CN108400968A - A kind of efficient method for realizing mimicry defence model distributor - Google Patents
A kind of efficient method for realizing mimicry defence model distributor Download PDFInfo
- Publication number
- CN108400968A CN108400968A CN201810038734.7A CN201810038734A CN108400968A CN 108400968 A CN108400968 A CN 108400968A CN 201810038734 A CN201810038734 A CN 201810038734A CN 108400968 A CN108400968 A CN 108400968A
- Authority
- CN
- China
- Prior art keywords
- sessionid
- distributor
- request
- virtual
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/255—Maintenance or indexing of mapping tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/142—Managing session states for stateless protocols; Signalling session states; State transitions; Keeping-state mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/146—Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of efficient methods realized mimicry and defend model distributor.Steps are as follows by the present invention:The data packet that step (1) sends each client, it is deposited into distributor, the mapping table of a virtual SessionId to true SessionId is safeguarded in distributor, SessionId is virtual SessionId in the request that client is sent, and replaces with true SessionId in the mapping table;For step (2) when user's request is excessive, we take the mode of " head replicates, body link ", are only replicated to HTTP request head, and the data of body is asked to use on-link mode (OLM).After distributor, which replicates request, is distributed to N number of server, the occupied space of this request, that is, recoverable;After pre-processing twice as described above, user's request can be efficiently sent on the execution body of server back end step (3) by distributor, realize the function of distributor.The present invention reduces delay, improves efficiency as far as possible, and more efficient solution is provided for whole system.
Description
Technical field
The invention belongs to computer software technical field, specifically a kind of efficient realization mimicry defence model distributor
Method.
Background technology
The safety problem getting worse of Web server systems face, and traditional human technology is in Passive Defence position,
It is difficult to cope with the problem of unknown attack threatens well.Then the U.S. proposes mobile target defence (moving target
Defense, MTD) imagination, this be the U.S. be presently in disadvantage status for defender and propose one " change game rule
Network security developing direction then " is expected that by implementation and continues, dynamically changes fascination attacker, to increase its intrusion scene
And complexity, reduce its success attack rate.
It is proposed that the mimicry based on " dynamic heterogeneous redundancy " structure defends model, it is expected that by and is actively and passively touching
Under the conditions of hair dynamically, be selected pseudo randomly and execute various hardware variants and corresponding software variant so that inside and outside is attacked
The hardware execution environment and software work situation that person observes are very uncertain, can not or be difficult to build based on loophole (bug)
Or the attack chain at back door, to reach the purpose for reducing system safety hazards." dynamic heterogeneous redundancy " structure makes in " processing " link
Body set is executed with isomery to be handled, and same input is copied as N parts by inputting agency, and be distributed to and execute what body was concentrated
N number of isomery executes body and is handled, and handling result is collected to voting machine and is put to the vote, and obtains unique relatively correctly defeated
Go out.The safety of Web server can thus be greatly improved.
Invention content
In view of the deficiencies of the prior art, it is an object of the present invention to provide a kind of efficient realization mimicrys to defend model distributor
Method.
The technical solution adopted by the present invention to solve the technical problems includes the following steps:
The data packet that step (1) sends each client, is deposited into distributor, due to multiple back-end services
Multiple and different SessionId is preserved in device, so needing to safeguard a virtual SessionId to really in distributor
The mapping table of SessionId, SessionId is virtual SessionId in the request that client is sent, and is replaced in the mapping table
The key values of true SessionId, mapping table are virtual SessionId, and value values are the true SessionId of N number of server,
Virtual SessionId is generated by distributor, and the HTTP that client receives is returned in packet, only this virtual SessionId, visitor
Family end also only needs to interact using this virtual SessionId and server end;
Step (2), if the simple data by request replicate N parts, will occupy more when user's request is excessive
The space of N times of distributor is taken the mode of " head replicates, body link ", i.e., is only replicated to HTTP request head, HTTP request head
In include the information such as Cookie, SessionId, and the data of body is asked not need to change, so only needing to preserve
The link of HTTP request body.After distributor, which replicates request, is distributed to N number of server, the occupied space of this request
It withdraws;
After the pretreatment twice of step (1) and (2), user efficiently can be asked to send out step (3) by distributor
It is sent on the execution body of server back end, realizes the function of distributor.
Advantageous effect of the present invention:
The present invention safeguards mappings of the virtual SessionId to true SessionId by using mapping table, and uses
The scheme of " head replicates, body link ", realizes dispenser modules, is whole system to reduce delay as far as possible, improve efficiency
Provide more efficient solution.
The present invention realizes the distributor of an efficient mimicry defence model by the accurate operation of mapping table and pointer
Module.
Description of the drawings
Fig. 1 is schematic diagram of the present invention.
