Universal mimicry distribution voting scheduling device and method based on user-defined protocol
Technical Field
The invention relates to the technical field of mimicry distribution voting scheduling, in particular to a universal mimicry distribution voting scheduling device and method based on a user-defined protocol.
Background
The existing mimicry defense equipment independently develops a set of brand-new distributor and voter according to the service characteristics, the distribution voter among various mimicry defense equipment cannot be universal, the development period is long, and the development cost is high.
In practice, however, the distributors and voters of the mimicry devices are different from each other in terms of implementation mechanisms, and the main difficulty that the distributors and voters cannot be used universally is that the service protocols to be received and processed by the devices are different from each other, but are consistent in terms of distribution strategies, voting strategies and negative feedback scheduling.
At present, a simulated device of a TCP protocol and a derivative protocol thereof is adopted as a service protocol, a distributor and a voter are generally designed in an integrated mode, the isolation of a distribution module and a voter module cannot be well solved, an attack reachable path exists, and a certain safety short board is provided.
Disclosure of Invention
Aiming at the problems and the defects in the prior art, the invention provides a novel universal mimicry distribution voting scheduling device and method based on a user-defined protocol.
The invention solves the technical problems through the following technical scheme:
the invention provides a universal mimicry distribution voting scheduling device based on a user-defined protocol, which is characterized by comprising a distribution unit, a heterogeneous executive body, a voting unit and a negative feedback scheduling unit, wherein the distribution unit comprises a network packet receiving module, a protocol conversion module, a data distribution module and a management module;
the network packet receiving module is used for receiving service request information of a user or a host, filtering the service request information and sending the service request information to the protocol conversion module in the distribution unit, and meanwhile, the network packet receiving module pushes network state information and packet number information corresponding to the request to the network packet sending unit of the voting unit;
the protocol conversion module in the distribution unit is used for receiving the service request information sent by the network packet receiving module, converting the service request information into a custom protocol data packet after performing protocol conversion processing, and sending the custom protocol data packet to the data distribution module of the distribution unit;
the data distribution module in the distribution unit is used for simultaneously sending the received self-defined protocol data packet to a plurality of heterogeneous executors in an active state and reporting own state information and service information to the negative feedback scheduling unit according to requirements;
the data receiving module in the heterogeneous executive body is used for receiving the user-defined protocol data packet, filtering and sending the user-defined protocol data packet to the protocol conversion module in the heterogeneous executive body;
the protocol conversion module in the heterogeneous execution body is used for analyzing according to a user-defined protocol after receiving the user-defined protocol data packet, repackaging the analyzed data according to the preset parameters and protocol types and then sending the repackaged data to the heterogeneous execution unit;
the heterogeneous execution unit is used for carrying out corresponding operation according to the received data packet and sending the response information back to the protocol conversion module in the heterogeneous execution body;
the protocol conversion module in the heterogeneous executive body is used for receiving the response information, analyzing and packaging the analyzed data into a user-defined protocol format and then forwarding the user-defined protocol format to the data sending module in the heterogeneous executive body;
the data sending module in the heterogeneous executive body is used for sending the received response message to the data receiving module of the voting unit through the configured link;
the data receiving module of the voting unit is used for analyzing data according to a user-defined protocol after receiving the data, classifying and summarizing the data packets according to the analyzed packet numbers, and sending the data packets which are independently returned by a plurality of executors and correspond to the same number to the data voting module for voting;
the data voting module is used for voting the received data packet according to a voting strategy and an algorithm set by the management module of the voting unit, sending a voting result to the protocol conversion module of the voting unit, and meanwhile, the data voting module also records voting information and pushes the voting information to the management module of the voting unit as required;
the protocol conversion module of the voting unit is used for analyzing and packaging the received voting result information into a data packet suitable for a service protocol according to the configuration parameter information, and forwarding the data packet to the network packet sending module;
and the network packet sending module is used for searching the previously received state pushing information according to the packet number, processing the packet and sending the processed packet to the service visitor.
Preferably, the protocol conversion module in the heterogeneous executive is used for repackaging the analyzed data according to the preconfigured parameters and protocol types and then sending the repackaged data to the proxy unit;
the agent unit is used for initiating a request and calling the heterogeneous execution unit according to a data packet sent by a protocol conversion module in the heterogeneous execution body;
the heterogeneous execution unit is used for sending the response information back to the agent unit;
the agent unit is used for receiving the response information and then forwarding the response information to a protocol conversion module in the heterogeneous executive body.
