CN106534046B - A kind of mimicry data transfer server and data transmission method - Google Patents
A kind of mimicry data transfer server and data transmission method Download PDFInfo
- Publication number
- CN106534046B CN106534046B CN201510574160.1A CN201510574160A CN106534046B CN 106534046 B CN106534046 B CN 106534046B CN 201510574160 A CN201510574160 A CN 201510574160A CN 106534046 B CN106534046 B CN 106534046B
- Authority
- CN
- China
- Prior art keywords
- protocol
- type
- client
- mimicry
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/03—Protocol definition or specification
Abstract
The invention proposes a kind of mimicry data transfer server and data transmission methods, and the server includes: mimicry protocol characteristic management module, mimicry protocol selection module and mimicry protocol data transmission module;The mimicry protocol characteristic management module, the protocol characteristic several for the format management using protocol characteristic database, the protocol characteristic includes: protocol type, OS Type, stage code and answer code;The mimicry protocol selection module, for client-based request camouflage one include the virtual server of specific operating system and protocol type, and the relevant information of specific operation system and protocol type that virtual server uses is sent back to the client for issuing request;Wherein, the specific operating system and protocol type are from protocol characteristic database;The mimicry protocol data transmission module, for completing the data transmission in a session between client and server-side based on the virtual server that mimicry protocol selection module is client building.
Description
Technical field
The present invention relates to network technique fields, are related specifically to data security transmission, and in particular to a kind of mimicry data biography
Defeated server and data transmission method.
Background technique
Under internet environment, data transmission has reliable data transmission and corrupt data transmission.In ICP/IP protocol stack
Under, the typical protocol of reliable data transmission is transmission control protocol (TCP), and corrupt data transmission is User Datagram Protocol
(UDP), furthermore aiming at the problem that encountering in TCP transmission stream data, there has been proposed stream control transmission protocol (SCTP).Although
IETF is directed to these protocol definitions RFC, but due to the difference of operating system and the understanding difference of realization personnel, in different behaviour
Even if making same agreement under system, also there is difference.Client is sent out by sending connection request to server-side according to server-side
The response returned, can determine whether server-side uses which kind of operating system, which system version and which kind of agreement.This is just network
Attacker provides the necessary information of object of attack.
To prevent attacker from accurately judging that server-side is used system and other information, the present invention is used for reference in biology
Mimicry thinking, make server-side in different times, for different clients, make different responses, prevent client from standard
Server-side really is judged for information about, to achieve the purpose that interfere client judgement.
Summary of the invention
The purpose of the present invention is to provide a kind of server-side mimicry data transmission method, this method prevents client from accurate
Ground judges server-side for information about, and attacker is prevented further to implement targetedly to attack.
To achieve the above object of the invention, a kind of mimicry data transfer server of the present invention, the server includes: mimicry association
Discuss feature management module, mimicry protocol selection module and mimicry protocol data transmission module;
The mimicry protocol characteristic management module, the agreement several for the format management using protocol characteristic database are special
Sign, the protocol characteristic includes: protocol type, OS Type, stage code and answer code;The protocol characteristic database can
To be arranged independently of mimicry protocol characteristic management module or be located in mimicry protocol characteristic management module.
The mimicry protocol selection module, for client-based request pretend one comprising specific operating system with
The virtual server of protocol type, and the relevant information of specific operation system and protocol type that virtual server uses is sent back to
Issue the client of request;
Wherein, the specific operating system and protocol type are from protocol characteristic database;
The mimicry protocol data transmission module, for being the virtual clothes of client building based on mimicry protocol selection module
The data that device is completed in a session between client and server-side of being engaged in are transmitted.
Optionally, above-mentioned server also includes: protocol characteristic acquisition module, for the method using ergonomics, or
Person installs the method acquisition protocols feature of corresponding operating system or client actual measurement, and by the feature of the protocol characteristic collected
Code deposit protocol characteristic database;Wherein, the mimicry is passed through using the protocol characteristic that protocol characteristic acquisition module collects
Protocol characteristic management module is input to protocol characteristic database.
Optionally, above-mentioned server also includes: parsing module, and user's request for being obtained based on server judges visitor
The protocol type at family end.
Above-mentioned mimicry protocol selection module further includes:
OS Type obtains module, the class of the virtual opetrating system for obtaining server one of with the following method
Type:
Method one: it according to the IP address of the received client of server, port numbers, request time and stage code, calculates
To OS Type;
Method two determines OS Type using random device;
Method three determines OS Type using the request command sending time of client;
Answer code acquisition submodule, the class of the protocol type of client, virtual opetrating system for being obtained according to parsing
The stage code that type, client are sent is key assignments, and search protocol property data base obtains answer code, with this answer code to client
Request responds;
Record sub module, the virtual opetrating system type for using four-tuple list records to set for a client,
The element that the quaternary Groups List includes is successively are as follows: client ip, port numbers, OS Type and protocol type.