Specific implementation mode
The invention will be further described with reference to the accompanying drawings and examples.
As shown in Figure 1, a kind of efficient method for realizing mimicry defence model distributor, includes the following steps:
The data packet that step (1) sends each client, is deposited into distributor, due to multiple back-end services
Multiple and different SessionId is preserved in device, so needing to safeguard a virtual SessionId to really in distributor
The mapping table of SessionId, SessionId is virtual SessionId in the request that client is sent, and is replaced in the mapping table
The key values of true SessionId, mapping table are virtual SessionId, and value values are the true SessionId of N number of server,
Virtual SessionId is generated by distributor, and the HTTP that client receives is returned in packet, only this virtual SessionId, visitor
Family end also only needs to interact using this virtual SessionId and server end;
Step (2), if the simple data by request replicate N parts, will occupy more when user's request is excessive
The space of N times of distributor, we take the mode of " head replicates, body link ", i.e., are only replicated to HTTP request head, HTTP
Include the information such as Cookie, SessionId in request header, and the data of body is asked not need to change, so only needing
Preserve the link of HTTP request body.After distributor, which replicates request, is distributed to N number of server, this request is occupied empty
Between it is i.e. recoverable;
After pre-processing twice as described above, user's request can be efficiently sent to step (3) by distributor
On the execution body of server back end, the function of distributor is realized.
Claims (1)
1. a kind of efficient method for realizing mimicry defence model distributor, it is characterised in that include the following steps:
The data packet that step (1) sends each client, is deposited into distributor, due in multiple back-end servers
Multiple and different SessionId is preserved, so needing to safeguard a virtual SessionId to really in distributor
The mapping table of SessionId, SessionId is virtual SessionId in the request that client is sent, and is replaced in the mapping table
The key values of true SessionId, mapping table are virtual SessionId, and value values are the true SessionId of N number of server,
Virtual SessionId is generated by distributor, and the HTTP that client receives returns to only this virtual SessionId, visitor in packet
Family end also only needs to interact using this virtual SessionId and server end;
Step (2) takes the mode of " head replicates, body link " when user's request is excessive:Only HTTP request head is answered
It makes, includes Cookie, SessionId information in HTTP request head, and the data of body is asked not need to change, so
Only need the link of preservation HTTP request body;After distributor, which replicates request, is distributed to N number of server, shared by this request
With space, that is, recoverable;
After the pretreatment twice of step (1) and (2), user's request can be efficiently sent to step (3) by distributor
On the execution body of server back end, the function of distributor is realized.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810038734.7A CN108400968B (en) | 2018-01-16 | 2018-01-16 | Method for realizing mimicry defense model distributor |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810038734.7A CN108400968B (en) | 2018-01-16 | 2018-01-16 | Method for realizing mimicry defense model distributor |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108400968A true CN108400968A (en) | 2018-08-14 |
CN108400968B CN108400968B (en) | 2019-12-24 |
Family
ID=63094861
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810038734.7A Active CN108400968B (en) | 2018-01-16 | 2018-01-16 | Method for realizing mimicry defense model distributor |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108400968B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110557437A (en) * | 2019-08-05 | 2019-12-10 | 上海拟态数据技术有限公司 | universal mimicry distribution voting scheduling device and method based on user-defined protocol |
CN112422579A (en) * | 2020-11-30 | 2021-02-26 | 福州大学 | Execution body set construction method based on mimicry defense Sketch |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7139792B1 (en) * | 2000-09-29 | 2006-11-21 | Intel Corporation | Mechanism for locking client requests to a particular server |
CN101247367A (en) * | 2008-04-08 | 2008-08-20 | 中国电信股份有限公司 | Content providing method and system based on content distribution network and peer-to-peer network |
CN101483662A (en) * | 2008-01-09 | 2009-07-15 | 财团法人工业技术研究院 | Packet forwarding apparatus and method for virtual storage network switch |
CN103036910A (en) * | 2013-01-05 | 2013-04-10 | 北京网康科技有限公司 | Method and device for controlling user web access behaviors |
CN104954384A (en) * | 2015-06-24 | 2015-09-30 | 浙江大学 | Url (uniform resource locator) pseudo method for protecting Web application security |
CN106656834A (en) * | 2016-11-16 | 2017-05-10 | 上海红阵信息科技有限公司 | IS-IS routing protocol heterogeneous function equivalent body parallel normalization device and method |
