【作者】 彭三城；

【导师】 贾维嘉；

【作者基本信息】 中南大学 ， 计算机应用技术， 2010， 博士

【摘要】 抗毁性是指系统在出现故障或遭受攻击时,能够及时地完成其关键服务的能力。抗毁性不仅是网络的一个基本性质,也是衡量一个国家政治、军事、经济等抗毁能力的一个重要指标。因此,抗毁性研究也成为了网络与信息安全一个重要的研究方向。随着人们对移动自组网的研究不断深入,其应用领域也随之不断扩大。然而,由于移动自组网本身的特点,容易出现故障或遭受攻击,导致对其抗毁性的研究极具挑战性。如何对抗毁性进行定量分析,以及如何提高系统的抗毁性都是移动自组网抗毁性研究的关键问题。为了研究这些问题,本论文提出了抗毁性评估模型、抗毁机制、以及具有抗毁能力的路由协议。从不同的角度,采用多种方法和技术,探索解决上述问题的思路和方法。主要的创新性工作如下：(1)提出了一种面向节点故障的抗毁性定量评估模型。首先,针对影响移动自组网抗毁性的各种故障进行抗毁性建模,利用连续时间马尔可夫链来精确地刻画移动自组网的抗毁性；其次,在对移动自组网抗毁性建模的基础上,以分段式路由、基于簇的多路径动态源路由和基于多路径的分段式路由三种协议为例,引入可靠性理论对大规模移动自组网的抗毁性进行分析和量化评估。通过实验对抗毁性进行定量分析,结果表明了该方法的有效性。(2)提出了面向节点异常行为的抗毁性定量评估模型。通过对节点行为进行建模和对三维网络连通性进行分析,实现在节点遭受攻击时对三维移动自组网抗毁性进行定量评估。首先,采用了半马尔可夫过程来对节点异常行为进行建模,对三维移动自组网的节点最小度进行了推导；然后,在对孤立节点问题进行建模的基础上,给出了一种用来分析网络k-连通性的有效方法；通过对节点异常行为给三维网络连通性所造成的影响进行分析,得到了一种网络保持k-连通时的抗毁性数学描述。最后,通过实验对抗毁性进行定量分析,表明了该方法的有效性和合理性。(3)为保证节点间的安全通信,以提高网络的抗毁性,在抗毁性定量评估的基础上,提出了移动自组网中基于多约束和协同过滤的动态信任机制。该机制的主要思想是：首先,采用一个带多约束的信任更新算法来评估节点间的直接信任。其中时间衰减因子保证了信任度随时间进行衰减；奖励因子保证了善意节点应受到奖励；惩罚因子保证了恶意节点应受到惩罚。然后,通过采用协同过滤技术评估推荐信任,以此来阻止不诚实的推荐。性能分析结果表明,该方法比Bayesian模型更能精确地计算节点之间的信任度。(4)提出了基于动态信任机制的可信路由协议,其目的是进一步验证所提出的动态信任机制的有效性和提高系统的抗毁性。首先,结合动态信任机制将DSR协议扩展为DTM-DSR协议。该协议根据节点对其邻居的信任度做出路由决策,选择信任度高的邻居作为下一跳节点；然后,通过节点之间的信任度来建立一条可信路径,以阻止恶意节点参与数据转发。最后,通过模拟对所提出的协议进行性能分析,结果表明,与DSR协议和Bayesian-DSR协议相比,DTM-DSR路由协议能有效地提高网络性能。网络抗毁性及其评估的研究是该领域的一项基础研究。本论文的工作是针对移动自组网抗毁性及其评估中亟待解决的一些关键问题提出了解决方案,这对于推进网络抗毁性的理论研究具有一定的理论价值；同时,对于指导网络设计和提高网络抗毁性具有一定的实用价值。更多还原

【Abstract】 Survivability refers to the ability of a network system to fulfill critical services in a timely manner to end users in the presence of faults and/or attacks. It is not only a fundamental property of network, but also an important metric to evaluate the survivability on politics, military, and economics in a country. Nowadays survivability is an important research direction on network and information security.Even though researches on mobile ad hoc networks (MANETs) go deeper and their applications get wider, MANETs are still vulnerable to various faults as well as attacks due to their characteristics, resulting in research on the survivability more challenging. How to conduct a quantitative analysis on the survivability, and how to improve the survivability of the system are key issues on survivability research in MANETs. In order to solve the above problems, evaluation model, survivable mechanism and survivable routing protocol, are proposed with different views, different methods and techniques in this dissertation. Innovations of this dissertation are as follows:(1) We propose a quantitative evaluation model on survivability for node fault oriented. First, the model takes various types of faults into account for survivability modeling, and then uses the continuous time Markov chain (CTMC) to describe the survivability of MANETs in a precise manner. Second, we introduce the reliability theory to perform quantitative evaluation for survivability on routing protocols in large-scale MANETs, such as segment-by-segment routing (SSR), multipath-based segment-by-segment routing (M-SSR), and cluster-based multipath dynamic source routing (CMDSR). Finally, the analytic results show the effectiveness of our approach through experiments.(2) We present a quantitative evaluation model on survivability for node misbehavior oriented. The purpose of this method is to achieve the quantitative analysis on survivability in 3D MANETs, in the presence of attacks of nodes, through modeling on node misbehaviors and analysis of 3D network connectivity. First, we model the node misbehaviors by using semi-Markov process, and derive the node minimum degree of 3D MANETs. Second, we develop an effective approach to analyze k-connectivity of 3D MANETs, based on the model of isolated node problem. Third, we achieve a mathematical description of network survivability for the k-connected maintenance, through analyzing their connectivity in 3D MANETs caused by node misbehaviors. Finally, the analytic results show the effectiveness and correctness of our approach through experiments.(3) According to the quantitative evaluation on survivability, we propose a dynamic trust mechanism (DTM) based on multi-constraints and collaborative filtering in MANETs in order to improve the system survivability and to ensure secure communication among nodes. The main idea of DTM is to introduce a trust updating algorithm with multi-constraints (time aging factor ensures that the trust fades with time; rewards factor ensures that good peers deserve to be rewarded; and penalty factor ensures that the malicious deserve to be punished) to assess the direct trust among nodes. And the false recommendation is prevented by adopting collaborative filtering technique to evaluate recommendation trust. The analytic results show that DTM can compute trust between nodes more precisely than Bayesian model through performance analysis.(4) We present a trusted routing protocol based on DTM, and the object is to further validate the effectiveness of the DTM and to improve the system survivability. First, we develop a DTM-DSR protocol based on DTM by extending DSR, in which a node makes a routing decision based on the trust value of its neighboring nodes. Second, the DTM-DSR can prevent malicious nodes to forward data packets by establishing trusted route through the trust value of nodes along the path. Finally, the effectiveness of our approach is validated through extensive simulations. The simulation results show that DTM-DSR improves network performance more effectively than DSR and Bayesian-DSR protocols.Our research on network survivability and its evaluation is basic in this area. Some important work has been done in this dissertation which contributes to addressing some key research issues in the area of survivability and its evaluation in MANETs, which produces some theoretical values in promoting the research on network survivability and some practical values in guiding the network design and in improving network survivability.更多还原