基于动态邻接信任模型的安全路由算法研究

对现有路由节点信任相关问题进行了研究,综合路由节点的状态和行为因素提出了一种路由节点动态邻接信任模型。在此模型基础上提出了一种基于动态邻接信任熵的安全路由算法,并在现有OSPF路由协议中对该路由算法进行了验证。仿真结果表明提出的动态邻接信任模型能够准确地反映路由节点状态改变和恶意攻击,具有良好的动态响应能力,提出的安全路由算法能有效地保证路由节点的行为及状态可信并且具有良好的抗攻击性能。     

社区结构感知的间断连接无线网络路由机制

针对间断连接无线网络中消息投递成功率低的问题1依据网络中节点社会关系的差异性,提出了一种社区结构感知的路由机制.该机制根据节点在各个运动周期内的状态信息建立马尔可夫模型,以描述节点运动状态转换过程,进而以分布式的方式感知节点中心度,并以社区中心度为参数,采用社区标签交换方法对网络结构进行动态检测,最终利用社区内中心节点为中继辅助完成消息的转发.仿真结果表明,所提出的路由机制在投递率方面的性能改善程度接近90％,极大地优化了网络性能.     

恶意节点容忍的间断连接无线网络消息转发策略

间断连接无线网络中的节点以协作方式完成消息投递,恶意节点将严重影响网络性能。利用节点历史行为信息,该文提出一种恶意节点容忍的消息转发策略,节点结合直接观察信息与邻居节点的推荐信息,通过动态推荐声誉阈值感知节点恶意行为,进而利用证据理论量化节点信任度,从而检测网络中串谋及独立的恶意节点,为消息选择最优的转发节点。结果表明,在带有串谋的恶意攻击下,所提出的消息转发策略能准确检测出恶意节点,并显著提高消息投递率,改善平均时延。     

机会网络中能量有效的副本分布状态感知路由机制

针对机会网络中的节点能耗与消息扩散程度之间存在矛盾,基于节点能耗与副本状态感知的路由机制可以显著地改善资源受限场景的网络性能,综合考虑消息扩散程度与节点剩余能量,并结合节点相遇概率预测方法,提出能量有效的副本分布状态感知路由机制,为消息分布式地选择合理的中继节点。仿真结果表明,所提出的路由机制能够有效降低网络负载,并大幅改善消息投递率和平均时延性能。     

认知无线电网络中基于信任的安全路由模型

针对认知无线电网络中路由受到的选择性转发攻击,提出一种基于信任的安全路由模型。通过监视节点的数据转发行为,构建节点的信任以识别恶意节点。基于路由选择必须同频谱分配紧密结合的特点,在路由发现阶段,请求信息中封装节点的可用频谱机会并避免发送给恶意节点。在路由选择阶段,利用节点信任构建可用路径信任,结合延时度量进行路由决定。同时,根据节点的信任划分对其服务请求采取不同的响应,对非可信节点的恶意行为采取更严厉的惩罚,从而激励节点在路由中的合作。仿真结果及分析表明,在选择性转发攻击下,该模型较已有模型在网络吞吐率、端到端延迟方面都有较好的表现。     

节点状态感知的机会网络分布式协作缓存机制

合理利用节点间的协作关系及相邻节点的缓存资源可有效提高机会网络中节点缓存的利用率与消息的投递率。该文提出一种节点状态感知的分布式协作缓存机制,通过感知消息扩散程度动态估计消息的重要程度,确定消息在缓存操作中的优先级。进而根据节点的活跃度及相对粘度获知给定消息与其目标节点的相遇概率,并针对消息源节点的差异设计分区协作缓存方法,同时在本地缓存处于存满状态时动态选取协作节点,实现本地消息到相邻节点的转移,以达到高效利用缓存资源的目的。结果表明,所提出的协作缓存机制能够有效地利用节点有限的缓存资源,并大幅度地改善消息投递率及节点缓存利用率。     

