CN110601878A - Method for constructing stealth network - Google Patents

Method for constructing stealth network Download PDF

Info

Publication number
CN110601878A
CN110601878A CN201910802360.6A CN201910802360A CN110601878A CN 110601878 A CN110601878 A CN 110601878A CN 201910802360 A CN201910802360 A CN 201910802360A CN 110601878 A CN110601878 A CN 110601878A
Authority
CN
China
Prior art keywords
network
protocol
data
stealth
layer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910802360.6A
Other languages
Chinese (zh)
Other versions
CN110601878B (en
Inventor
孙红波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201910802360.6A priority Critical patent/CN110601878B/en
Publication of CN110601878A publication Critical patent/CN110601878A/en
Application granted granted Critical
Publication of CN110601878B publication Critical patent/CN110601878B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks

Abstract

The invention discloses a method for constructing a stealth network. Constructing a basic framework of a stealth network; determining the resource type, the type of the constituting nodes, the environment self-adaption characteristic and the topological structure for realizing the stealth network, and realizing the network stealth of a physical layer; establishing an autonomous controllable hiding protocol stack, wherein a protocol stack layered structure, each layer of key protocol and the functions of each key protocol are defined, and realizing the network hiding of a logic layer; and according to a preset information transmission method, the hidden information transmission and the hidden resource sharing are realized, and the hiding in the information transmission is realized. The method can construct a hidden network based on the existing Internet, and realize data hidden communication and resource hidden sharing which are completed based on the existing Internet; furthermore, the private network is constructed by the stealth network, so that the safety of the private network can be greatly improved, and the stealth network has high detection resistance and attack resistance.

