CN103905452A - Credible network attack filter device and method - Google Patents
Credible network attack filter device and method Download PDFInfo
- Publication number
- CN103905452A CN103905452A CN201410133919.8A CN201410133919A CN103905452A CN 103905452 A CN103905452 A CN 103905452A CN 201410133919 A CN201410133919 A CN 201410133919A CN 103905452 A CN103905452 A CN 103905452A
- Authority
- CN
- China
- Prior art keywords
- packet
- sequence number
- control module
- safety control
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
Abstract
The invention discloses a credible network attack filter device and method. The credible network attack filter device comprises a network interface module and a safety control module. The network interface module is used for receiving and sending IP data packages. The safety control module is used for identifying received IP data packages sent by a protected computer and analyzing and judging received IP data packages sent by an external communication network. Whether the IP data packages are falsified and faked or not is judged through abstract operation, and the credible network attack filter device accurately differs the legal data packages from the illegal data packages and filters attacks from the exterior of a system; meanwhile, the size of a sending serial number and the size of a receiving serial number are compared, replay attacks sent by attackers can be resisted, and therefore network equipment protection is effectively achieved.
Description
Technical field
The present invention relates to network security defence field, relate in particular to a kind of can precise marking network IP packet and on the basis of mark, accurately filter network attack filter and the network attack filter method of illegal IP packet.
Background technology
The development of network service has promoted the development of entire society greatly, industry-by-industry all to some extent Adoption Network carry out information communication.But current IP-based network service does not take into full account safety factor at the beginning of design, therefore the network equipment is often subject to the attack of automatic network, and these attacks have caused very large harm.Therefore,, for improving internet security, the equipment such as fire compartment wall, intrusion detection, encryption VPN release one after another, and have improved to a certain extent internet security.
At present, the network security defensive equipment of main flow has fire compartment wall, intrusion detection and encryption VPN etc., and every kind of equipment all can play certain safety effect, but also has drawback.
Fire compartment wall is mainly resisted network attack based on IP Packet Filtering technology, and in the time that network IP packet arrives fire compartment wall, fire compartment wall checks IP packet according to predefined filtering rule, and the IP packet of letting pass and allowing, abandons the IP packet of forbidding.Based on above-mentioned principle, fire compartment wall can be resisted a lot of attacks, but fire compartment wall or directtissima fire compartment wall are cheated and walked around to the IP packet that assailant can conform with filtering rule by structure.
Intrusion detection is mainly determined attack based on feature detection and abnormality detection, the mechanics that is in essence IP packet Network Based analyzes, comprehensively, extract certain network behavior pattern or rule, then according to the behavior pattern or rule judge whether IP packet has invasion.But above-mentioned two kinds of modes exist and normal IP packet are judged as to invasion IP packet or invade the possibility of IP packet as legal IP packet in principle, and intrusion detection is difficult to make accurately and detects.
Encrypt VPN and communicate by the escape way of setting up encryption network service both sides, owing to having adopted Cryptography Principles, therefore can accomplish to accurately the distinguishing of IP packet distinguishing attack bag and legal bag.But the realization of equipment itself is comparatively complicated, cause correctness and the fail safe of device program self can not guarantee in principle, the possibility that exists equipment itself to be broken, in actual applications simultaneously, data are encrypted to the data throughput that can reduce network, and a lot of application do not have encryption requirements, have increased lower deployment cost.
Can find out from the analysis of the said equipment, because do not take into full account safety factor at the beginning of IP network Protocol Design, network IP packet self does not have believable mark, easily occurs by forging or distort IP packet to escape network security defence installation, and then reaches the phenomenon of attacking object; Simultaneously; the self-security problem that the complexity of the VPN equipment that most current cost is higher causes has reduced its Prevention-Security rank; therefore need the cyber-defence equipment that a kind of lower deployment cost is low, oneself height is safe; by the source of accurate differentiation IP packet; distinguish legal IP packet and attack packets, realize effective protection of the network equipment.
Summary of the invention
The object of this invention is to provide a kind of believable network attack filter and network attack filter method, can precise marking network IP packet, and on the basis of mark, accurately filter illegal IP packet, realize effective protection of the network equipment.
The present invention adopts following technical proposals:
A kind of believable network attack filter, comprises Network Interface Module and safety control module;
Described Network Interface Module has been used for the transmitting-receiving of IP packet, and Network Interface Module comprises outer net Network Interface Module and inner-mesh network interface module; Outer net Network Interface Module connects safety control module and external communication network, for receiving the IP packet that external communication network sends and sending safety control module to, and receive the IP packet that safety control module sends and send by external communication network; Inner-mesh network interface module connects protected computer and safety control module in Intranet, for receiving the IP packet that safety control module sends and sending the protected computer of Intranet to, and receive the IP packet that in Intranet, protected computer sends and send safety control module to;
The IP packet that described safety control module identifies for the IP packet that received protected computer is sent and received external communication network is sent is resolved differentiation, internal memory of safety control module contains the key corresponding with corresponding destination address and address, source, transmit Sequence Number and receive sequence number, in the time that safety control module receives the IP packet that in Intranet, protected computer sends, safety control module reads this IP packet and extracts IP packet rs destination address, obtain corresponding key and transmit Sequence Number according to destination address, to transmit Sequence Number and be placed in IP packet afterbody, utilize key to IP packet and the computing of making a summary that transmits Sequence Number, after summary operation result is invested and is transmitted Sequence Number, and adjust the Length Indication information in IP header message according to current length, then the IP packet adding after mark is sent to external communication network by outer net Network Interface Module, in the time that safety control module receives the IP packet that external communication network sends, safety control module reads this IP packet and extracts address, IP packet source, according to corresponding key and the receive sequence number of IP packet source address acquisition, safety control module utilizes key to protected content in IP packet and the computing of making a summary that transmits Sequence Number, and the summary operation result carrying in operation result and IP packet is compared, if result is more inconsistent, think that IP packet is tampered and forges, by this IP data packet discarding, if result more unanimously, judges IP packet and is not tampered and forges, that continues relatively from IP packet, to read transmits Sequence Number and the size of receive sequence number, be greater than receive sequence number if transmit Sequence Number and think that IP packet is legal, safety control module receive this IP packet and by this IP Packet Generation to protected computer in Intranet, be less than or equal to receive sequence number if transmitted Sequence Number, think that IP packet is illegal, by this IP data packet discarding.
Described safety control module comprises safe processing chip and the external memory storage being connected with safe processing chip.
Described safe processing chip is also connected with switch module and serial communication modular, the signal output part of switch module connects the signal input part of safe processing chip, switch module is used for to safe processing chip input high level or low level signal, safe processing chip enters respectively IP package identification and resolves and differentiate mode of operation or configurator operational mode according to the unlike signal that receives switch module transmission, and under configurator operational mode, safe processing chip only communicates by serial communication modular and the external world.
Described Network Interface Module adopts the interface chip of the ethernet specification of supporting IEEE802.3.
Described switch module adopts contactor.
Described serial communication modular adopts the asynchronous serial communication interface chip of supporting RS232 standard.
A network attack filter method that utilizes believable network attack filter as claimed in claim 1 to realize, comprises the following steps:
A: will be connected a network attack filter in each Intranet between protected computer and external communication network, in the time that receiving IP packet, the safety control module in some network attack filters judges IP packet source, if when the computer that the IP packet receiving source is network attack filter connection therewith, enter step B; If when the IP packet receiving source is another network attack filter, enter step F;
B: safety control module reads this IP packet and extracts IP packet rs destination address, then enters step C;
C: safety control module is according to key corresponding to IP packet rs destination address acquisition and transmit Sequence Number, then enters step D;
D: safety control module will transmit Sequence Number and be placed in IP packet afterbody, utilize key to IP packet and the computing of making a summary that transmits Sequence Number, after summary operation result is invested and is transmitted Sequence Number, and adjust the Length Indication information in IP header message according to current length, then enter step e;
E: safety control module is sent to external communication network by the IP packet after mark by outer net Network Interface Module, completes the operation of IP package identification, then returns to steps A;
F: safety control module reads this IP packet and extracts address, IP packet source, then enters step G;
G: safety control module, according to corresponding key and the receive sequence number of IP packet source address acquisition, then enters step H;
H: safety control module utilizes key to protected content in IP packet and the computing of making a summary that transmits Sequence Number, and the summary operation result carrying in operation result and IP packet is compared, if result more unanimously, judges IP packet and is not tampered and forges, then enters step I; If result is more inconsistent, think that IP packet is tampered and forges, by this IP data packet discarding, then return to steps A;
I: safety control module reads transmitting Sequence Number and receive sequence number in IP packet, and relatively transmit Sequence Number and receive sequence number size, be greater than receive sequence number if transmitted Sequence Number, think that IP packet is legal, receive this IP packet and by this IP Packet Generation to protected computer in Intranet; Be less than or equal to receive sequence number if transmitted Sequence Number, think that IP packet is illegal, by this IP data packet discarding, then return to steps A.
