【作者】 闫兴篡；

【导师】 殷建平；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2006， 硕士

【摘要】 网络性能度量与调控具有重要的社会意义和军事意义。对网络性能的度量和调控技术的研究不仅其本身具有相当高的学术价值,对网络安全策略的制定也有一定的指导作用。本文对影响网络性能的诸因素进行了比较全面和深入的定性分析。对其中的一些因素进行了合理的假设,重点分析了网络拓扑对网络性能的影响。在图论的基础上分析了图的整体结构特征与图的节点结构特征。参照节点的中心性度量指标,研究了网络中路由器(集)对网络性能的影响。在研究了图及其节点的结构特征的基础上,结合路由器攻击的相关手段,提出了网络攻击性价比的概念,然后进一步提出了网络性能敏感路由器极小集的概念,并给出了网络性能敏感路由器极小集的发现算法,简要分析了网络性能敏感路由器极小集的基本特征。网络拓扑结构是本文研究的重要基础,为此,本文深入研究了网络拓扑发现算法,对这些算法的设计思想和设计方法进行了比较全面的综述,其中对网络拓扑发现算法的设计提出了一些建议和展望。但限于时间和精力,本文并没有设计相关的拓扑发现算法,而是针对一些特殊的规则(Power-law)模拟了一个网络拓扑结构,作为模拟系统的一个输入。本文的主要创新点如下:提出了网络攻击性价比的概念。这个概念指出了网络攻击的效果和网络攻击代价之间的比值是衡量攻击手段的优劣的合理的标准。在网络攻击性价比的基础上,本文提出了网络性能敏感路由器极小集的概念,并设计了相应的发现算法。网络性能敏感路由器极小集的概念指出,对于特定的最少的网络攻击对象(路由器)实施攻击,可以以最小的代价达到预期的攻击效果。根据已知的信息,对网络性能敏感路由器极小集的研究在国内外尚属首次。最后,本文还研制了相应的模拟系统,对网络流特征、路由算法、路由器攻击手段(Smurf)等进行了模拟实验,实验结果表明,本文发现的网络性能敏感路由器极小集的状态对网络性能有非常关键的影响,应该成为网络攻防的首选对象。这对网络攻防手段的研究和网络攻防策略的制定都将有一定的指导作用。更多还原

【Abstract】 Network performance metrics and control can be of great social value and economic value. They not only show meaningful academic value but also are instructive to the decision of network security policy.In this paper, we give general and thorough qualitative analysis on factors effecting network performance, and mainly analysis the effects on network performance by its topology, based on reasonable suppose of some of these factors. With the guidance of the graph theory, we also explore graph structure characters and the characters of the nodes in the graph, further, we analyse the effects on network performance by router (set) referring to the node’s centrality metrics.With the search on router attacks, we introduce a new conception——network attack performance cost ration, standing on the analysis of graph and its nodes’structure characters, and further introduce the network performance sensitive router minimum set. We design an algorithm for discovering the network performance sensitive router minimum set, and analyse the set’s basic characters.Since network topology is the important base on which we head on our exploration, we do a search in topology discovering algorithms, presenting a survey on the their basic ideals and methodology. We have a forward looking at and make suggestions on the way in which Network Topological Discovery Algorithms are designed. Limited by time and energy, we simulate the network topology according to some special rules (power-law) serving as one input of the system, instead of designing a new topology discovery algorithm.The main innovations in this paper are as follows.The new conception of network attack performance cost ration. This ideal shows that the ration between network attack performance and cost can be an advice to distinguish good attacks from bad ones.Network performance sensitive router minimum set and it’s discovering algorithm are proposed in this paper with the help of the above concept. With this concept, we can see that it’s easy to achieve the anticipant effect at lowest cost to attack least objects (routers). According to the known message, it’s the first time to search the network performance sensitive router minimum set inland and aboard.In the last, a simulating system is developed in which we simulate the network data flow, routing algorithm and router attack. The results show that the network performance sensitive router minimum set discovered in this paper has critical effects on the network performance. They should be the best objects to be attacked or be defensed, this can be a guidance to both network attack and network security policy decision.更多还原