CN108400968A - A kind of efficient method for realizing mimicry defence model distributor - Google Patents

A kind of efficient method for realizing mimicry defence model distributor Download PDF

Info

Publication number
CN108400968A
CN108400968A CN201810038734.7A CN201810038734A CN108400968A CN 108400968 A CN108400968 A CN 108400968A CN 201810038734 A CN201810038734 A CN 201810038734A CN 108400968 A CN108400968 A CN 108400968A
Authority
CN
China
Prior art keywords
sessionid
distributor
request
virtual
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810038734.7A
Other languages
Chinese (zh)
Other versions
CN108400968B (en
Inventor
张旻
梁惠兵
姜明
胡恩超
汤景凡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dianzi University
Original Assignee
Hangzhou Dianzi University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dianzi University filed Critical Hangzhou Dianzi University
Priority to CN201810038734.7A priority Critical patent/CN108400968B/en
Publication of CN108400968A publication Critical patent/CN108400968A/en
Application granted granted Critical
Publication of CN108400968B publication Critical patent/CN108400968B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/255Maintenance or indexing of mapping tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/142Managing session states for stateless protocols; Signalling session states; State transitions; Keeping-state mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of efficient methods realized mimicry and defend model distributor.Steps are as follows by the present invention:The data packet that step (1) sends each client, it is deposited into distributor, the mapping table of a virtual SessionId to true SessionId is safeguarded in distributor, SessionId is virtual SessionId in the request that client is sent, and replaces with true SessionId in the mapping table;For step (2) when user's request is excessive, we take the mode of " head replicates, body link ", are only replicated to HTTP request head, and the data of body is asked to use on-link mode (OLM).After distributor, which replicates request, is distributed to N number of server, the occupied space of this request, that is, recoverable;After pre-processing twice as described above, user's request can be efficiently sent on the execution body of server back end step (3) by distributor, realize the function of distributor.The present invention reduces delay, improves efficiency as far as possible, and more efficient solution is provided for whole system.

Description

A kind of efficient method for realizing mimicry defence model distributor
Technical field
The invention belongs to computer software technical field, specifically a kind of efficient realization mimicry defence model distributor Method.
Background technology
The safety problem getting worse of Web server systems face, and traditional human technology is in Passive Defence position, It is difficult to cope with the problem of unknown attack threatens well.Then the U.S. proposes mobile target defence (moving target Defense, MTD) imagination, this be the U.S. be presently in disadvantage status for defender and propose one " change game rule Network security developing direction then " is expected that by implementation and continues, dynamically changes fascination attacker, to increase its intrusion scene And complexity, reduce its success attack rate.
It is proposed that the mimicry based on " dynamic heterogeneous redundancy " structure defends model, it is expected that by and is actively and passively touching Under the conditions of hair dynamically, be selected pseudo randomly and execute various hardware variants and corresponding software variant so that inside and outside is attacked The hardware execution environment and software work situation that person observes are very uncertain, can not or be difficult to build based on loophole (bug) Or the attack chain at back door, to reach the purpose for reducing system safety hazards." dynamic heterogeneous redundancy " structure makes in " processing " link Body set is executed with isomery to be handled, and same input is copied as N parts by inputting agency, and be distributed to and execute what body was concentrated N number of isomery executes body and is handled, and handling result is collected to voting machine and is put to the vote, and obtains unique relatively correctly defeated Go out.The safety of Web server can thus be greatly improved.
Invention content
In view of the deficiencies of the prior art, it is an object of the present invention to provide a kind of efficient realization mimicrys to defend model distributor Method.
The technical solution adopted by the present invention to solve the technical problems includes the following steps:
The data packet that step (1) sends each client, is deposited into distributor, due to multiple back-end services Multiple and different SessionId is preserved in device, so needing to safeguard a virtual SessionId to really in distributor The mapping table of SessionId, SessionId is virtual SessionId in the request that client is sent, and is replaced in the mapping table The key values of true SessionId, mapping table are virtual SessionId, and value values are the true SessionId of N number of server, Virtual SessionId is generated by distributor, and the HTTP that client receives is returned in packet, only this virtual SessionId, visitor Family end also only needs to interact using this virtual SessionId and server end;
Step (2), if the simple data by request replicate N parts, will occupy more when user's request is excessive The space of N times of distributor is taken the mode of " head replicates, body link ", i.e., is only replicated to HTTP request head, HTTP request head In include the information such as Cookie, SessionId, and the data of body is asked not need to change, so only needing to preserve The link of HTTP request body.After distributor, which replicates request, is distributed to N number of server, the occupied space of this request It withdraws;
After the pretreatment twice of step (1) and (2), user efficiently can be asked to send out step (3) by distributor It is sent on the execution body of server back end, realizes the function of distributor.
Advantageous effect of the present invention:
The present invention safeguards mappings of the virtual SessionId to true SessionId by using mapping table, and uses The scheme of " head replicates, body link ", realizes dispenser modules, is whole system to reduce delay as far as possible, improve efficiency Provide more efficient solution.
The present invention realizes the distributor of an efficient mimicry defence model by the accurate operation of mapping table and pointer Module.
Description of the drawings
Fig. 1 is schematic diagram of the present invention.
Specific implementation mode
The invention will be further described with reference to the accompanying drawings and examples.
As shown in Figure 1, a kind of efficient method for realizing mimicry defence model distributor, includes the following steps:
The data packet that step (1) sends each client, is deposited into distributor, due to multiple back-end services Multiple and different SessionId is preserved in device, so needing to safeguard a virtual SessionId to really in distributor The mapping table of SessionId, SessionId is virtual SessionId in the request that client is sent, and is replaced in the mapping table The key values of true SessionId, mapping table are virtual SessionId, and value values are the true SessionId of N number of server, Virtual SessionId is generated by distributor, and the HTTP that client receives is returned in packet, only this virtual SessionId, visitor Family end also only needs to interact using this virtual SessionId and server end;
Step (2), if the simple data by request replicate N parts, will occupy more when user's request is excessive The space of N times of distributor, we take the mode of " head replicates, body link ", i.e., are only replicated to HTTP request head, HTTP Include the information such as Cookie, SessionId in request header, and the data of body is asked not need to change, so only needing Preserve the link of HTTP request body.After distributor, which replicates request, is distributed to N number of server, this request is occupied empty Between it is i.e. recoverable;
After pre-processing twice as described above, user's request can be efficiently sent to step (3) by distributor On the execution body of server back end, the function of distributor is realized.