动态路由模拟策略研究

网络模拟路由策略的基本目标是真实地反映模拟数据包的转发过程。拓扑变化会影响路由选择结果。现：有模拟器在处理动态路由时会让所有节点同时感知到拓扑变化信息，这与实际网络中的情况并不相符。给出并分析动态路由模拟抽象模型，进而提出计算不同节点对拓扑变化感知时间的策略；提出动态MTree_Nix路由策略，以静态路由表和拓扑变化消息序列作为动态路由表，通过比较节点的感知时间查找路由。实验结果表明，此算法能够更真实地模拟网络中的动态路由，并且具有较高的模拟效率。     

一种基于邻居合作监测的移动Ad hoc网络信任模型

针对自私节点的恶意丢包行为,将节点和其邻居节点所监测的结果结合起来,计算出节点间的信任度,并以此作为路由选择的依据来促进节点间的相互合作,提出一种基于邻居合作监测的移动Adhoc网络信任模型.将信任模型应用于DSR路由协议并在NS2中进行仿真实验,结果表明该信任模型可以有效地缓解自私节点造成的影响,提高了网络的分组投递率.     

节点连接态势感知的低开销机会网络消息传输策略

利用节点保存的相遇历史信息,提出一种节点连接态势感知的消息传输策略,通过建立时序图模型估计节点间的连接态势,以时延、投递率以及负载率为联合优化目标参数,采用均衡和量化方法,为消息分布式地选择最佳中继节点。仿真结果表明,所提出的消息传输策略能够有效降低网络负载48%以上,并改善消息投递率和平均时延性能。     

容迟网络中一种改进型ProPHET路由算法研究

由于ProPHET路由没有限制网络中消息数量,因此其网络开销很高。文章提出了新的消息转发度量化函数,并据此给出一种改进的概率路由算法P-DFM（ProPHET Based on DFM）。该算法利用节点与目的节点的接触概率和节点间的相遇频率来计算节点的消息转发度,通过比较节点的DFM决定转发消息的副本数目。采用TheONE对Epidemic路由、ProPHET路由及P-DFM路由进行仿真,结果表明提出的P-DFM算法有效地提高了消息投递率,降低了网络开销的成本。     

Integrated Social and QoS Trust-Based Routing in Delay Tolerant Networks

We propose and analyze a class of integrated social and quality of service (QoS) trust-based routing protocols in mobile ad-hoc delay tolerant networks. The underlying idea is to incorporate trust evaluation in the routing protocol, considering not only QoS trust properties but also social trust properties to evaluate other nodes encountered. We prove that our protocol is resilient against bad-mouthing, good-mouthing and whitewashing attacks performed by malicious nodes. By utilizing a stochastic Petri net model describing a delay tolerant network consisting of heterogeneous mobile nodes with vastly different social and networking behaviors, we analyze the performance characteristics of trust-based routing protocols in terms of message delivery ratio, message delay, and message overhead against connectivity-based, epidemic and PROPHET routing protocols. The results indicate that our trust-based routing protocols outperform PROPHET and can approach the ideal performance obtainable by epidemic routing in delivery ratio and message delay, without incurring high message overhead. Further, integrated social and QoS trust-based protocols can effectively trade off message delay for a significant gain in message delivery ratio and message overhead over traditional connectivity-based routing protocols.     

Random forest classifier‐based safe and reliable routing for opportunistic IoT networks

