Research on Group Theory Strategies in Computer Security Mechanisms and Collaborative Defense Techniques for Distributed Systems

Computer security refers to a series of techniques and measures to protect computers and the information and resources in computer systems from unauthorized access, damage, theft, or destruction. In today’s digital era, computer security principles are undoubtedly crucial [1-4]. Computer system security is the ability of a system to function properly under reasonable conditions and to protect the information in the system from unauthorized intrusion and damage. Computer system security consists of the following aspects: Confidentiality: Ensuring that only authorized users can access sensitive information in the system [5-8]. Integrity: Protecting data from tampering or malicious modification. Availability: to ensure that the system is continuously available and able to meet the needs of users [9-10].

With the continuous innovation of technology, the computer network security problem has attracted more and more people’s attention. Based on the distributed cooperative network, security defense technology has become an important way to solve network security problems [11-12]. Distributed cooperative technology refers to the technology of connecting multiple computers or processors to accomplish a certain task through the network. Its main features are decentralized tasks, strong computing power, high performance, and other advantages. Distributed collaboration technology can greatly improve the reliability and processing capacity of the system while reducing the system’s overhead [13-16]. With the continuous development of network technology, network security problems are increasing. Traditional defense measures can not meet the requirements of network security. Therefore, the network security defense technology based on distributed cooperative technology is gradually developing and growing [17-19].

In this study, a collaborative defense method based on an NTRU-like public key cryptosystem is proposed to build a distributed collaborative defense system based on a group theory strategy. In the NTRU-like public key cryptosystem, the NTRU-like public key cryptosystem GTRU is proposed, and the sufficient condition for correct decryption of GTRU is given. The NTRU-like public key cryptosystem is used as the core of the collaborative defense data encryption technology, the multi-authorization center attribute data encryption model is proposed, and the security initialization function is established to realize the optimization of the multi-authorization center attribute data encryption technology. Hibernate was used for the implementation of system data persistence and combined with RMI for the distributed processing of the system to complete the design of distributed collaborative defense systematization. Carry out performance simulation tests on the published collaborative defense system constructed in this paper. The test specifically includes an encryption defense test, intrusion defense test, and system load test to experimentally verify the effectiveness and security of the system.

2

Group theory strategies in computer security mechanisms

2.1

Group Theory Basis

Group theory is a branch of abstract algebra. Abstract algebra is mainly used to study a variety of algebraic structures, that is, some sets with algebraic operations, which is the foundation of modern science. With the progress of science and technology, especially the development of computer technology, the theory and method of abstract algebra are also improving. The application field is also increasing, and now it has penetrated various scientific fields and various practical application departments. Here is a brief introduction to basic group theory.

Definition 1, half group. If S is a non-empty set, and if there is an algebraic operation in satisfying S that ☆ satisfies associative law (a☆b)☆c = a☆(b☆c) for any element a,b,c in set S, then S is said to be a half-group of operations ☆ and denoted as (S, ☆).

Definition 2, Exchange semigroup. A semigroup S☆ is called a commutative semigroup S if its operations can satisfy the law of commutativity a☆b = b☆a, where a,b is an element of the set S.

Definition 3, Let f be a map from set A to set B. Call f a one-shot from A to B if for any element a,b in A it is possible to satisfy f(a) ≠ f(b) when a ≠ b. If for any element b in B and any element a in A, there exists f(a) = b , then call f a full map from A to B. If f is both a one-shot and a full-shot, then f may again be called a bijection.

Definition 4, assuming that S and S′ are both semigroups and that f is a map from S to S′, f is called a homomorphism from S to S′ if f preserves the operation, i.e., satisfies f(x☆y) = f(x)☆f(y) for any element x,y in S.

When homomorphism f is a single shot, then f is said to be a single homomorphism, when homomorphism f is a full shot, then f is said to be a full homomorphism, and S and S′ homomorphisms are noted as S ~ S′. When homomorphism f is a bijection, then f is said to be a homomorphism, and S and S′ homomorphisms are noted as $S ≅ S'$ .

