CN113098900A - SDN network IP hopping method supporting address space expansion - Google Patents

SDN network IP hopping method supporting address space expansion Download PDF

Info

Publication number
CN113098900A
CN113098900A CN202110473584.4A CN202110473584A CN113098900A CN 113098900 A CN113098900 A CN 113098900A CN 202110473584 A CN202110473584 A CN 202110473584A CN 113098900 A CN113098900 A CN 113098900A
Authority
CN
China
Prior art keywords
virtual
module
space
coding
pool
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110473584.4A
Other languages
Chinese (zh)
Other versions
CN113098900B (en
Inventor
张晶
赵昆杨
陈彩恋
陈鹭菲
刘健养
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Useear Information Technology Co ltd
Original Assignee
Fujian Qidian Space Time Digital Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Qidian Space Time Digital Technology Co ltd filed Critical Fujian Qidian Space Time Digital Technology Co ltd
Priority to CN202110473584.4A priority Critical patent/CN113098900B/en
Publication of CN113098900A publication Critical patent/CN113098900A/en
Application granted granted Critical
Publication of CN113098900B publication Critical patent/CN113098900B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to an SDN network IP jumping method supporting address space expansion, relating to the technical field of computers, which is characterized in that a main server, a sub-server, a memory space manager, a switch, an IP random generator, a virtual IP processor and a space expansion pool are arranged to be matched, idle system space resources are processed through the memory space manager, the optimization and the full utilization of a system are realized, a real IP coding module and a virtual IP coding module are arranged to code global IP, the jumping efficiency is improved, a jumping module and a coding capture module are connected with a real IP coding channel, a virtual IP coding channel and a virtual IP coding storage pool, the randomness and the uncertainty of IP jumping are improved, a management space expansion pool is arranged to distribute and manage empty segments, decoy nodes and virtual IP, the expansibility of an address space is good, and the active defense performance of the system is improved, in order to further increase the uncertainty of the SDN network and reduce the attacked surface, a dynamic address solution is provided.

