value of the node j after combining the elasticity value and the historical performance.
CN202010449124.3A 2020-05-25 2020-05-25 Multi-courtyard medical information security routing strategy based on online learning Pending CN111585885A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010449124.3A CN111585885A (en) 2020-05-25 2020-05-25 Multi-courtyard medical information security routing strategy based on online learning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010449124.3A CN111585885A (en) 2020-05-25 2020-05-25 Multi-courtyard medical information security routing strategy based on online learning

Publications (1)

Publication Number Publication Date
CN111585885A true CN111585885A (en) 2020-08-25

Family

ID=72125346

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010449124.3A Pending CN111585885A (en) 2020-05-25 2020-05-25 Multi-courtyard medical information security routing strategy based on online learning

Country Status (1)

Country Link
CN (1) CN111585885A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100132037A1 (en) * 2008-11-25 2010-05-27 At&T Intellectual Property I, L.P. System and method to locate a prefix hijacker within a one-hop neighborhood
CN106060014A (en) * 2016-05-18 2016-10-26 中国互联网络信息中心 Method for simultaneously solving prefix hijacking, path hijacking and route leakage attacks
CN108496328A (en) * 2015-12-21 2018-09-04 赛门铁克公司 The accurate real-time identification that malice BGP is kidnapped

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100132037A1 (en) * 2008-11-25 2010-05-27 At&T Intellectual Property I, L.P. System and method to locate a prefix hijacker within a one-hop neighborhood
CN108496328A (en) * 2015-12-21 2018-09-04 赛门铁克公司 The accurate real-time identification that malice BGP is kidnapped
CN106060014A (en) * 2016-05-18 2016-10-26 中国互联网络信息中心 Method for simultaneously solving prefix hijacking, path hijacking and route leakage attacks

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
MENG MENG;ET ALL: "Safeguarding against prefix interception attacks via online learning", 《ROBOTICS AND AUTONOMOUS SYSTEM》 *
刘宇靖: "面向前缀劫持防范的域间路由系统安全性评估", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Similar Documents

Publication Publication Date Title
Ballani et al. Off by default!
Duan et al. Controlling IP spoofing through interdomain packet filters
Abliz Internet denial of service attacks and defense mechanisms
Gong et al. A more practical approach for single-packet IP traceback using packet logging and marking
US8201252B2 (en) Methods and devices for providing distributed, adaptive IP filtering against distributed denial of service attacks
CN105516184B (en) A kind of defence method of the link flood attack based on incremental deploying SDN network
Guangsen et al. Cooperative defence against DDoS attacks
CN100531061C (en) System and method for identifying source of malicious network messages
Yau et al. Reputation methods for routing security for mobile ad hoc networks
EP2345212A1 (en) Method and apparatus for forwarding data packets using aggregating router keys
US20100153537A1 (en) Method and apparatus for providing detection of internet protocol address hijacking
CN112995040B (en) Message path tracing method and device based on equipment identification calculation
CN101296181B (en) Implementation method of trust-based two-stage fault-tolerant and intrusion-tolerant routing in IP network
WO2016037657A1 (en) Detecting the status of a mesh node in a wireless mesh network
Hsiao et al. STRIDE: sanctuary trail--refuge from internet DDoS entrapment
Nur et al. Single packet AS traceback against DoS attacks
Xiao et al. An autonomous defense against SYN flooding attacks: Detect and throttle attacks at the victim side independently
Beitollahi et al. A cooperative mechanism to defense against distributed denial of service attacks
Feng et al. Research on the active DDoS filtering algorithm based on IP flow
Machiraju et al. A scalable and robust solution for bandwidth allocation
CN111585885A (en) Multi-courtyard medical information security routing strategy based on online learning
CN118353647A (en) Active link flooding attack defense system based on network topology confusion
RU2739151C1 (en) Method for masking structure of communication network
Lima et al. Survival multipath routing for MANETs
Paruchuri et al. FAST: fast autonomous system traceback

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200825

RJ01 Rejection of invention patent application after publication