Description

Method for constructing stealth network
Technical Field
The invention relates to the technical field of internet, in particular to a method for constructing a stealth network.
Background
Complex information systems are vulnerable because it is difficult to ascertain whether there is no vulnerability or backdoor, and their statics and similarities provide many conveniences for attackers, with the network space presenting an uncertain threat of "unknown threat".
The existing network space defense system is defense established on the basis of known feature perception, and attacks implemented by backdoors of unknown vulnerabilities or virus trojans and the like are defended, and the attacks are the current maximum security threats of a network space.
The currently widely used private network mainly adopts a passive defense mode of physical isolation and information encryption transmission to perform security protection. The special network is undoubtedly the largest target for enemy detection and attack, and it is very difficult to master the detection and attack conditions of the enemy on the special network in real time. The biggest threat faced in network security is that the network security is detected and is unknown by the network security when being attacked. Furthermore, private networks employing physical isolation cannot combat security threats from within.
In order to deal with the attack and defense forms of the future network, how to construct a safer network is based on the existing internet, and the method is a difficult problem which is always required to be solved by practitioners of the same profession.
Disclosure of Invention
In view of the above problems, in order to completely change the situation that the network space is easy to attack and defend, and utilize the basic resources of the Internet, the invention provides a method for constructing a hidden network, constructs a hidden special security network, deals with various attack threats by the uncertainty of a target system, and establishes a security system of the network space by using an active defense mechanism, thereby completely changing the existing network security situation.
The invention provides a method for constructing a stealth network, which comprises the following steps:
s1, constructing a basic framework of the stealth network; determining a resource type, a component node type, an environment self-adaption characteristic and a topological structure for realizing the stealth network;
s2, establishing an autonomous controllable hiding protocol stack; the hiding protocol stack defines a protocol stack layered structure, each layer of key protocols and functions of each key protocol;
and S3, according to the preset information transmission method, realizing the concealed information transmission and the concealed resource sharing.
In one embodiment, the step S1 of determining the topology of the stealth network includes:
dividing the network nodes into edge nodes, backbone nodes and proxy nodes; a P2P hybrid topology is constructed.
In one embodiment, the step S2 includes:
the built hiding protocol stack is divided into three layers from bottom to top, namely a node communication layer, a resource sharing layer and a service application layer;
the core protocol of the node communication layer is a node self-organizing protocol which completes the distribution of node identifiers, the maintenance of the node identifiers and the mapping rules of physical entities, the addition and the exit of the nodes;
the resource sharing layer comprises a resource positioning protocol, a resource organization protocol and a resource protection protocol;
the service application layer comprises an application information protocol and a file transfer protocol;
each layer of protocol in the node communication layer, the resource sharing layer and the service application layer needs to use the service provided by the lower layer protocol to realize the function required to be completed by the layer of protocol and provide service support for the function realization of the upper layer protocol.
In one embodiment, the step S3 includes:
and according to the information hiding mode of the data self-adaptive sub-package, the transmission of the hidden information and the sharing of hidden resources are realized.
In one embodiment, the method for realizing the transmission of the hidden information and the sharing of the hidden resources according to the information hiding mode of the data self-adaptive sub-packets comprises the following steps:
(1) the data encryption sub-package is responsible for encrypting the communication data and grouping the encrypted ciphertext;
(2) sequencing encryption, namely performing secondary encryption on the data sequence information and the grouped ciphertext data;
(3) protocol conversion, randomly applying different protocols to different groups of data for disguising;
(4) selecting a jump path, and calculating a jump route of each data packet according to a random algorithm;
(5) in the process of redistribution, after the skip node receives the data message, unpacking the data message according to the protocol used for receiving the data message, reselecting the next group of communication protocols for redistribution, and transmitting the data message to the next node;
(6) unpacking and merging, wherein the receiving end finally collects all data messages in the process, and extracts data packets according to the protocol used for receiving each data message; after the first decryption is completed, arranging the data in sequence according to the message sequence information;
(7) and (3) data decryption, wherein secondary decryption is carried out on the data which are arranged in sequence in the process, so that one-time complete data transmission is completed, and the transmission of the hidden information and the sharing of hidden resources are realized.
In one embodiment, the step S3 includes:
according to a low-delay network path hopping mode, the transmission of the hidden information and the sharing of hidden resources are realized; the low-delay network path hopping mode comprises network environment configuration optimization, attack and defense game analysis, active hopping and confusion node setting.
In one embodiment, the method further comprises:
and S4, evaluating the attack resistance of the stealth network.
In one embodiment, the step S4 includes:
establishing a mapping relation that the detected performance of the network is in inverse proportion to the network entropy value;
the network entropy values of the stealth network before and after the attack are differentiated to generate a network entropy difference;
and determining the attack resistance of the stealth network according to the network entropy difference.
In one embodiment, the step S4 includes:
and based on quantitative evaluation of network attack and defense weapons and quantitative evaluation of attack situation, the evaluation of network attack effect is realized.
The technical scheme provided by the embodiment of the invention has the beneficial effects that at least:
