| 一种动态多路径冗余的网络传输架构的研究 |
| |
| 引用本文: | 周荃,吴承荣. 一种动态多路径冗余的网络传输架构的研究[J]. 计算机应用与软件, 2019, 36(4): 140-148,160 |
| |
| 作者姓名: | 周荃 吴承荣 |
| |
| 作者单位: | 复旦大学计算机科学技术学院 上海200082;复旦大学计算机科学技术学院 上海200082 |
| |
| 摘 要: | 提出一种动态多路径冗余的网络传输架构。该传输架构使用移动目标防御、数据冗余编码、多路径传输控制协议等理念和技术,应用层实现并提升传输的可靠性和完整性,给网络传输带来容错容侵能力。其中,由纠删码技术所带来的冗余性,使用RS编码为传输的数据文件单元进行冗余编码处理,使得网络传输可验证、可恢复;由多路径技术所带来的异构性,对数据文件进行分块传输,且传输内容彼此异构,使得多个数据流在公共网络中表现为相互独立,加大被攻击者识别的难度;由地址跳变技术所带来的动态性和随机性,能够有效抵御基于网络资源标识的扫描攻击。该网络传输架构能够有效防御恶意嗅探、窃听、中间人攻击和重放攻击,能够有效防止数据文件传输被恶意阻断、篡改。同时,传输架构具备一定的网络安全态势感知能力。理论分析了使用该拟态传输架构能够带来的传输安全性提升,评估了各种攻击模式下的攻击成功率,并设计了一系列实验,最终得出结论:在带来5%~14%的传输时间开销的情况下,能够提高传输可靠性27%~40%。
|
| 关 键 词: | 网络传输 移动目标防御 数据冗余编码 多路径传输 |
NETWORK TRANSMISSION ARCHITECTURE BASED ON DYNAMIC REDUNDANT MULTIPATH |
| |
| Zhou Quan,Wu Chengrong. NETWORK TRANSMISSION ARCHITECTURE BASED ON DYNAMIC REDUNDANT MULTIPATH[J]. Computer Applications and Software, 2019, 36(4): 140-148,160 |
| |
| Authors: | Zhou Quan Wu Chengrong |
| |
| Affiliation: | (School of Computer Science, Fudan University Shanghai 200082, China) |
| |
| Abstract: | This paper proposed the network transmission architecture based on dynamic redundant multipath. It adopted several concepts and technologies such as moving target defense, data redundancy coding, multi-path transmission control protocol and so on. Application layer realized and improved the reliability and integrity of transmission, and made the network transmission have a certain ability of fault tolerance and intrusion tolerance. Redundancy brought by erasure code technology was used to encode the data file unit transmitted by RS code, which made the network transmission verifiable and recoverable. Due to the heterogeneity brought by multipath technology, data files were transmitted in blocks. The transmission contents were heterogeneous with each other, so that multiple data flows in the public network were independent, which made it more difficult to identify by attackers. The dynamic and randomness brought by address hopping technology could effectively resist the scanning attack based on network resource identification. The network transmission architecture could effectively defend against malicious sniffing, eavesdropping, man-in-the-middle attack and replay attack, and prevent data file transmission from malicious blocking and tampering. The transmission architecture had a certain network security situational awareness capability. In the paper, we theoretically analyzed the transmission security enhancement that could be brought about by using the transmission architecture. We evaluated the attack success rate under various attack modes, and designed a series of experiments to verify it. The results show that the transmission reliability can be improved by 27% 40% with 5% 14% transmission time overhead. |
| |
| Keywords: | Network transmission Moving target defense Data redundant coding Multipath transmission |
| 本文献已被 维普 万方数据 等数据库收录! |
|
