WO2018149406A1 - Ip address hopping method and apparatus for software defined network (sdn) - Google Patents

Ip address hopping method and apparatus for software defined network (sdn) Download PDF

Info

Publication number
WO2018149406A1
WO2018149406A1 PCT/CN2018/076729 CN2018076729W WO2018149406A1 WO 2018149406 A1 WO2018149406 A1 WO 2018149406A1 CN 2018076729 W CN2018076729 W CN 2018076729W WO 2018149406 A1 WO2018149406 A1 WO 2018149406A1
Authority
WO
WIPO (PCT)
Prior art keywords
time interval
parameter
address hopping
current
address
Prior art date
Application number
PCT/CN2018/076729
Other languages
French (fr)
Chinese (zh)
Inventor
李光
孔勇
王延松
吴少勇
吴春明
周海峰
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2018149406A1 publication Critical patent/WO2018149406A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming

Definitions

  • This document relates to, but is not limited to, the field of communications, and in particular to a method and apparatus for Internet Protocol IP address hopping of a software defined network SDN.
  • IP address hopping is an important technology in MTD. At present, the IP address hopping method based on time dimension is relatively simple.
  • the embodiment of the invention provides a method and device for IP address hopping of a software defined network SDN.
  • a method for IP address hopping of a software-defined network SDN including: comparing a current calculated value with a predetermined threshold, wherein the current calculated value is infected at a previous time and a next time The difference between the host slopes; according to the comparison result, set the next IP address hopping interval.
  • the setting the next IP address hopping time interval according to the comparison result includes: according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval when the current calculated value is less than the predetermined threshold Calculating the next IP address hopping time interval, where the guarantee parameter is a ratio between a current network throughput and a traditional network throughput, where the evasive parameter is an attacker's successful detection times and total detection times a ratio between the two; the next IP address hopping time interval is set in an exponentially decreasing manner when the current calculated value is greater than the predetermined threshold.
  • the calculating the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping interval includes: using a guarantee parameter, an evasive parameter, and a current IP address hopping, respectively.
  • Time interval, at least two hopping time intervals are obtained according to a gradient falling manner; one time interval is selected as the next IP address hopping time interval in the at least two hopping time intervals, wherein the selected time interval The smallest time interval of the at least two time intervals.
  • the method before calculating the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval, the method further includes: setting a target value of the guarantee parameter and the avoiding The target value of the sexual parameter.
  • the predetermined threshold is Where I(t) represents the number of infected hosts at time t.
  • an IP address hopping device for a software-defined network SDN, comprising: a comparison module configured to compare a current calculated value with a predetermined threshold, wherein the current calculated value is a previous time The difference from the slope of the infected host at the next moment; the setting module is set to set the next IP address hopping interval according to the comparison result.
  • the setting module includes: a first setting unit, configured to calculate, according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval, when the current calculated value is less than the predetermined threshold An IP address hopping time interval, wherein the guarantee parameter is a ratio between a current network throughput and a traditional network throughput, and the evasive parameter is a ratio between an attacker's successful number of probes and a total number of probes.
  • a second setting unit configured to set the next IP address hopping time interval in an exponentially decreasing manner when the current calculated value is greater than the predetermined threshold.
  • the first setting unit includes: an obtaining sub-unit, configured to obtain at least two hopping time intervals according to a gradient descent manner by using a guarantee parameter, an evasive parameter, and a current IP address hopping time interval respectively; Selecting a subunit, configured to select a time interval as the next IP address hopping time interval in the at least two hopping time intervals, wherein the selected time interval is the smallest of the at least two time intervals time interval.
  • the setting module further includes: a third setting unit, configured to: before calculating the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval, The target value of the guarantee parameter and the target value of the avoidance parameter.
  • a third setting unit configured to: before calculating the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval, The target value of the guarantee parameter and the target value of the avoidance parameter.
  • the predetermined threshold is Where I(t) represents the number of infected hosts at time t.
  • a storage medium is also provided.
  • the storage medium is arranged to store program code for performing the following steps:
  • the current calculated value and the predetermined threshold are compared, wherein the current calculated value is a difference between the slopes of the infected host at the previous time and the next time; and according to the comparison result, the next IP address hopping time interval is set.
  • the current calculated value and the predetermined threshold are compared in real time, and the next IP address hopping interval is dynamically set according to the comparison result, so that the IP address hopping based on the time dimension is relatively simple, and the technical effect of the IP address flexible hopping is achieved. .
  • FIG. 1 is a flowchart of a method for IP address hopping of a software-defined network SDN according to an embodiment of the present invention
  • FIG. 2 is a flow chart of another software-defined network SDN IP address hopping method according to an embodiment of the present invention.
  • FIG. 3 is a structural block diagram of an IP address hopping device of a software-defined network SDN according to an embodiment of the present invention
  • FIG. 4 is a structural block diagram (1) of an IP address hopping device of a software-defined network SDN according to an embodiment of the present invention
  • FIG. 5 is a structural block diagram (2) of an IP address hopping device of a software-defined network SDN according to an embodiment of the present invention
  • Figure 6 is a block diagram (3) of the structure of an IP address hopping device of a software-defined network SDN according to an embodiment of the present invention.
  • FIG. 1 is a flowchart of a method for hopping an IP address of a software-defined network SDN according to an embodiment of the present invention. As shown in FIG. 1 , the process includes The following steps:
  • Step S102 comparing the current calculated value with a predetermined threshold, wherein the current calculated value is a difference between the slopes of the infected host at the previous time and the next time;
  • Step S104 according to the comparison result, setting a next IP address hopping time interval.
  • the application scenario of the IP address hopping method of the Software Defined Network includes: IP address hopping based on the time dimension, and in the application scenario, comparing The current calculated value and the predetermined threshold, wherein the current calculated value is a difference between the slopes of the infected host at the previous time and the next time; according to the comparison result, the next IP address hopping time interval is set.
  • the current calculated value and the predetermined threshold are compared in real time, and the next IP address hopping interval is dynamically set according to the comparison result, so that the IP address hopping based on the time dimension is relatively simple, and the technical effect of the IP address flexible hopping is achieved.
  • This example proposes a strategy for adaptive hopping of IP addresses based on software-defined networks (SDN) in the time dimension. Specifically, the following steps are included:
  • step S11 two evaluation parameters are proposed: (1) a guarantee parameter ( ⁇ ); (2) an avoidance parameter ( ⁇ ).
  • step S12 a threshold is set based on the mechanism of worm propagation.
  • step S13 two corresponding models are established according to two cases, (1) when it is less than the threshold and (2) when the threshold is exceeded.
  • the transition interval of the next IP address can be calculated separately.
  • step S14 the calculated value and the threshold are periodically compared, and the calculated value is continuously maintained through the above steps S11 to S14.
  • the beneficial effect of this example is that two target values can be set according to the requirements of the system: the guaranteed parameter target value and the avoidance parameter target value, and the two optimal values can be obtained by using the gradient descent method.
  • the controller can adjust the time interval of IP address hopping at any time according to the target value, which can achieve a compromise between performance and robustness. When the threshold is exceeded, the system will quickly increase the frequency of IP address hopping to achieve defense against worm breeding.