CN106874755A (en) * | 2017-01-22 | 2017-06-20 | 中国人民解放军信息工程大学 | The consistent escape error processing apparatus of majority and its method based on mimicry Prevention-Security zero-day attacks |
CN107092518A (en) * | 2017-04-17 | 2017-08-25 | 上海红神信息技术有限公司 | A kind of Compilation Method for protecting mimicry system of defense software layer safe |
-
2018
- 2018-01-16 CN CN201810038734.7A patent/CN108400968B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7139792B1 (en) * | 2000-09-29 | 2006-11-21 | Intel Corporation | Mechanism for locking client requests to a particular server |
CN101483662A (en) * | 2008-01-09 | 2009-07-15 | 财团法人工业技术研究院 | Packet forwarding apparatus and method for virtual storage network switch |
CN101247367A (en) * | 2008-04-08 | 2008-08-20 | 中国电信股份有限公司 | Content providing method and system based on content distribution network and peer-to-peer network |
CN103036910A (en) * | 2013-01-05 | 2013-04-10 | 北京网康科技有限公司 | Method and device for controlling user web access behaviors |
CN104954384A (en) * | 2015-06-24 | 2015-09-30 | 浙江大学 | Url (uniform resource locator) pseudo method for protecting Web application security |
CN106656834A (en) * | 2016-11-16 | 2017-05-10 | 上海红阵信息科技有限公司 | IS-IS routing protocol heterogeneous function equivalent body parallel normalization device and method |
CN106874755A (en) * | 2017-01-22 | 2017-06-20 | 中国人民解放军信息工程大学 | The consistent escape error processing apparatus of majority and its method based on mimicry Prevention-Security zero-day attacks |
CN107092518A (en) * | 2017-04-17 | 2017-08-25 | 上海红神信息技术有限公司 | A kind of Compilation Method for protecting mimicry system of defense software layer safe |
Non-Patent Citations (1)
Title |
---|
梁慧兵等: "The Implement of Voting Device in Mimicry Defense Model", 《REVISTA DE LA FACULTAD DE INGENIERIA》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110557437A (en) * | 2019-08-05 | 2019-12-10 | 上海拟态数据技术有限公司 | universal mimicry distribution voting scheduling device and method based on user-defined protocol |
CN110557437B (en) * | 2019-08-05 | 2021-11-19 | 上海拟态数据技术有限公司 | Universal mimicry distribution voting scheduling device and method based on user-defined protocol |
CN112422579A (en) * | 2020-11-30 | 2021-02-26 | 福州大学 | Execution body set construction method based on mimicry defense Sketch |
Also Published As
Publication number | Publication date |
---|---|
CN108400968B (en) | 2019-12-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Li et al. | Detection and defense of DDoS attack–based on deep learning in OpenFlow‐based SDN | |
US11122067B2 (en) | Methods for detecting and mitigating malicious network behavior and devices thereof | |
EP4400988A2 (en) | System and method for url fetching retry mechanism | |
Daglis et al. | RPCValet: NI-driven tail-aware balancing of µs-scale RPCs | |
CN102291390B (en) | Method for defending against denial of service attack based on cloud computation platform | |
Liljenstam et al. | Rinse: The real-time immersive network simulation environment for network security exercises (extended version) | |
Walfish et al. | DDoS defense by offense | |
Sanka et al. | Efficient high performance FPGA based NoSQL caching system for blockchain scalability and throughput improvement | |
CN103347020B (en) | A kind of system and method across application authorization access | |
CN110768966B (en) | Secure cloud management system construction method and device based on mimicry defense | |
CN107454039B (en) | Network attack detection system, method and computer readable storage medium | |
CN110213208A (en) | A kind of method and apparatus and storage medium of processing request | |
US20190147451A1 (en) | Collaborate Fraud Prevention | |
CN108400968A (en) | A kind of efficient method for realizing mimicry defence model distributor | |
CN109873876A (en) | A kind of method of the interaction and computational load equilibrium assignment of distributed virtual environment | |
JP7178421B2 (en) | Information processing method, device, program, and recording medium | |
CN107306255A (en) | Defend flow attacking method, the presets list generation method, device and cleaning equipment | |
CN107995202A (en) | A kind of method that mimicry defence model voting machine is realized using Hash table packs | |
Roy et al. | Fuzzy miner selection toward Blockchain-based secure communication using multifactor authentication | |
Roberts et al. | Bounding inconsistency using a novel threshold metric for dead reckoning update packet generation | |
Suksomboon et al. | Towards performance prediction of multicore software routers | |
JP7178422B2 (en) | Information processing method, device, program, and recording medium | |
CN110460559A (en) | Distribution hits detection method, device and the computer readable storage medium of library behavior | |
CN108494805A (en) | A kind of processing method and processing device of CC attacks | |
Krizhanovsky | Tempesta: a framework for HTTP DDoS attacks mitigation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20180814 Assignee: Hangzhou Greentown Information Technology Co.,Ltd. Assignor: HANGZHOU DIANZI University Contract record no.: X2023330000109 Denomination of invention: A Method for Implementing a Pseudo Defense Model Distributor Granted publication date: 20191224 License type: Common License Record date: 20230311 |