Preferably, the service protocols supported by the protocol conversion module include RPC, TCP, UDP, HTTP and HTTPs network protocols.
Preferably, the custom protocol comprises: the method comprises the steps of original protocol type, data packet number, application number, IP packet header information, data length, data load, verification length and verification data information.
Preferably, the negative feedback scheduling unit is used for comprehensively managing and intelligently scheduling the distribution module, the voting module and the heterogeneous executors.
Preferably, the negative feedback scheduling unit is configured to receive the state information and the service information sent by the distribution unit, receive the state information and the arbitration information sent by the voting unit, receive the state information and the service load information sent by each heterogeneous executor, issue a command to the distribution unit to control and change the distribution policy, issue a command to the voting unit to control and change the arbitration policy, and issue a command to the heterogeneous executor to implement management operations such as cleaning, online, data synchronization, and restart of the heterogeneous executor.
The invention also provides a universal mimicry distribution voting scheduling method based on the user-defined protocol, which is characterized by being realized by utilizing the universal mimicry distribution voting scheduling device and comprising the following steps of:
s1, the network packet receiving module receives the service request information of the user or the host machine, filters the service request information and sends the service request information to the protocol conversion module in the distribution unit, and meanwhile, the network packet receiving module pushes the network state information and the packet number information corresponding to the request to the network packet sending unit of the voting unit;
s2, the protocol conversion module in the distribution unit receives the service request information sent by the network packet receiving module, converts the service request information into a custom protocol data packet after performing protocol conversion processing, and sends the custom protocol data packet to the data distribution module of the distribution unit;
s3, the data distribution module in the distribution unit sends the received self-defined protocol data packet to a plurality of heterogeneous executors in an active state at the same time, and reports the state information and the service information of the data distribution module to the negative feedback scheduling unit according to the requirement;
s4, the data receiving module in the heterogeneous executive body receives the self-defined protocol data packet, and the self-defined protocol data packet is sent to the protocol conversion module in the heterogeneous executive body after being filtered;
s5, after receiving the user-defined protocol data packet, the protocol conversion module in the heterogeneous execution body analyzes according to the user-defined protocol, repackages the analyzed data according to the preset parameters and protocol types, and sends the repackaged data to the heterogeneous execution unit;
s6, the heterogeneous execution unit performs corresponding operation according to the received data packet and sends the response information back to the protocol conversion module in the heterogeneous execution body;
s7, after receiving the response message, the protocol conversion module in the heterogeneous executive body analyzes and encapsulates the analyzed data into a user-defined protocol format and then forwards the encapsulated user-defined protocol format to the data sending module in the heterogeneous executive body;
s8, the data sending module in the heterogeneous executive body sends the received response message to the data receiving module of the voting unit through the configured link;
s9, after receiving the data, the data receiving module of the voting unit analyzes the data according to the user-defined protocol, classifies and aggregates the data packets according to the analyzed packet numbers, and sends the data packets which are independently returned by a plurality of executors and correspond to the same number to the data voting module for voting;
s10, the data voting module votes the received data packet according to the voting strategy and algorithm set by the management module of the voting unit, and sends the voting result to the protocol conversion module of the voting unit, and meanwhile, the data voting module also records voting information and pushes the voting information to the management module of the voting unit as required;
s11, the protocol conversion module of the voting unit analyzes the received voting result information according to the configuration parameter information, encapsulates the voting result information into a data packet suitable for the service protocol, and forwards the data packet to the network packet sending module;
and S12, the network packet sending module finds out the previously received state push information according to the packet number, processes the packet and sends the packet to the service visitor.
Preferably, in step S5, repackaging the parsed data according to the preconfigured parameters and protocol types, and then sending the repackaged data to the proxy unit;
the steps between the step S5 and the step S6 include: the agent unit in the heterogeneous executive body initiates a request and calls the heterogeneous executive unit according to a data packet sent by a protocol conversion module in the heterogeneous executive body;
in step S6, the heterogeneous execution unit sends the response message back to the proxy unit;
the steps between the step S6 and the step S7 include: and after receiving the response information, the proxy unit forwards the response information to a protocol conversion module in the heterogeneous executive body.