the method for constructing the stealth network provided by the embodiment of the invention comprises the steps of constructing a basic framework of the stealth network; determining the resource type, the type of the constituting nodes, the environment self-adaption characteristic and the topological structure for realizing the stealth network, and realizing the network stealth of a physical layer; establishing an autonomous controllable hiding protocol stack, wherein a protocol stack layered structure, each layer of key protocol and the functions of each key protocol are defined, and realizing the network hiding of a logic layer; and according to a preset information transmission method, the hidden information transmission and the hidden resource sharing are realized, and the hiding in the information transmission is realized. The stealth network constructed by the method can be based on the existing Internet, and data covert communication and resource covert sharing completed based on the existing Internet are realized; furthermore, the private network is constructed by the stealth network, so that the safety of the private network can be greatly improved, and the private network has extremely high detection resistance and attack resistance.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
fig. 1 is a flowchart of a method for constructing a stealth network according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a hybrid topology according to an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating an information hiding manner based on data adaptive packetization according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a network path hopping technique according to an embodiment of the present invention;
fig. 5 is a schematic diagram of rapidly constructing a stealth network according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a stealth network attack resistance evaluation technology provided in an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The network hiding stated by the invention is a basic network service mainly based on hiding data communication and hiding resource sharing in the forms of hiding a channel, hiding information, hiding an information source and hiding an information sink. Hiding refers to the inability to obtain the exact information (including state, content, orientation, etc.) of objects (e.g., channels, information, sources and sinks) using prior art approaches. The hidden data communication has two meanings, namely that outsiders cannot acquire real and complete communication data; and secondly, even if the outsiders obtain real and complete communication data, real and complete information cannot be extracted from the communication data. Covert resource sharing refers to the inability of outsiders to obtain and use real, complete shared resources. Technologies capable of achieving network stealth characteristics are collectively referred to as network stealth technologies.
The stealth network provided by the invention is a computer network with stealth characteristics established on the existing Internet.
The establishment on the existing internet means that the stealth network is composed of part of nodes (including existing nodes and deployable nodes) in the existing internet, and information interaction between the nodes is completed on the premise of not changing the existing internet transmission layer and protocols of the layers below the existing internet transmission layer.
The key of constructing the stealth network is to utilize unreliable nodes in the existing internet to realize reliable communication, establish a computer network with the characteristics of detection prevention, analysis (detection) prevention, tracking prevention and attack prevention, and realize the purposes of a hidden information source, a hidden information sink, a hidden channel and hidden information.
Referring to fig. 1, a method for constructing a stealth network according to an embodiment of the present invention includes:
s1, constructing a basic framework of the stealth network; determining a resource type, a component node type, a node characteristic and a topological structure for realizing the stealth network;
s2, establishing an autonomous controllable hiding protocol stack; the hiding protocol stack defines a protocol stack layered structure, each layer of key protocols and functions of each key protocol;
and S3, according to the preset information transmission method, realizing the concealed information transmission and the concealed resource sharing.
In the embodiment, the hidden network is based on the existing internet, and reliable hidden information transmission and hidden resource sharing are realized by using the controlled unreliable nodes in the hidden network. Therefore, the stealth network can improve the safety of the private network and has the detection and attack resistance.
The method can cope with the attack and defense forms of the future network, and a security network system with comprehensive security defense capabilities of 'hidden channels, hidden information sources and hidden information sinks' is constructed by relying on the existing internet, so that data hiding communication and resource hiding sharing completed based on the existing internet are realized, and a network hiding technical system is constructed. Furthermore, a private network can be constructed by using a stealth network, so that the safety of the private network can be greatly improved; the constructed stealth network has extremely high detectability resistance and attack resistance.
In one embodiment, in the step S1, the stealth network is implemented based on three types of network resources in the internet, which are respectively: autonomous controllable resources, leased resources, controlled third party resources.
The autonomous controllable resources are resources completely controlled by a main body for constructing the stealth network, such as servers, routers and the like which are specially deployed on the internet for constructing the stealth network; the leased resource refers to a resource which is leased by a main body for constructing the stealth network and only has a use right without a control right, such as a server leased for constructing the stealth network; controlled third party resources refer to resources that are provided by a third party, but for which a principal building a stealth network may have control, such as cloud computing nodes and the like.
The hidden network comprises the access nodes, the routing nodes and the service nodes. The access node is responsible for accessing the network; the routing node is responsible for completing the routing function of the network; the service node is responsible for providing network basic services.
The autonomous controllable resource has an environment adaptive characteristic. The environment self-adaptive characteristics comprise environment perception, environment self-learning and behavior dynamic adjustment. The environment sensing means obtaining data such as a network topology structure, system configuration and service capability of a neighbor node, network traffic and the like by an active detection or passive receiving mode. The environment self-learning means that the nodes learn and generate background flow which accords with the network flow characteristics by using a mode of generating a confrontation network, so that the aim of disguising the nodes is fulfilled. The dynamic behavior adjustment refers to that the node adjusts the behavior of the node in real time through perception and understanding of the environment where the node is located, for example, the connection relation with a neighbor node is changed, the type of service or configuration parameters provided by the node to the outside is changed, the generated background flow is changed, and the like, so that the node can intelligently adapt to the change of the environment where the node is located, and the latent function of the node is achieved.
The environmental adaptivity of resources provides technical support for realizing dynamic networking, and has important significance for improving the undetectable property of a network topological structure and increasing the analysis resistance of network information flow.
Network topology and rerouting:
the topological structure of the stealth network is a hybrid topological structure formed by taking the structured topology as a basis and referring to a design method of the hierarchical topology, and by classifying roles of network nodes, the network is endowed with different functions while being compatible with key nodes and common nodes, so that the load of the key nodes is reduced to improve the survival capability of the key nodes, as shown in fig. 2.
The backbone nodes are nodes which actually perform various functions of structured topology construction, routing information maintenance, message forwarding, query processing and the like in a network, and are role definitions of common nodes in a topology structure; the edge node is a node which only provides resources to the outside in the network and does not participate in the construction and maintenance of any structured network; the proxy node is a backbone node to which the edge node is attached, and is a medium of the edge node, and replaces the edge node to perform functions such as data query and the like. In the hybrid topology shown in fig. 2, a hierarchy composed of backbone nodes is called an aggregation layer, and a P2P structured topology is adopted. The hierarchy of edge nodes, called the edge layer, employs a centralized topology.
The specific rerouting algorithm used in the scheme, such as the rerouting algorithm adopted in the Onion Routing anonymous communication protocol, is extended by adopting an API (application programming interface). And selecting the length of the rerouting path and the relay node according to a specific application scene. And allowing a user to freely customize the algorithm, and adapting to the selection algorithm of the unstable node according to the boundary condition provided by the user to provide calculation reliability.
In one embodiment, in step S2 described above, an autonomously controllable suppressed protocol stack is established. The hiding protocol stack is a main content for realizing a hidden network, is a concrete implementation basis for really hiding protected communication content in the existing internet communication, and is a core processing means for realizing the hiding and the exclusive to people. Different stealth network structures define different stealth network protocol stacks, and protocols in the stealth network protocol stacks have independent architectures.
According to the principle of Internet protocol layering, each layer of protocol family and functions in a hidden protocol stack are clarified, and a protocol stack layered structure supporting hidden data communication and hidden resource sharing is established on an Internet transmission layer. The complete hidden protocol stack has an hourglass-shaped structure of a TCP/IP protocol stack and comprises protocol elements (semantics, grammar, realization time sequence and the like) of each layer of specific protocol in the protocol stack.
By using the trusted password service middleware system, an independently controllable password infrastructure platform is established, and the problems of safety backdoor, uncontrollable safety and the like are solved by using a trusted password technology.
The hiding protocol stack is divided into three layers from bottom to top, namely a node communication layer, a resource sharing layer and a service application layer.
The core protocol of the node communication layer is a node self-organizing protocol which completes the functions of distribution of node identifiers, maintenance of the node identifiers and the mapping rules of physical entities, node joining and exiting and the like. Besides the node self-organizing protocol, the node self-organizing protocol also comprises a group of auxiliary protocols which are respectively a path discovery protocol, a forwarding control protocol, a safety transmission protocol and a fault-tolerant transmission protocol. Wherein, the path discovery protocol completes the functions of addressing, path selection and rerouting; the forwarding control protocol completes the function of confusing the forwarding content again according to the state of the node; the secure transmission protocol completes the encryption and decryption functions of the transmission information; the fault tolerant transmission protocol completes the functions of state report, error report and packet loss processing.
The resource sharing layer contains a resource positioning protocol, a resource organization protocol and a resource protection protocol. The resource positioning protocol completes the functions of resource identification, resource abstraction, resource mapping and the like; the resource organization protocol completes the functions of resource release, resource storage, resource maintenance and the like; the resource protection protocol completes the functions of access control, encryption protection and the like of the resources.
The service application layer contains the application information protocol and the file transfer protocol. Wherein, the information protocol is applied to complete the hidden information query function; the file transfer protocol completes the file transfer function of transferring to the receiving end based on the rerouting and the file transfer function of splitting and dispersing the transferred content on different nodes and automatically extracting and assembling the content by the receiving end.
The criteria for constructing the above protocols of each layer are: each specific protocol in each layer only needs to be dedicated to the realization of the function of the layer, each layer of protocol needs to use the service provided by the lower layer of protocol to realize the function required to be completed by the layer of protocol and provide necessary service support for the function realization of the upper layer of protocol. For example, the protocol in the resource sharing layer is only responsible for calibrating, providing and protecting the shared resource in the stealth network. Meanwhile, the functions are the basis for the normal work of the upper layer protocol, namely, the functions provide necessary support for the service application layer protocol when shared resources are used. The specific network nodes on which the shared resources are distributed and how to locate the nodes containing the resources are implemented by the node connectivity layer protocol.
In one embodiment, the step S3 includes: the man-machine integration content stealth technology comprises the following steps: an information hiding method based on data self-adaptive sub-packets and a low-delay network path hopping method.
1. Information hiding mode based on data self-adaptive sub-packet
The information hiding method based on the data adaptive sub-packet, as shown in fig. 3, includes the following 7 steps:
(1) and the data encryption sub-package is responsible for encrypting the communication data and grouping the encrypted ciphertext. The grouping method includes three methods: the first method is a fixed length method, that is, the original data is divided into a plurality of units with the same byte length, and when the byte number of the last unit is insufficient, a special symbol is used for complementing. And the second method is a random method, a grouping number n and a random function f are given, the original data are randomly divided into n units with different lengths, and the number of bytes of each unit is determined by f. Third, intelligent method, given protocol set { t) for transmitting each group of grouped data1,t2,…,tmAccording to t1,t2,…,tmIs characterized in that the original data is divided into n units with different lengths, wherein 1 to i1Unit correspondence t1,i1+1~i2Unit correspondence t2,…,imN cell corresponds to tm(i1<i2<…<im<n). The length of each unit is determined by the characteristics of the transmission protocol to which it corresponds.