Claims (1)

1. a kind of efficient method for realizing mimicry defence model distributor, it is characterised in that include the following steps:
The data packet that step (1) sends each client, is deposited into distributor, due in multiple back-end servers Multiple and different SessionId is preserved, so needing to safeguard a virtual SessionId to really in distributor The mapping table of SessionId, SessionId is virtual SessionId in the request that client is sent, and is replaced in the mapping table The key values of true SessionId, mapping table are virtual SessionId, and value values are the true SessionId of N number of server, Virtual SessionId is generated by distributor, and the HTTP that client receives returns to only this virtual SessionId, visitor in packet Family end also only needs to interact using this virtual SessionId and server end;
Step (2) takes the mode of " head replicates, body link " when user's request is excessive:Only HTTP request head is answered It makes, includes Cookie, SessionId information in HTTP request head, and the data of body is asked not need to change, so Only need the link of preservation HTTP request body;After distributor, which replicates request, is distributed to N number of server, shared by this request With space, that is, recoverable;
After the pretreatment twice of step (1) and (2), user's request can be efficiently sent to step (3) by distributor On the execution body of server back end, the function of distributor is realized.
CN201810038734.7A 2018-01-16 2018-01-16 Method for realizing mimicry defense model distributor Active CN108400968B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810038734.7A CN108400968B (en) 2018-01-16 2018-01-16 Method for realizing mimicry defense model distributor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810038734.7A CN108400968B (en) 2018-01-16 2018-01-16 Method for realizing mimicry defense model distributor

Publications (2)

Publication Number Publication Date
CN108400968A true CN108400968A (en) 2018-08-14
CN108400968B CN108400968B (en) 2019-12-24

Family

ID=63094861

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810038734.7A Active CN108400968B (en) 2018-01-16 2018-01-16 Method for realizing mimicry defense model distributor

Country Status (1)

Country Link
CN (1) CN108400968B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110557437A (en) * 2019-08-05 2019-12-10 上海拟态数据技术有限公司 universal mimicry distribution voting scheduling device and method based on user-defined protocol
CN112422579A (en) * 2020-11-30 2021-02-26 福州大学 Execution body set construction method based on mimicry defense Sketch

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7139792B1 (en) * 2000-09-29 2006-11-21 Intel Corporation Mechanism for locking client requests to a particular server
CN101247367A (en) * 2008-04-08 2008-08-20 中国电信股份有限公司 Content providing method and system based on content distribution network and peer-to-peer network
CN101483662A (en) * 2008-01-09 2009-07-15 财团法人工业技术研究院 Packet forwarding apparatus and method for virtual storage network switch
CN103036910A (en) * 2013-01-05 2013-04-10 北京网康科技有限公司 Method and device for controlling user web access behaviors
CN104954384A (en) * 2015-06-24 2015-09-30 浙江大学 Url (uniform resource locator) pseudo method for protecting Web application security
CN106656834A (en) * 2016-11-16 2017-05-10 上海红阵信息科技有限公司 IS-IS routing protocol heterogeneous function equivalent body parallel normalization device and method
CN106874755A (en) * 2017-01-22 2017-06-20 中国人民解放军信息工程大学 The consistent escape error processing apparatus of majority and its method based on mimicry Prevention-Security zero-day attacks
CN107092518A (en) * 2017-04-17 2017-08-25 上海红神信息技术有限公司 A kind of Compilation Method for protecting mimicry system of defense software layer safe