Preferably, the service protocols supported by the protocol conversion module include RPC, TCP, UDP, HTTP and HTTPS network protocols;
the custom protocol comprises: the method comprises the steps of original protocol type, data packet number, application number, IP packet header information, data length, data load, verification length and verification data information.
Preferably, the negative feedback scheduling unit receives the state information and the service information sent by the distributing unit, receives the state information and the arbitration information sent by the voting unit, receives the state information and the service load information sent by each heterogeneous executive, issues a command to the distributing unit to control and change the distribution policy, issues a command to the voting unit to control and change the arbitration policy, and issues a command to the heterogeneous executive to implement management operations such as cleaning, online, data synchronization, restarting and the like of the heterogeneous executors.
On the basis of the common knowledge in the field, the above preferred conditions can be combined randomly to obtain the preferred embodiments of the invention.
The positive progress effects of the invention are as follows:
1) the invention provides a set of mimicry construction framework with universality, which is beneficial to quickly, simply and conveniently developing various mimicry defense devices.
2) The safety effect provided by the invention does not depend on prior knowledge and other safety means, and compared with the traditional defense mechanism, the safety improvement can be greatly obtained, so that the system is protected at a higher level.
3) The mode of separating the distribution unit from the voting unit provided by the invention can improve the safety of the voter, and fills up the short board of the whole mimicry defense device, thereby ensuring the safety of a system level.
4) The invention is internally provided with the protocol conversion module, can be well compatible with various protocols, and effectively reduces the difficulty of mimicry reconstruction of various services.
Drawings
Fig. 1 is a schematic structural diagram of a universal mimicry distribution voting scheduling device based on a custom protocol according to a preferred embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
As shown in fig. 1, the present embodiment provides a universal mimicry distribution voting scheduling apparatus based on a custom protocol.
And the distribution unit is used for receiving the access request of a user or a host machine, performing corresponding processing and simultaneously distributing the access request to a plurality of heterogeneous executors according to needs. Specific implementations include, but are not limited to, pure software modules, stand-alone servers, embedded systems, FPGA chips, ASIC chips, and the like. The system comprises the following modules:
and the network packet receiving module is used for receiving the access request sent by the user or the host machine, filtering the access request by a black and white list and then forwarding the access request to the protocol conversion module. The service protocols supported by the protocol conversion module include but are not limited to various network protocols such as RPC \ TCP \ UDP \ HTTP \ HTTPS and the like. Meanwhile, when the protocol conversion module processes the TCP and its derivative protocols such as RPC \ HTTP, etc., it also needs to actively push the TCP protocol state information such as window size, sequence number, confirmation number, etc. to the network packet sending module of the voting unit. The protocol conversion module also needs to receive the instruction issued by the management module and execute corresponding operations, such as closing itself, modifying a black-and-white list, and the like.
And the protocol conversion module is used for receiving the data packet sent by the network packet receiving module, converting the data packet into a format required by a custom protocol and then forwarding the data packet to the data distribution module. Custom protocols include, but are not limited to, the following: the method comprises the following steps of original protocol type, data packet number, application number, IP packet header information, data length, data load, verification length, verification data and other information.
And the data distribution module is used for receiving the data information converted by the protocol conversion module, receiving distribution configuration information sent by the management module, and forwarding the data to the corresponding heterogeneous executer as required through a special or general data link according to the configuration information requirement.
And the management module is used for collecting the state and the service information of the distribution unit and reporting the state and the service information to the negative feedback scheduling unit according to the requirement. And meanwhile, receiving various instructions of the negative feedback scheduling unit and executing corresponding operations according to the instruction requirements. The instructions include, but are not limited to, turning on or off any module in the distribution unit, configuring and modifying a distribution policy, configuring and modifying an object to be distributed, configuring and managing a black and white list of a network packet receiving module, configuring various alarm indicators, and the like.
And the voting unit is used for receiving the data information of the plurality of heterogeneous executives, intelligently resolving and sending a resolving result to a visitor (a common user or a host) after being appropriately processed. Specific implementations include, but are not limited to, pure software modules, stand-alone servers, embedded systems, FPGA chips, ASIC chips, and the like. The system comprises the following modules:
and the data receiving module is used for receiving the response data packet sent by the heterogeneous executive body, classifying and summarizing the response data packet according to the packet number in the response data packet, and delivering the response data packet to the data voting module for subsequent processing. Meanwhile, the data receiving module also needs to handle the situation that a certain path of heterogeneous executors does not return data packets after a specified time.