2.2

Strategies for public key cryptography regimes based on group theory

This paper proposes public key cryptosystems as a strategic approach to the application of group theory in computer security mechanisms as a basis for building a distributed collaborative defense system. The implementation of a public key cryptosystem using group theory is as follows.

Suppose group S is a subgroup of group G, where T = C_G(H) is a centralizer of S over G. Then for integers m, n(n>1), M ∈ {0.1}^m are plaintexts, the hash function H is defined as follows. H:G → {0,1}^m. Then the new key algorithm based on group theory is $β \in S_{x}^{n + 1}$ for the private key and $α \in G_{X}^{n}$ for the public key. The encryption process chooses $γ \in T_{X}^{n + 1}$ randomly and the ciphertext is $(γ (a), H (γ_{1} π (β (α, e)) γ_{n + 1}^{- 1}) \dot{Y} M)$ . If the encrypted ciphertext is (a,b), then the plaintext is recovered by decryption through $H (π (β \cdot (a, e))) \dot{Y} b$ .

The security analysis of the key regime, based on the definitions of MSRP and SAP, which are the core difficulties of group theory, shows that if G is assumed to be a group where S is a subgroup of G and there are pairs of positive integers n, $g \in G_{X}^{n}$ , and g′ ∈ G. then if there exists a number $s \in S_{X}^{n}$ such that π(gs) = g′ it is necessary to find at least one of such numbers s, and if S is not a special group it is not possible to reach the MSRP by a sufficient and efficient algorithm, since Eq. π(gs) = g′ is not connected to the conjugate are not connected, so any attack that employs conjugate to do so is unbreakable. Also, since any variable s_i ∈ S will only occur once in the variable, it will not provide a sufficient estimate for a probabilistic cracking algorithm.

Since anyone who wants to get β from a public key must solve the MSRP puzzle, and anyone who wants to get β from a must solve the SAP puzzle, it is not possible to get $γ_{1} π (β (a, e)) γ_{n + 1}^{- 1}$ when the hash function H is sufficiently secure, and so it is not possible to get β or M with the help of b.

3

Distributed collaborative defense systems based on group theory strategies

In the above paper, this study proposes the group theory-based public key cryptography regime as a group theory strategy in computer security mechanisms, and the public key cryptography regime belongs to the field of data encryption technology [20]. In this chapter, based on the public key cryptosystem, we will further propose the NTRU-like public key cryptosystem based on group theory and use it as the core of collaborative defense data encryption technology to construct the computer multi-authorization center attribute data encryption model and build a distributed collaborative defense system.

3.1

Collaborative Defense Approach Based on NTRU-like Public Key Cryptography Regime

3.1.1

Data Encryption Model for Computer Network Communications

Computer network communication data encryption, mainly based on key characteristics as the information classification criteria, is divided into symmetric key cryptography and asymmetric key cryptography. Symmetric key cryptographic key is also known as traditional cryptography, and asymmetric key cryptography is also known as public key cryptography. Traditional cryptography divides the message into packet cipher and sequence cipher and divides it into link encryption, node encryption, and end-to-end encryption in terms of communication hierarchy. Regardless of the form of encryption, plaintext, ciphertext, keys, and algorithms are required. Information attackers are able to intercept information at an endpoint connected to any node link. In order to protect information security, two methods are usually used to encrypt network communication data.

3.1.2

NTRU-like public key cryptosystems based on group theory

This section generalizes NTRU to general groups and proposes GTRU, a group-theory-based NTRU-like public key cryptosystem [21].

Given a regular subgroup N, N of a group G, G a chaperone set in G represents element T_N, i.e.: (1) $π_{N} : G \to G / N, π_{P} (g) = g P$ (2) $ρ_{T_{N}} : G / N \to G, ρ_{T_{N}} (g N) = g_{T_{N}} \in g N \cap T_{N}$ (3) ${\bar{π}}_{N} : E {(G)}_{N} \to E (G / N), {\bar{π}}_{N} (f) (g N) = f (g) N$

The parameters of GTRU include a group G with operation å , two regular subgroups P and Q of G, a chaperone set of P in G representing element T_p, a chaperone set of Q in G representing element T_Q, two subsets L_f and L_g of E(G), and two subsets L_m and L_r of G.

The key generation, encryption, and decryption operations of GTRU are as follows.

For key generation, f ∈ L_f and g ∈ L_g are chosen such that the existence of f_P and f_Q is satisfied: (4) ${\bar{π}}_{r} (f_{p} \circ f) \circ π_{p} = π_{p}$ (5) ${\bar{π}}_{Q} (f \circ f_{Q}) \circ π_{Q} = π_{Q}$

And compute $h = {\bar{π}}_{Q} (f_{Q} \circ g)$ . The public key is h, and the private keys are f and g.

To encrypt m ∈ L_m, choose r ∈ L_r at random and compute it: (6) $c = π_{Q} (m) å h \circ π_{Q} (r)$

Decryption. To decrypt c ∈ G/Q, compute: (7) $m = ρ_{T_{P}} \circ {\bar{π}}_{P} (f_{P}) \circ π_{P} \circ ρ_{T_{Q}} \circ {\bar{π}}_{Q} (f) (c)$

If the parameters G, P, Q, T_p, T_Q, L_f, L_g, L_m, L_r of GTRU fulfill the following conditions: (8) $\begin{array}{l} C 1 L_{f}, L_{g} \subseteq E {(G)}_{P} \cap^{}^{} E {(G)}_{Q} \\ C 2 L_{m} \subseteq T_{P} \\ C 3 L_{r} \subseteq P \\ C 4 {f (m) å g (r) : f \in L_{f}, m \in L_{m}, g \in L_{g} : r \in L_{r}} \subseteq T_{Q} \end{array}$ Then, GTRU can be decrypted correctly.

To show that GTRU can be decrypted correctly, it is necessary to verify equation (8).

For all f ∈ L_f, m ∈ L_m, g ∈ L_g, r ∈ L_r, there is g(r) ∈ P according to conditions C1 and C3, then: (9) $π_{p} (f (m) å g (r)) = π_{l} (f (m)) = π_{l} \circ f (m)$

Conditions C2 and C4 are available: (10) $ρ_{T_{P}} \circ π_{p} (m) = m$

And: (11) $ρ_{T_{Q}} \circ π_{Q} (f (m) å g (r)) = f (m) å g (r)$

According to equation (4), there is: (12) $\begin{array}{l} {\bar{π}}_{P} (f_{P}) \circ π_{P} \circ f \\ = {\bar{π}}_{P} (f_{P}) \circ {\bar{π}}_{P} (f) \circ π_{P} \\ = {\bar{π}}_{P} (f_{P} \circ f) \circ π_{P} \\ = π_{P} \end{array}$

According to equation (5), there is: (13) ${\bar{π}}_{Q} (f) \circ π_{Q} = π_{Q} \circ f$

And: (14) $\begin{array}{l} {\bar{π}}_{Q} (f) \circ {\bar{π}}_{Q} (f_{Q} \circ g) \circ π_{Q} \\ = {\bar{π}}_{Q} (f \circ f_{Q} \circ g) \circ π_{Q} \\ = {\bar{π}}_{Q} (f \circ f_{Q}) \circ {\bar{π}}_{Q} (g) \circ π_{Q} \\ = {\bar{π}}_{Q} (f \circ f_{Q}) \circ π_{Q} \circ g \\ = π_{Q} \circ g \end{array}$

According to ${\bar{π}}_{Q} (f)$ and π_Q are group homomorphisms there: (15) $\begin{array}{l} ρ_{T_{P}} \circ {\bar{π}}_{P} (f_{P}) \circ π_{P} \circ ρ_{T_{Q}} \circ {\bar{π}}_{Q} (f) (c) \\ = ρ_{T_{P}} \circ {\bar{π}}_{P} (f_{P}) \circ π_{P} \circ ρ_{T_{Q}} \circ {\bar{π}}_{Q} (f) (π_{Q} (m) \cdot {\bar{π}}_{Q} (f_{Q} \circ g) \circ π_{Q} (r)) \\ = ρ_{T_{P}} \circ {\bar{π}}_{P} (f_{P}) \circ π_{P} \circ ρ_{T_{Q}} ({\bar{π}}_{Q} (f) \circ π_{Q} (m) å {\bar{π}}_{Q} (f) \circ {\bar{π}}_{Q} (f_{Q} \circ g) \circ π_{Q} (r)) \\ = ρ_{T_{P}} \circ {\bar{π}}_{P} (f_{P}) \circ π_{P} \circ ρ_{T_{Q}} (π_{Q} \circ f (m) å π_{Q} \circ g (r)) \\ = ρ_{T_{P}} \circ {\bar{π}}_{P} (f_{P}) \circ π_{P} \circ ρ_{T_{Q}} \circ π_{Q} (f (m) å g (r)) \\ = ρ_{T_{P}} \circ {\bar{π}}_{P} (f_{P}) \circ π_{P} (f (m) å g (r)) \\ = ρ_{T_{P}} \circ {\bar{π}}_{P} (f_{P}) \circ π_{P} \circ f (m) = ρ_{T_{P}} \circ π_{P} (m) = m \end{array}$

3.1.3

Link Layer Encryption and End-to-End Encryption

The link layer encryption calculation in computer network communication can provide security for data transmission between network nodes. In link encryption, the entire message content is encrypted before transmission, decrypting the messages received by each node and realizing secure message transmission through the reasonable use of keys. In transmission, the information will pass through many communication links, decrypting the message content through each transmission node and then encrypting it. Link encryption can effectively mask the focus of the transmitted message because padded character technology encryption does not require the transmission of data, thus avoiding the information being analyzed in the transmission process.

For end-to-end encryption, the message can be transmitted and stored in ciphertext form between the source and the endpoint. Through the form of end-to-end encryption, it can effectively ensure that the information is not decrypted in the transmission process and comprehensively protect the message in transmission, preventing the leakage of the message due to node damage. The end-to-end encryption technology has a lower cost compared to other encryption technologies, and combined with the link encryption technology, it can effectively improve the overall security of the system and make the system more reliable.

3.2

Multi-Authorization Center Attribute Data Encryption Model

The optimization of multi-authorization center attribute data encryption technology firstly establishes the multi-authorization center attribute data encryption model. The authorization scheme of a single authorization center is adopted on the traditional model establishment to ensure the single authorization of the data to the maximum extent, which is a means to improve data security. In this type of authorization, only the authorization center can issue the key for data transmission. The key issuance and generation rely on this single authorization encryption system center. The one-to-one correspondence of the authorization center ensures the security of the data for attribute key distribution sub-keys are derived from the main key by simple arithmetic changes, i.e., all sub-keys are related to the main key, which will cause certain security risks once the main key is leaked. Since it is very easy to crack the sub-keys, the encryption security of the whole system depends on the authorization center, and the leakage of the master key will lead to the cracking of the keys in the security system one by one.