(2) And (4) sequencing encryption, namely performing secondary encryption on the data sequence information and the grouped ciphertext data. The encryption algorithm can adopt a commercial cipher algorithm or other methods, the encryption, decryption and key agreement method and steps of data are provided by a cipher infrastructure, and a software algorithm or a hardware encryption card is called through an API.
(3) And (4) protocol conversion, wherein different protocols are randomly applied to different groups of data for disguising. Wherein the different protocols are meant to include, but not limited to, application layer protocols (HTTP, FTP, SMTP, TELNET, POP3, or QQ, WeChat, Xunnes, iTunes, Youtube, eDonkey, etc.), network layer protocols (ICMP, IGMP, EGP, GGP, ARP, RARP, etc.).
(4) And (4) selecting a jump path, and calculating a jump route of each data packet according to a random algorithm.
(5) And redistributing, wherein after the skip node receives the data message in the process, unpacking the data message according to the protocol used for receiving the data message, reselecting the next group of communication protocols for redistributing, and transmitting the data message to the next node. The protocols used for the data packets include, but are not limited to, application layer protocols (HTTP, FTP, SMTP, TELNET, POP3, or QQ, WeChat, Xuanthunder, iTunes, Youtube, eDonkey, etc.), network layer protocols (ICMP, IGMP, EGP, GGP, ARP, RARP, etc.).
(6) Unpacking and merging, wherein the receiving end finally collects all data messages in the process, and extracts data packets according to the protocol used for receiving each data message; after the first decryption is completed, the data is arranged in sequence according to the message sequence information.
(7) And (4) data decryption, wherein secondary decryption is carried out on the data which are arranged in sequence in the process, so that one-time complete data transmission is completed.
2. Low-delay network path hopping mode
Based on modeling analysis of a network environment, relevant network path hopping technologies including network environment configuration optimization, attack and defense game analysis, active hopping, confusion node setting and the like are researched to realize covert communication of transmission data, and a specific research means of the network path hopping technology is shown in fig. 4.
(1) By using huge space address, researching an address space randomization method and an address space layout recombination method, the tunnel source and target IP addresses are changed for many times, an attacker is prevented from monitoring communication data, and robust jump communication is realized. Meanwhile, the network topology structure is dynamically changed, and a communication path is hidden.
(2) The multi-hop communication technology is researched, the safety of network paths is analyzed according to the network environment, an optimization model with fuzzy parameters and random parameters is researched, each path is evaluated respectively, and then an optimal path cluster is selected. And the optimal path cluster is properly expanded, and a communication path is randomly selected.
(3) And establishing an attack and defense game model to obtain the maximized defense benefit. And establishing a relevant game model according to a network structure, communication flow, an attack means, an attack purpose and the like, optimizing a hidden communication path to obtain an optimal path cluster, and performing random hopping communication.
(4) According to data forwarding of a plurality of nodes between an information source and an information sink, the nodes are selected by utilizing a pseudo-random function, a random route hopping method and a network hopping path are designed, and monitoring attack is resisted. Meanwhile, the real path information is hidden, and the path fingerprint is forged, so that an attacker is difficult to analyze the path taken by the target data.
(5) Based on an artificial intelligence technology, an adaptive network path hopping method (no attack, self-selection of random routes) and intelligent network path hopping aiming at different attacks (attack, active avoidance of congestion and attack paths, attention to concealment) are designed. Meanwhile, a self-adaptive jump scheme capable of changing the route according to the link reaction of the network congestion is designed, and the number of controllers connected with the switch can be dynamically increased and reduced according to the density of the attack flow
(6) The method comprises the steps of establishing a self-adaptive honeypot system, establishing a node analysis model, analyzing nodes which are easy to attack according to a non-attack form, deploying dynamic honeypot nodes in a network, and reducing the risk of attacking sensitive targets.
(7) Based on a secret sharing principle, data sharing hopping communication is designed, hidden data are blinded and expanded, and a (k, n) secret sharing mode is used for hiding hidden information. Thus, even if some network paths have problems, the terminal can recover the data.
The embodiment of the invention relates to a stealth network constructed based on a network stealth technology, wherein the constituent nodes (including access nodes, routing nodes, service nodes and the like) in the stealth network can realize parameter self-learning and self-configuration through rapidly sensing information such as bandwidth, open ports and the like in the environment, rapidly adapt to a hosting environment, establish links with other nodes, rapidly form the stealth network according to a corresponding algorithm, and realize services such as stealth network resource sharing, communication transmission and the like. When the network condition changes, each constituent node rapidly realizes dynamic reconfiguration through ad hoc network, and automatically adapts to the change of the network state, as shown in fig. 5.
The stealth network has the capability of forming a stealth network environment under the dynamic attack and defense confrontation condition, can realize the stealth of the network, can realize the management, cancellation, combination and optimization of node services in the privacy network in the stealth network, and completes the management and control of hidden service resources.
In an embodiment, the method for constructing a stealth network based on a network stealth technology further includes:
and S4, evaluating the attack resistance of the stealth network.
The evaluation of the attack resistance capability of the stealth network can be divided into two types of theoretical analysis and experimental test verification. The method is a description of the performance of the anti-attack network, and the experimental test verification is carried out based on the quantitative evaluation of the network attack and the quantitative evaluation of the attack situation. Fig. 6 shows a simplified diagram of the hidden network anti-attack capability evaluation technology.
The first method comprises the following steps: network entropy and entropy difference
A detected network entropy value definition of the network system. The metric used to measure the system may be measured in terms of the probability of being discovered. The probability is high, the occurrence chance is many, and the uncertainty is small; otherwise the uncertainty is large.