Description

SDN network IP hopping method supporting address space expansion
Technical Field
The invention relates to the technical field of computers, in particular to an SDN network IP hopping method supporting address space expansion.
Background
Aiming at the inherent attack and Defense asymmetry characteristic of the current network, in order to balance the attack and Defense environment of the existing network, the U.S. network security and information assurance research and development plan provides a new concept of dealing with novel network attack, namely a Moving Target Defense technology (also called Moving Target Defense, MTD).
The core idea of MTD is to make the network system dynamic by the change of the attacked surface, and provide dynamic and active network defense function by the mechanism strategy of 'static as dynamic and anti-guest as main', so that the system has less certainty, static and isomorphism, and makes the attacker difficult to complete the attack task by randomizing and diversifying, thereby reducing the attack success possibility of the attacker and making the defending party obtain a favorable situation.
With the increasing interest of MTD theory, more and more researches are beginning to focus on the MTD implementation path. The SDN (software defined network) is a flexible framework based on an open standard, has the unique advantages of centralized control and flexible customization, and can well support the realization of the MTD technology and the exertion of defense efficiency. Therefore, combining the dynamic transformation of the MTD with the flexible orchestration of the SDN has become a research hotspot with more application value.
Before an attacker attacks the OpenFlow switch, the exact IP address, port number or forwarding path of the attack target needs to be obtained. Therefore, the change of the parameters can effectively resist the targeted investigation attack. Aiming at a series of attacks on a data layer, the current mobile target defense technology facing the SDN mainly comprises the following 3 technologies: 1) jumping an address; 2) routing hopping; 3) and (6) port jumping. The existing IP hopping authorities are limited to a certain subnet, resulting in insufficient change space. Therefore, the problem of lack of IP addresses becomes a bottleneck in the development of networks in China and even the world.
Disclosure of Invention
Objects of the invention
In order to solve the technical problems in the background art, the invention provides an SDN network IP hopping method supporting address space expansion. The invention sets a main server, a sub-server, a memory space manager, a switch, an IP random generator, a virtual IP processor and a space expansion pool for cooperation, processes idle system space resources through the memory space manager, realizes the optimization and the full utilization of the system, sets a real IP coding module and a virtual IP coding module, codes the global IP, improves the hopping efficiency, utilizes the hopping module and a coding capture module to connect a real IP coding channel, a virtual IP coding channel and a virtual IP coding storage pool, improves the randomness and the uncertainty of IP hopping, sets a management space expansion pool to distribute and manage the empty segments, the bait nodes and the virtual IP, has good address space expansibility and improves the active defense performance of the system, and provides a dynamic address solution for further increasing the uncertainty of an SDN network and reducing the attacked surface, the problem that the current address hopping is limited to a certain subnet and the change space is insufficient is solved.
(II) technical scheme
In order to solve the problems, the invention provides an SDN network IP hopping method supporting address space expansion, which comprises a main server, a sub-server, a memory space manager, a switch, an IP random generator, a virtual IP processor and a space expansion pool, wherein the main server is connected with the sub-server through the memory space manager; the exchanger is provided with a real IP coding channel, a virtual IP coding channel and a virtual IP coding storage pool; the main server is connected with the real IP coding channel; the IP random generator is connected with the virtual IP coding channel; the virtual IP processor is connected with the virtual IP coding storage pool; the sub server is connected with the sub network, the main server and the space expansion pool; the memory space manager is connected with the main server and the virtual IP processor; the main server comprises a space mapping module, a control module, a real IP storage module, a real IP inquiry module and a real IP coding module; the memory space manager comprises a space collection module, a space merging module and a space chip selection module; the sub-server comprises an IP request module and an IP acquisition module; the switch comprises a hopping module and a code capture module; the IP random generator comprises a virtual IP storage module, a virtual IP coding module and a second interface module; the virtual IP processor comprises a code reading module, a code translating module and a disguising module.
Preferably, the real IP query module includes an identity authentication unit, a network security authentication unit, a query unit, and a backup unit.
Preferably, the real IP encoding module includes a parsing unit, an encrypting unit and an encoding unit.
Preferably, the end of the virtual IP coding channel is communicated with the virtual IP coding storage pool, and the head end is communicated with the second interface module.
Preferably, the head end of the real IP coding channel is communicated with the first interface module, and the tail end of the real IP coding channel is communicated with the virtual IP coding storage pool through the hopping module and the coding capture module.
Preferably, the memory space manager monitors global space resources, remotely collects idle resources, merges the idle resources into a logical address memory space, segments the logical address memory space into a plurality of space segments, and puts the logical address memory space into the space expansion pool.
Preferably, the main server maps the space expansion pool by adopting a double-layer address space mapping mechanism, and manages the space section in the space expansion pool.
Preferably, the disguise module drops the bait nodes into the space expansion pool.
Preferably, an address allocation module is arranged in the space expansion pool; and the address allocation module allocates and manages the time segment, the decoy node and the virtual IP according to the randomization algorithm model.
Preferably, the method comprises the following steps:
s1, establishing an IP coding library and a corresponding coding translation model;
s2, the memory space manager monitors global space resources, remotely collects idle resources, merges the idle resources into a logic address memory space, segments the logic address memory space into a plurality of space segments, and puts the space segments into a space expansion pool;
s3, the sub-server sends an IP request to the main server;
s4, the main server carries out identity authentication to the request source, detects the global network security environment, inquires the real IP after the detection and the authentication are passed, and transmits the corresponding code to the real IP channel on the switch; the main server maps the space expansion pool and manages the space sections in the space expansion pool;
s5, the IP random generator randomly extracts the virtual IP codes from the virtual IP storage module and transmits the virtual IP codes to the virtual IP code storage pool;
s6, a hopping module and a code capturing module on the exchanger periodically capture and hop codes in the real IP codes and the virtual IP codes storage pool; the hopped real IP codes and the corresponding virtual IP codes are stored in an associated manner;
s7, the virtual IP processor reads, translates and disguises the jumped virtual IP codes to obtain a virtual IP;
s8, putting the virtual IP into a space expansion pool, processing the virtual IP by an address allocation module, combining the virtual IP with the space section and the bait node, and performing camouflage and space expansion on the virtual IP to obtain a formed virtual IP;
and S9, the sub server obtains the formed virtual IP.
The technical scheme of the invention has the following beneficial technical effects:
the invention sets a main server, a sub-server, a memory space manager, a switch, an IP random generator, a virtual IP processor and a space expansion pool for cooperation, processes idle system space resources through the memory space manager, realizes the optimization and the full utilization of the system, sets a real IP coding module and a virtual IP coding module, codes the global IP, improves the hopping efficiency, utilizes the hopping module and a coding capture module to connect a real IP coding channel, a virtual IP coding channel and a virtual IP coding storage pool, improves the randomness and the uncertainty of IP hopping, sets a management space expansion pool to distribute and manage the empty segments, the bait nodes and the virtual IP, has good address space expansibility and improves the active defense performance of the system, and provides a dynamic address solution for further increasing the uncertainty of an SDN network and reducing the attacked surface, the problem that the current address hopping is limited to a certain subnet and the change space is insufficient is solved.
Drawings
Fig. 1 is a schematic diagram of a connection relationship between devices in an SDN network IP hopping method supporting address space extension according to the present invention.
Fig. 2 is a schematic structural diagram of a real IP query module in an SDN network IP hopping method supporting address space extension according to the present invention.
Fig. 3 is a schematic structural diagram of a real IP encoding module in an SDN network IP hopping method supporting address space extension according to the present invention.
Fig. 4 is a block diagram of an implementation flow of an SDN network IP hopping method supporting address space extension according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings in conjunction with the following detailed description. It should be understood that the description is intended to be exemplary only, and is not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
Example 1
As shown in fig. 1-3, an SDN network IP hopping method supporting address space expansion proposed by the present invention includes a main server, a sub-server, a memory space manager, a switch, an IP random generator, a virtual IP processor, and a space expansion pool; the exchanger is provided with a real IP coding channel, a virtual IP coding channel and a virtual IP coding storage pool; the main server is connected with the real IP coding channel; the IP random generator is connected with the virtual IP coding channel; the virtual IP processor is connected with the virtual IP coding storage pool; the sub server is connected with the sub network, the main server and the space expansion pool; the memory space manager is connected with the main server and the virtual IP processor; the main server comprises a space mapping module, a control module, a real IP storage module, a real IP inquiry module and a real IP coding module; the memory space manager comprises a space collection module, a space merging module and a space chip selection module; the sub-server comprises an IP request module and an IP acquisition module; the switch comprises a hopping module and a code capture module; the IP random generator comprises a virtual IP storage module, a virtual IP coding module and a second interface module; the virtual IP processor comprises a code reading module, a code translating module and a disguising module.
In an optional embodiment, the real IP query module comprises an identity authentication unit, a network security authentication unit, a query unit and a backup unit.
In an alternative embodiment, the real IP encoding module includes a parsing unit, an encryption unit, and an encoding unit.
In an alternative embodiment, the end of the virtual IP code channel is connected to the virtual IP code storage pool, and the head end is connected to the second interface module.
In an alternative embodiment, the head end of the real IP coding channel is communicated with the first interface module, and the tail end of the real IP coding channel is communicated with the virtual IP coding storage pool through the hopping module and the coding capture module.
In an optional embodiment, the memory space manager monitors global space resources, remotely collects idle resources, merges the idle resources into a logical address memory space, segments the logical address memory space into a plurality of space segments, and puts the logical address memory space into the space expansion pool.
In an optional embodiment, the primary server employs a two-layer address space mapping mechanism to map the space expansion pool and manage the space segments in the space expansion pool.
In an alternative embodiment, the disguise module drops the bait nodes into the space expansion pool.
In an optional embodiment, an address allocation module is arranged in the space expansion pool; and the address allocation module allocates and manages the time segment, the decoy node and the virtual IP according to the randomization algorithm model.
The invention sets a main server, a sub-server, a memory space manager, a switch, an IP random generator, a virtual IP processor and a space expansion pool for cooperation, processes idle system space resources through the memory space manager, realizes the optimization and the full utilization of the system, sets a real IP coding module and a virtual IP coding module, codes the global IP, improves the hopping efficiency, utilizes the hopping module and a coding capture module to connect a real IP coding channel, a virtual IP coding channel and a virtual IP coding storage pool, improves the randomness and the uncertainty of IP hopping, sets a management space expansion pool to distribute and manage the empty segments, the bait nodes and the virtual IP, has good address space expansibility and improves the active defense performance of the system, and provides a dynamic address solution for further increasing the uncertainty of an SDN network and reducing the attacked surface, the problem that the current address hopping is limited to a certain subnet and the change space is insufficient is solved.
Example 2
As shown in fig. 4, the SDN network IP hopping method supporting address space extension proposed by the present invention includes the following steps:
s1, establishing an IP coding library and a corresponding coding translation model;
s2, the memory space manager monitors global space resources, remotely collects idle resources, merges the idle resources into a logic address memory space, segments the logic address memory space into a plurality of space segments, and puts the space segments into a space expansion pool;
s3, the sub-server sends an IP request to the main server;
s4, the main server carries out identity authentication to the request source, detects the global network security environment, inquires the real IP after the detection and the authentication are passed, and transmits the corresponding code to the real IP channel on the switch; the main server maps the space expansion pool and manages the space sections in the space expansion pool;
s5, the IP random generator randomly extracts the virtual IP codes from the virtual IP storage module and transmits the virtual IP codes to the virtual IP code storage pool;
s6, a hopping module and a code capturing module on the exchanger periodically capture and hop codes in the real IP codes and the virtual IP codes storage pool; the hopped real IP codes and the corresponding virtual IP codes are stored in an associated manner;
s7, the virtual IP processor reads, translates and disguises the jumped virtual IP codes to obtain a virtual IP;
s8, putting the virtual IP into a space expansion pool, processing the virtual IP by an address allocation module, combining the virtual IP with the space section and the bait node, and performing camouflage and space expansion on the virtual IP to obtain a formed virtual IP;
and S9, the sub server obtains the formed virtual IP.
The SDN network IP jump method supporting address space expansion improves the uncertainty and unpredictability of address jump to a great extent, and is used for solving the problems that the current address jump is limited to a certain subnet and the change space is insufficient.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.

Claims (10)

1. An SDN network IP hopping method supporting address space expansion is characterized by comprising a main server, a sub-server, a memory space manager, a switch, an IP random generator, a virtual IP processor and a space expansion pool; the exchanger is provided with a real IP coding channel, a virtual IP coding channel and a virtual IP coding storage pool; the main server is connected with the real IP coding channel; the IP random generator is connected with the virtual IP coding channel; the virtual IP processor is connected with the virtual IP coding storage pool; the sub server is connected with the sub network, the main server and the space expansion pool; the memory space manager is connected with the main server and the virtual IP processor;
the main server comprises a space mapping module, a control module, a real IP storage module, a real IP inquiry module and a real IP coding module; the memory space manager comprises a space collection module, a space merging module and a space chip selection module; the sub-server comprises an IP request module and an IP acquisition module; the switch comprises a hopping module and a code capture module; the IP random generator comprises a virtual IP storage module, a virtual IP coding module and a second interface module; the virtual IP processor comprises a code reading module, a code translating module and a disguising module.
2. The SDN network IP hopping method supporting address space expansion as claimed in claim 1, wherein the real IP query module comprises an identity verification unit, a network security verification unit, a query unit and a backup unit.
3. The SDN network IP hopping method supporting address space extension, as set forth in claim 1, wherein the real IP coding module comprises a parsing unit, an encryption unit and an encoding unit.
4. The SDN network IP hopping method supporting address space expansion, as claimed in claim 1, wherein a tail end of a virtual IP coding channel is connected to a virtual IP coding storage pool, and a head end is connected to a second interface module.
5. The SDN network IP hopping method supporting address space expansion, as claimed in claim 1, wherein a head end of a real IP coding channel is connected to a first interface module, and a tail end is connected to a virtual IP coding storage pool through a hopping module and a coding capture module.
6. The SDN network IP hopping method supporting address space expansion as claimed in claim 1, wherein a memory space manager monitors global space resources, remotely collects free resources, merges into a logical address memory space, segments the logical address memory space into a plurality of space segments, and invests in a space expansion pool.
7. The SDN network IP hopping method supporting address space expansion as claimed in claim 1, wherein the primary server employs a two-layer address space mapping mechanism to map the space expansion pool and manage the space segments in the space expansion pool.
8. The SDN network IP hopping method supporting address space expansion of claim 6, wherein a masquerading module puts decoy nodes into a space expansion pool.
9. The SDN network IP hopping method supporting address space extension according to claim 8, wherein an address allocation module is disposed in a space extension pool; and the address allocation module allocates and manages the time segment, the decoy node and the virtual IP according to the randomization algorithm model.
10. The SDN network IP hopping method supporting address space extension according to claim 1, characterized by comprising the following steps:
s1, establishing an IP coding library and a corresponding coding translation model;
s2, the memory space manager monitors global space resources, remotely collects idle resources, merges the idle resources into a logic address memory space, segments the logic address memory space into a plurality of space segments, and puts the space segments into a space expansion pool;
s3, the sub-server sends an IP request to the main server;
s4, the main server carries out identity authentication to the request source, detects the global network security environment, inquires the real IP after the detection and the authentication are passed, and transmits the corresponding code to the real IP channel on the switch; the main server maps the space expansion pool and manages the space sections in the space expansion pool;
s5, the IP random generator randomly extracts the virtual IP codes from the virtual IP storage module and transmits the virtual IP codes to the virtual IP code storage pool;
s6, a hopping module and a code capturing module on the exchanger periodically capture and hop codes in the real IP codes and the virtual IP codes storage pool; the hopped real IP codes and the corresponding virtual IP codes are stored in an associated manner;
s7, the virtual IP processor reads, translates and disguises the jumped virtual IP codes to obtain a virtual IP;
s8, putting the virtual IP into a space expansion pool, processing the virtual IP by an address allocation module, combining the virtual IP with the space section and the bait node, and performing camouflage and space expansion on the virtual IP to obtain a formed virtual IP;
and S9, the sub server obtains the formed virtual IP.
CN202110473584.4A 2021-04-29 2021-04-29 SDN network IP hopping method supporting address space expansion Active CN113098900B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110473584.4A CN113098900B (en) 2021-04-29 2021-04-29 SDN network IP hopping method supporting address space expansion