And the data voting module is used for receiving the information to be voted sent by the data receiving module, carrying out intelligent voting and sending voting result information to the protocol conversion module. The intelligent voting algorithm includes, but is not limited to, a large number of uniform voting algorithms, an intelligent arbitration algorithm based on time and access characteristics, etc., a self-learning algorithm based on historical voting records, etc.
And the protocol conversion module is used for receiving the voting result information sent by the data voting module, converting the voting result information into a data packet which is consistent with the transmission protocol corresponding to the packet type identifier according to the packet type identifier in the data packet, and then forwarding the data packet to the network packet sending module for subsequent processing. The types of protocols supported here include, but are not limited to, RPC protocol, http protocol, DNS protocol, https protocol, and other TCP and UDP based protocols of various types.
And the network packet sending module is used for receiving the data packet sent by the protocol conversion module and the state information pushed by the distribution unit, then reassembling a proper network data packet according to the information, and sending the proper network data packet to the service visitor through the network. Network packets that are supported for transmission herein include, but are not limited to, TCP, UDP, and other IP-based protocols.
And the management module is used for collecting the state and the service information of the voting unit and reporting the state and the service information to the negative feedback scheduling unit according to requirements. And meanwhile, receiving various instructions of the negative feedback scheduling unit and executing corresponding operations according to the instruction requirements. The instructions include, but are not limited to, turning on or off any module within the voting unit, configuring and modifying voting algorithms and policies, configuring various alarm indicators, and the like.
And the negative feedback scheduling unit is used for comprehensively managing and intelligently scheduling modules such as a distributing module, a voting module and an executive body. The specific functions are as follows: receiving state information and service information sent by a distribution unit; receiving the state information and the arbitration information sent by the voting unit; receiving state information and service load information sent by each heterogeneous executive body; issuing commands to the distribution unit to control and change the distribution strategy; issuing commands to the voting unit to control and change the arbitration strategy; and issuing commands to the heterogeneous executors to realize the management operations of cleaning, online, data synchronization, restarting and the like of the heterogeneous executors. The specific implementation manner of the negative feedback scheduling unit includes, but is not limited to, a pure software module, an independent server, an embedded system, an FPGA chip, an ASIC chip, and the like.
And the heterogeneous executer is used for receiving the related commands sent by the distribution unit, executing and outputting the results to the voting unit. The heterogeneous executors should use protocol conversion, data repackaging, etc. to achieve the consistency of their external representation (the same input, processed on any executors, should produce the same result). The heterogeneous layers supported by the method include but are not limited to a hardware chip layer, an operating system layer, a middleware layer, an application layer and the like. The part specifically comprises the following modules:
and the data receiving module is used for receiving the request data information sent by the distribution unit, and forwarding the request data information to the protocol conversion module after filtering. The supported filtering modes include but are not limited to a white list mode, a black list mode, a mode of matching the white list mode with the black list mode, and the like.
And the protocol conversion module is used for receiving the request data information which is transferred by the data receiving module and is based on the self-defined protocol, analyzing the request data information, repackaging the analyzed request data information into a data packet which can be identified by the proxy unit, and then forwarding the data packet to the proxy unit. Meanwhile, the protocol conversion module also needs to receive response message data sent by the proxy unit, and the response message data is encapsulated into a data packet in a self-defined protocol format after being analyzed and then forwarded to the data sending module. Protocols that the protocol conversion module may support conversion herein include, but are not limited to, RPC protocol, http protocol, DNS protocol, https protocol, and other various TCP and UDP based protocols.
The proxy unit is used for realizing the access to the heterogeneous execution unit and is usually formed by carrying out small-amount secondary development on a standard client of the existing service. The proxy unit is not an essential module constituting the set of devices. But the development difficulty and the development cost of the heterogeneous execution unit can be greatly reduced after the agent unit is used.
And the heterogeneous execution unit is used for receiving the request of the proxy unit, executing corresponding operation and returning processing result information. The module is usually developed by the user for a few seconds based on the existing business server. The user can form a set of complete mimicry defense equipment by integrating the developed information into the device.
And the data sending module is used for receiving the response data information sent by the protocol conversion module and forwarding the response data information to the voting unit through a proper data link.