In this paper, in order to solve the above problems, the authorization scheme of a single authorization center is changed to multi-authorization center attribute data encryption. Multi-authorization center attribute data encryption is carried out in the index parameter setting of the public key, which is defined as G, and the secret value being obfuscated during the actual key-sharing cipher in order to ensure the security of the other keys after the leakage of a single key. The multi-authorization center attribute data encryption construction makes use of the special secret sharing value in the Pre-operation, which changes the problem that the original combination operation corresponding to the public key is too simple and easy to crack. Multi-authorization center encryption support for transmission data, proxy re-encryption of data, the number of keys of data can be greater than 1, in the data transmission between the initial sharer of the data, the data transmission center, and the receiver of the data between the three, the key authorizer of the data from a single to more than one, especially in the development of big data, most of the data transmission centers are replaced by the cloud storage service after the re-encryption of multi-authorization center The superiority of the proxy service is shown.

Multi-authorization center attribute data encryption model in the normal only normal transmission of data a role, after encountering the attack data and more attack data role, first of all, initialize the data and build the corresponding authorization center, set up the corresponding public key and private key, defined as (S, K). In the examination of the data, the presumption value is defined as u, and the probability of identifying u as the attack data for P, and its calculation formula is as follows: (16) $P = \sqrt[2]{u} [m_{\max}] - \frac{1}{2}$

Where m_max is the maximum error in the speculation of the returned ciphertext on the data in this paper, the smaller the value of P in the calculation proves that the security of the model is higher, and the value of P exceeds a certain standard, which proves that the model’s security is poor and cannot guarantee the security of data transmission.

On the basis of the multi-authorization center attribute data encryption model to establish the corresponding security initialization function, the necessary public information to set the security degree, the expression of the initialization function is: (17) $G L \cdot s e t u p (P) = G L \cdot \sqrt[2]{u} (λ P)$

In the formula, λ is the security parameter added when the function is established, which indicates the accuracy of the data in the process of transmission, the multiplicative cyclic group about the probability of attacking the data is constructed in the function, and finally, the corresponding key is generated. In the stage of key generation auxiliary ciphertext, the data sharing party in the user sends a data structure change command to the database, which can trigger the next multi-authorization center to generate a new access structure. Let the new access structure is p(x), the security initialization function performs the encryption time is the same as the generation time of the new access structure, and the attribute collection of the new access structure is p(x) is log p(x), and attributes in the authorization center are log p(x_i), which will be log p(x_i) defined as corresponding attribute vector: (18) $\log p (x_{i}) = {\vec{\log p (x_{i})}} G L \cdot s e t u p (P)$

Taking the vectors composed of random values can be used to identify the DID of confidential data by Verifiable Credentials and the corresponding data are sent to the corresponding data receivers by combining the data with the description of the identified data to characterize the attributes that have the corresponding data [22]. In the process of data security protection, the creditworthiness of data is the criterion for judging data reception. Computer network communication security defense is not only the improvement of information security but also the growth opportunity of data encryption technology. In this paper, the joint optimization and development of network communication security defense and data encryption technology is realized.

3.3

Distributed Collaborative Defense System Design

3.3.1

System Communication Architecture Design

This system, according to the secure communication, mainly involves three aspects: on the one hand, how the data in what way to pass between the various modules. The second aspect is how to retain the data of the system. The third aspect is how the system collects a large amount of data from the intrusion prevention engine.

From the analysis of the system structure and function, we can see that these three aspects are closely related to the business logic layer, as follows.

The first aspect, the monitoring center of the system’s operations,is in the form of command messages to interact with the business logic layer. Similarly, the probe subsystem also exists, and the business logic layer of data communication needs. Inside the business logic layer, it is managed through the network communication module. Therefore, we use SSL to realize secure communication between the network communication module, the monitoring center and the probe subsystem.

Secondly, the database module of the business logic layer is to store and manage the system data in a unified way, and we used Hibernate as the data persistence means to interact with the database in the design of the database module [23].

Thirdly, the intrusion prevention engine inside the probe subsystem generates alarm logs and then interacts with the business logic layer in a distributed manner through the control plane, where we use RMI as a means of distributed technology implementation [24].

3.3.2

Distributed Access Design and Implementation

In this system, the business logic layer is the distributed server side, and the probe subsystems deployed in each critical path of the network are the clients. We use RMI as a technical means to realize the distributed access of the probe subsystem to the business logic layer.

1)

Distributed access design

(1)

Functional overview

The business logic layer serves as the server side of the distributed system, and the client of the probe subsystem has distributed access to it to call the relevant functions and realize the distributed processing function.

(2)

Inputs

Distributed access request from the client of the probe subsystem.

(3)

Output

If the access request is successful, the corresponding function is executed to return data. Otherwise, an error message is returned.

2)

Distributed access realization

In this system structure, the probe subsystem distributed in the network accesses the server side in the business logic layer through RMI.

Distributed development using RMI in accordance with the process described in the previous section, the specific steps are shown below.

In the first step, the server needs to define the remote object interface that the client can access.

In the second step, the server starts the registration of RMI, in the RMI registry records remote access object.

The third step, the client through the RMI registry to access the remote object.

The fourth step, the client to locate the remote access object after the success of the call to the method and the implementation of the relevant functions.

4

Simulation testing of the Distributed Cooperative Defense System

In this chapter, we will focus on carrying out performance simulation tests on the distributed collaborative defense system based on the group theory strategy constructed in this paper to experimentally verify the effectiveness and security of the system. The detailed configurations of clients, servers, and attack machines in the experimental environment are shown in Table 1.

Table 1.

Experimental configuration

Main engine	Memory	Operating system	Processor
Client-side	8G	Ubuntu16.04	Core i5
Server unit	8G	Ubuntu16.04	Core i7
Synchronous server	4G	Ubuntu16.04	Core i5
Attack machine 1	4G	Ubuntu16.04	Core i5
Attack machine 2	8G	Windows 7	Core i5

4.1

Encryption Defense Testing

In order to illustrate more intuitively the superiority of NTRU-like public key cryptosystem in cryptographic defense in the distributed collaborative defense system constructed in this paper, this section generates ciphertext data randomly, performs operations based on the ciphertext and the key under the premise that the key is known, collects the energy consumed in the process of computation, and determines the attack point based on the energy curve. The NTRU-like public key cryptosystem is analyzed by selecting the ciphertext + differential energy attack, and two energy curves are generated corresponding to the ciphertext when all the ciphertexts are 0 in the case of adopting and not adopting the NTRU-like public key cryptosystem. The energy profiles are shown in Fig. 1. As can be seen from the figure, the peak value of the energy curve without an NTRU-like public key cryptosystem shows regular peak fluctuations, and the key can still be deciphered according to the energy curve after eliminating the interference of noise. In the energy curve of NTRU-like public key cryptography, the energy consumption of each key bit is randomized due to the participation of random numbers, and there is no obvious peak and regularity in the energy waveform so that the attacker can’t effectively discriminate the key bits to achieve the purpose of defense.

4.2

Intrusion Defense Testing

In this section, the distributed collaborative defense system constructed in this research will be tested for intrusion defense, and the attack machine and SmartBit will simulate the simulated intrusion to simulate high-speed network attacks. In the test selected 10 sample data sets, each sample data set is half of the normal traffic and attack traffic, and the data sets are different, as the input of the system test, the test sample data set specific data as shown in Table 2, the sample data set of the maximum number of data is 2000.

Table 2.

Sample set

Sample set	Total packet	Normal packet	Attack packet
D1	200	100	100
D2	400	200	200
D3	600	300	300
D4	800	400	400
D5	1000	500	500
D6	1200	600	600
D7	1400	700	700
D8	1600	800	800
D9	1800	900	900
D10	2000	1000	1000

After testing using the data set above, the corresponding defense test results are obtained, as shown in Table 3. As can be seen from the test results, when the number of network intrusions is small, 100-300, the defense success rate reaches 100%. However, with the increase in the number of invasions, the defense success rate also appears to decline. When the number of invasions reaches a maximum of 1,000, the defense success rate can still be maintained at a high level of 98.2%, which indicates that this paper’s distributed collaborative defense system has excellent intrusion prevention performance.

Table 3.

Results of the defense test

Sample set	Attack packet	The total number of response events of the invasion defense	Success rate(%)
D1	100	100	100%
D2	200	200	100%
D3	300	300	100%
D4	400	398	99.5%
D5	500	497	99.4%
D6	600	596	99.3%
D7	700	695	99.3%
D8	800	792	99.0%
D9	900	890	98.9%
D10	1000	982	98.2%

4.3

System Load Testing

In the face of computer intrusion attacks, often in the form of DoS attacks, using a large number of forged packets to make the system server exhaust resources, at this time, the load performance of the system plays a crucial role. In this section, the traditional collaborative defense system without an NTRU-like public key cryptosystem (referred to as the “traditional system”) is selected as a comparison, and the average response time of control commands, network bandwidth, and average response time of the distributed collaborative defense system in this paper is tested and analyzed under different attack rates.

4.3.1

Control command response performance

In this section, the response time is set as the total time from the controller sending command information to the server to receiving the return result, and the Trafgen netsniff-ngv0.6.0 attack tool and TCP-SYN Flood method are used to attack the traditional system and the collaborative defense system of this paper with different rates respectively, so as to statistically calculate the average response time of the control commands. In order to be more intuitive display will be fitted to organize, specifically as shown in Figure 2. When the attack intensity is less than 5Mbps, the command response time is not much different. Since 10Mbps, the difference between the command response time of this paper’s system and the traditional system increases dramatically, and the command response time of the traditional system grows to 13.21s, while this paper’s system only grows to 4.302s. When the attack intensity reaches 35Mbps, the command response time of the traditional system reaches the longest, 48.61s, and the system is paralyzed after that, and it can’t continue to provide the command output normally. In this paper, the system is still able to provide normal command output until the attack rate of 60 Mbps, and the command response time is 38.46 s. Obviously, with the increase in the attack rate, the distributed collaborative defense system in this paper can still operate normally and can effectively resist the attack.

4.3.2

Network bandwidth performance

In this section, the experimental test will use hping3v3.0 to carry out TCP-SYN Flood attacks at different rates on the distributed collaborative defense system constructed in this paper and the traditional system and obtain the current network bandwidth by using the Iperfv3.1.3 tool. By attacking at different rates, the network bandwidth is recorded, and the average value is calculated, as shown in Table 4. From the experimental results in the table, it can be seen that when the system is not attacked, the TCP bandwidth is maintained at 94.5 Mbytes for both the system in this paper and the traditional system. When the attack rate reaches 500 packets/sec, the bandwidth of the traditional system decreases sharply to 16.8 bytes, while the system in this paper is less affected. When the attack rate rises to 1000packets/sec, the bandwidth of the traditional system drops to 4.85Mbytes and continues to drop with the increase of the attack rate after that, and the network performance decreases rapidly, failing instruction delivery. Under this attack rate, the system in this paper can still maintain 30.8Mbytes when the attack rate is 5000 packets/sec, and the network performance still reaches a high level. In summary, when the attack rate is gradually increased, the system in this paper shows better performance, which reflects the superior attack resistance and effectively alleviates the damage caused by the attack.

Table 4.

Network bandwidth performance

Attack rate(packets/sec)	Traditional system (Mbits/sec)	System of this article (Mbits/sec)
0	94.5	94.5
500	16.8	70.4
1000	4.85	65.95
1500	4.02	60.2
2000	3.68	58.6
2500	3.12	52.4
3000	2.64	50.15
3500	2.25	47.13
4000	2.15	41.52
4500	2.05	33.1
5000	1.91	30.8

4.3.3

Average service response performance

The experimental tests in this section set three different hopping rates for the end-address hopping unit of the host in the system. The attacker launches TCP-SYN Flood attacks with different strengths under the three different hopping rates, and calculates the service response time under the different hopping rates. The specific data are shown in Figure 3. In the figure, J1~J3 represents three different hopping rates: 1 hop/0.5s, 1 hop/1s, and 1 hop/5s. In the hopping mode of different rates, with the gradual increase of the average attack rate, the average response time of this paper’s system and the traditional system also increases gradually, but this paper’s system has no sharp increase. When the attack rate reaches 50Mbps, the average response time of the system in this paper is only increased to 4.06ms, 4.73ms, and 5.23ms in three different hopping rates: 1 hop/0.5s, 1 hop/1s, 1 hop/5s, in contrast, the average response time of the traditional system in the hopping modes of different rates has a rapid increase in the average response time of the service. When the attack rate is 10Mbps, the average service response time of the traditional system at different hopping rates of 1 hop/0.5s, 1 hop/1s, and 1 hop/5s grows rapidly from 2.7ms, 2.34ms, and 1.86ms from the unattacked rate to 18.74ms, 19.09ms, and 23.44ms. When the attack rate is 50Mbps, the average service response time of the traditional system at the hopping rates of 1 hop/0.5s, 1 hop/1s, and 1 hop/5s grows rapidly from 1 hop/0.5s, 1 hop/1s, and 1.86ms to 18.74ms, 19.09ms, and 23.44ms. When the attack rate is 50Mbps, the average response time of the traditional system at 1 hop/0.5s, 1 hop/1s, 1 hop/5s with different hopping rates grows to 34.76ms, 43.91ms, and 50.58ms, respectively. Obviously, the system in this paper can effectively resist the attack and greatly improve the security of the system.

5

Conclusion

Based on group theory, this paper proposes a group theory-based NTRU-like public key cryptosystem in terms of computer security mechanism and further proposes a cooperative defense method as the core to construct a distributed cooperative defense system. The distributed collaborative defense system constructed in this paper is tested by performance simulation. In the encryption defense test, the energy curve of the NTRU-like public key cryptography system used in this paper has no obvious peak and regularity, which makes it more difficult for the attacker to decipher the key, thus realizing the purpose of defense. In the face of intrusion defense tests, with the increasing number of intrusions, the system can still maintain a high defense success rate. When the number of invasions reaches 1,000, the system still maintains a defense success rate of 98.2%. The system load test covers three performance tests: control command response, network bandwidth, and average service response. The system is able to provide normal command output even under a 60Mbps attack rate, while the traditional collaborative defense system without an NTRU-like public key cryptography system is paralyzed after the attack strength is greater than 35Mbps. The network bandwidth of this system is also less affected by the attack rate, and it can still maintain 30.8Mbytes when the attack rate is 5000packets/sec, while the traditional system has a rapid decrease in network bandwidth when the attack rate is 500packets/sec, which affects the delivery of system commands. As for the performance of the average service response, the traditional system shows a rapid increase in the average service response time under the hopping mode of different rates. At the attack speed of 50Mbps, the longest average service response time of this paper’s system with different hopping rates only grows to 5.23ms.

Lingua:: Inglese

Frequenza di pubblicazione:: 1 volte all'anno
Argomenti della rivista:: Scienze biologiche, Scienze della vita, altro, Matematica, Matematica applicata, Matematica generale, Fisica, Fisica, altro

Feed RSS della rivista

Research on Group Theory Strategies in Computer Security Mechanisms and Collaborative Defense Techniques for Distributed Systems

Ning Peng

Pubblicato online: 19 mar 2025

Ricevuto: 05 ott 2024

Accettato: 30 gen 2025

DOI: https://doi.org/10.2478/amns-2025-0370

Parole chiaveGroup theory, Data encryption model, NTRU-like public key cryptography, Cooperative defense techniques

© 2025 Ning Peng, published by Sciendo

This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Parole chiave
Group theory, Data encryption model, NTRU-like public key cryptography, Cooperative defense techniques