Designing a safe and reliable way for communicating the messages among the devices and humans forming the Opportunistic Internet of Things network (OppIoT) has been a challenge since the broadcast mode of message sharing is used. To contribute toward addressing such challenge, this paper proposes a Random Forest Classifier (RFC)‐based safe and reliable routing protocol for OppIoT (called RFCSec) which ensures space efficiency, hash‐based message integrity, and high packet delivery, simultaneously protecting the network against safety threats viz. packet collusion, hypernova, supernova, and wormhole attacks. The proposed RFCSec scheme is composed of two phases. In the first one, the RFC is trained on real data trace, and based on the output of this training, the second phase consists in classifying the encountered nodes of a given node as belonging to one of the output classes of nodes based on their past behavior in the network. This helps in proactively isolating the malicious nodes from participating in the routing process and encourages the participation of the ones with good message forwarding behavior, low packet dropping rate, high buffer availability, and a higher probability of delivering the messages in the past. Simulation results using the ONE simulator show that the proposed RFCSec secure routing scheme is superior to the MLProph, RLProph, and CAML routing protocols, chosen as benchmarks, in terms of legitimate packet delivery, probability of message delivery, count of dropped messages, and latency in packet delivery. The out‐of‐bag error obtained is also minimal     

A cluster-based trust-aware routing protocol for mobile ad hoc networks

Routing protocols are the binding force in mobile ad hoc network (MANETs) since they facilitate communication beyond the wireless transmission range of the nodes. However, the infrastructure-less, pervasive, and distributed nature of MANETs renders them vulnerable to security threats. In this paper, we propose a novel cluster-based trust-aware routing protocol (CBTRP) for MANETs to protect forwarded packets from intermediary malicious nodes. The proposed protocol organizes the network into one-hop disjoint clusters then elects the most qualified and trustworthy nodes to play the role of cluster-heads that are responsible for handling all the routing activities. The proposed CBTRP continuously ensures the trustworthiness of cluster-heads by replacing them as soon as they become malicious and can dynamically update the packet path to avoid malicious routes. We have implemented and simulated the proposed protocol then evaluated its performance compared to the clustered based routing protocol (CBRP) as well as the 2ACK approach. Comparisons and analysis have shown the effectiveness of our proposed scheme.     

CPTR: conditional probability tree based routing in opportunistic networks

In opportunistic networks due to the inconsistency of the nodes link, routing is carried out dynamically and we cannot use proactive routes. In these networks, nodes use opportunities gained based on store-carry-forward patterns to forward messages. Every node that receives a message when it encounters another node makes decision regarding the forwarding or not forwarding the node encountered. In some previous methods, the recognition of whether encounter with current node is considered as an appropriate opportunity or not has been carried out based on the comparison of the probability of carrier node and the node encountered. In these methods, if the message is delivered to the encountered node, a better opportunity would be lost. To fight with this challenge we have posed CPTR method by using conditional probability tree method through which in addition to the probability of the delivery of carrier and encountered nodes’ message delivery, the opportunities for after encounter will be involved in messages’ forwarding. Results of simulation showed that the proposed method can improve the ratio of delivery and delay of message delivery compared to other similar methods in networks with limited buffer.     

Improving Resilience against DDoS Attack in Unstructured P2P Networks

In unstructured peer-to-peer （P2P） systems such as Gnutella, a general routing search algorithm is used to blindly flood a query through network among peers. But unfortunately, malicious nodes could easily make use of the search approach launching distributed denial of service （DDoS） attack which aims at the whole network. In order to alleviate or minimize the bad effect due to behavior of malicious nodes using the flooding search mechanism, the paper proposes a Markov-based evaluation model which exerts the trust and reputation mechanism to computing the level of trustworthy of nodes having the information requested by evaluation of the nodes＇ history behavior. Moreover, it can differentiate malicious nodes as early as possible for isolating and controlling the ones＇ message transmitted. The simulation results of the algorithm proposed show that it could effectively isolate malicious nodes, and hold back the transmission of vicious messages so that it could enhance tolerance of DDoS based on flooding in Guutella-like P2P network.     