Using uncertainty function f as a decreasing function of probability Py=f(p1)-f(p2) The exploratory nature of the system is described.
The better the security performance of the network information system, the lower the probed performance of the network, and the lower the system's awareness, the higher the network entropy value. The more ordered a system is, the lower the safety performance is, the higher the detected performance of the network is, and the lower the network entropy value is; entropy is a measure of system ordering.
Considering that the efficiency evaluation of the attack generally concerns the change of the performance of the network before and after the attack, and the network entropy theory of evaluating the network performance is based on the concept of entropy in the information theory. When the network is attacked, the network performance is reduced, the system stability is poor, and the network entropy value is increased. Therefore, the attack effect can be described by using the entropy difference.
The entropy difference is used as a measure of the effect of an attack on a single node. After the performance indexes are selected, the performance indexes are measured by a series of methods, and quantitative values of various aspects of performances of the network system can be obtained. And the quantitative difference of the network system before and after the attack is used as the measure of the attack effect.
The test verification method adopts quantitative evaluation supporting network attack and defense and quantitative evaluation of attack situation, thereby realizing evaluation of network attack effects such as flow analysis attack, time attack, collusion attack and the like.
And the second method comprises the following steps: quantitative evaluation of network defense effect
Network defense is to be able to identify, understand and evaluate network defense weaponry behavior. The main functions include:
(1) the behavior and the result of each stage of the network attack can be identified;
(2) the behavior, the action and the significance of each stage of the network attack can be understood;
(3) the quantitative evaluation result of the network attack weapon effect can be accurately given, and the quantitative evaluation result comprises the harmfulness, efficiency, safety, resource consumption, destructiveness, steality, computing resource consumption, memory resource consumption, human resource consumption, network resource consumption, flow abnormity, detection rate of a secured device, attack speed, attack range and comprehensive index value of the network attack;
(4) the network defense quantitative evaluation method can accurately give quantitative evaluation results of network defense, including attack detection capability, attack interception capability, service influence, resource occupation, attack finding capability, attack understanding capability, attack positioning capability, injection prevention capability, interference prevention capability, communication influence, use experience influence, calculation resource occupation, memory resource occupation, network resource occupation and comprehensive index values of network defense weapons.
Attack situation quantitative evaluation and coping strategy
The network defense needs to be capable of accurately and comprehensibly evaluating the network security situation and giving a visual display. According to the attack situation, a hierarchical coping strategy is set by the system through intelligent perception and self-learning.
(1) Accurately giving a network security situation quantitative evaluation result which comprises a network basic dimension, a vulnerability dimension, a threat dimension, an asset basic attribute, a flow basic attribute, a network structure basic attribute, a hardware vulnerability, a system vulnerability, a software vulnerability, a detection threat, a control threat, a destruction threat and a comprehensive security index value;
(2) and quantifying the microscopic security event, security attack, asset state and vulnerability state corresponding to the evaluation value from the macroscopic network security situation.
The main functions include:
(1) the stealth network can be rapidly and dynamically reconfigurable;
(2) the stealth network node can realize environment self-adaptive latency and communication capacity;
(3) the stealth network basic platform is independently controllable;
(4) the stealth network can provide covert data communication and covert resource sharing service;
(5) the stealth network can adapt to different application requirements, realizes elastic service and has expandability;
(6) the stealth network has the capabilities of detection resistance, attack resistance and destruction resistance;
(7) under equal conditions, network latency is tolerable.
The method for constructing the stealth network based on the network stealth technology improves the network defense capability through the network stealth technology, and can thoroughly overcome the security threats of a network space caused by system bugs, backdoors, viruses, trojans and other uncertain threats. Through system indexes such as network entropy and entropy difference, defense effect quantification, attack situation quantification and the like, a network space security system based on a complexity theory is established.
Such as: random change of information transmission format: according to the information hiding method based on the data adaptive sub-packets, a complete message is split into packets with different lengths and then sent, wherein the length of each group is random, and the sending sequence of the packets is also random, that is, the complete message is sent after the sequence of the groups is broken instead of sending according to the sequence of the group 1, the group 2 and the group 3.
Random variation of information transmission mode: as can be seen from the foregoing information hiding method based on data adaptive packetization, what protocol is used for each packet after a complete message is split is random, that is, this time, the group 1 is transmitted by using ftp protocol, and the next time, the group 1 may be transmitted by using http protocol.
Random variation of information transmission path: as can be seen from the rerouting technique and the low-latency network path hopping method, the transmission path through which 1 packet passes from the sender to the receiver, that is, which nodes pass through, is randomly changed. That is, if s represents a sender, t represents a receiver, and 1,2,3 represents an intermediate node, the transmission path may be any one of s1t, s2t, s3t, s12t, s13t, s23t, s123t, s213t, s231t, s312t, s321 t.
By means of the randomness, the complexity of network detection, analysis and attack is greatly increased. Therefore, the hidden transmission of the information and the hidden sharing of the resource are realized.
Namely: by randomly transforming the information transmission format, the information transmission mode, the information transmission path and the like, real data are mixed in a large amount of communication data, the complexity and difficulty of an attacker in acquiring the state of a network system and extracting and analyzing the data are increased, and the attacker cannot launch effective attack, so that a stealth network with strong attack resistance and high information transmission concealment is realized, and the comprehensive defense capability of the network is improved.
Therefore, the network stealth technology for improving the network defense capability realizes information hidden transmission and has a stealth network with strong attack resistance.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (9)