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7139792B1 (en) * 2000-09-29 2006-11-21 Intel Corporation Mechanism for locking client requests to a particular server
CN101483662A (en) * 2008-01-09 2009-07-15 财团法人工业技术研究院 Packet forwarding apparatus and method for virtual storage network switch
CN101247367A (en) * 2008-04-08 2008-08-20 中国电信股份有限公司 Content providing method and system based on content distribution network and peer-to-peer network
CN103036910A (en) * 2013-01-05 2013-04-10 北京网康科技有限公司 Method and device for controlling user web access behaviors
CN104954384A (en) * 2015-06-24 2015-09-30 浙江大学 Url (uniform resource locator) pseudo method for protecting Web application security
CN106656834A (en) * 2016-11-16 2017-05-10 上海红阵信息科技有限公司 IS-IS routing protocol heterogeneous function equivalent body parallel normalization device and method
CN106874755A (en) * 2017-01-22 2017-06-20 中国人民解放军信息工程大学 The consistent escape error processing apparatus of majority and its method based on mimicry Prevention-Security zero-day attacks
CN107092518A (en) * 2017-04-17 2017-08-25 上海红神信息技术有限公司 A kind of Compilation Method for protecting mimicry system of defense software layer safe

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
梁慧兵等: "The Implement of Voting Device in Mimicry Defense Model", 《REVISTA DE LA FACULTAD DE INGENIERIA》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110557437A (en) * 2019-08-05 2019-12-10 上海拟态数据技术有限公司 universal mimicry distribution voting scheduling device and method based on user-defined protocol
CN110557437B (en) * 2019-08-05 2021-11-19 上海拟态数据技术有限公司 Universal mimicry distribution voting scheduling device and method based on user-defined protocol
CN112422579A (en) * 2020-11-30 2021-02-26 福州大学 Execution body set construction method based on mimicry defense Sketch

Also Published As

Publication number Publication date
CN108400968B (en) 2019-12-24

Similar Documents

Publication Publication Date Title
Li et al. Detection and defense of DDoS attack–based on deep learning in OpenFlow‐based SDN
US11122067B2 (en) Methods for detecting and mitigating malicious network behavior and devices thereof
EP4400988A2 (en) System and method for url fetching retry mechanism
Daglis et al. RPCValet: NI-driven tail-aware balancing of µs-scale RPCs
CN102291390B (en) Method for defending against denial of service attack based on cloud computation platform
Liljenstam et al. Rinse: The real-time immersive network simulation environment for network security exercises (extended version)
Walfish et al. DDoS defense by offense
Sanka et al. Efficient high performance FPGA based NoSQL caching system for blockchain scalability and throughput improvement
CN103347020B (en) A kind of system and method across application authorization access
CN110768966B (en) Secure cloud management system construction method and device based on mimicry defense
CN107454039B (en) Network attack detection system, method and computer readable storage medium
CN110213208A (en) A kind of method and apparatus and storage medium of processing request
US20190147451A1 (en) Collaborate Fraud Prevention
CN108400968A (en) A kind of efficient method for realizing mimicry defence model distributor
CN109873876A (en) A kind of method of the interaction and computational load equilibrium assignment of distributed virtual environment
JP7178421B2 (en) Information processing method, device, program, and recording medium
CN107306255A (en) Defend flow attacking method, the presets list generation method, device and cleaning equipment
CN107995202A (en) A kind of method that mimicry defence model voting machine is realized using Hash table packs
Roy et al. Fuzzy miner selection toward Blockchain-based secure communication using multifactor authentication
Roberts et al. Bounding inconsistency using a novel threshold metric for dead reckoning update packet generation
Suksomboon et al. Towards performance prediction of multicore software routers
JP7178422B2 (en) Information processing method, device, program, and recording medium
CN110460559A (en) Distribution hits detection method, device and the computer readable storage medium of library behavior
CN108494805A (en) A kind of processing method and processing device of CC attacks
Krizhanovsky Tempesta: a framework for HTTP DDoS attacks mitigation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20180814

Assignee: Hangzhou Greentown Information Technology Co.,Ltd.

Assignor: HANGZHOU DIANZI University

Contract record no.: X2023330000109

Denomination of invention: A Method for Implementing a Pseudo Defense Model Distributor

Granted publication date: 20191224

License type: Common License

Record date: 20230311