Trust prediction and trust-based source routing in mobile ad hoc networks

Mobile ad hoc networks (MANETs) are spontaneously deployed over a geographically limited area without well-established infrastructure. The networks work well only if the mobile nodes are trusty and behave cooperatively. Due to the openness in network topology and absence of a centralized administration in management, MANETs are very vulnerable to various attacks from malicious nodes. In order to reduce the hazards from such nodes and enhance the security of network, this paper presents a dynamic trust prediction model to evaluate the trustworthiness of nodes, which is based on the nodes’ historical behaviors, as well as the future behaviors via extended fuzzy logic rules prediction. We have also integrated the proposed trust predication model into the Source Routing Mechanism. Our novel on-demand trust-based unicast routing protocol for MANETs, termed as Trust-based Source Routing protocol (TSR), provides a flexible and feasible approach to choose the shortest route that meets the security requirement of data packets transmission. Extensive experiments have been conducted to evaluate the efficiency and effectiveness of the proposed mechanism in malicious node identification and attack resistance. The results show that TSR improves packet delivery ratio and reduces average end-to-end latency.     

一种基于信誉和能量综合评价模型的ZigBee网络

为有效解决ZigBee网络对于内部攻击缺少防范的问题,并兼顾网络性能受制于有限节点能量的不足,文章在RFSN模型的基础上,提出一种基于节点通信行为、历史评价和能量的综合评价模型,进而针对不同攻击行为给出相应的路由选择方案及监测标准。仿真实验表明,该模型比RFSN模型更能快速准确地识别出恶意节点。     

Secure Multi-copy Routing in Compromised Delay Tolerant Networks

Routing in delay tolerant networks (DTNs) is challenging due to their unique characteristics of intermittent node connectivity. Different protocols (single-, multi-copy, erasure-coding-based etc.) utilizing store-carry-and-forward paradigm have been proposed to achieve routing of messages in such environments by opportunistic message exchanges between nodes that are in the communication range of each other. The sparsity and distributed nature of these networks together with the lack of stable connectivity between source destination pairs make these networks vulnerable to malicious nodes which might attempt to learn the content of the messages being routed between the nodes. In this paper, we study DTNs in which malicious nodes are present, to which we refer to as compromised DTNs. We discuss and analyze the effects of presence of malicious nodes on routing of messages in compromised DTNs. We propose a two period routing approach which aims at achieving the desired delivery ratio by a given delivery deadline in presence of malicious nodes. Our simulation results with both random networks and real DTN traces show that, with proper parameter setting, the proposed method can achieve delivery ratios which surpass those reached by other algorithms by a given delivery deadline.     

Extension of Delay Tolerant Network’s Routing Protocols for Preventing Excessive Utilization of Resources

The routing algorithms of DTN have the inbuilt storage management scheme such as Hop based TTL (Spray and Wait) or passive cure (Potential-based Entropy Adaptive Routing PEAR). There has been a significant amount of work in the past regarding buffer management policies. In this paper, we have proposed a new message deletion policy for multi-copy routing schemes. In this scheme, message delivery information is communicated to the other nodes in the network for removing useless bundles from the network, which prevents the nodes from the buffer overflow problem and avoid transfer of useless message replicas thus relaxing the resources of the nodes. We evaluate our proposed method by simulating network, on four major DTNs routing algorithms: Epidemic, Spray and Wait, ProPHET and MaxProp. The simulation results clearly show significant improvement in the value of delivery probability and the overhead ratio for an Epidemic, Spray and Wait, and Prophet routing protocols.     

An Improved Routing Algorithm Based on Social Link Awareness in Delay Tolerant Networks

The routing efficiency in delay tolerant networks is degraded due to intermittent connection and high latency. Additionally, socially selfish nodes in social networks refuse to provide message forwarding service since there are limited resources. To solve these problems, an improved routing algorithm based on the social link awareness is proposed. In this algorithm, multiple social features of the nodes’ behaviors are utilized to quantify the nodes pairs’ social links. The social links of the nodes pairs are computed based on their encounter history. These social links can be used to construct the friendship communities of the nodes. The intra-community and inter-community forwarding mechanisms are implemented to raise the successful delivery ratio with low overhead and decrease the transmission delay. Simulation results show that the proposed algorithm shortens the routing delay and increases the successful delivery ratio, thereby improving the routing efficiency.