  • setting the IP address hopping time interval according to the comparison result includes the following steps:
  • Step S21 When the current calculated value is less than the predetermined threshold, calculate the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval, where the guarantee parameter is the current network.
  • the evasive parameter is the ratio between the number of successful attackers and the total number of probes.
  • I(t) represents the number of infected hosts at time t, ie the maximum value of the slope difference of the infected host.
  • Step S22 When the current calculated value is greater than the predetermined threshold, set the next IP address hopping time interval in an exponentially decreasing manner.
  • next IP address hopping time interval can be flexibly set.
  • calculating the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping interval includes the following steps:
  • Step S31 using the guarantee parameter, the evasive parameter, and the current IP address hopping time interval, and obtaining at least two hopping time intervals according to the gradient falling manner;
  • Step S32 selecting a time interval as the next IP address hopping time interval in the at least two hopping time intervals, wherein the selected time interval is the smallest time interval among the at least two time intervals.
  • the following steps are further included:
  • Step S41 setting a target value of the guarantee parameter and a target value of the avoidance parameter.
  • the time interval of the IP address hopping can be adjusted according to the target value at any time, and a compromise between performance and robustness can be achieved.
  • the guarantee parameter ( ⁇ ) represents the ratio of the throughput at the time of using the adaptive IP address hopping method to the throughput under the traditional network conditions; the evasive parameter ( ⁇ ) indicates the number of successful attackers and the total number of probes. The ratio of the number of times.
  • I(t) represents the number of worms at time t. Based on the simple worm breeding model and CAIDA data, calculate the difference between the slopes of the infected host at the previous moment and the next moment, and calculate the value: And set a threshold: This threshold takes into account both performance and security requirements.
  • the IP address change frequency Before the threshold is reached, the IP address change frequency will be within a certain range, and after the threshold is reached, the change interval will decrease rapidly. Then, two models are built to analyze the current threshold condition. When the calculated value is less than the threshold, the guaranteed transition parameter and the avoidance parameter and the current transition time interval are respectively used, and the gradient transition method is used to calculate the next transition time interval. Obtain two transition time intervals respectively. From the perspective of achieving better security, always select the smaller of the two intervals calculated this time as the time interval of the next IP address hopping. When the calculated value is greater than the threshold, the IP address hopping frequency increases exponentially to effectively cope with worm breeding because of performance and robustness.
  • the guarantee parameters are no longer decisive parameters in this case, and the evasive parameters are more important at this time.
  • the calculated value and the threshold are compared periodically, and the calculated value is continuously maintained through the above steps, and the comparison between the calculated value and the threshold is fed back in real time (refer to step S201 to step S207 of FIG. 2 for details).
  • the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation.
  • the technical solution of the present invention which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
  • the optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.
  • the embodiment also provides an IP address hopping device for the software-defined network SDN.
  • the device is used to implement the foregoing embodiments and optional implementations, and details are not described herein.
  • the term "module” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • FIG. 3 is a structural block diagram of an IP address hopping device of a software-defined network SDN according to an embodiment of the present invention. As shown in FIG. 3, the device includes:
  • the comparison module 32 is configured to compare the current calculated value with a predetermined threshold, wherein the current calculated value is a difference between the slopes of the infected host at the previous time and the next time;
  • the setting module 34 is set to set the next IP address hopping time interval according to the comparison result.
  • the application scenario of the IP address hopping device of the Software Defined Network includes: IP address hopping based on the time dimension, and in the application scenario, comparing The current calculated value and the predetermined threshold, wherein the current calculated value is a difference between the slopes of the infected host at the previous time and the next time; according to the comparison result, the next IP address hopping time interval is set.
  • the current calculated value and the predetermined threshold are compared in real time, and the next IP address hopping interval is dynamically set according to the comparison result, so that the IP address hopping based on the time dimension is relatively simple, and the technical effect of the IP address flexible hopping is achieved.
  • the setting module 34 includes:
  • the first setting unit 42 is configured to calculate the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval when the current calculated value is less than the predetermined threshold, where
  • the guarantee parameter is a ratio between the current network throughput and the traditional network throughput, and the evasive parameter is a ratio between the number of successful attackers and the total number of probes;
  • the second setting unit 44 is configured to set the next IP address hopping time interval in an exponentially decreasing manner when the current calculated value is greater than the predetermined threshold.
  • next IP address hopping interval can be flexibly set.
  • FIG. 5 is a structural block diagram (2) of an IP address hopping device of a software-defined network SDN according to an embodiment of the present invention.
  • the first setting unit 42 includes:
  • the obtaining sub-unit 52 is configured to use the guarantee parameter, the evasive parameter and the current IP address hopping time interval respectively, and obtain at least two hopping time intervals according to the gradient falling manner; 2) selecting the sub-unit 54, set to A time interval is selected as the next IP address hopping time interval in the at least two hopping time intervals, wherein the selected time interval is the smallest time interval of the at least two time intervals.
  • the setting of the next IP address hopping time interval is made relatively safe with respect to the current network.
  • the setting module 34 includes a first setting unit 42 and a second setting unit 44. include:
  • the third setting unit 62 is configured to set a target value of the guarantee parameter and the avoidance before calculating the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval The target value of the sexual parameter.
  • the time interval of the IP address hopping can be adjusted at any time according to the target value, and a compromise between performance and robustness can be achieved.
  • the predetermined threshold is Where I(t) represents the number of infected hosts at time t.
  • each of the above modules may be implemented by software or hardware.
  • the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the above modules are in any combination.
  • the forms are located in different processors.
  • Embodiments of the present invention also provide a storage medium.
  • the foregoing storage medium may be configured to store program code for performing the following steps:
  • the foregoing storage medium may include: a USB flash drive, a read-only memory (ROM), a random access memory (RAM), a mobile hard disk, a magnetic disk, or a magnetic disk. And other media that can store program code.
  • the processor performs the above steps S1, S2 according to the stored program code in the storage medium.
  • Computer storage medium includes volatile and nonvolatile, implemented in any method or technology for storing information, such as computer readable instructions, data structures, program modules, or other data. , removable and non-removable media.
  • Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical disc storage, magnetic cartridge, magnetic tape, magnetic disk storage or other magnetic storage device, or may Any other medium used to store the desired information and that can be accessed by the computer.
  • communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and can include any information delivery media.
  • the IP address hopping based on the time dimension is relatively simple, and the IP address flexible hopping is implemented.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

An IP address hopping method and apparatus for a software defined network (SDN). The method comprises: comparing a current calculated value and a pre-determined threshold, wherein the current calculated value is the difference between an infected host slope of the previous moment and the next moment (S102); and setting the next IP address hopping time interval according to the comparison result (S104).

Description

软件定义网络SDN的IP地址跳变方法及装置IP address hopping method and device for software defined network SDN 技术领域Technical field
本文涉及但不限于通信领域,具体而言,涉及一种软件定义网络SDN的互联网协议IP地址跳变方法及装置。This document relates to, but is not limited to, the field of communications, and in particular to a method and apparatus for Internet Protocol IP address hopping of a software defined network SDN.
背景技术Background technique
随着科技发展,伴随而来的是互联网安全形势日益严峻,传统的互联网安全防御方法已经不能很好的起作用。移动目标防御技术(MTD)是近年来美国科学技术委员会提出的网络空间“改变游戏规则”的革命性技术之一。它完全不同于以往的网络安全研究思路,通过多样的、不断变化的构建、评价和部署机制及策略来增加攻击者的攻击难度及代价,有效限制脆弱性暴露及被攻击的机会。IP地址跳变就是MTD中一项重要技术,目前基于时间维度的IP地址跳变方法比较单一。With the development of science and technology, the Internet security situation is becoming more and more serious, and the traditional Internet security defense methods have not worked well. Mobile Target Defense Technology (MTD) is one of the revolutionary technologies in the cyberspace “changing the rules of the game” proposed by the US Science and Technology Commission in recent years. It is completely different from previous cybersecurity research ideas. It increases the attacker's attack difficulty and cost through various and ever-changing construction, evaluation and deployment mechanisms and strategies, and effectively limits the exposure and vulnerability of the vulnerability. IP address hopping is an important technology in MTD. At present, the IP address hopping method based on time dimension is relatively simple.
发明内容Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
本发明实施例提供了一种软件定义网络SDN的IP地址跳变方法及装置。The embodiment of the invention provides a method and device for IP address hopping of a software defined network SDN.
根据本发明的一个实施例,提供了一种软件定义网络SDN的IP地址跳变方法,包括:比较当前计算值和预定阈值,其中,所述当前计算值为上一时刻和下一时刻受感染主机斜率的差值;根据比较结果,设置下一IP地址跳变时间间隔。According to an embodiment of the present invention, a method for IP address hopping of a software-defined network SDN is provided, including: comparing a current calculated value with a predetermined threshold, wherein the current calculated value is infected at a previous time and a next time The difference between the host slopes; according to the comparison result, set the next IP address hopping interval.
可选地,所述根据比较结果,设置下一IP地址跳变时间间隔包括:在所述当前计算值小于所述预定阈值时,根据保证性参数、躲避性参数以及当前IP地址跳变时间间隔计算所述下一IP地址跳变时间间隔,其中,所述保证性参数为当前网络吞吐量和传统网络吞吐量之间的比值,所述躲避性参数为 攻击者成功的探测次数和总探测次数之间的比值;在所述当前计算值大于所述预定阈值时,按照指数级递减的方式设置所述下一IP地址跳变时间间隔。Optionally, the setting the next IP address hopping time interval according to the comparison result includes: according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval when the current calculated value is less than the predetermined threshold Calculating the next IP address hopping time interval, where the guarantee parameter is a ratio between a current network throughput and a traditional network throughput, where the evasive parameter is an attacker's successful detection times and total detection times a ratio between the two; the next IP address hopping time interval is set in an exponentially decreasing manner when the current calculated value is greater than the predetermined threshold.
可选地,所述根据保证性参数、躲避性参数以及当前IP地址跳变时间间隔计算所述下一IP地址跳变时间间隔包括:分别使用保证性参数、躲避性参数以及当前IP地址跳变时间间隔,按照梯度下降的方式得到至少两个跳变时间间隔;在所述至少两个跳变时间间隔中选择一个时间间隔作为所述下一IP地址跳变时间间隔,其中,选择的时间间隔为所述至少两个时间间隔中最小的时间间隔。Optionally, the calculating the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping interval includes: using a guarantee parameter, an evasive parameter, and a current IP address hopping, respectively. Time interval, at least two hopping time intervals are obtained according to a gradient falling manner; one time interval is selected as the next IP address hopping time interval in the at least two hopping time intervals, wherein the selected time interval The smallest time interval of the at least two time intervals.
可选地,在根据保证性参数、躲避性参数以及当前IP地址跳变时间间隔计算所述下一IP地址跳变时间间隔之前,还包括:设置所述保证性参数的目标值和所述躲避性参数的目标值。Optionally, before calculating the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval, the method further includes: setting a target value of the guarantee parameter and the avoiding The target value of the sexual parameter.
可选地,所述预定阈值为
Figure PCTCN2018076729-appb-000001
其中,I(t)表示在t时刻受感染主机的数量。 Optionally, the predetermined threshold is
Figure PCTCN2018076729-appb-000001
Where I(t) represents the number of infected hosts at time t.
根据本发明的另一个实施例,提供了一种软件定义网络SDN的IP地址跳变装置,包括:比较模块,设置为比较当前计算值和预定阈值,其中,所述当前计算值为上一时刻和下一时刻受感染主机斜率的差值;设置模块,设置为根据比较结果,设置下一IP地址跳变时间间隔。According to another embodiment of the present invention, there is provided an IP address hopping device for a software-defined network SDN, comprising: a comparison module configured to compare a current calculated value with a predetermined threshold, wherein the current calculated value is a previous time The difference from the slope of the infected host at the next moment; the setting module is set to set the next IP address hopping interval according to the comparison result.
可选地,所述设置模块包括:第一设置单元,设置为在所述当前计算值小于所述预定阈值时,根据保证性参数、躲避性参数以及当前IP地址跳变时间间隔计算所述下一IP地址跳变时间间隔,其中,所述保证性参数为当前网络吞吐量和传统网络吞吐量之间的比值,所述躲避性参数为攻击者成功的探测次数和总探测次数之间的比值;第二设置单元,设置为在所述当前计算值大于所述预定阈值时,按照指数级递减的方式设置所述下一IP地址跳变时间间隔。Optionally, the setting module includes: a first setting unit, configured to calculate, according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval, when the current calculated value is less than the predetermined threshold An IP address hopping time interval, wherein the guarantee parameter is a ratio between a current network throughput and a traditional network throughput, and the evasive parameter is a ratio between an attacker's successful number of probes and a total number of probes. And a second setting unit, configured to set the next IP address hopping time interval in an exponentially decreasing manner when the current calculated value is greater than the predetermined threshold.
可选地,所述第一设置单元包括:获取子单元,设置为分别使用保证性参数、躲避性参数以及当前IP地址跳变时间间隔,按照梯度下降的方式得到至少两个跳变时间间隔;选择子单元,设置为在所述至少两个跳变时间间隔中选择一个时间间隔作为所述下一IP地址跳变时间间隔,其中,选择的时间间隔为所述至少两个时间间隔中最小的时间间隔。Optionally, the first setting unit includes: an obtaining sub-unit, configured to obtain at least two hopping time intervals according to a gradient descent manner by using a guarantee parameter, an evasive parameter, and a current IP address hopping time interval respectively; Selecting a subunit, configured to select a time interval as the next IP address hopping time interval in the at least two hopping time intervals, wherein the selected time interval is the smallest of the at least two time intervals time interval.
可选地,所述设置模块还包括:第三设置单元,设置为在根据保证性参数、躲避性参数以及当前IP地址跳变时间间隔计算所述下一IP地址跳变时间间隔之前,设置所述保证性参数的目标值和所述躲避性参数的目标值。Optionally, the setting module further includes: a third setting unit, configured to: before calculating the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval, The target value of the guarantee parameter and the target value of the avoidance parameter.
可选地,所述预定阈值为
Figure PCTCN2018076729-appb-000002
其中,I(t)表示在t时刻受感染主机的数量。 Optionally, the predetermined threshold is
Figure PCTCN2018076729-appb-000002
Where I(t) represents the number of infected hosts at time t.
根据本发明的又一个实施例,还提供了一种存储介质。该存储介质设置为存储用于执行以下步骤的程序代码:According to still another embodiment of the present invention, a storage medium is also provided. The storage medium is arranged to store program code for performing the following steps:
比较当前计算值和预定阈值,其中,所述当前计算值为上一时刻和下一时刻受感染主机斜率的差值;根据比较结果,设置下一IP地址跳变时间间隔。Comparing the current calculated value with a predetermined threshold, wherein the current calculated value is a difference between the slopes of the infected host at the previous time and the next time; and according to the comparison result, setting a next IP address hopping time interval.
通过本发明实施例,比较当前计算值和预定阈值,其中,该当前计算值为上一时刻和下一时刻受感染主机斜率的差值;根据比较结果,设置下一IP地址跳变时间间隔。也就是说,实时比较当前计算值和预定阈值,并根据比较结果动态设置下一IP地址跳变时间间隔,可以避免基于时间维度的IP地址跳变比较单一,达到IP地址灵活跳变的技术效果。According to the embodiment of the present invention, the current calculated value and the predetermined threshold are compared, wherein the current calculated value is a difference between the slopes of the infected host at the previous time and the next time; and according to the comparison result, the next IP address hopping time interval is set. In other words, the current calculated value and the predetermined threshold are compared in real time, and the next IP address hopping interval is dynamically set according to the comparison result, so that the IP address hopping based on the time dimension is relatively simple, and the technical effect of the IP address flexible hopping is achieved. .
在阅读并理解了附图和详细描述后,可以明白其他方面。Other aspects will be apparent upon reading and understanding the drawings and detailed description.
附图概述BRIEF abstract
图1是根据本发明实施例的软件定义网络SDN的IP地址跳变方法流程图;1 is a flowchart of a method for IP address hopping of a software-defined network SDN according to an embodiment of the present invention;
图2是根据本发明实施例的另一软件定义网络SDN的IP地址跳变方法流程图;2 is a flow chart of another software-defined network SDN IP address hopping method according to an embodiment of the present invention;
图3是根据本发明实施例的软件定义网络SDN的IP地址跳变装置的结构框图;3 is a structural block diagram of an IP address hopping device of a software-defined network SDN according to an embodiment of the present invention;
图4是根据本发明实施例的软件定义网络SDN的IP地址跳变装置的结构框图(一);4 is a structural block diagram (1) of an IP address hopping device of a software-defined network SDN according to an embodiment of the present invention;
图5是根据本发明实施例的软件定义网络SDN的IP地址跳变装置的结构框图(二);5 is a structural block diagram (2) of an IP address hopping device of a software-defined network SDN according to an embodiment of the present invention;
图6是根据本发明实施例的软件定义网络SDN的IP地址跳变装置的结 构框图(三)。Figure 6 is a block diagram (3) of the structure of an IP address hopping device of a software-defined network SDN according to an embodiment of the present invention.
本发明的实施方式Embodiments of the invention
下文中将参考附图并结合实施例来详细说明本发明。The invention will be described in detail below with reference to the drawings in conjunction with the embodiments.
需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It is to be understood that the terms "first", "second" and the like in the specification and claims of the present invention are used to distinguish similar objects, and are not necessarily used to describe a particular order or order.
本发明实施例提供了一种软件定义网络SDN的IP地址跳变方法,图1是根据本发明实施例的软件定义网络SDN的IP地址跳变方法流程图,如图1所示,该流程包括如下步骤:The embodiment of the present invention provides a method for hopping an IP address of a software-defined network SDN. FIG. 1 is a flowchart of a method for hopping an IP address of a software-defined network SDN according to an embodiment of the present invention. As shown in FIG. 1 , the process includes The following steps:
步骤S102,比较当前计算值和预定阈值,其中,该当前计算值为上一时刻和下一时刻受感染主机斜率的差值;Step S102, comparing the current calculated value with a predetermined threshold, wherein the current calculated value is a difference between the slopes of the infected host at the previous time and the next time;
步骤S104,根据比较结果,设置下一IP地址跳变时间间隔。Step S104, according to the comparison result, setting a next IP address hopping time interval.
可选地,在本实施例中,上述软件定义网络(Software Defined Network,简称为SDN)的IP地址跳变方法的应用场景包括:基于时间维度的IP地址跳变,在该应用场景下,比较当前计算值和预定阈值,其中,该当前计算值为上一时刻和下一时刻受感染主机斜率的差值;根据比较结果,设置下一IP地址跳变时间间隔。也就是说,实时比较当前计算值和预定阈值,并根据比较结果动态设置下一IP地址跳变时间间隔,可以避免基于时间维度的IP地址跳变比较单一,达到IP地址灵活跳变的技术效果。Optionally, in this embodiment, the application scenario of the IP address hopping method of the Software Defined Network (SDN) includes: IP address hopping based on the time dimension, and in the application scenario, comparing The current calculated value and the predetermined threshold, wherein the current calculated value is a difference between the slopes of the infected host at the previous time and the next time; according to the comparison result, the next IP address hopping time interval is set. In other words, the current calculated value and the predetermined threshold are compared in real time, and the next IP address hopping interval is dynamically set according to the comparison result, so that the IP address hopping based on the time dimension is relatively simple, and the technical effect of the IP address flexible hopping is achieved. .
下面结合具体示例,对本实施进行举例说明。The present embodiment will be exemplified below with reference to specific examples.
本示例提出了一种基于软件定义网络(SDN)在时间维度上的IP地址自适应跳变的策略。具体包括如下步骤:This example proposes a strategy for adaptive hopping of IP addresses based on software-defined networks (SDN) in the time dimension. Specifically, the following steps are included:
步骤S11,提出了两个评估参数:(1)保证性参数(Φ);(2)躲避性参数(Θ)。In step S11, two evaluation parameters are proposed: (1) a guarantee parameter (Φ); (2) an avoidance parameter (Θ).
步骤S12,基于蠕虫繁殖的机制设置一个阈值。In step S12, a threshold is set based on the mechanism of worm propagation.
步骤S13,分别根据两种情况建立相应的两个模型,(1)当小于阈值时以及(2)超过阈值时。可分别计算下一个IP地址的跳变间隔。In step S13, two corresponding models are established according to two cases, (1) when it is less than the threshold and (2) when the threshold is exceeded. The transition interval of the next IP address can be calculated separately.
步骤S14,周期性比较计算值和阈值,通过上述步骤S11至S14不断的维护计算值。In step S14, the calculated value and the threshold are periodically compared, and the calculated value is continuously maintained through the above steps S11 to S14.
本示例的有益效果是:能根据系统的要求,来设定两个目标值:保证性参数目标值和躲避性参数目标值,并可使用梯度下降方法获得两个的最优值。控制器可以根据目标值来随时调整IP地址跳变的时间间隔,可以实现性能和鲁棒性的折中。当超过阈值时,系统会快速增大IP地址跳变的频率来实现对蠕虫繁殖的防御。The beneficial effect of this example is that two target values can be set according to the requirements of the system: the guaranteed parameter target value and the avoidance parameter target value, and the two optimal values can be obtained by using the gradient descent method. The controller can adjust the time interval of IP address hopping at any time according to the target value, which can achieve a compromise between performance and robustness. When the threshold is exceeded, the system will quickly increase the frequency of IP address hopping to achieve defense against worm breeding.
在一个可选地实施方式中,根据比较结果,设置IP地址跳变时间间隔包括以下步骤:In an optional implementation manner, setting the IP address hopping time interval according to the comparison result includes the following steps:
步骤S21,在该当前计算值小于该预定阈值时,根据保证性参数、躲避性参数以及当前IP地址跳变时间间隔计算该下一IP地址跳变时间间隔,其中,该保证性参数为当前网络吞吐量和传统网络吞吐量之间的比值,该躲避性参数为攻击者成功的探测次数和总探测次数之间的比值;Step S21: When the current calculated value is less than the predetermined threshold, calculate the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval, where the guarantee parameter is the current network. The ratio between the throughput and the traditional network throughput. The evasive parameter is the ratio between the number of successful attackers and the total number of probes.
需要说明的是,上述预定阈值可以为
Figure PCTCN2018076729-appb-000003
其中,I(t)表示在t时刻受感染主机的数量,即受感染主机斜率差值的最大值。 It should be noted that the foregoing predetermined threshold may be
Figure PCTCN2018076729-appb-000003
Where I(t) represents the number of infected hosts at time t, ie the maximum value of the slope difference of the infected host.
步骤S22,在该当前计算值大于该预定阈值时,按照指数级递减的方式设置该下一IP地址跳变时间间隔。Step S22: When the current calculated value is greater than the predetermined threshold, set the next IP address hopping time interval in an exponentially decreasing manner.
通过上述步骤S21至步骤S22,可以灵活设置下一IP地址跳变时间间隔。Through the above steps S21 to S22, the next IP address hopping time interval can be flexibly set.
可选地,根据保证性参数、躲避性参数以及当前IP地址跳变时间间隔计算该下一IP地址跳变时间间隔包括以下步骤:Optionally, calculating the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping interval includes the following steps:
步骤S31,分别使用保证性参数、躲避性参数以及当前IP地址跳变时间间隔,按照梯度下降的方式得到至少两个跳变时间间隔;Step S31, using the guarantee parameter, the evasive parameter, and the current IP address hopping time interval, and obtaining at least two hopping time intervals according to the gradient falling manner;
步骤S32,在上述至少两个跳变时间间隔中选择一个时间间隔作为该下一IP地址跳变时间间隔,其中,选择的时间间隔为上述至少两个时间间隔中最小的时间间隔。Step S32, selecting a time interval as the next IP address hopping time interval in the at least two hopping time intervals, wherein the selected time interval is the smallest time interval among the at least two time intervals.
通过上述步骤S31至步骤S32,使得下一IP地址跳变时间间隔的设置相对于当前网络较为安全。Through the above steps S31 to S32, the setting of the next IP address hopping time interval is made relatively safe with respect to the current network.
可选地,在根据保证性参数、躲避性参数以及当前IP地址跳变时间间隔 计算该下一IP地址跳变时间间隔之前,还包括以下步骤:Optionally, before calculating the next IP address hopping interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping interval, the following steps are further included:
步骤S41,设置该保证性参数的目标值和该躲避性参数的目标值。Step S41, setting a target value of the guarantee parameter and a target value of the avoidance parameter.
通过上述步骤S41,可以根据目标值来随时调整IP地址跳变的时间间隔,可以实现性能和鲁棒性的折中。Through the above step S41, the time interval of the IP address hopping can be adjusted according to the target value at any time, and a compromise between performance and robustness can be achieved.
下面结合具体示例,对本实施例进行举例说明。The present embodiment will be exemplified below with reference to specific examples.
首先,提出两个评估参数:(1)保证性参数(Φ);(2)躲避性参数(Θ)。保证性参数(Φ)表示在使用自适应IP地址跳变方法的时候的吞吐量和在传统网络状况下的吞吐量的比值;躲避性参数(Θ)表示攻击者成功的探测次数和总共探测的次数的比值。其次,I(t)表示在t时刻蠕虫的数量。基于简单蠕虫繁殖模型和CAIDA数据,计算上一时刻和下一时刻受感染主机斜率的差值,计算值:
Figure PCTCN2018076729-appb-000004
并设定一个阈值:
Figure PCTCN2018076729-appb-000005
该阈值兼顾性能和安全两方面的要求。在达到阈值之前,IP地址变化频率将会在一个确定的范围之内,而在达到阈值之后,变化时间间隔会迅速减小。然后,建立两个模型,分析当前阈值状况。当计算值小于阈值时,分别使用保证性参数和躲避性参数以及当前的跳变时间间隔,运用梯度下降的方法,计算得到下一个跳变时间间隔。分别得到两个跳变时间间隔。从达到更好的安全性方面考虑,总是选择本次计算出的两个间隔中较小的那个时间间隔作为下一次IP地址跳变的时间间隔。当计算值大于阈值时,因为考虑到性能和鲁棒性,IP地址跳变频率以指数级增长来有效的应对蠕虫繁殖的情况。此外,保证性参数在此情况下不再是决定性的参数,躲避性参数此时更加重要。最后,周期性比较计算值和阈值,通过上述步骤不断的维护计算值,实时反馈计算值和阈值的比较状况(具体可参见图2的步骤S201至步骤S207所示)。 First, two evaluation parameters are proposed: (1) guaranteedness parameter (Φ); (2) avoidance parameter (Θ). The guarantee parameter (Φ) represents the ratio of the throughput at the time of using the adaptive IP address hopping method to the throughput under the traditional network conditions; the evasive parameter (Θ) indicates the number of successful attackers and the total number of probes. The ratio of the number of times. Second, I(t) represents the number of worms at time t. Based on the simple worm breeding model and CAIDA data, calculate the difference between the slopes of the infected host at the previous moment and the next moment, and calculate the value:
Figure PCTCN2018076729-appb-000004
And set a threshold:
Figure PCTCN2018076729-appb-000005
This threshold takes into account both performance and security requirements. Before the threshold is reached, the IP address change frequency will be within a certain range, and after the threshold is reached, the change interval will decrease rapidly. Then, two models are built to analyze the current threshold condition. When the calculated value is less than the threshold, the guaranteed transition parameter and the avoidance parameter and the current transition time interval are respectively used, and the gradient transition method is used to calculate the next transition time interval. Obtain two transition time intervals respectively. From the perspective of achieving better security, always select the smaller of the two intervals calculated this time as the time interval of the next IP address hopping. When the calculated value is greater than the threshold, the IP address hopping frequency increases exponentially to effectively cope with worm breeding because of performance and robustness. In addition, the guarantee parameters are no longer decisive parameters in this case, and the evasive parameters are more important at this time. Finally, the calculated value and the threshold are compared periodically, and the calculated value is continuously maintained through the above steps, and the comparison between the calculated value and the threshold is fed back in real time (refer to step S201 to step S207 of FIG. 2 for details).
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的 形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, The optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.
本实施例还提供了一种软件定义网络SDN的IP地址跳变装置,该装置用于实现上述实施例及可选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。The embodiment also provides an IP address hopping device for the software-defined network SDN. The device is used to implement the foregoing embodiments and optional implementations, and details are not described herein. As used below, the term "module" may implement a combination of software and/or hardware of a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
图3是根据本发明实施例的软件定义网络SDN的IP地址跳变装置的结构框图,如图3所示,该装置包括:3 is a structural block diagram of an IP address hopping device of a software-defined network SDN according to an embodiment of the present invention. As shown in FIG. 3, the device includes:
1)比较模块32,设置为比较当前计算值和预定阈值,其中,该当前计算值为上一时刻和下一时刻受感染主机斜率的差值;1) The comparison module 32 is configured to compare the current calculated value with a predetermined threshold, wherein the current calculated value is a difference between the slopes of the infected host at the previous time and the next time;
2)设置模块34,设置为根据比较结果,设置下一IP地址跳变时间间隔。2) The setting module 34 is set to set the next IP address hopping time interval according to the comparison result.
可选地,在本实施例中,上述软件定义网络(Software Defined Network,简称为SDN)的IP地址跳变装置的应用场景包括:基于时间维度的IP地址跳变,在该应用场景下,比较当前计算值和预定阈值,其中,该当前计算值为上一时刻和下一时刻受感染主机斜率的差值;根据比较结果,设置下一IP地址跳变时间间隔。也就是说,实时比较当前计算值和预定阈值,并根据比较结果动态设置下一IP地址跳变时间间隔,可以避免基于时间维度的IP地址跳变比较单一,达到IP地址灵活跳变的技术效果。Optionally, in this embodiment, the application scenario of the IP address hopping device of the Software Defined Network (SDN) includes: IP address hopping based on the time dimension, and in the application scenario, comparing The current calculated value and the predetermined threshold, wherein the current calculated value is a difference between the slopes of the infected host at the previous time and the next time; according to the comparison result, the next IP address hopping time interval is set. In other words, the current calculated value and the predetermined threshold are compared in real time, and the next IP address hopping interval is dynamically set according to the comparison result, so that the IP address hopping based on the time dimension is relatively simple, and the technical effect of the IP address flexible hopping is achieved. .
图4是根据本发明实施例的软件定义网络SDN的IP地址跳变装置的结构框图(一),如图4所示,设置模块34包括:4 is a structural block diagram (1) of an IP address hopping device of a software-defined network SDN according to an embodiment of the present invention. As shown in FIG. 4, the setting module 34 includes:
1)第一设置单元42,设置为在该当前计算值小于该预定阈值时,根据保证性参数、躲避性参数以及当前IP地址跳变时间间隔计算该下一IP地址跳变时间间隔,其中,该保证性参数为当前网络吞吐量和传统网络吞吐量之间的比值,该躲避性参数为攻击者成功的探测次数和总探测次数之间的比值;1) The first setting unit 42 is configured to calculate the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval when the current calculated value is less than the predetermined threshold, where The guarantee parameter is a ratio between the current network throughput and the traditional network throughput, and the evasive parameter is a ratio between the number of successful attackers and the total number of probes;
2)第二设置单元44,设置为在该当前计算值大于该预定阈值时,按照 指数级递减的方式设置该下一IP地址跳变时间间隔。2) The second setting unit 44 is configured to set the next IP address hopping time interval in an exponentially decreasing manner when the current calculated value is greater than the predetermined threshold.
通过图4所示装置,可以灵活设置下一IP地址跳变时间间隔。Through the device shown in Figure 4, the next IP address hopping interval can be flexibly set.
图5是根据本发明实施例的软件定义网络SDN的IP地址跳变装置的结构框图(二),如图5所示,第一设置单元42包括:FIG. 5 is a structural block diagram (2) of an IP address hopping device of a software-defined network SDN according to an embodiment of the present invention. As shown in FIG. 5, the first setting unit 42 includes:
1)获取子单元52,设置为分别使用保证性参数、躲避性参数以及当前IP地址跳变时间间隔,按照梯度下降的方式得到至少两个跳变时间间隔;2)选择子单元54,设置为在该至少两个跳变时间间隔中选择一个时间间隔作为该下一IP地址跳变时间间隔,其中,选择的时间间隔为该至少两个时间间隔中最小的时间间隔。1) The obtaining sub-unit 52 is configured to use the guarantee parameter, the evasive parameter and the current IP address hopping time interval respectively, and obtain at least two hopping time intervals according to the gradient falling manner; 2) selecting the sub-unit 54, set to A time interval is selected as the next IP address hopping time interval in the at least two hopping time intervals, wherein the selected time interval is the smallest time interval of the at least two time intervals.
通过图5所示装置,使得下一IP地址跳变时间间隔的设置相对于当前网络较为安全。Through the apparatus shown in FIG. 5, the setting of the next IP address hopping time interval is made relatively safe with respect to the current network.
图6是根据本发明实施例的软件定义网络SDN的IP地址跳变装置的结构框图(三),如图6所示,设置模块34除了包括第一设置单元42和第二设置单元44外还包括:6 is a structural block diagram (3) of an IP address hopping device of a software-defined network SDN according to an embodiment of the present invention. As shown in FIG. 6, the setting module 34 includes a first setting unit 42 and a second setting unit 44. include:
1)第三设置单元62,设置为在根据保证性参数、躲避性参数以及当前IP地址跳变时间间隔计算该下一IP地址跳变时间间隔之前,设置该保证性参数的目标值和该躲避性参数的目标值。1) The third setting unit 62 is configured to set a target value of the guarantee parameter and the avoidance before calculating the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval The target value of the sexual parameter.
通过图6所示装置,可以根据目标值来随时调整IP地址跳变的时间间隔,可以实现性能和鲁棒性的折中。Through the device shown in FIG. 6, the time interval of the IP address hopping can be adjusted at any time according to the target value, and a compromise between performance and robustness can be achieved.
可选地,该预定阈值为
Figure PCTCN2018076729-appb-000006
其中,I(t)表示在t时刻受感染主机的数量。 Optionally, the predetermined threshold is
Figure PCTCN2018076729-appb-000006
Where I(t) represents the number of infected hosts at time t.
需要说明的是,上述各个模块是可以通过软件或硬件来实现的,对于后者,可以通过以下方式实现,但不限于此:上述模块均位于同一处理器中;或者,上述各个模块以任意组合的形式分别位于不同的处理器中。It should be noted that each of the above modules may be implemented by software or hardware. For the latter, the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the above modules are in any combination. The forms are located in different processors.
本发明的实施例还提供了一种存储介质。可选地,在本实施例中,上述存储介质可以被设置为存储用于执行以下步骤的程序代码:Embodiments of the present invention also provide a storage medium. Optionally, in the embodiment, the foregoing storage medium may be configured to store program code for performing the following steps:
S1,比较当前计算值和预定阈值,其中,该当前计算值为上一时刻和下一时刻受感染主机斜率的差值;S1, comparing the current calculated value with a predetermined threshold, wherein the current calculated value is a difference between the slopes of the infected host at the previous time and the next time;
S2,根据比较结果,设置下一IP地址跳变时间间隔。S2, according to the comparison result, set the next IP address hopping interval.
可选地,在本实施例中,上述存储介质可以包括:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。Optionally, in this embodiment, the foregoing storage medium may include: a USB flash drive, a read-only memory (ROM), a random access memory (RAM), a mobile hard disk, a magnetic disk, or a magnetic disk. And other media that can store program code.
可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行上述步骤S1、S2。Optionally, in this embodiment, the processor performs the above steps S1, S2 according to the stored program code in the storage medium.
可选地,本实施例中的具体示例可以参考上述实施例及可选实施方式中所描述的示例,本实施例在此不再赘述。For example, the specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the optional embodiments, and details are not described herein again.
本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、系统、装置中的功能模块/单元可以被实施为软件、固件、硬件及其适当的组合。在硬件实施方式中,在以上描述中提及的功能模块/单元之间的划分不一定对应于物理单元的划分;例如,一个物理组件可以具有多个功能,或者一个功能或步骤可以由若干物理组件合作执行。某些组件或所有组件可以被实施为由处理器,如数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪存或其他存储器技术、CD-ROM、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外,本领域技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。以 上所述仅为本发明的可选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。Those of ordinary skill in the art will appreciate that all or some of the steps, systems, and functional blocks/units of the methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical units; for example, one physical component may have multiple functions, or one function or step may be composed of several physical The components work together. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on a computer readable medium, which may include computer storage media (or non-transitory media) and communication media (or transitory media). As is well known to those of ordinary skill in the art, the term computer storage medium includes volatile and nonvolatile, implemented in any method or technology for storing information, such as computer readable instructions, data structures, program modules, or other data. , removable and non-removable media. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical disc storage, magnetic cartridge, magnetic tape, magnetic disk storage or other magnetic storage device, or may Any other medium used to store the desired information and that can be accessed by the computer. Moreover, it is well known to those skilled in the art that communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and can include any information delivery media. The above is only an alternative embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
工业实用性Industrial applicability
本发明实施例可以避免基于时间维度的IP地址跳变比较单一,实现IP地址灵活跳变。In the embodiment of the present invention, the IP address hopping based on the time dimension is relatively simple, and the IP address flexible hopping is implemented.

Claims (11)

  1. 一种软件定义网络SDN的互联网协议IP地址跳变方法,包括:A software protocol network SDN internet protocol IP address hopping method, comprising:
    比较当前计算值和预定阈值,其中,所述当前计算值为上一时刻和下一时刻受感染主机斜率的差值(S102);Comparing the current calculated value with a predetermined threshold, wherein the current calculated value is a difference between the slopes of the infected host at the previous time and the next time (S102);
    根据比较结果,设置下一IP地址跳变时间间隔(S104)。According to the comparison result, the next IP address hopping time interval is set (S104).
  2. 根据权利要求1所述的方法,其中,所述根据比较结果,设置下一IP地址跳变时间间隔(S104)包括:The method of claim 1, wherein the setting the next IP address hopping time interval (S104) according to the comparison result comprises:
    在所述当前计算值小于所述预定阈值时,根据保证性参数、躲避性参数以及当前IP地址跳变时间间隔计算所述下一IP地址跳变时间间隔,其中,所述保证性参数为当前网络吞吐量和传统网络吞吐量之间的比值,所述躲避性参数为攻击者成功的探测次数和总探测次数之间的比值;When the current calculated value is less than the predetermined threshold, the next IP address hopping time interval is calculated according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval, where the guarantee parameter is current The ratio between the network throughput and the traditional network throughput, the evasive parameter being the ratio between the number of successful attackers and the total number of probes;
    在所述当前计算值大于所述预定阈值时,按照指数级递减的方式设置所述下一IP地址跳变时间间隔。When the current calculated value is greater than the predetermined threshold, the next IP address hopping time interval is set in an exponentially decreasing manner.
  3. 根据权利要求2所述的方法,其中,所述根据保证性参数、躲避性参数以及当前IP地址跳变时间间隔计算所述下一IP地址跳变时间间隔包括:The method according to claim 2, wherein the calculating the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval comprises:
    分别使用保证性参数、躲避性参数以及当前IP地址跳变时间间隔,按照梯度下降的方式得到至少两个跳变时间间隔;Obtaining at least two transition time intervals according to the gradient falling manner by using the guarantee parameter, the evasive parameter, and the current IP address hopping time interval respectively;
    在所述至少两个跳变时间间隔中选择一个时间间隔作为所述下一IP地址跳变时间间隔,其中,选择的时间间隔为所述至少两个时间间隔中最小的时间间隔。Selecting one time interval as the next IP address hopping time interval in the at least two hopping time intervals, wherein the selected time interval is the smallest time interval of the at least two time intervals.
  4. 根据权利要求2所述的方法,还包括:The method of claim 2 further comprising:
    在根据保证性参数、躲避性参数以及当前IP地址跳变时间间隔计算所述下一IP地址跳变时间间隔之前,设置所述保证性参数的目标值和所述躲避性参数的目标值。And setting a target value of the guarantee parameter and a target value of the avoidance parameter before calculating the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval.
  5. 根据权利要求1至4任一项所述的方法,其中,The method according to any one of claims 1 to 4, wherein
    所述预定阈值为
    Figure PCTCN2018076729-appb-100001
    其中,I(t)表示在t时刻受感染主机的数量。     The predetermined threshold
    Figure PCTCN2018076729-appb-100001
    Where I(t) represents the number of infected hosts at time t.
  6. 一种软件定义网络SDN的互联网协议IP地址跳变装置,包括:A software protocol network SDN internet protocol IP address hopping device, comprising:
    比较模块(32),设置为比较当前计算值和预定阈值,其中,所述当前计算值为上一时刻和下一时刻受感染主机斜率的差值;a comparison module (32) configured to compare the current calculated value with a predetermined threshold, wherein the current calculated value is a difference between the slopes of the infected host at the previous time and the next time;
    设置模块(34),设置为根据比较结果,设置下一IP地址跳变时间间隔。The setting module (34) is set to set the next IP address hopping time interval according to the comparison result.
  7. 根据权利要求6所述的装置,其中,所述设置模块(34)包括:The apparatus of claim 6 wherein said setting module (34) comprises:
    第一设置单元(42),设置为在所述当前计算值小于所述预定阈值时,根据保证性参数、躲避性参数以及当前IP地址跳变时间间隔计算所述下一IP地址跳变时间间隔,其中,所述保证性参数为当前网络吞吐量和传统网络吞吐量之间的比值,所述躲避性参数为攻击者成功的探测次数和总探测次数之间的比值;The first setting unit (42) is configured to calculate, according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval, the next IP address hopping time interval when the current calculated value is less than the predetermined threshold The guarantee parameter is a ratio between a current network throughput and a traditional network throughput, and the evasive parameter is a ratio between an attacker's successful number of probes and a total number of probes;
    第二设置单元(44),设置为在所述当前计算值大于所述预定阈值时,按照指数级递减的方式设置所述下一IP地址跳变时间间隔。The second setting unit (44) is configured to set the next IP address hopping time interval in an exponentially decreasing manner when the current calculated value is greater than the predetermined threshold.
  8. 根据权利要求7所述的装置,其中,所述第一设置单元(42)包括:The apparatus according to claim 7, wherein said first setting unit (42) comprises:
    获取子单元(52),设置为分别使用保证性参数、躲避性参数以及当前IP地址跳变时间间隔,按照梯度下降的方式得到至少两个跳变时间间隔;Obtaining a sub-unit (52), configured to use the guarantee parameter, the evasive parameter, and the current IP address hopping time interval respectively, and obtain at least two hopping time intervals according to the gradient descent manner;
    选择子单元(54),设置为在所述至少两个跳变时间间隔中选择一个时间间隔作为所述下一IP地址跳变时间间隔,其中,选择的时间间隔为所述至少两个时间间隔中最小的时间间隔。Selecting a subunit (54), configured to select a time interval as the next IP address hopping time interval in the at least two hopping time intervals, wherein the selected time interval is the at least two time intervals The smallest time interval.
  9. 根据权利要求7所述的装置,所述设置模块(34)还包括:The apparatus of claim 7, the setting module (34) further comprising:
    第三设置模块(62),设置为在根据保证性参数、躲避性参数以及当前IP地址跳变时间间隔计算所述下一IP地址跳变时间间隔之前,设置所述保证性参数的目标值和所述躲避性参数的目标值。The third setting module (62) is configured to set a target value of the guarantee parameter and before calculating the next IP address hopping time interval according to the guarantee parameter, the evasive parameter, and the current IP address hopping time interval The target value of the evasive parameter.
  10. 根据权利要求6至9任一项所述的装置,其中,A device according to any one of claims 6 to 9, wherein
    所述预定阈值为
    Figure PCTCN2018076729-appb-100002
    其中,I(t)表示在t时刻受感染主机的数量。     The predetermined threshold
    Figure PCTCN2018076729-appb-100002
    Where I(t) represents the number of infected hosts at time t.
  11. 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被处理器执行时实现权利要求1至5中任一项所述的方法。A computer readable storage medium storing computer executable instructions that, when executed by a processor, implement the method of any one of claims 1 to 5.
PCT/CN2018/076729 2017-02-16 2018-02-13 Ip address hopping method and apparatus for software defined network (sdn) WO2018149406A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710084288.9A CN108449441A (en) 2017-02-16 2017-02-16 The IP address jump method and device of software defined network SDN
CN201710084288.9 2017-02-16

Publications (1)

Publication Number Publication Date
WO2018149406A1 true WO2018149406A1 (en) 2018-08-23

Family

ID=63169146

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/076729 WO2018149406A1 (en) 2017-02-16 2018-02-13 Ip address hopping method and apparatus for software defined network (sdn)

Country Status (2)

Country Link
CN (1) CN108449441A (en)
WO (1) WO2018149406A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115996210A (en) * 2023-03-23 2023-04-21 湖南盾神科技有限公司 Address port hopping method of source variable mode

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113225255A (en) * 2021-03-31 2021-08-06 福建奇点时空数字科技有限公司 SDN random route hopping method based on trigger generation mechanism

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105282035A (en) * 2015-11-09 2016-01-27 中国电子科技集团公司第三十研究所 IP-address-bounce-based high-security network communication method
CN105429957A (en) * 2015-11-02 2016-03-23 芦斌 IP address jump safety communication method based on SDN framework
US20170005870A1 (en) * 2015-07-02 2017-01-05 Vencore Labs, Inc. Configuration agreement protocol method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9203798B2 (en) * 2013-07-18 2015-12-01 Empire Technology Development Llc Time based IP address hopping
CN106060184B (en) * 2016-05-11 2019-04-05 中国人民解放军国防信息学院 A kind of IP address hopping patterns generation method and jump controller based on three-dimensional

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170005870A1 (en) * 2015-07-02 2017-01-05 Vencore Labs, Inc. Configuration agreement protocol method
CN105429957A (en) * 2015-11-02 2016-03-23 芦斌 IP address jump safety communication method based on SDN framework
CN105282035A (en) * 2015-11-09 2016-01-27 中国电子科技集团公司第三十研究所 IP-address-bounce-based high-security network communication method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115996210A (en) * 2023-03-23 2023-04-21 湖南盾神科技有限公司 Address port hopping method of source variable mode

Also Published As

Publication number Publication date
CN108449441A (en) 2018-08-24

Similar Documents

Publication Publication Date Title
US20200287931A1 (en) System and method for applying a plurality of interconnected filters to protect a computing device from a distributed denial-of-service attack
US11030311B1 (en) Detecting and protecting against computing breaches based on lateral movement of a computer file within an enterprise
US20190156026A1 (en) Monitor apparatus, method, and non-transitory computer readable storage medium thereof
CN102761539B (en) For reducing the system and method for wrong report during Sampling network attack
KR102039842B1 (en) How to prevent network attacks, devices, and systems
ES2854701T3 (en) Computer storage methods and media to divide the security of sessions
US8359648B2 (en) Method and system for defending DDoS attack
US8813234B1 (en) Graph-based approach to deterring persistent security threats
CN105577608B (en) Network attack behavior detection method and device
US10063519B1 (en) Automatically optimizing web application firewall rule sets
US20140157415A1 (en) Information security analysis using game theory and simulation
US11665179B2 (en) Threat detection method and apparatus
CN111131283B (en) Malware detection system attack prevention
US9542683B2 (en) System and method for protecting electronic money transactions
US10931691B1 (en) Methods for detecting and mitigating brute force credential stuffing attacks and devices thereof
WO2018149406A1 (en) Ip address hopping method and apparatus for software defined network (sdn)
CN107517200B (en) Malicious crawler defense strategy selection method for Web server
WO2018177847A1 (en) Distributed denial of service analysis
CN110798382B (en) Port storm threshold control method and device, electronic equipment and storage medium
RU2598337C2 (en) System and method of selecting means of interception of data transmitted over network
US10972500B2 (en) Detection system, detection apparatus, detection method, and detection program
WO2022151579A1 (en) Backdoor attack active defense method and device in edge computing scene
US20190068635A1 (en) Data processing method, apparatus, and system
CN112738110A (en) Bypass blocking method and device, electronic equipment and storage medium
JP2014232923A (en) Communication equipment, cyber attack detection method and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18753552

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18753552

Country of ref document: EP

Kind code of ref document: A1