When the present invention's IP packet that protected computer outwards sends in Intranet, utilize key to IP packet and the computing of making a summary that transmits Sequence Number, summary operation result is invested to IP packet rear portion with transmitting Sequence Number as mark, then the IP packet that comprises mark is sent to external communication network by outer net Network Interface Module; In the time receiving the IP packet that external communication network sends, safety control module according to key corresponding to source address acquisition to protected content in IP packet and the computing of making a summary that transmits Sequence Number, and the summary operation result carrying in operation result and IP packet is compared and judges whether IP packet is tampered and forges, accurately distinguish legal and illegal packet, filter the attack from system outside; Meanwhile, the present invention utilizes safety control module to read and compares transmitting Sequence Number and receive sequence number size in IP packet, can resist the Replay Attack that assailant sends, and effectively realizes network equipment protection.Further, the present invention utilizes two kinds of operation logics of hardware switch isolation safe process chip, safe processing chip is carried out configurator and is not undertaken by network, can only be undertaken by serial communication modular, can effectively stop the attack for safe processing chip itself of initiating by Network Interface Module, fail safe greatly improves.
Accompanying drawing explanation
Fig. 1 is the theory diagram of believable network attack filter of the present invention;
Fig. 2 is the schematic flow sheet of network attack filter method of the present invention;
Fig. 3 is IP package identification principle schematic;
Fig. 4 is two computers carry out respectively data communication theory diagram by network attack filter.
Embodiment
As shown in Figure 1; the present invention includes Network Interface Module and safety control module; Network Interface Module has been used for the transmitting-receiving of IP packet, and the IP packet that safety control module identifies for the IP packet that received protected computer is sent and received external communication network is sent is resolved differentiation.
Described Network Interface Module comprises outer net Network Interface Module and inner-mesh network interface module, outer net Network Interface Module connects safety control module and external communication network, for receiving the IP packet that external communication network sends and sending safety control module to, and receive the IP packet that safety control module sends and send by external communication network; Inner-mesh network interface module connects protected computer and safety control module in Intranet; for receiving the IP packet that safety control module sends and sending the protected computer of Intranet to, and receive the IP packet that in Intranet, protected computer sends and send safety control module to.
Safety control module comprises safe processing chip and the external memory storage being connected with safe processing chip, safety chip has ROM, EFLASH, ram memory cell, in safety chip internal storage unit, store the key corresponding with corresponding destination address and address, source, transmit Sequence Number and receive sequence number, in the time that safety control module receives the IP packet that in Intranet, protected computer sends, safety control module reads this IP packet and extracts IP packet rs destination address, obtain corresponding key and transmit Sequence Number according to destination address, to transmit Sequence Number and be placed in IP packet afterbody, utilize key to IP packet and the computing of making a summary that transmits Sequence Number, after summary operation result is invested and is transmitted Sequence Number, and adjust the Length Indication information in IP header message according to current length, then the IP packet adding after mark is sent to external communication network by outer net Network Interface Module.IP package identification principle schematic as shown in Figure 3.In the time that safety control module receives the IP packet that external communication network sends, safety control module reads this IP packet and extracts address, IP packet source, according to corresponding key and the receive sequence number of IP packet source address acquisition, safety control module utilizes key to protected content in IP packet and the computing of making a summary that transmits Sequence Number, and the summary operation result carrying in operation result and IP packet is compared, if result is more inconsistent, think that IP packet is tampered and forges, by this IP data packet discarding; If result more unanimously, judges IP packet and is not tampered and forges, that continues relatively from IP packet, to read transmits Sequence Number and the size of receive sequence number, be greater than receive sequence number if transmit Sequence Number and think that IP packet is legal, safety control module receive this IP packet and by this IP Packet Generation to protected computer in Intranet; Be less than or equal to receive sequence number if transmitted Sequence Number, think that IP packet is illegal, by this IP data packet discarding.
In the external memory storage that safe processing chip connects, store safe processing chip configurator, safe processing chip is also connected with switch module and serial communication modular, the signal output part of switch module connects the signal input part of safe processing chip, switch module is used for to safe processing chip input high level or low level signal, safe processing chip enters respectively IP packet reception & disposal mode of operation or configurator operational mode according to the unlike signal that receives switch module transmission, under configurator operational mode, safe processing chip only communicates by serial communication modular and the external world.In the time that safe processing chip is carried out IP packet reception & disposal mode of operation, safe processing chip starts from inside, be safe processing chip fetch program execution from internal storage unit, safe processing chip can not access external memory, can guarantee the program in exterior storage of can not distorting, and then guarantee the safety of configurator.In the time that safe processing chip is carried out configurator operational mode, safe processing chip reads configurator and carries out from external memory storage, configurator moves in user's computer, subscriber computer communicates by serial communication modular and safe processing chip, now in safe processing chip, move configurator, form the mode of operation of C/S with user's computer.The present invention utilizes two kinds of operation logics of hardware switch isolation safe process chip, safe processing chip is carried out configurator and is not undertaken by network, can effectively stop the attack for safe processing chip itself of initiating by Network Interface Module, no matter the configurator of safe processing chip has or not leak, assailant all can not revise the configurator of safe processing chip, and fail safe greatly improves.
In the present embodiment, Network Interface Module adopts the interface chip of supporting the ethernet specifications such as IEEE802.3, is called network card chip, can support the transmitting-receiving of Ethernet data bag.For improving overall security, network card chip is selected homemade chip.Safe processing chip; refer to have the control chip of safety function; safety function refers to can carry out crypto-operation and self have stronger anti-various attacks measure; crypto-operation can adopt summary computing, the attack protection measure self having comprises that the special layout design of multilayer, voltage detecting, memory block encipherment protection, the illumination that chip has detects, MPU(memory protect unit) etc. take precautions against the safeguard measure of physical attacks, software attacks.Switch module can adopt contactor, and the folding of contactor can be sent low level, two kinds of different control signals of high level to safe processing chip.Serial communication modular can adopt the asynchronous serial communication interface chip of supporting RS232 standard, needs special serial interface cable to connect respectively this asynchronous serial communication interface chip and the asynchronous serial communication interface chip (be commonly referred to as com port) of user's configuration on computer when communication.External memory storage can adopt FLASH chip, and FLASH chip is general a kind of storage chip, and save data under power-down conditions can be by the external interface of FLASH chip to operations such as FLASH chip read and write, wipes.
As shown in Figure 2, network attack filter method of the present invention, comprises the following steps:
A: will be connected a network attack filter in each Intranet between protected computer and external communication network, in the time that receiving IP packet, the safety control module in some network attack filters judges IP packet source, if when the computer that the IP packet receiving source is network attack filter connection therewith, enter step B; If when the IP packet receiving source is another network attack filter, enter step F;
B: safety control module reads this IP packet and extracts IP packet rs destination address, then enters step C;
C: safety control module is according to key corresponding to IP packet rs destination address acquisition and transmit Sequence Number, then enters step D;
D: safety control module will transmit Sequence Number and be placed in IP packet afterbody, utilize key to IP packet and the computing of making a summary that transmits Sequence Number, after summary operation result is invested and is transmitted Sequence Number, and adjust the Length Indication information in IP header message according to current length, then enter step e;
E: safety control module is sent to external communication network by the IP packet after mark by outer net Network Interface Module, completes the operation of IP package identification, then returns to steps A;
F: safety control module reads this IP packet and extracts address, IP packet source, then enters step G;
G: safety control module, according to corresponding key and the receive sequence number of IP packet source address acquisition, then enters step H;
H: safety control module utilizes key to protected content in IP packet and the computing of making a summary that transmits Sequence Number, and the summary operation result carrying in operation result and IP packet is compared, if result more unanimously, judges IP packet and is not tampered and forges, then enters step I; If result is more inconsistent, think that IP packet is tampered and forges, by this IP data packet discarding, then return to steps A;
I: safety control module reads transmitting Sequence Number and receive sequence number in IP packet, and relatively transmit Sequence Number and receive sequence number size, be greater than receive sequence number if transmitted Sequence Number, think that IP packet is legal, receive this IP packet and by this IP Packet Generation to protected computer in Intranet; Be less than or equal to receive sequence number if transmitted Sequence Number, think that IP packet is illegal, by this IP data packet discarding, then return to steps A.
IP packet in the present invention is made up of stem and data two parts, and the address, source and the destination address that in stem, comprise are IP protocol address.Summary computing in the present invention is one of basic algorithm in cryptography, also referred to as Hash (Hash) algorithm or hashing algorithm.
Below in conjunction with specific embodiment, further illustrate network attack filter method of the present invention.In the present embodiment, as shown in Figure 4, the first computer is connected with external communication network by first network attaching filtering device, and second computer is connected with external communication network by second network attaching filtering device.
In the time that the first computer need to send IP packet to second computer, first the first computer sends IP packet to first network attaching filtering device, the safety control module of first network attaching filtering device reads this IP packet and extracts IP packet rs destination address, it is the address of second computer, then safety control module is according to key corresponding to IP packet rs destination address acquisition with transmit Sequence Number, to transmit Sequence Number and be placed in IP packet afterbody, utilize key to IP packet and the computing of making a summary that transmits Sequence Number, after summary operation result is invested and is transmitted Sequence Number, and adjust the Length Indication information in IP header message according to current length, the safety control module of last first network attaching filtering device utilizes external communication network to be sent to second computer by outer net Network Interface Module the IP packet after mark, complete the operation of IP package identification,
In the time that the IP packet of the first computer transmission arrives second network attaching filtering device, second network attaching filtering device outer net Network Interface Module receives this IP packet this IP Packet Generation safety control module to second network attaching filtering device, the safety control module of second network attaching filtering device reads this IP packet and extracts address, IP packet source, according to corresponding key and the receive sequence number of IP packet source address acquisition, then the safety control module of second network attaching filtering device utilizes key to protected content in IP packet and the computing of making a summary that transmits Sequence Number, and the summary operation result carrying in operation result and IP packet is compared, if result is more inconsistent, think that IP packet is tampered and forges, by this IP data packet discarding, if result more unanimously, judges IP packet and is not tampered and forges, the safety control module of second network attaching filtering device reads transmitting Sequence Number and receive sequence number in IP packet, and relatively transmit Sequence Number and receive sequence number size, be greater than receive sequence number if transmitted Sequence Number, think that IP packet is legal, the safety control module of second network attaching filtering device receive this IP packet and by this IP Packet Generation to second computer, be less than or equal to receive sequence number if transmitted Sequence Number, think that IP packet is illegal, the safety control module of second network attaching filtering device is by this IP data packet discarding.
The present invention by increasing summary info and sequence number information in IP packet, and the calculating of summary info is based upon on key and cryptographic algorithm basis, can guarantee in theory to judge distorting and forging of packet by summary; The judgement of sequence number information can be resisted the Replay Attack that assailant sends.The present invention can accurately distinguish legal and illegal packet by above-mentioned mechanism, filters the attack from system outside.The present invention does not adopt the network cipher security protocol of current complexity, and function is simple, convenient realization, and specific implementation can be verified by formalization method, guarantees the correct and safety of realization itself.The present invention also utilizes two kinds of operation logics of hardware switch isolation safe process chip, safe processing chip is carried out configurator and is not undertaken by network, can only be undertaken by serial communication modular, can effectively stop the attack for safe processing chip itself of initiating by Network Interface Module, fail safe greatly improves.
Claims (7)
1. a believable network attack filter, is characterized in that: comprise Network Interface Module and safety control module;
Described Network Interface Module has been used for the transmitting-receiving of IP packet, and Network Interface Module comprises outer net Network Interface Module and inner-mesh network interface module; Outer net Network Interface Module connects safety control module and external communication network, for receiving the IP packet that external communication network sends and sending safety control module to, and receive the IP packet that safety control module sends and send by external communication network; Inner-mesh network interface module connects protected computer and safety control module in Intranet, for receiving the IP packet that safety control module sends and sending the protected computer of Intranet to, and receive the IP packet that in Intranet, protected computer sends and send safety control module to;
The IP packet that described safety control module identifies for the IP packet that received protected computer is sent and received external communication network is sent is resolved differentiation, internal memory of safety control module contains the key corresponding with corresponding destination address and address, source, transmit Sequence Number and receive sequence number, in the time that safety control module receives the IP packet that in Intranet, protected computer sends, safety control module reads this IP packet and extracts IP packet rs destination address, obtain corresponding key and transmit Sequence Number according to destination address, to transmit Sequence Number and be placed in IP packet afterbody, utilize key to IP packet and the computing of making a summary that transmits Sequence Number, after summary operation result is invested and is transmitted Sequence Number, and adjust the Length Indication information in IP header message according to current length, then the IP packet adding after mark is sent to external communication network by outer net Network Interface Module, in the time that safety control module receives the IP packet that external communication network sends, safety control module reads this IP packet and extracts address, IP packet source, according to corresponding key and the receive sequence number of IP packet source address acquisition, safety control module utilizes key to protected content in IP packet and the computing of making a summary that transmits Sequence Number, and the summary operation result carrying in operation result and IP packet is compared, if result is more inconsistent, think that IP packet is tampered and forges, by this IP data packet discarding, if result more unanimously, judges IP packet and is not tampered and forges, that continues relatively from IP packet, to read transmits Sequence Number and the size of receive sequence number, be greater than receive sequence number if transmit Sequence Number and think that IP packet is legal, safety control module receive this IP packet and by this IP Packet Generation to protected computer in Intranet, be less than or equal to receive sequence number if transmitted Sequence Number, think that IP packet is illegal, by this IP data packet discarding.
2. believable network attack filter according to claim 1, is characterized in that: described safety control module comprises safe processing chip and the external memory storage being connected with safe processing chip.
3. believable network attack filter according to claim 2, it is characterized in that: described safe processing chip is also connected with switch module and serial communication modular, the signal output part of switch module connects the signal input part of safe processing chip, switch module is used for to safe processing chip input high level or low level signal, safe processing chip enters respectively IP package identification according to the unlike signal that receives switch module transmission and resolves and differentiate mode of operation or configurator operational mode, under configurator operational mode, safe processing chip only communicates by serial communication modular and the external world.
4. believable network attack filter according to claim 3, is characterized in that: described Network Interface Module adopts the interface chip of the ethernet specification of supporting IEEE802.3.
5. believable network attack filter according to claim 4, is characterized in that: described switch module adopts contactor.
6. believable network attack filter according to claim 5, is characterized in that: described serial communication modular adopts the asynchronous serial communication interface chip of supporting RS232 standard.
7. a network attack filter method that utilizes believable network attack filter as claimed in claim 1 to realize, is characterized in that, comprises the following steps:
A: will be connected a network attack filter in each Intranet between protected computer and external communication network, in the time that receiving IP packet, the safety control module in some network attack filters judges IP packet source, if when the computer that the IP packet receiving source is network attack filter connection therewith, enter step B; If when the IP packet receiving source is another network attack filter, enter step F;
B: safety control module reads this IP packet and extracts IP packet rs destination address, then enters step C;
C: safety control module is according to key corresponding to IP packet rs destination address acquisition and transmit Sequence Number, then enters step D;
D: safety control module will transmit Sequence Number and be placed in IP packet afterbody, utilize key to IP packet and the computing of making a summary that transmits Sequence Number, after summary operation result is invested and is transmitted Sequence Number, and adjust the Length Indication information in IP header message according to current length, then enter step e;
E: safety control module is sent to external communication network by the IP packet after mark by outer net Network Interface Module, completes the operation of IP package identification, then returns to steps A;
F: safety control module reads this IP packet and extracts address, IP packet source, then enters step G;
G: safety control module, according to corresponding key and the receive sequence number of IP packet source address acquisition, then enters step H;
H: safety control module utilizes key to protected content in IP packet and the computing of making a summary that transmits Sequence Number, and the summary operation result carrying in operation result and IP packet is compared, if result more unanimously, judges IP packet and is not tampered and forges, then enters step I; If result is more inconsistent, think that IP packet is tampered and forges, by this IP data packet discarding, then return to steps A;
I: safety control module reads transmitting Sequence Number and receive sequence number in IP packet, and relatively transmit Sequence Number and receive sequence number size, be greater than receive sequence number if transmitted Sequence Number, think that IP packet is legal, receive this IP packet and by this IP Packet Generation to protected computer in Intranet; Be less than or equal to receive sequence number if transmitted Sequence Number, think that IP packet is illegal, by this IP data packet discarding, then return to steps A.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410133919.8A CN103905452A (en) | 2014-04-03 | 2014-04-03 | Credible network attack filter device and method |
| PCT/CN2015/075441 WO2015149669A1 (en) | 2014-04-03 | 2015-03-31 | Trusted network attack filtering device and network attack filtering method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410133919.8A CN103905452A (en) | 2014-04-03 | 2014-04-03 | Credible network attack filter device and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103905452A true CN103905452A (en) | 2014-07-02 |
Family
ID=50996606
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410133919.8A Pending CN103905452A (en) | 2014-04-03 | 2014-04-03 | Credible network attack filter device and method |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103905452A (en) |
| WO (1) | WO2015149669A1 (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015149669A1 (en) * | 2014-04-03 | 2015-10-08 | 国家电网公司 | Trusted network attack filtering device and network attack filtering method |
| CN105072104A (en) * | 2015-07-30 | 2015-11-18 | 积成电子股份有限公司 | Switch system having anti-IEE1588 falsification function and processing method |
| CN108306858A (en) * | 2017-12-26 | 2018-07-20 | 成都卫士通信息产业股份有限公司 | The anti-fake guard method of Ethernet data and system |
| CN108712371A (en) * | 2018-04-02 | 2018-10-26 | 浙江远望信息股份有限公司 | A method of network safety prevention is carried out to internet of things equipment |
| CN109005148A (en) * | 2017-06-07 | 2018-12-14 | 罗伯特·博世有限公司 | For protecting vehicle network from the method for the data transmission being tampered |
| CN109194607A (en) * | 2018-07-16 | 2019-01-11 | 杨俊佳 | Based on local data transmission chip and contain the electronic equipment of the chip |
| CN109842604A (en) * | 2017-11-28 | 2019-06-04 | 中天安泰(北京)信息技术有限公司 | Communication downlink data reconstruction method and component |
| CN109842595A (en) * | 2017-11-28 | 2019-06-04 | 中天安泰(北京)信息技术有限公司 | Prevent the method and device of network attack |
| CN109842597A (en) * | 2017-11-28 | 2019-06-04 | 中天安泰(北京)信息技术有限公司 | Communication uplink data reconstruction method and component |
| CN111277449A (en) * | 2018-12-05 | 2020-06-12 | 中国移动通信集团广西有限公司 | Safety testing method and device for voice service equipment |
| CN115314188A (en) * | 2022-10-11 | 2022-11-08 | 北京紫光青藤微系统有限公司 | Decoding device, authentication method for decoding device and mobile terminal |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107347052B (en) * | 2016-05-05 | 2020-07-14 | 阿里巴巴集团控股有限公司 | Method and device for detecting database collision attack |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1794626A (en) * | 2005-06-24 | 2006-06-28 | 华为技术有限公司 | Method of preventing playback attack |
| CN1859291A (en) * | 2005-12-13 | 2006-11-08 | 华为技术有限公司 | Method for safety packaging network message |
| CN101159718A (en) * | 2007-08-03 | 2008-04-09 | 重庆邮电大学 | Embedded type industry ethernet safety gateway |
| US8548166B2 (en) * | 1995-04-03 | 2013-10-01 | Anthony J. Wasilewski | Method for partially encrypting program data |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040047308A1 (en) * | 2002-08-16 | 2004-03-11 | Alan Kavanagh | Secure signature in GPRS tunnelling protocol (GTP) |
| CN102065067B (en) * | 2009-11-11 | 2014-06-25 | 杭州华三通信技术有限公司 | Method and device for preventing replay attack between portal server and client |
| CN103118363B (en) * | 2011-11-17 | 2016-07-27 | 中国电信股份有限公司 | A kind of method of mutual biography secret information, system, terminal unit and platform device |
| CN103905452A (en) * | 2014-04-03 | 2014-07-02 | 国家电网公司 | Credible network attack filter device and method |
-
2014
- 2014-04-03 CN CN201410133919.8A patent/CN103905452A/en active Pending
-
2015
- 2015-03-31 WO PCT/CN2015/075441 patent/WO2015149669A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8548166B2 (en) * | 1995-04-03 | 2013-10-01 | Anthony J. Wasilewski | Method for partially encrypting program data |
| CN1794626A (en) * | 2005-06-24 | 2006-06-28 | 华为技术有限公司 | Method of preventing playback attack |
| CN1859291A (en) * | 2005-12-13 | 2006-11-08 | 华为技术有限公司 | Method for safety packaging network message |
| CN101159718A (en) * | 2007-08-03 | 2008-04-09 | 重庆邮电大学 | Embedded type industry ethernet safety gateway |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015149669A1 (en) * | 2014-04-03 | 2015-10-08 | 国家电网公司 | Trusted network attack filtering device and network attack filtering method |
| CN105072104A (en) * | 2015-07-30 | 2015-11-18 | 积成电子股份有限公司 | Switch system having anti-IEE1588 falsification function and processing method |
| CN105072104B (en) * | 2015-07-30 | 2019-06-07 | 积成电子股份有限公司 | The switch system and processing method of function are distorted with anti-IEEE1588 |
| CN109005148B (en) * | 2017-06-07 | 2022-08-23 | 罗伯特·博世有限公司 | Method for protecting a vehicle network against tampered data transmission |
| CN109005148A (en) * | 2017-06-07 | 2018-12-14 | 罗伯特·博世有限公司 | For protecting vehicle network from the method for the data transmission being tampered |
| CN109842604A (en) * | 2017-11-28 | 2019-06-04 | 中天安泰(北京)信息技术有限公司 | Communication downlink data reconstruction method and component |
| CN109842595A (en) * | 2017-11-28 | 2019-06-04 | 中天安泰(北京)信息技术有限公司 | Prevent the method and device of network attack |
| CN109842597A (en) * | 2017-11-28 | 2019-06-04 | 中天安泰(北京)信息技术有限公司 | Communication uplink data reconstruction method and component |
| CN108306858A (en) * | 2017-12-26 | 2018-07-20 | 成都卫士通信息产业股份有限公司 | The anti-fake guard method of Ethernet data and system |
| CN108712371A (en) * | 2018-04-02 | 2018-10-26 | 浙江远望信息股份有限公司 | A method of network safety prevention is carried out to internet of things equipment |
| CN109194607A (en) * | 2018-07-16 | 2019-01-11 | 杨俊佳 | Based on local data transmission chip and contain the electronic equipment of the chip |
| CN111277449A (en) * | 2018-12-05 | 2020-06-12 | 中国移动通信集团广西有限公司 | Safety testing method and device for voice service equipment |
| CN111277449B (en) * | 2018-12-05 | 2021-08-13 | 中国移动通信集团广西有限公司 | Safety testing method and device for voice service equipment |
| CN115314188A (en) * | 2022-10-11 | 2022-11-08 | 北京紫光青藤微系统有限公司 | Decoding device, authentication method for decoding device and mobile terminal |
| CN115314188B (en) * | 2022-10-11 | 2022-12-09 | 北京紫光青藤微系统有限公司 | Decoding device, authentication method for decoding device and mobile terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2015149669A1 (en) | 2015-10-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103905452A (en) | Credible network attack filter device and method | |
| CN103905451B (en) | System and method for trapping network attack of embedded device of smart power grid | |
| Morris et al. | A retrofit network intrusion detection system for MODBUS RTU and ASCII industrial control systems | |
| CN104811449B (en) | Storehouse attack method and system are hit in detection | |
| CN103384242B (en) | Intrusion detection method based on Nginx proxy server and system | |
| AU2013101573A4 (en) | Method for predicting and detecting network intrusion into a computer network | |
| CN103905450A (en) | Smart power grid embedded device network detection assessment system and detection assessment method | |
| CN101465855B (en) | Method and system for filtrating synchronous extensive aggression | |
| KR101388090B1 (en) | Apparatus for detecting cyber attack based on analysis of event and method thereof | |
| CN109218288A (en) | A kind of Network Intrusion Detection System for industrial robot control system | |
| CN101902349B (en) | Method and system for detecting scanning behaviors of ports | |
| CN106953855B (en) | Method for intrusion detection of GOOSE message of IEC61850 digital substation | |
| CN104424438B (en) | A kind of antivirus file detection method, device and the network equipment | |
| CN104917776A (en) | Industrial control network safety protection equipment and industrial control network safety protection method | |
| US20160094517A1 (en) | Apparatus and method for blocking abnormal communication | |
| CN107276983A (en) | A kind of the traffic security control method and system synchronous with cloud based on DPI | |
| JP2010148090A (en) | Packet processing method and toe apparatus employing the same | |
| CN104125213A (en) | Distributed denial of service DDOS attack resisting method and device for firewall | |
| CN109644124A (en) | The transmission and reception of timestamp information | |
| US10348746B2 (en) | Incident detection system including gateway device and server | |
| KR101488271B1 (en) | Apparatus and method for ids false positive detection | |
| CN103139219A (en) | Attack detection method of spanning tree protocol based on credible switchboard | |
| CN107277070A (en) | A kind of computer network instrument system of defense and intrusion prevention method | |
| US11528284B2 (en) | Method for detecting an attack on a control device of a vehicle | |
| CN111935085A (en) | Method and system for detecting and protecting abnormal network behaviors of industrial control network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140702 |
|
| RJ01 | Rejection of invention patent application after publication |