高级检索

    Kad网络中Sybil攻击团体检测技术研究

    Sybil Group Attack Detection in Kad Network

    • 摘要: Sybil攻击是P2P网络中常见的攻击方式,危害极大.Kad是当前最流行的P2P文件共享网络,最新的Kad软件限制了路由表中的IP数量,因此单个主机的Sybil攻击演化为分布式的团体攻击,传统的根据IP和节点ID来检测Sybil攻击的方式均不再有效.可行的方法是分析异常节点路由表结构及其连接关系来检测Kad网络中的Sybil攻击团体.在由Sybil节点的路由表所形成的拓扑图中,一个团体内的节点之间相互连接紧密,而与团体外节点间的连接稀疏,根据这一特征应用社会网络中的社区发现算法CNM来检测Sybil攻击团体.在应用CNM算法前,可根据Kad路由表特征高效识别异常节点,采集其路由表项,最后通过聚类路由表结构相似的异常节点来降低CNM算法的输入规模,使其可适用于具有百万级节点、亿级边的Kad网络.通过在实际Kad网络上主动注入Sybil攻击团体对该方法的有效性进行了验证,实验结果表明该方法可有效发现规模达数百的Sybil攻击团体.最后,应用该方法对实际Kad网络进行检测,发现了真实存在的多个规模不一的Sybil攻击团体.

       

      Abstract: Sybil attack is a routine attack in P2P systems, which could crack the normal operations of P2P network. Kad is one of the most popular P2P file share systems. The current Kad software limits the number of IP addresses in a routing table, for rejecting the peers with the same IP. Consequently, the attacker must use multiple hosts to launch Sybil group attack, such that the traditional Sybil detection methods based on the same IP addresses do not work. As an alternative, this paper designs a novel method by leveraging routing table information in the malicious peer. Generally, the routing tables of Sybil in the same group have the similar structures. The peers in the same Sybil group are closely connected to each other, whereas the connections between different Sybil groups are sparse. Community detection in social network has the same features with Sybil groups. Therefore we employ CNM algorithm to detect the Sybil groups. In order to reduce the input size of CNM, several preprocessing methods are needed, such as pre-identifying the malicious peers, collecting their routing table items and peers clustering. The proposed approach is verified by inserting Sybil groups on Kad. And the experiment results show that our method is able to discover Sybil groups that have hundreds of peers. This method has been applied on Kad network and found several Sybil groups.

       

    /

    返回文章
    返回