CN110557437B - Universal mimicry distribution voting scheduling device and method based on user-defined protocol - Google Patents

Universal mimicry distribution voting scheduling device and method based on user-defined protocol Download PDF

Info

Publication number
CN110557437B
CN110557437B CN201910716373.1A CN201910716373A CN110557437B CN 110557437 B CN110557437 B CN 110557437B CN 201910716373 A CN201910716373 A CN 201910716373A CN 110557437 B CN110557437 B CN 110557437B
Authority
CN
China
Prior art keywords
data
unit
voting
module
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910716373.1A
Other languages
Chinese (zh)
Other versions
CN110557437A (en
Inventor
谢光伟
张帆
刘斌
邬江兴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Hongzhen Information Science & Technology Co.,Ltd.
SHANGHAI MIMIC DATA TECHNOLOGY Co.,Ltd.
Original Assignee
Shanghai Hongzhen Information Science & Technology Co ltd
Shanghai Mimic Data Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Hongzhen Information Science & Technology Co ltd, Shanghai Mimic Data Technology Co ltd filed Critical Shanghai Hongzhen Information Science & Technology Co ltd
Priority to CN201910716373.1A priority Critical patent/CN110557437B/en
Publication of CN110557437A publication Critical patent/CN110557437A/en
Application granted granted Critical
Publication of CN110557437B publication Critical patent/CN110557437B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2212/00Encapsulation of packets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/133Protocols for remote procedure calls [RPC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]

Abstract

The invention discloses a universal mimicry distribution voting scheduling device and method based on a user-defined protocol, and the device comprises a distribution unit, a heterogeneous executive body, a voting unit and a negative feedback scheduling unit, wherein the distribution unit comprises a network packet receiving module, a protocol conversion module, a data distribution module and a management module, the heterogeneous executive body comprises a data receiving module, a protocol conversion module, a heterogeneous executive unit and a data sending module, and the voting unit comprises a data receiving module, a data voting module, a protocol conversion module, a network packet sending module and a management module. The invention provides a set of mimicry structure framework with universality, which is beneficial to quickly, simply and conveniently developing various mimicry defense devices; compared with the traditional defense mechanism, the security can be greatly improved, so that the system can be protected at a higher level; the mode that the distribution unit is separated from the voting unit can improve the self safety of the voter, and the short board of the whole mimicry defense device is supplemented, so that the system-level safety is guaranteed.

Description

Universal mimicry distribution voting scheduling device and method based on user-defined protocol
Technical Field
The invention relates to the technical field of mimicry distribution voting scheduling, in particular to a universal mimicry distribution voting scheduling device and method based on a user-defined protocol.
Background
The existing mimicry defense equipment independently develops a set of brand-new distributor and voter according to the service characteristics, the distribution voter among various mimicry defense equipment cannot be universal, the development period is long, and the development cost is high.
In practice, however, the distributors and voters of the mimicry devices are different from each other in terms of implementation mechanisms, and the main difficulty that the distributors and voters cannot be used universally is that the service protocols to be received and processed by the devices are different from each other, but are consistent in terms of distribution strategies, voting strategies and negative feedback scheduling.
At present, a simulated device of a TCP protocol and a derivative protocol thereof is adopted as a service protocol, a distributor and a voter are generally designed in an integrated mode, the isolation of a distribution module and a voter module cannot be well solved, an attack reachable path exists, and a certain safety short board is provided.
Disclosure of Invention
Aiming at the problems and the defects in the prior art, the invention provides a novel universal mimicry distribution voting scheduling device and method based on a user-defined protocol.
The invention solves the technical problems through the following technical scheme:
the invention provides a universal mimicry distribution voting scheduling device based on a user-defined protocol, which is characterized by comprising a distribution unit, a heterogeneous executive body, a voting unit and a negative feedback scheduling unit, wherein the distribution unit comprises a network packet receiving module, a protocol conversion module, a data distribution module and a management module;
the network packet receiving module is used for receiving service request information of a user or a host, filtering the service request information and sending the service request information to the protocol conversion module in the distribution unit, and meanwhile, the network packet receiving module pushes network state information and packet number information corresponding to the request to the network packet sending unit of the voting unit;
the protocol conversion module in the distribution unit is used for receiving the service request information sent by the network packet receiving module, converting the service request information into a custom protocol data packet after performing protocol conversion processing, and sending the custom protocol data packet to the data distribution module of the distribution unit;
the data distribution module in the distribution unit is used for simultaneously sending the received self-defined protocol data packet to a plurality of heterogeneous executors in an active state and reporting own state information and service information to the negative feedback scheduling unit according to requirements;
the data receiving module in the heterogeneous executive body is used for receiving the user-defined protocol data packet, filtering and sending the user-defined protocol data packet to the protocol conversion module in the heterogeneous executive body;
the protocol conversion module in the heterogeneous execution body is used for analyzing according to a user-defined protocol after receiving the user-defined protocol data packet, repackaging the analyzed data according to the preset parameters and protocol types and then sending the repackaged data to the heterogeneous execution unit;
the heterogeneous execution unit is used for carrying out corresponding operation according to the received data packet and sending the response information back to the protocol conversion module in the heterogeneous execution body;
the protocol conversion module in the heterogeneous executive body is used for receiving the response information, analyzing and packaging the analyzed data into a user-defined protocol format and then forwarding the user-defined protocol format to the data sending module in the heterogeneous executive body;
the data sending module in the heterogeneous executive body is used for sending the received response message to the data receiving module of the voting unit through the configured link;
the data receiving module of the voting unit is used for analyzing data according to a user-defined protocol after receiving the data, classifying and summarizing the data packets according to the analyzed packet numbers, and sending the data packets which are independently returned by a plurality of executors and correspond to the same number to the data voting module for voting;
the data voting module is used for voting the received data packet according to a voting strategy and an algorithm set by the management module of the voting unit, sending a voting result to the protocol conversion module of the voting unit, and meanwhile, the data voting module also records voting information and pushes the voting information to the management module of the voting unit as required;
the protocol conversion module of the voting unit is used for analyzing and packaging the received voting result information into a data packet suitable for a service protocol according to the configuration parameter information, and forwarding the data packet to the network packet sending module;
and the network packet sending module is used for searching the previously received state pushing information according to the packet number, processing the packet and sending the processed packet to the service visitor.
Preferably, the protocol conversion module in the heterogeneous executive is used for repackaging the analyzed data according to the preconfigured parameters and protocol types and then sending the repackaged data to the proxy unit;
the agent unit is used for initiating a request and calling the heterogeneous execution unit according to a data packet sent by a protocol conversion module in the heterogeneous execution body;
the heterogeneous execution unit is used for sending the response information back to the agent unit;
the agent unit is used for receiving the response information and then forwarding the response information to a protocol conversion module in the heterogeneous executive body.
Preferably, the service protocols supported by the protocol conversion module include RPC, TCP, UDP, HTTP and HTTPs network protocols.
Preferably, the custom protocol comprises: the method comprises the steps of original protocol type, data packet number, application number, IP packet header information, data length, data load, verification length and verification data information.
Preferably, the negative feedback scheduling unit is used for comprehensively managing and intelligently scheduling the distribution module, the voting module and the heterogeneous executors.
Preferably, the negative feedback scheduling unit is configured to receive the state information and the service information sent by the distribution unit, receive the state information and the arbitration information sent by the voting unit, receive the state information and the service load information sent by each heterogeneous executor, issue a command to the distribution unit to control and change the distribution policy, issue a command to the voting unit to control and change the arbitration policy, and issue a command to the heterogeneous executor to implement management operations such as cleaning, online, data synchronization, and restart of the heterogeneous executor.
The invention also provides a universal mimicry distribution voting scheduling method based on the user-defined protocol, which is characterized by being realized by utilizing the universal mimicry distribution voting scheduling device and comprising the following steps of:
s1, the network packet receiving module receives the service request information of the user or the host machine, filters the service request information and sends the service request information to the protocol conversion module in the distribution unit, and meanwhile, the network packet receiving module pushes the network state information and the packet number information corresponding to the request to the network packet sending unit of the voting unit;
s2, the protocol conversion module in the distribution unit receives the service request information sent by the network packet receiving module, converts the service request information into a custom protocol data packet after performing protocol conversion processing, and sends the custom protocol data packet to the data distribution module of the distribution unit;
s3, the data distribution module in the distribution unit sends the received self-defined protocol data packet to a plurality of heterogeneous executors in an active state at the same time, and reports the state information and the service information of the data distribution module to the negative feedback scheduling unit according to the requirement;
s4, the data receiving module in the heterogeneous executive body receives the self-defined protocol data packet, and the self-defined protocol data packet is sent to the protocol conversion module in the heterogeneous executive body after being filtered;
s5, after receiving the user-defined protocol data packet, the protocol conversion module in the heterogeneous execution body analyzes according to the user-defined protocol, repackages the analyzed data according to the preset parameters and protocol types, and sends the repackaged data to the heterogeneous execution unit;
s6, the heterogeneous execution unit performs corresponding operation according to the received data packet and sends the response information back to the protocol conversion module in the heterogeneous execution body;
s7, after receiving the response message, the protocol conversion module in the heterogeneous executive body analyzes and encapsulates the analyzed data into a user-defined protocol format and then forwards the encapsulated user-defined protocol format to the data sending module in the heterogeneous executive body;
s8, the data sending module in the heterogeneous executive body sends the received response message to the data receiving module of the voting unit through the configured link;
s9, after receiving the data, the data receiving module of the voting unit analyzes the data according to the user-defined protocol, classifies and aggregates the data packets according to the analyzed packet numbers, and sends the data packets which are independently returned by a plurality of executors and correspond to the same number to the data voting module for voting;
s10, the data voting module votes the received data packet according to the voting strategy and algorithm set by the management module of the voting unit, and sends the voting result to the protocol conversion module of the voting unit, and meanwhile, the data voting module also records voting information and pushes the voting information to the management module of the voting unit as required;
s11, the protocol conversion module of the voting unit analyzes the received voting result information according to the configuration parameter information, encapsulates the voting result information into a data packet suitable for the service protocol, and forwards the data packet to the network packet sending module;
and S12, the network packet sending module finds out the previously received state push information according to the packet number, processes the packet and sends the packet to the service visitor.
Preferably, in step S5, repackaging the parsed data according to the preconfigured parameters and protocol types, and then sending the repackaged data to the proxy unit;
the steps between the step S5 and the step S6 include: the agent unit in the heterogeneous executive body initiates a request and calls the heterogeneous executive unit according to a data packet sent by a protocol conversion module in the heterogeneous executive body;
in step S6, the heterogeneous execution unit sends the response message back to the proxy unit;
the steps between the step S6 and the step S7 include: and after receiving the response information, the proxy unit forwards the response information to a protocol conversion module in the heterogeneous executive body.
Preferably, the service protocols supported by the protocol conversion module include RPC, TCP, UDP, HTTP and HTTPS network protocols;
the custom protocol comprises: the method comprises the steps of original protocol type, data packet number, application number, IP packet header information, data length, data load, verification length and verification data information.
Preferably, the negative feedback scheduling unit receives the state information and the service information sent by the distributing unit, receives the state information and the arbitration information sent by the voting unit, receives the state information and the service load information sent by each heterogeneous executive, issues a command to the distributing unit to control and change the distribution policy, issues a command to the voting unit to control and change the arbitration policy, and issues a command to the heterogeneous executive to implement management operations such as cleaning, online, data synchronization, restarting and the like of the heterogeneous executors.
On the basis of the common knowledge in the field, the above preferred conditions can be combined randomly to obtain the preferred embodiments of the invention.
The positive progress effects of the invention are as follows:
1) the invention provides a set of mimicry construction framework with universality, which is beneficial to quickly, simply and conveniently developing various mimicry defense devices.
2) The safety effect provided by the invention does not depend on prior knowledge and other safety means, and compared with the traditional defense mechanism, the safety improvement can be greatly obtained, so that the system is protected at a higher level.
3) The mode of separating the distribution unit from the voting unit provided by the invention can improve the safety of the voter, and fills up the short board of the whole mimicry defense device, thereby ensuring the safety of a system level.
4) The invention is internally provided with the protocol conversion module, can be well compatible with various protocols, and effectively reduces the difficulty of mimicry reconstruction of various services.
Drawings
Fig. 1 is a schematic structural diagram of a universal mimicry distribution voting scheduling device based on a custom protocol according to a preferred embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
As shown in fig. 1, the present embodiment provides a universal mimicry distribution voting scheduling apparatus based on a custom protocol.
And the distribution unit is used for receiving the access request of a user or a host machine, performing corresponding processing and simultaneously distributing the access request to a plurality of heterogeneous executors according to needs. Specific implementations include, but are not limited to, pure software modules, stand-alone servers, embedded systems, FPGA chips, ASIC chips, and the like. The system comprises the following modules:
and the network packet receiving module is used for receiving the access request sent by the user or the host machine, filtering the access request by a black and white list and then forwarding the access request to the protocol conversion module. The service protocols supported by the protocol conversion module include but are not limited to various network protocols such as RPC \ TCP \ UDP \ HTTP \ HTTPS and the like. Meanwhile, when the protocol conversion module processes the TCP and its derivative protocols such as RPC \ HTTP, etc., it also needs to actively push the TCP protocol state information such as window size, sequence number, confirmation number, etc. to the network packet sending module of the voting unit. The protocol conversion module also needs to receive the instruction issued by the management module and execute corresponding operations, such as closing itself, modifying a black-and-white list, and the like.
And the protocol conversion module is used for receiving the data packet sent by the network packet receiving module, converting the data packet into a format required by a custom protocol and then forwarding the data packet to the data distribution module. Custom protocols include, but are not limited to, the following: the method comprises the following steps of original protocol type, data packet number, application number, IP packet header information, data length, data load, verification length, verification data and other information.
And the data distribution module is used for receiving the data information converted by the protocol conversion module, receiving distribution configuration information sent by the management module, and forwarding the data to the corresponding heterogeneous executer as required through a special or general data link according to the configuration information requirement.
And the management module is used for collecting the state and the service information of the distribution unit and reporting the state and the service information to the negative feedback scheduling unit according to the requirement. And meanwhile, receiving various instructions of the negative feedback scheduling unit and executing corresponding operations according to the instruction requirements. The instructions include, but are not limited to, turning on or off any module in the distribution unit, configuring and modifying a distribution policy, configuring and modifying an object to be distributed, configuring and managing a black and white list of a network packet receiving module, configuring various alarm indicators, and the like.
And the voting unit is used for receiving the data information of the plurality of heterogeneous executives, intelligently resolving and sending a resolving result to a visitor (a common user or a host) after being appropriately processed. Specific implementations include, but are not limited to, pure software modules, stand-alone servers, embedded systems, FPGA chips, ASIC chips, and the like. The system comprises the following modules:
and the data receiving module is used for receiving the response data packet sent by the heterogeneous executive body, classifying and summarizing the response data packet according to the packet number in the response data packet, and delivering the response data packet to the data voting module for subsequent processing. Meanwhile, the data receiving module also needs to handle the situation that a certain path of heterogeneous executors does not return data packets after a specified time.
And the data voting module is used for receiving the information to be voted sent by the data receiving module, carrying out intelligent voting and sending voting result information to the protocol conversion module. The intelligent voting algorithm includes, but is not limited to, a large number of uniform voting algorithms, an intelligent arbitration algorithm based on time and access characteristics, etc., a self-learning algorithm based on historical voting records, etc.
And the protocol conversion module is used for receiving the voting result information sent by the data voting module, converting the voting result information into a data packet which is consistent with the transmission protocol corresponding to the packet type identifier according to the packet type identifier in the data packet, and then forwarding the data packet to the network packet sending module for subsequent processing. The types of protocols supported here include, but are not limited to, RPC protocol, http protocol, DNS protocol, https protocol, and other TCP and UDP based protocols of various types.
And the network packet sending module is used for receiving the data packet sent by the protocol conversion module and the state information pushed by the distribution unit, then reassembling a proper network data packet according to the information, and sending the proper network data packet to the service visitor through the network. Network packets that are supported for transmission herein include, but are not limited to, TCP, UDP, and other IP-based protocols.
And the management module is used for collecting the state and the service information of the voting unit and reporting the state and the service information to the negative feedback scheduling unit according to requirements. And meanwhile, receiving various instructions of the negative feedback scheduling unit and executing corresponding operations according to the instruction requirements. The instructions include, but are not limited to, turning on or off any module within the voting unit, configuring and modifying voting algorithms and policies, configuring various alarm indicators, and the like.
And the negative feedback scheduling unit is used for comprehensively managing and intelligently scheduling modules such as a distributing module, a voting module and an executive body. The specific functions are as follows: receiving state information and service information sent by a distribution unit; receiving the state information and the arbitration information sent by the voting unit; receiving state information and service load information sent by each heterogeneous executive body; issuing commands to the distribution unit to control and change the distribution strategy; issuing commands to the voting unit to control and change the arbitration strategy; and issuing commands to the heterogeneous executors to realize the management operations of cleaning, online, data synchronization, restarting and the like of the heterogeneous executors. The specific implementation manner of the negative feedback scheduling unit includes, but is not limited to, a pure software module, an independent server, an embedded system, an FPGA chip, an ASIC chip, and the like.
And the heterogeneous executer is used for receiving the related commands sent by the distribution unit, executing and outputting the results to the voting unit. The heterogeneous executors should use protocol conversion, data repackaging, etc. to achieve the consistency of their external representation (the same input, processed on any executors, should produce the same result). The heterogeneous layers supported by the method include but are not limited to a hardware chip layer, an operating system layer, a middleware layer, an application layer and the like. The part specifically comprises the following modules:
and the data receiving module is used for receiving the request data information sent by the distribution unit, and forwarding the request data information to the protocol conversion module after filtering. The supported filtering modes include but are not limited to a white list mode, a black list mode, a mode of matching the white list mode with the black list mode, and the like.
And the protocol conversion module is used for receiving the request data information which is transferred by the data receiving module and is based on the self-defined protocol, analyzing the request data information, repackaging the analyzed request data information into a data packet which can be identified by the proxy unit, and then forwarding the data packet to the proxy unit. Meanwhile, the protocol conversion module also needs to receive response message data sent by the proxy unit, and the response message data is encapsulated into a data packet in a self-defined protocol format after being analyzed and then forwarded to the data sending module. Protocols that the protocol conversion module may support conversion herein include, but are not limited to, RPC protocol, http protocol, DNS protocol, https protocol, and other various TCP and UDP based protocols.
The proxy unit is used for realizing the access to the heterogeneous execution unit and is usually formed by carrying out small-amount secondary development on a standard client of the existing service. The proxy unit is not an essential module constituting the set of devices. But the development difficulty and the development cost of the heterogeneous execution unit can be greatly reduced after the agent unit is used.
And the heterogeneous execution unit is used for receiving the request of the proxy unit, executing corresponding operation and returning processing result information. The module is usually developed by the user for a few seconds based on the existing business server. The user can form a set of complete mimicry defense equipment by integrating the developed information into the device.
And the data sending module is used for receiving the response data information sent by the protocol conversion module and forwarding the response data information to the voting unit through a proper data link.
The embodiment also provides a universal mimicry distribution voting scheduling method based on the custom protocol, which comprises the following steps:
1. the network packet receiving module in the distribution unit receives the service request information of the user or the host machine, filters the service request information and sends the filtered service request information to the protocol conversion module in the distribution unit. Meanwhile, the network packet receiving module pushes the network state information corresponding to the request, such as the size of a TCP window, the packet number and other information, to the network packet sending unit of the voting unit.
2. The protocol conversion module in the distribution unit receives the service request information sent by the network packet receiving module of the distribution unit, performs protocol conversion processing (converts the service request information into a data packet format of a custom protocol), and sends the service request information to the data distribution module of the distribution unit.
3. And a data distribution module in the distribution unit simultaneously sends the received data packets to a plurality of heterogeneous executors in an active state, and reports own state information and service information to the negative feedback scheduling unit according to requirements.
4. And the data receiving module in the heterogeneous executive body receives the custom protocol data packet forwarded by the distribution unit, and sends the custom protocol data packet to the protocol conversion module in the heterogeneous executive body after filtering.
5. And after receiving the data packet, a protocol conversion module in the heterogeneous executive body analyzes the data packet according to a user-defined protocol, and then repacks the analyzed data according to the preset parameters and protocol types and sends the repacked data to the proxy unit.
6. The agent unit in the heterogeneous executive body initiates a request and calls to the heterogeneous executive unit according to the data packet sent by the protocol conversion module in the heterogeneous executive body.
7. The heterogeneous execution unit in the heterogeneous execution body performs corresponding operations (inquiry state, execution command and the like) according to the received data packet, and sends response information back to the agent unit.
8. And after receiving the response information sent by the heterogeneous execution unit, the agent unit in the heterogeneous execution body forwards the response information to the protocol conversion module in the heterogeneous execution body.
9. After receiving the response information sent by the agent unit, the protocol conversion module in the heterogeneous executive body firstly analyzes the response information, then encapsulates the data into a custom protocol format and forwards the custom protocol format to the data sending module in the heterogeneous executive body.
10. And the data sending module in the heterogeneous executive body sends the received response message to the data receiving module of the voting unit through the configured link.
11. And after the data receiving module of the voting unit receives the data, the data is analyzed according to the user-defined protocol, and the data packets are classified and aggregated according to the analyzed packet numbers, and then a plurality of data packets (independently returned by a plurality of executors) corresponding to the same number are sent to the data voting module for voting.
12. And the data voting module votes the received data packet according to the voting strategy and algorithm set by the management module of the voting unit and sends the voting result to the protocol conversion module of the voting unit. Meanwhile, the data voting module also records voting information and pushes the voting information to the management module of the voting unit according to requirements.
13. And the protocol conversion module of the voting unit analyzes the received voting result information according to the configuration parameter information, encapsulates the voting result information into a data packet suitable for the service protocol, and forwards the data packet to the network packet sending module.
14. And the network packet sending module finds out the previously received state pushing information according to the packet number, processes the packet and sends the processed packet to the service visitor. Since protocols such as TCP require that the connection be point-to-point, packets need to be processed to simulate the effects of point-to-point communication.
This time the access request to the mimicry construction device ends. From the perspective of the visitor, the visitor accesses a common service server, rather than a set of mimicry construction equipment.
1) The invention develops a set of distribution voting scheduling device and method with better universality and universality by adopting a self-defined protocol-based mode.
2) The invention adds a protocol conversion module to realize the conversion from various service protocols to user-defined protocols, thereby realizing the universality of the device and the method.
3) The invention adopts a unidirectional state pushing technology to synchronize the states of the distribution unit and the voting unit, thereby realizing effective isolation between the distribution unit and the voting unit under the condition of ensuring normal and continuous service, cutting off an attack reachable path and eliminating a safety short board under a TCP service protocol in the prior platform.
4) The invention can provide a distribution unit, a voting unit and a negative feedback scheduling unit at the same time, covers three core modules necessary for the mimicry defense device, and can rapidly develop a new mimicry defense device by only doing a small amount of adaptation work after the invention is adopted.
While specific embodiments of the invention have been described above, it will be appreciated by those skilled in the art that these are by way of example only, and that the scope of the invention is defined by the appended claims. Various changes and modifications to these embodiments may be made by those skilled in the art without departing from the spirit and scope of the invention, and these changes and modifications are within the scope of the invention.

Claims (10)

1. A universal mimicry distribution voting scheduling device based on a user-defined protocol is characterized by comprising a distribution unit, a heterogeneous executive body, a voting unit and a negative feedback scheduling unit, wherein the distribution unit comprises a network packet receiving module, a protocol conversion module, a data distribution module and a management module;
the network packet receiving module is used for receiving service request information of a user or a host, filtering the service request information and sending the service request information to the protocol conversion module in the distribution unit, and meanwhile, the network packet receiving module pushes network state information and packet number information corresponding to the request to the network packet sending unit of the voting unit;
the protocol conversion module in the distribution unit is used for receiving the service request information sent by the network packet receiving module, converting the service request information into a custom protocol data packet after performing protocol conversion processing, and sending the custom protocol data packet to the data distribution module of the distribution unit;
the data distribution module in the distribution unit is used for simultaneously sending the received self-defined protocol data packet to a plurality of heterogeneous executors in an active state and reporting own state information and service information to the negative feedback scheduling unit according to requirements;
the data receiving module in the heterogeneous executive body is used for receiving the user-defined protocol data packet, filtering and sending the user-defined protocol data packet to the protocol conversion module in the heterogeneous executive body;
the protocol conversion module in the heterogeneous execution body is used for analyzing according to a user-defined protocol after receiving the user-defined protocol data packet, repackaging the analyzed data according to the preset parameters and protocol types and then sending the repackaged data to the heterogeneous execution unit;
the heterogeneous execution unit is used for carrying out corresponding operation according to the received data packet and sending the response information back to the protocol conversion module in the heterogeneous execution body;
the protocol conversion module in the heterogeneous executive body is used for receiving the response information, analyzing and packaging the analyzed data into a user-defined protocol format and then forwarding the user-defined protocol format to the data sending module in the heterogeneous executive body;
the data sending module in the heterogeneous executive body is used for sending the received response message to the data receiving module of the voting unit through the configured link;
the data receiving module of the voting unit is used for analyzing data according to a user-defined protocol after receiving the data, classifying and summarizing the data packets according to the analyzed packet numbers, and sending the data packets which are independently returned by a plurality of executors and correspond to the same number to the data voting module for voting;
the data voting module is used for voting the received data packet according to a voting strategy and an algorithm set by the management module of the voting unit, sending a voting result to the protocol conversion module of the voting unit, and meanwhile, the data voting module also records voting information and pushes the voting information to the management module of the voting unit as required;
the protocol conversion module of the voting unit is used for analyzing and packaging the received voting result information into a data packet suitable for a service protocol according to the configuration parameter information, and forwarding the data packet to the network packet sending module;
and the network packet sending module is used for searching the previously received state pushing information according to the packet number, processing the packet and sending the processed packet to the service visitor.
2. The apparatus according to claim 1, wherein the protocol conversion module in the heterogeneous executor repackages the parsed data according to the preconfigured parameters and protocol types and sends the repackaged data to the proxy unit;
the agent unit is used for initiating a request and calling the heterogeneous execution unit according to a data packet sent by a protocol conversion module in the heterogeneous execution body;
the heterogeneous execution unit is used for sending the response information back to the agent unit;
the agent unit is used for receiving the response information and then forwarding the response information to a protocol conversion module in the heterogeneous executive body.
3. The apparatus according to claim 1, wherein the traffic protocols supported by the protocol conversion module include RPC, TCP, UDP, HTTP and HTTPs network protocols.
4. The apparatus of claim 1, wherein the custom protocol comprises: the method comprises the steps of original protocol type, data packet number, application number, IP packet header information, data length, data load, verification length and verification data information.
5. The apparatus of claim 1, wherein the negative feedback scheduling unit is configured to perform comprehensive management and intelligent scheduling on the distribution module, the voting module, and the heterogeneous executors.
6. The apparatus of claim 5, wherein the negative feedback scheduling unit is configured to receive the status information and the service information sent by the distribution unit, receive the status information and the arbitration information sent by the voting unit, receive the status information and the service load information sent by each heterogeneous executor, issue a command to the distribution unit to control and change the distribution policy, issue a command to the voting unit to control and change the arbitration policy, and issue a command to the heterogeneous executor to implement operations of cleaning, uploading, data synchronization, and restarting management of the heterogeneous executor.
7. A universal mimicry distribution voting scheduling method based on a custom protocol, which is implemented by using the universal mimicry distribution voting scheduling device of claim 1, and comprises the following steps:
s1, the network packet receiving module receives the service request information of the user or the host machine, filters the service request information and sends the service request information to the protocol conversion module in the distribution unit, and meanwhile, the network packet receiving module pushes the network state information and the packet number information corresponding to the request to the network packet sending unit of the voting unit;
s2, the protocol conversion module in the distribution unit receives the service request information sent by the network packet receiving module, converts the service request information into a custom protocol data packet after performing protocol conversion processing, and sends the custom protocol data packet to the data distribution module of the distribution unit;
s3, the data distribution module in the distribution unit sends the received self-defined protocol data packet to a plurality of heterogeneous executors in an active state at the same time, and reports the state information and the service information of the data distribution module to the negative feedback scheduling unit according to the requirement;
s4, the data receiving module in the heterogeneous executive body receives the self-defined protocol data packet, and the self-defined protocol data packet is sent to the protocol conversion module in the heterogeneous executive body after being filtered;
s5, after receiving the user-defined protocol data packet, the protocol conversion module in the heterogeneous execution body analyzes according to the user-defined protocol, repackages the analyzed data according to the preset parameters and protocol types, and sends the repackaged data to the heterogeneous execution unit;
s6, the heterogeneous execution unit performs corresponding operation according to the received data packet and sends the response information back to the protocol conversion module in the heterogeneous execution body;
s7, after receiving the response message, the protocol conversion module in the heterogeneous executive body analyzes and encapsulates the analyzed data into a user-defined protocol format and then forwards the encapsulated user-defined protocol format to the data sending module in the heterogeneous executive body;
s8, the data sending module in the heterogeneous executive body sends the received response message to the data receiving module of the voting unit through the configured link;
s9, after receiving the data, the data receiving module of the voting unit analyzes the data according to the user-defined protocol, classifies and aggregates the data packets according to the analyzed packet numbers, and sends the data packets which are independently returned by a plurality of executors and correspond to the same number to the data voting module for voting;
s10, the data voting module votes the received data packet according to the voting strategy and algorithm set by the management module of the voting unit, and sends the voting result to the protocol conversion module of the voting unit, and meanwhile, the data voting module also records voting information and pushes the voting information to the management module of the voting unit as required;
s11, the protocol conversion module of the voting unit analyzes the received voting result information according to the configuration parameter information, encapsulates the voting result information into a data packet suitable for the service protocol, and forwards the data packet to the network packet sending module;
and S12, the network packet sending module finds out the previously received state push information according to the packet number, processes the packet and sends the packet to the service visitor.
8. The method according to claim 7, wherein in step S5, the parsed data is repackaged according to the preconfigured parameters and protocol types and then sent to the proxy unit;
the steps between the step S5 and the step S6 include: the agent unit in the heterogeneous executive body initiates a request and calls the heterogeneous executive unit according to a data packet sent by a protocol conversion module in the heterogeneous executive body;
in step S6, the heterogeneous execution unit sends the response message back to the proxy unit;
the steps between the step S6 and the step S7 include: and after receiving the response information, the proxy unit forwards the response information to a protocol conversion module in the heterogeneous executive body.
9. The universal adaptation state-fitting distribution voting scheduling method based on the custom protocol as claimed in claim 7, wherein the service protocols supported by the protocol conversion module include RPC, TCP, UDP, HTTP and HTTPs network protocols;
the custom protocol comprises: the method comprises the steps of original protocol type, data packet number, application number, IP packet header information, data length, data load, verification length and verification data information.
10. The method as claimed in claim 7, wherein the negative feedback scheduling unit receives the status information and the service information from the distribution unit, receives the status information and the arbitration information from the voting unit, receives the status information and the arbitration information from each heterogeneous executor, issues a command to the distribution unit to control and change the distribution policy, issues a command to the voting unit to control and change the arbitration policy, and issues a command to the heterogeneous executor to implement the operations of cleaning, uploading, data synchronization, and restarting management of the heterogeneous executor.
CN201910716373.1A 2019-08-05 2019-08-05 Universal mimicry distribution voting scheduling device and method based on user-defined protocol Active CN110557437B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910716373.1A CN110557437B (en) 2019-08-05 2019-08-05 Universal mimicry distribution voting scheduling device and method based on user-defined protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910716373.1A CN110557437B (en) 2019-08-05 2019-08-05 Universal mimicry distribution voting scheduling device and method based on user-defined protocol

Publications (2)

Publication Number Publication Date
CN110557437A CN110557437A (en) 2019-12-10
CN110557437B true CN110557437B (en) 2021-11-19

Family

ID=68737071

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910716373.1A Active CN110557437B (en) 2019-08-05 2019-08-05 Universal mimicry distribution voting scheduling device and method based on user-defined protocol

Country Status (1)

Country Link
CN (1) CN110557437B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111416865B (en) * 2020-03-24 2022-12-13 河南信大网御科技有限公司 Protocol proxy processing method and system based on mimicry defense
CN111475805B (en) * 2020-04-13 2022-12-02 中国人民解放军战略支援部队信息工程大学 Safe operation method and system of mimicry voter
CN111628978B (en) * 2020-05-21 2022-02-22 河南信大网御科技有限公司 Mimicry normalization decision making system, method and readable storage medium
CN111698234B (en) * 2020-06-03 2022-11-25 北京润通丰华科技有限公司 Method for calling isomers in DNS defense system
CN111865661B (en) * 2020-06-16 2022-11-11 中国人民解放军战略支援部队信息工程大学 Abnormal configuration detection device and method for network equipment management protocol
CN111866030B (en) * 2020-09-21 2021-01-05 之江实验室 Industrial protocol identification device and method of mimicry edge gateway
CN112130798B (en) * 2020-09-23 2024-04-02 华东计算技术研究所(中国电子科技集团公司第三十二研究所) Weapon equipment control endophytic safety computer design system and method
CN112235269B (en) * 2020-09-29 2022-06-21 中国人民解放军战略支援部队信息工程大学 Mimicry bracket implementation device and method in distributed mode
CN112242998A (en) * 2020-09-29 2021-01-19 中国人民解放军战略支援部队信息工程大学 Network threat detection and processing device and method in main/standby mode

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106534046A (en) * 2015-09-10 2017-03-22 中国科学院声学研究所 Mimicry data transmission server and data transmission method
CN107395414A (en) * 2017-07-19 2017-11-24 上海红阵信息科技有限公司 A kind of negative feedback control method and system based on output ruling
CN108400968A (en) * 2018-01-16 2018-08-14 杭州电子科技大学 A kind of efficient method for realizing mimicry defence model distributor
CN109408452A (en) * 2018-01-29 2019-03-01 天津芯海创科技有限公司 Mimicry industry control processor and data processing method
CN109450900A (en) * 2018-11-09 2019-03-08 天津市滨海新区信息技术创新中心 Mimicry decision method, apparatus and system
CN109491668A (en) * 2018-10-11 2019-03-19 浙江工商大学 A kind of the mimicry defence framework and method of SDN/NFV service arrangement
CN109525418A (en) * 2018-10-11 2019-03-26 浙江工商大学 A kind of dispatching method that mimicry defends lower service arrangement execution body set isomery degree to guarantee

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10192051B2 (en) * 2015-06-17 2019-01-29 Accenture Global Services Limited Data acceleration

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106534046A (en) * 2015-09-10 2017-03-22 中国科学院声学研究所 Mimicry data transmission server and data transmission method
CN107395414A (en) * 2017-07-19 2017-11-24 上海红阵信息科技有限公司 A kind of negative feedback control method and system based on output ruling
CN108400968A (en) * 2018-01-16 2018-08-14 杭州电子科技大学 A kind of efficient method for realizing mimicry defence model distributor
CN109408452A (en) * 2018-01-29 2019-03-01 天津芯海创科技有限公司 Mimicry industry control processor and data processing method
CN109491668A (en) * 2018-10-11 2019-03-19 浙江工商大学 A kind of the mimicry defence framework and method of SDN/NFV service arrangement
CN109525418A (en) * 2018-10-11 2019-03-26 浙江工商大学 A kind of dispatching method that mimicry defends lower service arrangement execution body set isomery degree to guarantee
CN109450900A (en) * 2018-11-09 2019-03-08 天津市滨海新区信息技术创新中心 Mimicry decision method, apparatus and system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
基于拟态防御架构的多余度裁决建模与风险分析;李卫超;《信息安全学报》;20180915;全文 *
拟态防御Web服务器设计与实现;仝青等;《软件学报》;20170220;全文 *
新一代软件定义体系结构;吕平;《中国科学:信息科学》;20180320;全文 *

Also Published As

Publication number Publication date
CN110557437A (en) 2019-12-10

Similar Documents

Publication Publication Date Title
CN110557437B (en) Universal mimicry distribution voting scheduling device and method based on user-defined protocol
US9553831B2 (en) Adaptive publish/subscribe system
EP0951155B1 (en) Method and system for administering networks and systems
CN109714648B (en) Video stream load balancing method and device
CN112769938A (en) Kubernetes cloud edge communication system and method based on QUIC
US20080162690A1 (en) Application Management System
US20080016157A1 (en) Method and system for controlling and monitoring an apparatus from a remote computer using session initiation protocol (sip)
CN106549864B (en) A kind of Realization Method of Communication of cloud gateway
US20200053173A1 (en) Remote Monitoring of Network Communication Devices
KR101416280B1 (en) Event handling system and method
CN112202635B (en) Link monitoring method and device, storage medium and electronic device
CN116346948A (en) Multi-protocol conversion method and system based on micro-service
US10554625B2 (en) Integrated PCS functional competency assessment
CN111064825B (en) Method and device for realizing DPI data acquisition and control based on ARP
US11196686B2 (en) Chatbot context setting using packet capture
CN116319729A (en) Robot control method, device, server, system and storage medium
CN114089711B (en) Industrial equipment control management method, electronic equipment and storage medium
US11252064B2 (en) System and method for monitoring ingress/egress packets at a network device
CN112486706B (en) Internet of things local equipment linkage method based on MQTT message driving mechanism
CN113132218B (en) Home gateway access method, device, system processor and storage medium
CN105577433A (en) ACS cluster management method, apparatus and system
CN114513502B (en) File processing method and device, electronic equipment and storage medium
CN111083215A (en) Session information synchronization method, device, equipment, system and storage medium
JP2008103787A (en) Apparatus information management server
US20110252126A1 (en) Controlling emission of events from managed systems to external management systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20210406

Address after: 200120 118, 20, 1-42 Lane 83, Hongxiang North Road, Wanxiang Town, Pudong New Area, Shanghai.

Applicant after: SHANGHAI MIMIC DATA TECHNOLOGY Co.,Ltd.

Applicant after: Shanghai Hongzhen Information Science & Technology Co.,Ltd.

Address before: 200120 118, 20, 1-42 Lane 83, Hongxiang North Road, Wanxiang Town, Pudong New Area, Shanghai.

Applicant before: SHANGHAI MIMIC DATA TECHNOLOGY Co.,Ltd.

TA01 Transfer of patent application right
CB03 Change of inventor or designer information

Inventor after: Xie Guangwei

Inventor after: Zhang Fan

Inventor after: Liu Bin

Inventor after: Wu Jiangxing

Inventor before: Zhang Fan

Inventor before: Liu Bin

Inventor before: Xie Guangwei

Inventor before: Wu Jiangxing

CB03 Change of inventor or designer information
GR01 Patent grant
GR01 Patent grant