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110473584.4A CN113098900B (en) 2021-04-29 2021-04-29 SDN network IP hopping method supporting address space expansion

Publications (2)

Publication Number Publication Date
CN113098900A true CN113098900A (en) 2021-07-09
CN113098900B CN113098900B (en) 2023-04-07

Family

ID=76680558

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110473584.4A Active CN113098900B (en) 2021-04-29 2021-04-29 SDN network IP hopping method supporting address space expansion

Country Status (1)

Country Link
CN (1) CN113098900B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114257538A (en) * 2021-12-07 2022-03-29 中国人民解放军63891部队 SDN-based address random transformation method
CN115996210A (en) * 2023-03-23 2023-04-21 湖南盾神科技有限公司 Address port hopping method of source variable mode

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101699801A (en) * 2009-10-30 2010-04-28 孙喜明 Data transmission method and virtual peer-to-peer network for data transmission
CN102622304A (en) * 2012-02-07 2012-08-01 中山爱科数字科技股份有限公司 Memory optimizing method for double-layer address space mapping
CN104506511A (en) * 2014-12-15 2015-04-08 蓝盾信息安全技术股份有限公司 Moving target defense system and moving target defense method for SDN (self-defending network)
CN105429957A (en) * 2015-11-02 2016-03-23 芦斌 IP address jump safety communication method based on SDN framework
US20170195295A1 (en) * 2015-12-30 2017-07-06 Argela Yazilim ve Bilisim Teknolojileri San. ve Tic. A.S. Anonymous communications in software-defined neworks via route hopping and ip address randomization
CN110198270A (en) * 2019-05-10 2019-09-03 华中科技大学 A kind of active defense method in SDN network based on path and IP address jump
CN111464503A (en) * 2020-03-11 2020-07-28 中国人民解放军战略支援部队信息工程大学 Network dynamic defense method, device and system based on random multidimensional transformation