1. A method of constructing a stealth network, comprising:
s1, constructing a basic framework of the stealth network; determining a resource type, a component node type, an environment self-adaption characteristic and a topological structure for realizing the stealth network;
s2, establishing an autonomous controllable hiding protocol stack; the hiding protocol stack defines a protocol stack layered structure, each layer of key protocols and functions of each key protocol;
and S3, according to the preset information transmission method, realizing the concealed information transmission and the concealed resource sharing.
2. The method of claim 1, wherein the step S1 of determining the topology of the stealth network comprises:
dividing the network nodes into edge nodes, backbone nodes and proxy nodes; a P2P hybrid topology is constructed.
3. The method of claim 1, wherein the step S2 includes:
the built hiding protocol stack is divided into three layers from bottom to top, namely a node communication layer, a resource sharing layer and a service application layer;
the core protocol of the node communication layer is a node self-organizing protocol which completes the distribution of node identifiers, the maintenance of the node identifiers and the mapping rules of physical entities, the addition and the exit of the nodes;
the resource sharing layer comprises a resource positioning protocol, a resource organization protocol and a resource protection protocol;
the service application layer comprises an application information protocol and a file transfer protocol;
each layer of protocol in the node communication layer, the resource sharing layer and the service application layer needs to use the service provided by the lower layer protocol to realize the function required to be completed by the layer of protocol and provide service support for the function realization of the upper layer protocol.
4. The method of claim 1, wherein the step S3 includes:
and according to the information hiding mode of the data self-adaptive sub-package, the transmission of the hidden information and the sharing of hidden resources are realized.
5. The method of claim 4, wherein the implementing of the concealed information transmission and the concealed resource sharing according to the information hiding manner of the data adaptive packetization comprises:
(1) the data encryption sub-package is responsible for encrypting the communication data and grouping the encrypted ciphertext;
(2) sequencing encryption, namely performing secondary encryption on the data sequence information and the grouped ciphertext data;
(3) protocol conversion, randomly applying different protocols to different groups of data for disguising;
(4) selecting a jump path, and calculating a jump route of each data packet according to a random algorithm;
(5) in the process of redistribution, after the skip node receives the data message, unpacking the data message according to the protocol used for receiving the data message, reselecting the next group of communication protocols for redistribution, and transmitting the data message to the next node;
(6) unpacking and merging, wherein the receiving end finally collects all data messages in the process, and extracts data packets according to the protocol used for receiving each data message; after the first decryption is completed, arranging the data in sequence according to the message sequence information;
(7) and (3) data decryption, wherein secondary decryption is carried out on the data which are arranged in sequence in the process, so that one-time complete data transmission is completed, and the transmission of the hidden information and the sharing of hidden resources are realized.
6. The method of claim 1, wherein the step S3 includes:
according to a low-delay network path hopping mode, the transmission of the hidden information and the sharing of hidden resources are realized; the low-delay network path hopping mode comprises network environment configuration optimization, attack and defense game analysis, active hopping and confusion node setting.
7. The method of constructing a cloaking network as recited in claim 1, further comprising:
and S4, evaluating the attack resistance of the stealth network.
8. The method of claim 7, wherein the step S4 includes:
establishing a mapping relation that the detected performance of the network is in inverse proportion to the network entropy value;
carrying out subtraction operation on the network entropy values of the hidden network before and after attack to generate a network entropy difference;
and determining the attack resistance of the stealth network according to the network entropy difference.
9. The method of claim 7, wherein the step S4 includes:
and based on quantitative evaluation of network attack and defense weapons and quantitative evaluation of attack situation, the evaluation of network attack effect is realized.
CN201910802360.6A 2019-08-28 2019-08-28 Method for constructing stealth network Active CN110601878B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910802360.6A CN110601878B (en) 2019-08-28 2019-08-28 Method for constructing stealth network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910802360.6A CN110601878B (en) 2019-08-28 2019-08-28 Method for constructing stealth network