In addition, the data transmission method uses above-mentioned mimicry number the present invention also provides a kind of mimicry data transmission method
It is client transmissions data according to transmission server, the data transmission method includes:
Step 101) client issues service request, establishes the connection of server and client side;
Client ip address, port numbers and the protocol type that step 102) is sent using client obtain server end as key assignments
Virtual opetrating system type;
Wherein, the type of virtual opetrating system includes: the practical operating system used of server and unserviced device are practical
Using and be stored in the operating system of protocol characteristic database;
For step 103) with the protocol type of client, the stage code that the type and client of virtual opetrating system are sent is key
Value, search protocol property data base, and then obtain answer code or response routines, and based on obtained answer code or response routines into
The data of a session between row client and server are transmitted;
Wherein, protocol characteristic database is the condition code for storing the protocol characteristic collected, the protocol characteristic
Include: protocol type, OS Type, stage code and answer code.
Optionally, above-mentioned steps 102) it further includes:
Step 102-1) after server-side obtains client request, judgement obtains protocol type;
Step 102-2) the virtual opetrating system type for being directed to a client is obtained one of with the following method:
Operating system class is calculated according to the IP address of client, port numbers, request time and stage code in method one
Type;
Method two determines OS Type using random device;
Method three determines OS Type according to request time.
Above-mentioned steps 103) with protocol type, virtual opetrating system type, the stage code for key assignments, search protocol characteristic
Library obtains answer code, is responded client request for clients providing data with this answer code.
Compared with prior art, the present invention has the advantage that the present invention solves attacker's accurate judgement server-side institute
The problem of using operating system, protocol version, reduce the probability being broken to a certain extent.
Detailed description of the invention
Fig. 1 mimicry data transmission applications schematic diagram of a scenario provided in an embodiment of the present invention;
The schematic diagram of transmission process of Fig. 2 mimicry data transmission system provided in an embodiment of the present invention;
TCP mimicry data transmit example in Fig. 3 embodiment provided in an embodiment of the present invention.
Specific embodiment
With reference to the accompanying drawing with the table technical solution that the present invention will be described in detail.
The present invention provides a kind of mimicry data transfer server and the data transmission method based on the server, the data
Transmission method prevents client from accurately judging server for information about, and then prevents potential attacker to server reality
Apply targeted attack.
To achieve the above object of the invention, a kind of mimicry data transfer server of the invention, comprising: mimicry protocol characteristic pipe
Manage module, mimicry protocol selection module and mimicry protocol data transmission module.In the present invention, mimicry protocol characteristic management module
It is responsible for the management of protocol characteristic, the protocol characteristic includes protocol type, OS Type, stage code, answer code etc..At this
In invention, mimicry protocol selection module is responsible for selection specific protocol mode after being connected to client request and carries out response processing.Its
Middle mimicry protocol data transmission module is responsible for after agreement is selected, keeps the association of same version in an ession for telecommunication
View consistently completes the data transmission of server and client side.
The management method that above-mentioned mimicry protocol characteristic management module uses refers to the side used when the module management protocol characteristic
Method.The protocol characteristic includes protocol type, OS Type, stage code, answer code, is gone out in the form of protocol characteristic library
It is existing.The method that ergonomics can be used in the acquisition of protocol characteristic, or installation corresponding operating system, utilize client actual measurement
Method.After collecting protocol characteristic, protocol characteristic database is input to by mimicry protocol characteristic management module, input
Process can have man-machine interface.
After the agreement selection method that above-mentioned mimicry protocol selection module uses refers to that server-side obtains client request, judgement
Protocol type out, by mimicry protocol selection module according to some functions (function can with but be not intended to limit using Hash letter
Number), it is input with the IP address of client, port numbers, request time, stage code, virtual opetrating system type is calculated;Its
In random device can also be used or request time determines OS Type.With protocol type, (protocol type herein is as visitor
The request of family end uses conventional analysis method to determine when reaching), virtual opetrating system type, stage code for key assignments, search protocol
Feature database obtains answer code, is responded with this code to client request, and in (client ip, port numbers, operating system class
Type, protocol type) OS Type is recorded in quaternary Groups List.So as to pretend specific operating system and protocol realization.
Above-mentioned server also includes: parsing module, and user's request for being obtained based on server judges the association of client
Discuss type.
The data transmission method that above-mentioned mimicry protocol data transmission module uses refers to the service between server-side and client
After connection is established, with (client ip, port numbers, protocol type) for key assignments, OS Type is found out, then with (protocol class
Type, OS Type, stage code) it is key assignments, search protocol feature database obtains answer code or response routines, carries out phase later
Data are answered to transmit.Thus maintain the response consistency to particular clients particular port.
Above-mentioned server also includes: protocol characteristic acquisition module, for the method using ergonomics, or installation phase
The method acquisition protocols feature for answering operating system or client to survey, and the condition code of the protocol characteristic collected is stored in and is assisted
Discuss property data base;Wherein, the mimicry protocol characteristic is passed through using the protocol characteristic that protocol characteristic acquisition module collects
Management module is input to protocol characteristic database.
In addition, the data transmission method uses the mimicry of above-mentioned record the present invention also provides a kind of data transmission method
Data transfer server is client transmissions data, and the data transmission method includes: step 101) client issues service and asks
It asks, establishes the connection of server and client side;Client ip address, port numbers and the protocol class that step 102) is sent with client
Type is the type for the virtual opetrating system that key assignments obtains server end;Wherein, the type of virtual opetrating system includes: server is real
Practical use of operating system and unserviced device that border uses and be stored in the operating system of protocol characteristic database;Step 103)
With the protocol type of client, the stage code that the type and client of virtual opetrating system are sent is key assignments, search protocol feature
Database, and then answer code or response routines are obtained, and client and service are carried out based on obtained answer code or response routines
The data of a session between device are transmitted;Wherein, protocol characteristic database is for storing the protocol characteristic collected
Condition code, the protocol characteristic includes: protocol type, OS Type, stage code and answer code.
Above-mentioned steps 102) it further includes:
Step 102-1) after server-side obtains client request, judgement obtains protocol type;
Step 102-2) the virtual opetrating system type for being directed to a client is obtained one of with the following method:
Method one, according to function (function is including but not limited to using hash function herein), with the IP address of client, end
Slogan, request time, stage code are input, and OS Type is calculated;
Method two determines OS Type using random device;
Method three determines OS Type according to request time.
Above-mentioned steps 103) with protocol type, virtual opetrating system type, the stage code for key assignments, search protocol characteristic
Library obtains answer code, is responded client request for clients providing data with this answer code.
In the following with reference to the drawings and specific embodiments, to a kind of server-side mimicry data transmission method work provided by the present invention
It is further described.
Embodiment
With reference to the accompanying drawing 1, attached drawing 2, attached drawing 3 illustrate server-side mimicry data transmission method.As shown in Figure 1, being mimicry
Data transmission applications scene.In this scene, real service end can disguise oneself as different server-sides, and the server-side of the camouflage is adopted
With virtual opetrating system and specified protocol type.As shown in figure 3, assuming that mimicry data of the transport protocol using TCP when pass
Defeated example.Illustrate the present invention referring to Fig. 2 below with reference to this.
It is assumed that we use ergonomics method, Windows XP, Windows NT, 2.6 and of Linux are obtained
The condition code that the corresponding TCP Reno of FreeBSD is realized, and it is stored in protocol characteristic library.
It is assumed that client uses Windows XP, IP address is 192.168.1.1 (port numbers 1054), is initiated
TCP SYN is grouped into server-side, and 17 divide 25 seconds when the time at this time is 23 days 3 June in 2015.Server-side receives the TCP
After SYN grouping, can determine whether it is TCP using the protocol type that IP is grouped, then with (192.168.1.1, on June 23rd, 1054,2015
17 divide 25 seconds when 3, SYN) be mimicry protocol selection module input, it is assumed that obtained action type be Windows NT;With
(TCP, Windows NT, SYN) search protocol feature database, obtains answer code (it is assumed that 90), client is obtaining the answer code
The operating system for deciding that server-side afterwards is Windows NT, using TCP Reno.Server-side is in (client ip, port numbers, behaviour
Make system type, protocol type) (192.168.1.1,1054, Windows NT, TCP Reno) is recorded in quaternary Groups List.
In the subsequent data transmission node of the client, server-side then can consistently use Windows NT/TCP
Reno handles it.
In conclusion collecting Windows XP operating system using ergonomics method, Windows NT is operated
The condition code that system, 2.6 operating system of Linux and the corresponding TCP Reno of FreeBSD operating system are realized, and condition code is led to
Cross mimicry protocol characteristic management module deposit protocol characteristic database.
Illustrate that the other content in document for the those of ordinary skill in this professional domain, can carry out technology realization,
Which is not described herein again.
It should be noted last that the above examples are only used to illustrate the technical scheme of the present invention and are not limiting.Although ginseng
It is described the invention in detail according to embodiment, those skilled in the art should understand that, to technical side of the invention
Case is modified or replaced equivalently, and without departure from the spirit and scope of technical solution of the present invention, should all be covered in the present invention
Scope of the claims in.
Claims (8)
1. a kind of mimicry data transfer server, which is characterized in that the server includes: mimicry protocol characteristic management module,
Mimicry protocol selection module and mimicry protocol data transmission module;
The mimicry protocol characteristic management module, the protocol characteristic several for the format management using protocol characteristic database,
The protocol characteristic includes: protocol type, OS Type, stage code and answer code;
The mimicry protocol selection module, pretending one for client-based request includes specific operating system and agreement
The virtual server of type, and the relevant information of specific operation system and protocol type that virtual server uses is sent back into sending
The client of request;
Wherein, the specific operating system and protocol type are from protocol characteristic database;
The mimicry protocol data transmission module, for being the virtual server of client building based on mimicry protocol selection module
Complete the data transmission in a session between client and server-side.
2. mimicry data transfer server according to claim 1, which is characterized in that the server also includes:
Protocol characteristic acquisition module, for the method using ergonomics, or installation corresponding operating system or client reality
The method acquisition protocols feature of survey, and the condition code of the protocol characteristic collected is stored in protocol characteristic database;
Wherein, the protocol characteristic collected using protocol characteristic acquisition module is defeated by the mimicry protocol characteristic management module
Enter to protocol characteristic database.
3. mimicry data transfer server according to claim 1, which is characterized in that acquired using ergonomics method
Obtain Windows XP operating system, Windows NT operating system, 2.6 operating system of Linux and FreeBSD operating system
The condition code that corresponding TCP Reno is realized, and condition code is stored in protocol characteristic data by mimicry protocol characteristic management module
Library.
4. mimicry data transfer server according to claim 1, which is characterized in that the server also includes:
Parsing module, user's request for being obtained based on server, judges the protocol type of client.
5. mimicry data transfer server according to claim 4, which is characterized in that the mimicry protocol selection module into
One step includes:
OS Type obtains module, the type of the virtual opetrating system for obtaining server one of with the following method:
Method one: according to the IP address of the received client of server, port numbers, request time and stage code, behaviour is calculated
Make system type;
Method two randomly chooses OS Type;
Method three determines OS Type using the request command sending time of client;
Answer code acquisition submodule, the protocol type of client, the type of virtual opetrating system, visitor for being obtained according to parsing
The stage code that family end is sent is key assignments, and search protocol property data base is obtained answer code, done with this answer code to client request
It responds out;
Record sub module, the virtual opetrating system type for using four-tuple list records to set for a client are described
The element that quaternary Groups List includes is successively are as follows: client ip, port numbers, OS Type and protocol type.
6. a kind of mimicry data transmission method, the data transmission method is using any one of claim 1 to 5 claim note
The mimicry data transfer server of load is client transmissions data, and the data transmission method includes:
Step 101) client issues service request, establishes the connection of server and client side;
Client ip address, port numbers and the protocol type that step 102) is sent using client obtain the void of server end as key assignments
The type of quasi- operating system;
Wherein, the type of virtual opetrating system includes: the practical operating system used of server and the practical use of unserviced device
And it is stored in the operating system of protocol characteristic database;
For step 103) with the protocol type of client, the stage code that the type and client of virtual opetrating system are sent is key assignments,
Search protocol property data base, and then answer code or response routines are obtained, and carry out based on obtained answer code or response routines
The data of a session between client and server are transmitted;
Wherein, protocol characteristic database is the condition code for storing the protocol characteristic collected, and the protocol characteristic includes:
Protocol type, OS Type, stage code and answer code.
7. mimicry data transmission method according to claim 6, which is characterized in that the step 102) further includes:
Step 102-1) after server-side obtains client request, judgement obtains protocol type;
Step 102-2) the virtual opetrating system type for being directed to a client is obtained one of with the following method:
OS Type is calculated according to the IP address of client, port numbers, request time and stage code in method one;
Method two randomly chooses OS Type;
Method three determines OS Type according to request time.
8. mimicry data transmission method according to claim 7, which is characterized in that the step 103) with protocol type,
Virtual opetrating system type, stage code are key assignments, and search protocol property data base obtains answer code, with this answer code to client
End request responds as clients providing data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510574160.1A CN106534046B (en) | 2015-09-10 | 2015-09-10 | A kind of mimicry data transfer server and data transmission method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510574160.1A CN106534046B (en) | 2015-09-10 | 2015-09-10 | A kind of mimicry data transfer server and data transmission method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106534046A CN106534046A (en) | 2017-03-22 |
| CN106534046B true CN106534046B (en) | 2019-08-20 |
Family
ID=58346119
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510574160.1A Active CN106534046B (en) | 2015-09-10 | 2015-09-10 | A kind of mimicry data transfer server and data transmission method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106534046B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110557437B (en) * | 2019-08-05 | 2021-11-19 | 上海拟态数据技术有限公司 | Universal mimicry distribution voting scheduling device and method based on user-defined protocol |
| CN110401601B (en) * | 2019-08-20 | 2021-09-03 | 之江实验室 | Mimicry routing protocol system and method |
| CN113132358A (en) * | 2021-03-29 | 2021-07-16 | 井芯微电子技术(天津)有限公司 | Strategy distributor, mimic switch and network system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104394150A (en) * | 2014-11-26 | 2015-03-04 | 大连梯耐德网络技术有限公司 | System and method for implementing mimic security network architecture based on hardware reconfiguration |
| CN104754048A (en) * | 2015-03-30 | 2015-07-01 | 中国人民解放军信息工程大学 | Imitative organization structure of server cluster |
| CN104766025A (en) * | 2015-03-23 | 2015-07-08 | 中国人民解放军信息工程大学 | Mimicry tamper-proof method of distributed file system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9485276B2 (en) * | 2012-09-28 | 2016-11-01 | Juniper Networks, Inc. | Dynamic service handling using a honeypot |
-
2015
- 2015-09-10 CN CN201510574160.1A patent/CN106534046B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104394150A (en) * | 2014-11-26 | 2015-03-04 | 大连梯耐德网络技术有限公司 | System and method for implementing mimic security network architecture based on hardware reconfiguration |
| CN104766025A (en) * | 2015-03-23 | 2015-07-08 | 中国人民解放军信息工程大学 | Mimicry tamper-proof method of distributed file system |
| CN104754048A (en) * | 2015-03-30 | 2015-07-01 | 中国人民解放军信息工程大学 | Imitative organization structure of server cluster |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106534046A (en) | 2017-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103929429B (en) | Network Vulnerability Scanning System and method based on RESTful Web services | |
| US20180097779A1 (en) | Method and system for providing a transaction forwarding service in blockchain implementations | |
| CN104954322B (en) | A kind of binding processing method of account, apparatus and system | |
| CN110011988A (en) | Based on the certification authentication method and device of block chain, storage medium, electronic device | |
| CN101626369B (en) | Method, device and system for single sign-on | |
| CN103327025A (en) | Method and device for network access control | |
| CN102823196A (en) | Managing network communications between network nodes and stream transport protocol | |
| CN102055813A (en) | Access controlling method for network application and device thereof | |
| CN106534046B (en) | A kind of mimicry data transfer server and data transmission method | |
| CN103347020B (en) | A kind of system and method across application authorization access | |
| CN109067789A (en) | Web vulnerability scanning method, system based on linux system | |
| CN105072108B (en) | Transmission method, the apparatus and system of user information | |
| CN109451036A (en) | A kind of block chain safety communicating method, service node and system | |
| CN106060097B (en) | A kind of management system and management method of information security contest | |
| CN106681922A (en) | Simulation server response method and system | |
| CN108347428A (en) | Accreditation System, the method and apparatus of application program based on block chain | |
| CN109510758B (en) | Session establishing method, terminal and system | |
| CN107040618A (en) | The domain names service system and method for a kind of decentralization | |
| CN110099129A (en) | A kind of data transmission method and equipment | |
| CN110365712A (en) | A kind of defence method and system of distributed denial of service attack | |
| CN102647432A (en) | Authentication information transmission method, device and authentication middleware | |
| Lavrenovs et al. | Exploring features of HTTP responses for the classification of devices on the Internet | |
| CN104253796A (en) | Domain name system fast region identification method based on network address binding region levels | |
| US20150189004A1 (en) | Method and farm load balancing device for establishing a bi-directional server to server communication and computer program thereof | |
| CN103036895B (en) | A kind of status tracking method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210802 Address after: Room 1601, 16th floor, East Tower, Ximei building, No. 6, Changchun Road, high tech Industrial Development Zone, Zhengzhou, Henan 450001 Patentee after: Zhengzhou xinrand Network Technology Co.,Ltd. Address before: 100190, No. 21 West Fourth Ring Road, Beijing, Haidian District Patentee before: INSTITUTE OF ACOUSTICS, CHINESE ACADEMY OF SCIENCES |