The embodiment also provides a universal mimicry distribution voting scheduling method based on the custom protocol, which comprises the following steps:
1. the network packet receiving module in the distribution unit receives the service request information of the user or the host machine, filters the service request information and sends the filtered service request information to the protocol conversion module in the distribution unit. Meanwhile, the network packet receiving module pushes the network state information corresponding to the request, such as the size of a TCP window, the packet number and other information, to the network packet sending unit of the voting unit.
2. The protocol conversion module in the distribution unit receives the service request information sent by the network packet receiving module of the distribution unit, performs protocol conversion processing (converts the service request information into a data packet format of a custom protocol), and sends the service request information to the data distribution module of the distribution unit.
3. And a data distribution module in the distribution unit simultaneously sends the received data packets to a plurality of heterogeneous executors in an active state, and reports own state information and service information to the negative feedback scheduling unit according to requirements.
4. And the data receiving module in the heterogeneous executive body receives the custom protocol data packet forwarded by the distribution unit, and sends the custom protocol data packet to the protocol conversion module in the heterogeneous executive body after filtering.
5. And after receiving the data packet, a protocol conversion module in the heterogeneous executive body analyzes the data packet according to a user-defined protocol, and then repacks the analyzed data according to the preset parameters and protocol types and sends the repacked data to the proxy unit.
6. The agent unit in the heterogeneous executive body initiates a request and calls to the heterogeneous executive unit according to the data packet sent by the protocol conversion module in the heterogeneous executive body.
7. The heterogeneous execution unit in the heterogeneous execution body performs corresponding operations (inquiry state, execution command and the like) according to the received data packet, and sends response information back to the agent unit.
8. And after receiving the response information sent by the heterogeneous execution unit, the agent unit in the heterogeneous execution body forwards the response information to the protocol conversion module in the heterogeneous execution body.
9. After receiving the response information sent by the agent unit, the protocol conversion module in the heterogeneous executive body firstly analyzes the response information, then encapsulates the data into a custom protocol format and forwards the custom protocol format to the data sending module in the heterogeneous executive body.
10. And the data sending module in the heterogeneous executive body sends the received response message to the data receiving module of the voting unit through the configured link.
11. And after the data receiving module of the voting unit receives the data, the data is analyzed according to the user-defined protocol, and the data packets are classified and aggregated according to the analyzed packet numbers, and then a plurality of data packets (independently returned by a plurality of executors) corresponding to the same number are sent to the data voting module for voting.
12. And the data voting module votes the received data packet according to the voting strategy and algorithm set by the management module of the voting unit and sends the voting result to the protocol conversion module of the voting unit. Meanwhile, the data voting module also records voting information and pushes the voting information to the management module of the voting unit according to requirements.
13. And the protocol conversion module of the voting unit analyzes the received voting result information according to the configuration parameter information, encapsulates the voting result information into a data packet suitable for the service protocol, and forwards the data packet to the network packet sending module.
14. And the network packet sending module finds out the previously received state pushing information according to the packet number, processes the packet and sends the processed packet to the service visitor. Since protocols such as TCP require that the connection be point-to-point, packets need to be processed to simulate the effects of point-to-point communication.
This time the access request to the mimicry construction device ends. From the perspective of the visitor, the visitor accesses a common service server, rather than a set of mimicry construction equipment.
1) The invention develops a set of distribution voting scheduling device and method with better universality and universality by adopting a self-defined protocol-based mode.
2) The invention adds a protocol conversion module to realize the conversion from various service protocols to user-defined protocols, thereby realizing the universality of the device and the method.
3) The invention adopts a unidirectional state pushing technology to synchronize the states of the distribution unit and the voting unit, thereby realizing effective isolation between the distribution unit and the voting unit under the condition of ensuring normal and continuous service, cutting off an attack reachable path and eliminating a safety short board under a TCP service protocol in the prior platform.
4) The invention can provide a distribution unit, a voting unit and a negative feedback scheduling unit at the same time, covers three core modules necessary for the mimicry defense device, and can rapidly develop a new mimicry defense device by only doing a small amount of adaptation work after the invention is adopted.
While specific embodiments of the invention have been described above, it will be appreciated by those skilled in the art that these are by way of example only, and that the scope of the invention is defined by the appended claims. Various changes and modifications to these embodiments may be made by those skilled in the art without departing from the spirit and scope of the invention, and these changes and modifications are within the scope of the invention.