Publications (2)

Publication Number Publication Date
CN110601878A true CN110601878A (en) 2019-12-20
CN110601878B CN110601878B (en) 2022-02-01

Family

ID=68856053

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910802360.6A Active CN110601878B (en) 2019-08-28 2019-08-28 Method for constructing stealth network

Country Status (1)

Country Link
CN (1) CN110601878B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113452694A (en) * 2021-06-25 2021-09-28 中国人民解放军国防科技大学 Covert communication method for realizing network control on terminal application based on public channel

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103312689A (en) * 2013-04-08 2013-09-18 西安电子科技大学 Network hiding method for computer and network hiding system based on method
CN104660571A (en) * 2013-11-25 2015-05-27 上海益尚信息科技有限公司 Method and device for controlling user equipment access through packet encapsulation
US20160127395A1 (en) * 2014-10-31 2016-05-05 Cyber Crucible Inc. System and method for network intrusion detection of covert channels based on off-line network traffic
CN107135152A (en) * 2017-04-20 2017-09-05 中国电子科技集团公司第三十四研究所 The safety encryption of key message is transmitted in a kind of Packet Transport Network
CN109714307A (en) * 2018-06-12 2019-05-03 广东工业大学 A kind of cloud platform client data encrypting and deciphering system and method based on national secret algorithm

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103312689A (en) * 2013-04-08 2013-09-18 西安电子科技大学 Network hiding method for computer and network hiding system based on method
CN104660571A (en) * 2013-11-25 2015-05-27 上海益尚信息科技有限公司 Method and device for controlling user equipment access through packet encapsulation
US20160127395A1 (en) * 2014-10-31 2016-05-05 Cyber Crucible Inc. System and method for network intrusion detection of covert channels based on off-line network traffic
CN107135152A (en) * 2017-04-20 2017-09-05 中国电子科技集团公司第三十四研究所 The safety encryption of key message is transmitted in a kind of Packet Transport Network
CN109714307A (en) * 2018-06-12 2019-05-03 广东工业大学 A kind of cloud platform client data encrypting and deciphering system and method based on national secret algorithm

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
邹昕光等: "基于HTTP协议的参数排序通信隐藏算法", 《计算机工程》 *
黄松华等: "机间自组织网络安全保障模型研究", 《现代防御技术》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113452694A (en) * 2021-06-25 2021-09-28 中国人民解放军国防科技大学 Covert communication method for realizing network control on terminal application based on public channel
CN113452694B (en) * 2021-06-25 2022-04-08 中国人民解放军国防科技大学 Covert communication method for realizing network control on terminal application based on public channel

Also Published As

Publication number Publication date
CN110601878B (en) 2022-02-01

Similar Documents

Publication Publication Date Title
Singh et al. Detection and mitigation of DDoS attacks in SDN: A comprehensive review, research challenges and future directions
Uprety et al. Reinforcement learning for iot security: A comprehensive survey
Yan et al. Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges
Kumari et al. A comprehensive study of DDoS attacks over IoT network and their countermeasures
Yan et al. Distributed denial of service attacks in software-defined networking with cloud computing
Meng et al. Enhancing the security of blockchain-based software defined networking through trust-based traffic fusion and filtration
Le et al. 6LoWPAN: a study on QoS security threats and countermeasures using intrusion detection system approach
Al-Shaer Toward network configuration randomization for moving target defense
Džaferović et al. DoS and DDoS vulnerability of IoT: A review
Han et al. A comprehensive survey of security threats and their mitigation techniques for next‐generation SDN controllers
Shi et al. Dynamic distributed honeypot based on blockchain
Soni et al. A L-IDS against dropping attack to secure and improve RPL performance in WSN aided IoT
Durga Devi et al. Malicious node and malicious observer node detection system in MANETs
Li et al. A comprehensive survey on DDoS defense systems: New trends and challenges
Huang et al. A multi-point collaborative DDoS defense mechanism for IIoT environment
CN115051836A (en) APT attack dynamic defense method and system based on SDN
CN110601878B (en) Method for constructing stealth network
Reddy et al. Software-defined networking with ddos attacks in cloud computing
Shang et al. Distributed controllers multi-granularity security communication mechanism for software-defined networking
RU2705773C1 (en) Method of protecting an information network from intrusions
Kumavat et al. EIDDM: Edge and internet layer distributed dos threats detection and mitigation for internet of things wireless communications
Krishnan et al. Mitigating DDoS attacks in software defined networks
Swati et al. Design and analysis of DDoS mitigating network architecture
Smith et al. Initiating a moving target network defense with a real-time neuro-evolutionary detector
Lara et al. Trends on computer security: Cryptography, user authentication, denial of service and intrusion detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant