A kind of mimicry network node means of defence based on load change
Technical field
This invention relates to a kind of network communication method, particularly relates to a kind of mimicry network node means of defence based on load change.
Background technology
Along with the development of the Internet, core router disposal ability leaps day by day, and route system becomes complex, and Routing Software is made up of thousands of line code.Wherein must imply a large amount of leak and back door, this router is called " morbid state " router.Once malicious attacker has grasped these back doors or leak, an instruction message can start them, even controls this router.Therefore, traditional network node preventive means cannot detect this security threat lying in router interior, be badly in need of a kind of can according to the means of defence of router realized there is unknown safety defect.
Summary of the invention
Instant invention overcomes in prior art, in network service there is the problem of security threat in the protection of Anomaly route device, provides the mimicry network node means of defence based on load change that a kind of security performance is high.
Technical solution of the present invention is, provides a kind of mimicry network node means of defence based on load change with following steps, comprises the following steps,
Step 101: the message load entering node is converted according to the transform method of load change controller setting;
Step 102: Reseal is carried out to the message after load conversion;
Step 103: at intra-node according to this message of header process;
Step 104: carry out inverse transformation to message at node exit place, recovers load information;
Step 105: to the message Reseal recovering load information.
The alternate arrangement of described load change controller is manual configuration load transform method or by probability Stochastic choice load transform method.
Described transform method comprise to load be encrypted interference and other data inverible transform.
Encapsulation in described step 102 carries out the message that there occurs change after load conversion, and need to recalculate heading information, it comprises message length, recalculating of School Affairs etc.
Described Message processing comprises network node and extracts header, carries out the operation such as route, forwarding to message.
Encapsulation in described step 105 be to recover after load information encapsulate, namely message is before output equipment, carries out inverse transformation, recovers the message carrying out in step 101 converting.
The course of work of described load change controller comprises: step 301: according to varying one's tactics of administrator policy configuration load transform controller; Particularly, keeper can the load change method of configuring static, according to the conversion of predetermined period dynamic-configuration different loads, according to strategies such as particular probability Stochastic choice load change methods; Step 302: controller, according to the strategy of configuration, generates load change scheme; Step 303: by control channel, is issued to conversion scheme in protection implementation system.
Compared with prior art, the mimicry network node means of defence that the present invention is based on load change has the following advantages: can carry out inverible transform to load, eliminate the safe back door enabled instruction be hidden in message load, achieve the protection to the network node with safety defect, and can dynamically select load change method according to management strategy, make external attack be difficult to the message load transform method predicting that native system uses, improve the security feature of system.
Accompanying drawing explanation
Fig. 1 the present invention is based on the flow chart in the mimicry network node means of defence of load change;
Fig. 2 the present invention is based on the safeguard structure schematic diagram in the mimicry network node means of defence of load change;
Fig. 3 is the collocation method flow chart of load change controller in the mimicry network node means of defence that the present invention is based on load change.
Embodiment
Below in conjunction with the drawings and specific embodiments, the mimicry network node means of defence that the present invention is based on load change is described further: as shown in the figure, comprise the following steps in the present embodiment,
Step 101: the message load entering node is converted according to the transform method of load change controller setting;
Step 102: Reseal is carried out to the message after load conversion;
Step 103: at intra-node according to this message of header process;
Step 104: carry out inverse transformation to message at node exit place, recovers load information;
Step 105: to the message Reseal recovering load information.
The alternate arrangement of described load change controller is manual configuration load transform method or by probability Stochastic choice load transform method, load change controller can control the preventive means of protecting implementation system, the transform method of the message of the network node that controls to come in and go out.
Described transform method comprise to load be encrypted interference and other data inverible transform.
Encapsulation in described step 102 carries out the message that there occurs change after load conversion, and need to recalculate heading information, it comprises message length, recalculating of School Affairs etc.
Described Message processing comprises network node and extracts header, carries out the operation such as route, forwarding to message.
Encapsulation in described step 105 be to recover after load information encapsulate, namely message is before output equipment, carries out inverse transformation, recovers the message carrying out in step 101 converting.
The course of work of described load change controller comprises: step 301: according to varying one's tactics of administrator policy configuration load transform controller; Particularly, keeper can the load change method of configuring static, according to the conversion of predetermined period dynamic-configuration different loads, according to strategies such as particular probability Stochastic choice load change methods; Step 302: controller, according to the strategy of configuration, generates load change scheme; Step 303: by control channel, is issued to conversion scheme in protection implementation system.