CN111885021A - Mimicry communication method based on transmission protocol, communication architecture and readable storage medium - Google Patents
Mimicry communication method based on transmission protocol, communication architecture and readable storage medium Download PDFInfo
- Publication number
- CN111885021A CN111885021A CN202010657033.9A CN202010657033A CN111885021A CN 111885021 A CN111885021 A CN 111885021A CN 202010657033 A CN202010657033 A CN 202010657033A CN 111885021 A CN111885021 A CN 111885021A
- Authority
- CN
- China
- Prior art keywords
- data
- transmission protocol
- transmission
- protocol
- mimicry
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 78
- 238000004891 communication Methods 0.000 title claims abstract description 21
- 238000000034 method Methods 0.000 title claims abstract description 18
- 230000009466 transformation Effects 0.000 description 3
- 230000007123 defense Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Communication Control (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a mimicry communication method based on a transmission protocol, which comprises the following steps: the data sending end copies a plurality of data to be transmitted and respectively transmits the data through different transmission protocols; the arbitrator receives data sent by different transmission protocols, and analyzes and compares the data; outputting the data to a data receiving end after comparison without difference; if the data is found to be inconsistent with other data, judging that the transmission protocol carrying the data has threat information, and sending a protocol report with the threat information to a feedback scheduling module; and after receiving the threat information sent by the arbitrator, the feedback scheduling module informs the data sending end to abandon the threatened transmission protocol, informs the arbitrator to abandon the data transmitted by the threatened transmission protocol, and replaces the abandoned transmission protocol with a new online transmission protocol. The method realizes a mimicry architecture on the transmission protocol level, and improves the security of data transmission.
Description
Technical Field
The invention relates to the field of mimicry defense, in particular to a mimicry communication method based on a transmission protocol, a communication architecture and a readable storage medium.
Background
In recent years, the ethernet communication technology has been rapidly developed, has various advantages such as fast transmission speed, flexible application, and efficient protocol development, and is adopted in more and more fields. While ethernet brings convenience, the problem of network security threat attached to ethernet is also becoming more and more prominent. For the security problem of the network device itself, the traditional security technology (e.g. firewall, antivirus) has achieved a certain achievement. But for the security problem of the network protocol, no better solution is available except for means such as encryption.
In order to solve the above problems, people are always seeking an ideal technical solution.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, and provides a mimicry communication method and a mimicry communication framework based on a transmission protocol, which are used for performing mimicry defense from a transmission protocol layer and improving the safety of a communication data link.
In order to achieve the purpose, the invention adopts the technical scheme that: a mimicry communication method based on a transmission protocol comprises the following steps:
1) the data sending end copies a plurality of data to be transmitted and respectively transmits the data through different transmission protocols; loading data to be transmitted into a payload field in a transmission protocol for transmission;
2) the arbitrator receives data sent by different transmission protocols, analyzes the data from the data and compares the analyzed data;
3) selecting a copy of data and sending the data to a data receiving end after no difference exists in comparison;
4) through comparison, if a certain data is inconsistent with other data, the transmission protocol carrying the data is judged to have threat information, and the protocol report with the threat information is sent to the feedback scheduling module;
5) and after receiving the threat information sent by the arbitrator, the feedback scheduling module informs the data sending end to abandon the threatened transmission protocol, informs the arbitrator to abandon the data transmitted by the threatened transmission protocol, and replaces the abandoned transmission protocol with a new online transmission protocol.
Basically, the transmission protocol comprises at least two of TCP, UDP, Http, IGMP and custom protocol.
Based on the above, the feedback scheduling module dynamically schedules the transmission protocol type used in the data transmission process.
The input end of the resolver is used for receiving data transmitted from different transmission protocols, analyzing, comparing and resolving the data, outputting the data passing the resolution to a data receiving end, and sending generated resolving information to a feedback scheduling module for scheduling the on-line or abandon of each transmission protocol.
Compared with the prior art, the invention has outstanding substantive characteristics and remarkable progress, and particularly, the invention transmits the same data to be sent through different transmission protocols, namely, the mimicry transformation of the transmission protocols is realized, the problem of loopholes or backdoor of the transmission protocols is avoided to a certain extent, the transmission protocols with problems are immediately abandoned after being judged and found, and the new transmission protocols are replaced online, so that the data transmission safety is improved, the transformation of equipment is small, and the safety dependence degree of a certain transmission protocol is reduced.
Drawings
Fig. 1 is a schematic structural diagram of a mimicry communication method based on a transmission protocol in the present invention.
Detailed Description
The technical solution of the present invention is further described in detail by the following embodiments.
Example 1
As shown in fig. 1, in the process of executing the method, the mimicry communication method based on the transmission protocol includes a data sending end, a resolver, a data receiving end, and a feedback scheduling module, and is executed through the following steps:
1) the data sending end copies a plurality of data to be transmitted, and transmits the data through different transmission protocols, such as common transmission protocols of TCP, UDP, Http, IGMP, custom protocol and the like; and loading the data to be transmitted into a payload field in the transmission protocol for transmission.
2) The arbitrator receives data sent by different transmission protocols, analyzes the data from the data and compares the analyzed data.
3) And selecting a part of data to be sent to a data receiving end after comparison without difference, wherein one part of data can be selected at will because the data are consistent and have no difference, or one protocol can be selected in advance as a mainly used protocol to output the loaded data, and other parts are abandoned, or one part of data is selected at random to output and the other parts are abandoned.
4) And comparing and finding that certain data is inconsistent with other data, judging that the transmission protocol carrying the data has threat information, and sending the protocol report with the threat information to the feedback scheduling module.
5) And after receiving the threat information sent by the arbitrator, the feedback scheduling module informs the data sending end to abandon the threatened transmission protocol, informs the arbitrator to abandon the data transmitted by the threatened transmission protocol, and replaces the abandoned transmission protocol with a new online transmission protocol.
The data receiving function of the resolver can be separated in some occasions to avoid the invasion risk of the resolver and the resolver sharing one system.
The feedback scheduling module dynamically schedules the types of transmission protocols used in the data transmission process, for example, at time T0, data transmission is performed by using TCP, UDP, Http protocol, and at time T1, data transmission is performed by using TCP, IGMP, and self-defined protocol.
The embodiment carries out the transmission of the same data by adopting different transmission protocols, carries out mimicry transformation on the transmission protocols, avoids the problem of loopholes or backdoors of the transmission protocols to a certain extent, and improves the safety of data transmission.
Example 2
A readable storage medium having stored thereon instructions which, when executed by a processor, implement the transport protocol based mimicry communication method.
Finally, it should be noted that the above examples are only used to illustrate the technical solutions of the present invention and not to limit the same; although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art will understand that: modifications to the specific embodiments of the invention or equivalent substitutions for parts of the technical features may be made; without departing from the spirit of the present invention, it is intended to cover all aspects of the invention as defined by the appended claims.
Claims (5)
1. A mimicry communication method based on a transmission protocol is characterized in that: the method comprises the following steps:
1) the data sending end copies a plurality of data to be transmitted and respectively transmits the data through different transmission protocols; loading data to be transmitted into a payload field in a transmission protocol for transmission;
2) the arbitrator receives data sent by different transmission protocols, analyzes the data from the data and compares the analyzed data;
3) selecting a copy of data and sending the data to a data receiving end after no difference exists in comparison;
4) through comparison, if a certain data is inconsistent with other data, the transmission protocol carrying the data is judged to have threat information, and the protocol report with the threat information is sent to the feedback scheduling module;
5) and after receiving the threat information sent by the arbitrator, the feedback scheduling module informs the data sending end to abandon the threatened transmission protocol, informs the arbitrator to abandon the data transmitted by the threatened transmission protocol, and replaces the abandoned transmission protocol with a new online transmission protocol.
2. The mimicry communication method based on a transmission protocol as claimed in claim 1, wherein: the transmission protocol comprises at least two of TCP, UDP, Http, IGMP and custom protocol.
3. The mimicry communication method based on a transmission protocol as claimed in claim 1, wherein: and the feedback scheduling module dynamically schedules the transmission protocol types used in the data transmission process.
4. A mimicry communication architecture based on the mimicry communication method based on the transmission protocol of claims 1-3, characterized in that:
the data transmission device comprises a resolver, wherein the input end of the resolver is used for receiving data transmitted from different transmission protocols, analyzing, comparing and resolving the data, the data passing the resolution are output to a data receiving end, and generated resolving information is sent to a feedback scheduling module to be used for scheduling the on-line or abandon of each transmission protocol.
5. A readable storage medium having instructions stored thereon, characterized in that: the instructions when executed by a processor implement a transport protocol based mimicry communication method as claimed in any one of claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010657033.9A CN111885021A (en) | 2020-07-09 | 2020-07-09 | Mimicry communication method based on transmission protocol, communication architecture and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010657033.9A CN111885021A (en) | 2020-07-09 | 2020-07-09 | Mimicry communication method based on transmission protocol, communication architecture and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111885021A true CN111885021A (en) | 2020-11-03 |
Family
ID=73150438
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010657033.9A Pending CN111885021A (en) | 2020-07-09 | 2020-07-09 | Mimicry communication method based on transmission protocol, communication architecture and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111885021A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112511317A (en) * | 2020-12-31 | 2021-03-16 | 河南信大网御科技有限公司 | Input distribution method, input agent and mimicry distributed storage system |
| CN112637239A (en) * | 2020-12-31 | 2021-04-09 | 河南信大网御科技有限公司 | Rapid arbitration system and method |
| CN112653707A (en) * | 2020-12-31 | 2021-04-13 | 河南信大网御科技有限公司 | Enhanced mimicry input agent |
| CN114793248A (en) * | 2022-03-02 | 2022-07-26 | 上海图灵智算量子科技有限公司 | Mimicry-based encryption communication method |
| CN117714210A (en) * | 2024-02-05 | 2024-03-15 | 华东交通大学 | Automatic analysis and verification method and device for custom CoAP protocol |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10440048B1 (en) * | 2018-11-05 | 2019-10-08 | Peking University Shenzhen Graduate School | Anti-attacking modelling for CMD systems based on GSPN and Martingale theory |
| CN110380961A (en) * | 2019-07-05 | 2019-10-25 | 中国人民解放军战略支援部队信息工程大学 | A kind of device and method of conventional router mimicryization transformation |
| CN111049677A (en) * | 2019-11-27 | 2020-04-21 | 网络通信与安全紫金山实验室 | Cleaning and recovering method and device for mimic switch heterogeneous execution body |
| CN111181926A (en) * | 2019-12-13 | 2020-05-19 | 中国人民解放军战略支援部队信息工程大学 | Security device based on mimicry defense idea and operation method thereof |
-
2020
- 2020-07-09 CN CN202010657033.9A patent/CN111885021A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10440048B1 (en) * | 2018-11-05 | 2019-10-08 | Peking University Shenzhen Graduate School | Anti-attacking modelling for CMD systems based on GSPN and Martingale theory |
| CN110380961A (en) * | 2019-07-05 | 2019-10-25 | 中国人民解放军战略支援部队信息工程大学 | A kind of device and method of conventional router mimicryization transformation |
| CN111049677A (en) * | 2019-11-27 | 2020-04-21 | 网络通信与安全紫金山实验室 | Cleaning and recovering method and device for mimic switch heterogeneous execution body |
| CN111181926A (en) * | 2019-12-13 | 2020-05-19 | 中国人民解放军战略支援部队信息工程大学 | Security device based on mimicry defense idea and operation method thereof |
Non-Patent Citations (2)
| Title |
|---|
| 宋克等: "基于拟态防御的以太网交换机内生安全体系结构", 《通信学报》 * |
| 马海龙等: "基于动态异构冗余机制的路由器拟态防御体系结构", 《信息安全学报》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112511317A (en) * | 2020-12-31 | 2021-03-16 | 河南信大网御科技有限公司 | Input distribution method, input agent and mimicry distributed storage system |
| CN112637239A (en) * | 2020-12-31 | 2021-04-09 | 河南信大网御科技有限公司 | Rapid arbitration system and method |
| CN112653707A (en) * | 2020-12-31 | 2021-04-13 | 河南信大网御科技有限公司 | Enhanced mimicry input agent |
| CN114793248A (en) * | 2022-03-02 | 2022-07-26 | 上海图灵智算量子科技有限公司 | Mimicry-based encryption communication method |
| CN114793248B (en) * | 2022-03-02 | 2024-02-23 | 上海图灵智算量子科技有限公司 | Mimicry-based encryption communication method |
| CN117714210A (en) * | 2024-02-05 | 2024-03-15 | 华东交通大学 | Automatic analysis and verification method and device for custom CoAP protocol |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111885021A (en) | Mimicry communication method based on transmission protocol, communication architecture and readable storage medium | |
| US8495137B2 (en) | Preventing cross-site request forgery attacks on a server | |
| US11388184B2 (en) | Network security system and method for preemptively identifying or remediating security vulnerabilities | |
| Paxson | Bro: a system for detecting network intruders in real-time | |
| US7974286B2 (en) | Reduced redundant security screening | |
| CN101877710B (en) | Proxy gateway anti-virus implement method, pre-sorter and proxy gateway | |
| Mantas et al. | Application-layer denial of service attacks: taxonomy and survey | |
| JP2017538376A (en) | System and method for detecting coverage channel network intrusion based on offline network traffic | |
| US8356332B2 (en) | Extensible protocol validation | |
| Seo et al. | SIPAD: SIP–VoIP anomaly detection using a stateful rule tree | |
| US8789177B1 (en) | Method and system for automatically obtaining web page content in the presence of redirects | |
| US10791135B2 (en) | Inspection of network traffic in a security device at object level | |
| KR20220074819A (en) | Graph Stream Mining Pipeline for Efficient Subgraph Detection | |
| US20080320581A1 (en) | Systems, methods, and media for firewall control via process interrogation | |
| Balaji Bharatwaj et al. | Detection of DoS and DDoS attacks using hidden markov model | |
| Haseeb-Ur-Rehman et al. | High-Speed Network DDoS Attack Detection: A Survey | |
| US9497167B2 (en) | System and method for automatic provisioning of multi-stage rule-based traffic filtering | |
| US20230342461A1 (en) | Malware detection for documents using knowledge distillation assisted learning | |
| CN106549969B (en) | Data filtering method and device | |
| CN103516703A (en) | Method and device for detecting data messages | |
| CN113098873B (en) | Data transmission method, data transmission device, computer equipment and computer readable storage medium | |
| Vassilev et al. | Network security analytics on the cloud: Public vs. private case | |
| CN113014610B (en) | Remote access method, device and system | |
| CN110545256A (en) | Data transmission method, system, electronic device, transfer server and storage medium | |
| CN115914417B (en) | Method, device, equipment and medium for acquiring hidden network threat information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201103 |
|
| RJ01 | Rejection of invention patent application after publication |