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101699801A (en) * 2009-10-30 2010-04-28 孙喜明 Data transmission method and virtual peer-to-peer network for data transmission
CN102622304A (en) * 2012-02-07 2012-08-01 中山爱科数字科技股份有限公司 Memory optimizing method for double-layer address space mapping
CN104506511A (en) * 2014-12-15 2015-04-08 蓝盾信息安全技术股份有限公司 Moving target defense system and moving target defense method for SDN (self-defending network)
CN105429957A (en) * 2015-11-02 2016-03-23 芦斌 IP address jump safety communication method based on SDN framework
US20170195295A1 (en) * 2015-12-30 2017-07-06 Argela Yazilim ve Bilisim Teknolojileri San. ve Tic. A.S. Anonymous communications in software-defined neworks via route hopping and ip address randomization
CN110198270A (en) * 2019-05-10 2019-09-03 华中科技大学 A kind of active defense method in SDN network based on path and IP address jump
CN111464503A (en) * 2020-03-11 2020-07-28 中国人民解放军战略支援部队信息工程大学 Network dynamic defense method, device and system based on random multidimensional transformation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈扬等: "软件定义的内网动态防御系统设计与实现", 《电子学报》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114257538A (en) * 2021-12-07 2022-03-29 中国人民解放军63891部队 SDN-based address random transformation method
CN114257538B (en) * 2021-12-07 2023-08-25 中国人民解放军63891部队 SDN-based address random transformation method
CN115996210A (en) * 2023-03-23 2023-04-21 湖南盾神科技有限公司 Address port hopping method of source variable mode
CN115996210B (en) * 2023-03-23 2023-06-27 湖南盾神科技有限公司 Address port hopping method of source variable mode

Also Published As

Publication number Publication date
CN113098900B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
CN106506274B (en) Dynamically-expandable efficient single-packet tracing method
Wu et al. FCSS: Fog-computing-based content-aware filtering for security services in information-centric social networks
CN113098900B (en) SDN network IP hopping method supporting address space expansion
Rohrer et al. Kadcast: A structured approach to broadcast in blockchain networks
CN102045305B (en) Method and system for monitoring and tracking multimedia resource transmission
Du et al. Spacechain: A three-dimensional blockchain architecture for IoT security
CN111107171B (en) Security defense method and device for DNS (Domain name Server), communication equipment and medium
Ngai et al. On providing location privacy for mobile sinks in wireless sensor networks
CN112134891B (en) Configuration method, system and monitoring method for generating multiple honey can nodes by single host based on linux system
CN108600163B (en) Cloud environment distributed hash chain architecture and cloud data integrity verification method
CN112134857A (en) Method for binding honeypots of honeypot system by multiple nodes
CN103974368B (en) A kind of route constructing method of intense source location privacy protection ability
CN109951482A (en) User terminal and its block chain domain name analytic method
Alohali et al. A secure scheme for group communication of wireless IoT devices
CN102801727A (en) DDoS attacker tracing method based on autonomous system
CN113098894A (en) SDN IP address hopping method based on randomization algorithm
CN111314379B (en) Attacked domain name identification method and device, computer equipment and storage medium
CN105656978B (en) A kind of resource share method and device
Chen et al. Location privacy in unattended wireless sensor networks upon the requirement of data survivability
Timpanaro et al. Evaluation of the anonymous I2P network's design choices against performance and security
CN113810404A (en) SDN (software defined network) -based dynamic defense system and method for full-view transformation of network
CN111698221B (en) Message processing method, entry, device, storage medium and processor
CN103297547A (en) Method for constructing cloud storage auxiliary system by using distributed hash table (DHT)-based peer-to-peer (P2P) system
Cao et al. Embedding security awareness for virtual resource allocation in 5g hetnets using reinforcement learning
CN104980493A (en) Discovery service method based on active buffer algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220907

Address after: 361000 units 1702 and 1703, No. 59, Chengyi North Street, phase III, software park, Xiamen, Fujian

Applicant after: XIAMEN USEEAR INFORMATION TECHNOLOGY Co.,Ltd.

Address before: Unit 1701, 59 Chengyi North Street, phase III, software park, Xiamen City, Fujian Province, 361000

Applicant before: FUJIAN QIDIAN SPACE-TIME DIGITAL TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant