Kad网络中Sybil攻击团体检测技术研究

Sybil Group Attack Detection in Kad Network

下载PDF

导出

摘要 Sybil攻击是P2P网络中常见的攻击方式,危害极大.Kad是当前最流行的P2P文件共享网络,最新的Kad软件限制了路由表中的IP数量,因此单个主机的Sybil攻击演化为分布式的团体攻击,传统的根据IP和节点ID来检测Sybil攻击的方式均不再有效.可行的方法是分析异常节点路由表结构及其连接关系来检测Kad网络中的Sybil攻击团体.在由Sybil节点的路由表所形成的拓扑图中,一个团体内的节点之间相互连接紧密,而与团体外节点间的连接稀疏,根据这一特征应用社会网络中的社区发现算法CNM来检测Sybil攻击团体.在应用CNM算法前,可根据Kad路由表特征高效识别异常节点,采集其路由表项,最后通过聚类路由表结构相似的异常节点来降低CNM算法的输入规模,使其可适用于具有百万级节点、亿级边的Kad网络.通过在实际Kad网络上主动注入Sybil攻击团体对该方法的有效性进行了验证,实验结果表明该方法可有效发现规模达数百的Sybil攻击团体.最后,应用该方法对实际Kad网络进行检测,发现了真实存在的多个规模不一的Sybil攻击团体. Sybil attack is a routine attack in P2P systems, which could crack the normal operations of P2P network. Kad is one of the most popular P2P file share systems. The current Kad software limits the number of IP addresses in a routing table, for rejecting the peers with the same IP. Consequently, the attacker must use multiple hosts to launch Sybil group attack, such that the traditional Sybil detection methods based on the same IP addresses do not work. As an alternative, this paper designs a novel method by leveraging routing table information in the malicious peer. Generally, the routing tables of Sybil in the same group have the similar structures. The peers in the same Sybil group are closely connected to each other, whereas the connections between different Sybil groups are sparse. Community detection in social network has the same features with Sybil groups. Therefore we employ CNM algorithm to detect the Sybil groups. In order to reduce the input size of CNM, several preprocessing methods are needed, such as pre-identifying the malicious peers, collecting their routing table items and peers clustering. The proposed approach is verified by inserting Sybil groups on Kad. And the experiment results show that our method is able to discover Sybil groups that have hundreds of peers. This method has been applied on Kad network and found several Sybil groups.

作者李强李舟军周长斌余杰

机构地区北京航空航天大学计算机学院国防科学技术大学计算机学院

出处《计算机研究与发展》 EI CSCD 北大核心 2014年第7期1614-1623,共10页 Journal of Computer Research and Development

基金国家自然科学基金项目(61170189 61370126 60973105 61103015) 高等学校博士学科点专项科研基金项目(20111102130003) 软件开发环境国家重点实验室自主研究课题(SKLSDE-2013ZX-19)

关键词 SYBIL攻击 KAD 路由表聚类 CNM Sybil attack Kad routing table cluster CNM（Clauset, Newman, Moore）

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献15

1Douceur J R. The Sybil attack [C] //Proc of the 1st Int Workshop on Peer-to-Peer Systems. Berlin: Springer, 2002: 251-260.
2Maymounkov P, Kademlia M D. A peer-to-peer information system based on the xor metric [C] //Proc of the 1st Int Workshop on Peer-to-Peer Systems. Berlin: Springer, 2002: 53-65.
3Ornisj. eMule [OL]. (2002-05-13)[2014-02-10]. http:// www. eMule-project, net.
4Cholez T, Chrisment I, Festor O. Evaluation of Sybil attacks protection schemes in kad [C] //Proc of the 3rd Int Con/. on Scalahility of Networks and Services. Berlin: Springer, 2009:70-82.
5Newman M E J, Girvan M. Finding and evaluating community structure in networks [J]. Physical Review E, 2004, 69(2): 1-15.
6Piro C, Shields C, Levine B N. Detecting the Sybii attack in mobile ad hoe networks [C]//Proe of the 2nd IEEE lnt Con/. on Security and Privacy in Communication Networks. Piseataway, NJ: IEEE, 2006: 1-11.
7Wang Xiaodong, Zhao Xin, Zhou Xingming. Detecting the Sybil attack cooperatively in wireless sensor networks [C] // Proc of the 5th Int Conf on Computational Intelligence and Security. Piscataway, N J: IEEE, 2008:442-446.
8Jiang Jing, Shan Zifei, Sha Wenpeng, et al. Detecting and validating Sybil groups in the wild [C] //Proc of the 32nd Int Confron Distributed Computing Systems Workshops. Piscataway, NJ: IEEE, 2012:127-132.
9Haribabu K, Arora D, Kothari B, et al. Detecting Sybils in peer-to-peer overlays using neural networks and CAPTCHAs [C] //Proc of 2010 Int Conf on Computational Intelligence and Communication Networks. Piscataway, N J: IEEE, 2010:154-161.
10胡玲玲,杨寿保,王菁.P2P网络中Sybil攻击的防御机制[J].计算机工程,2009,35(15):121-123. 被引量：3

二级参考文献6

1Douceur J R.The Sybil Attack[C]//Proc.of the 1st International Workshop on Peer-to-Peer Systems.Cambridge,MA,USA:[s.n.],2002:251-260.
2Yu Haifeng,Kaminsky M,Gibbons P B,et al.SybilGuard:Defending Against Sybil Attacks via Social Networks[R].Pisa,Italy:Intel Research Pittsburgh,Technical Report:IRP-TR-06-01,2006.
3Kamvar S D,Schlosser M T,Garcia-Molina H.The Eigen Trust Algorithm for Reputation Management in P2P Networks[C]//Proc.of International World Wide Web Conference.Budapest,Hungary:[s.n.],2003:20-24.
4Faloutsos M,Faloutsos P,Faloutsos C.On Power-law Relationshipof the Internet Topology[C]//Proceedings of the ACM SIGCOMM Conference on Applications,Technologies,Architectures,and Protocols for Computer Communication.Cambridge,Massachusetts,USA:ACM Press,1999:251-262.
5Watts D J,Strogatz S H.Collective Dynamics of Small-world Networks[J].Nature,1998,393(6684):440-442.
6Adar E,Huberman B A.Free riding on Gnutella[Z].Xerox PARC,2000.

共引文献2

1李晓义,李治军,姜守旭.BitTorrent网络的搭便车及恶意攻击研究[J].计算机工程,2011,37(7):163-165. 被引量：2
2刘悦,李强,李舟军.P2P网络安全及防御技术研究综述[J].计算机科学,2013,40(4):9-13. 被引量：6

1薛永昌.从CNMS系统维修实例谈做好系统维护的几点建议[J].工业设计,2015(7):70-71.
2吕家琦.基于mapreduce框架下CNM算法的并行性研究[J].电子技术与软件工程,2014(12):204-205.
3新闻短波[J].网管员世界,2010(15):15-15.
4田增平.实时多处理造成软件限制[J].抗恶劣环境计算机,1993,7(5):36-41.
5沸腾100°的冰.不用其他工具和流氓软件说NO![J].电脑爱好者,2006,0(10):39-39.
6李媛.装,也是一门学问[J].电脑爱好者,2006,0(17):34-35.
7邢矫健.MCS-51编译器——XA51汇编助手[J].无线电,2005(12):36-37.
8李德识,钟婧.基于节点密度的传感器网络路由算法研究与设计[J].武汉大学学报（工学版）,2005,38(4):75-78. 被引量：1
9吕振,李苏雪,张传亭,袁东风.一种基于结构信息的改进CNM算法[J].山东大学学报（工学版）,2017,47(1):37-41.
10袁超,柴毅.基于簇相似度的网络社团结构探测算法[J].物理学报,2012,61(21):539-547. 被引量：12

计算机研究与发展

2014年第7期

浏览历史

内容加载中请稍等...

Kad网络中Sybil攻击团体检测技术研究

参考文献15

二级参考文献6

共引文献2

相关作者

相关机构

相关主题

浏览历史