CN110830456A - Computer network safety system based on shift register - Google Patents

Computer network safety system based on shift register Download PDF

Info

Publication number
CN110830456A
CN110830456A CN201911007441.3A CN201911007441A CN110830456A CN 110830456 A CN110830456 A CN 110830456A CN 201911007441 A CN201911007441 A CN 201911007441A CN 110830456 A CN110830456 A CN 110830456A
Authority
CN
China
Prior art keywords
module
information
clock signal
shift register
virtual random
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201911007441.3A
Other languages
Chinese (zh)
Inventor
徐亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Tuxian Information Technology Co Ltd
Original Assignee
Suzhou Tuxian Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Tuxian Information Technology Co Ltd filed Critical Suzhou Tuxian Information Technology Co Ltd
Priority to CN201911007441.3A priority Critical patent/CN110830456A/en
Publication of CN110830456A publication Critical patent/CN110830456A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a computer network security system based on shift register, comprising: the information flow transmission module acquires a network information transmission path, the computer transmission module synchronizes the network information transmission path, the computer transmission module is provided with a plurality of position working points, the position working points measure clock signals of the information flow, the position working points divide the information flow into a plurality of information sections according to the period condition of the clock signals, the position working points calculate the information entropy of the information sections according to the divided information sections, the shift register module comprises a plurality of shift registers, the area simulation module comprises a plurality of virtual random spaces, after the information entropy of the information segments calculated by the position working points is repeated and consistent, each area transposition module performs virtual random space exchange according to the corresponding space position of each virtual random space, and the area transposition module can perform space position exchange on any virtual random space.

Description

Computer network safety system based on shift register
Technical Field
The invention relates to the field of computer network security, in particular to a computer network security system based on shift register.
Background
With the rapid development and deep application of computer science and technology, the revolution in the network space is constantly changing and affecting people's lifestyle. As people have higher and higher dependence on the internet, and many confidential information about enterprises, individuals, and even countries are involved in the internet, the problem of network security has been an important issue in the technological development process. Among a plurality of network Attack methods existing in the internet, Distributed denial of Service Attack (DDoS) is the most common Attack method with strong destructive power. Distributed denial-of-service attacks, mostly from botnets, cooperate with each other to launch a denial-of-service attack on one or more targets. As the DDoS attack method is simple and has strong concealment, no means for completely defending the DDoS attack exists so far. In the prior art, for distributed attacks, a specific firewall is often arranged in a computer for defense, but in the process of defense, the defense is started after the distributed attacks penetrate into the computer, and when the defense is carried out with the firewall in the same area for a long time, the firewall itself may be invaded.
Disclosure of Invention
The purpose of the invention is as follows:
aiming at the problems that in the prior art, for distributed attacks, a specific firewall is usually arranged in a computer for defense, but in the process of defense, the defense is usually started after the distributed attacks penetrate into the computer, and the firewall itself is possibly invaded when the defense is carried out with the firewall in the same area for a long time, the invention provides a computer network security system based on shift register.
The technical scheme is as follows:
a shift register based computer network security system, comprising: the information flow transmission module, the computer transmission module, the shift register module, the area simulation module and the area transposition module are connected with each other, the information flow transmission module acquires a network information transmission path, the computer transmission module synchronizes the network information transmission path, the computer transmission module is provided with a plurality of position working points, the position working points measure the content of the information flow, the position working points measure the clock signal of the information flow, the position working points divide the information flow into a plurality of information sections according to the period condition of the clock signal, the position working points calculate the information entropy of the information sections according to the divided information sections, the shift register module comprises a plurality of shift registers, and the shift registers replace the position working points, the region simulation module comprises a plurality of virtual random spaces, each virtual random space comprises a plurality of position working points, after the information entropies of the information sections calculated by the position working points are repeated and consistent, each region transposition module performs virtual random space exchange at the space position corresponding to each virtual random space, and the region transposition module can perform space position exchange on any virtual random space.
As a preferred mode of the present invention, for the virtual random space that has been transposed, the region transposition module is authorized to perform transposition of the virtual random space that has been transposed as before.
As a preferred mode of the present invention, the mobile communication device further includes a clock signal module, the clock signal module is connected to the information stream transmission module and the computer transmission module, the clock signal module obtains a clock signal of an information stream in the information stream transmission module, and the location work point obtaining clock signal module measures the clock signal of the information stream in the computer transmission module.
As a preferred mode of the present invention, the clock signal module determines, in a cycle, a cycle change condition corresponding to an information stream conducted in the computer transmission module for a plurality of different virtual random spaces.
As a preferred mode of the present invention, the shift register determines the position of the position operating point according to a change node of the clock signal after the clock signal module confirms a clock signal change condition of the information stream.
As a preferred mode of the present invention, the present invention further includes a mirror module, wherein the mirror module mirrors the computer transmission module, the shift register module, and the area simulation module under the current condition, and the mirror result is a spatial position of the shift register and the virtual random space on the main path in the computer transmission module.
As a preferable mode of the present invention, the mirroring module performs mirroring simulation on the transposition condition of the pseudorandom space according to the region transposition module.
As a preferred mode of the present invention, the present invention further includes a connection transfer module, where the connection transfer module is connected to the computer transmission module and an external network, and the connection transfer module transfers the connection of the external network to the mirror image result of the mirror image module after the clock signal module determines that a period is finished.
The invention realizes the following beneficial effects:
the method comprises the steps of guiding the attack data flow by simulating an attack path of the attack data flow, analyzing the attack data flow when a characteristic value with a clock signal as a characteristic is obtained, and guiding the attack data flow to a virtual mirror image simulation result according to the periodical change condition of the clock signal, so that the problems that a specific firewall is always arranged in a computer for defense, the defense is always started after a distributed attack penetrates into the computer in the defense process, and the firewall itself is possibly invaded when the defense is performed by the firewall in the same area for a long time are solved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a system framework diagram of the present invention;
FIG. 2 is a simplified diagram of shifting;
fig. 3 is a mirror image schematic.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
The first embodiment is as follows:
the reference figures are figures 1-3. A shift register based computer network security system, comprising: the information flow transmission module 1, the computer transmission module 2, the shift register module 3, the area simulation module 4, and the area transposition module 5 are connected to each other, the information flow transmission module 1 acquires a path of network information transmission, the computer transmission module 2 synchronizes the path of network information transmission, the computer transmission module 2 is provided with a plurality of position working points 6, the position working points 6 measure contents of information flows, the position working points 6 measure clock signals of information flows, the position working points 6 divide the information flows into a plurality of information sections according to a period condition of the clock signals, the position working points 6 calculate information entropies of the information sections according to the divided information sections, the shift register module 3 includes a plurality of shift registers 8, the shift register 8 replaces the position working points 6, the area simulation module 4 includes a plurality of virtual random spaces 7, the virtual random spaces 7 include a plurality of the position working points 6, after the information entropies of the information segments calculated by the position working points 6 are repeated and consistent, each area transposition module 5 exchanges the virtual random spaces 7 with the space position corresponding to each virtual random space 7, and the area transposition modules 5 can exchange the space positions of any virtual random space 7.
As a preferred mode of the present invention, for the virtual random space 7 that has been transposed, the region transposition module 5 performs transposition of the virtual random space 7 that has been transposed, as a legacy right.
As a preferred embodiment of the present invention, the mobile communication device further comprises a clock signal module 9, the clock signal module 9 is connected to the information stream transmission module 1 and the computer transmission module 2, the clock signal module 9 obtains a clock signal of an information stream in the information stream transmission module 1, and the position operating point 6 obtains the clock signal module 9 to measure the clock signal of the information stream in the computer transmission module 2.
As a preferred mode of the present invention, the clock signal module 9 determines, within a period, a period change condition corresponding to an information stream conducted in the computer transmission module 2 for a plurality of different virtual random spaces 7.
In a preferred embodiment of the present invention, the shift register 8 determines the position of the position operating point 6 according to a change node of the clock signal after the clock signal module 9 confirms the change condition of the clock signal of the information stream.
As a preferred mode of the present invention, the present invention further includes a mirror module 10, where the mirror module 10 mirrors the computer transmission module 2, the shift register module 3, and the area simulation module 4 under the current condition, and the mirror result is the spatial positions of the shift register 8 and the pseudorandom space 7 on the main path in the computer transmission module 2 at present.
As a preferred aspect of the present invention, the mirroring module 10 performs mirroring simulation on the transposition status of the pseudorandom space 7 according to the region transposition module 5.
As a preferred mode of the present invention, the present invention further includes a connection transfer module, where the connection transfer module is connected to the computer transmission module 2 and an external network, and the connection transfer module transfers the connection of the external network to the mirroring result of the mirroring module 10 after the clock signal module 9 determines that one period is finished.
In the specific implementation process, the information entropy corresponding to the information segments divided according to the period is calculated, and if the information is distributed attack information, the attack information in each clock period is repeated, so that the information entropy calculated by the information segments in each clock period is consistent; and judging whether the information entropies in all the periods are consistent, and if so, starting the safety system.
For example, the information stream transmission module 1 obtains a transmission path state of the information stream when the information stream is transmitted in the internet in what information transmission manner, for which, the computer transmission module 2 simulates a data stream transmission path in the computer according to the transmission path state obtained by the information stream transmission module 1, and when the data stream as distributed attack data is transmitted to the computer, the computer transmission module 2 introduces the data stream into the simulated transmission path.
When defense of the distributed attack data stream is performed, a clock signal of the distributed attack data stream is acquired through the clock signal module 9, and an interval position corresponding to a period of one clock signal is used as an action position of the position working point 6.
After obtaining the action position of the position working point 6, randomly arranging the position working point 6 according to the position of the transmitted information stream periodic repetition node, namely randomly arranging the position working point 6 to the position corresponding to the repetition node of the information stream, distributing the position working point 6 to the virtual random space 7 in the area simulation module 4, randomly selecting any one position working point 6 for the position working point 6 in each virtual random space 7, and randomly replacing the corresponding shift register 8 on the position working point 6 with any remaining shift register 8, so that the information stream of the distributed attack generates a 'winding circuit' in the transmission process; furthermore, the area transposition module 5 randomly selects any two virtual random spaces 7 for space interchange, and it is worth mentioning that for the interchange of the virtual random spaces 7, space comparison needs to be performed on the virtual random spaces 7 in advance, the sizes of the two virtual random spaces 7 need to be consistent, if the sizes are inconsistent, a space consistent with the size of the small virtual random space 7 is partitioned from the large virtual random space 7, and the interchange result causes a transmission path of the distributed attack data stream designed by the computer transmission module 2 to generate an error, so that the distributed attack data stream is transmitted to an erroneous transmission path under a normal clock signal of the distributed attack data stream.
The mirror image module 10 mirrors the computer transmission module 2, the shift register module 3 and the area simulation module 4 under the current condition, the mirror image result is the space positions of the shift register 8 and the virtual random space 7 on the current main path in the computer transmission module 2, the mirror image module 10 simulates the transposition condition of the virtual random space 7 according to the area transposition module 5, the mirror image simulation result is consistent with the original result, the connection transfer module is connected with the computer transmission module 2 and the external network, and the connection transfer module transfers the connection of the external network to the mirror image result of the mirror image module 10 after the clock signal module 9 judges that one period is finished. It is worth mentioning that the result of the mirror image can automatically replace the shift register module 3 and the area transposition module 5 under the mirror image, and after the result of the mirror image is connected to the external network, the path calculated by the original computer transmission module 2 is restored, and the data stream except the distributed attack data stream is acquired.
The above embodiments are merely illustrative of the technical ideas and features of the present invention, and are intended to enable those skilled in the art to understand the contents of the present invention and implement the present invention, and not to limit the scope of the present invention. All equivalent changes or modifications made according to the spirit of the present invention should be covered within the protection scope of the present invention.

Claims (8)

1. A shift register based computer network security system, comprising: the information flow transmission module, the computer transmission module, the shift register module, the area simulation module and the area transposition module are connected with each other, the information flow transmission module acquires a network information transmission path, the computer transmission module synchronizes the network information transmission path, the computer transmission module is provided with a plurality of position working points, the position working points measure the content of the information flow, the position working points measure the clock signal of the information flow, the position working points divide the information flow into a plurality of information sections according to the period condition of the clock signal, the position working points calculate the information entropy of the information sections according to the divided information sections, the shift register module comprises a plurality of shift registers, and the shift registers replace the position working points, the region simulation module comprises a plurality of virtual random spaces, each virtual random space comprises a plurality of position working points, after the information entropies of the information sections calculated by the position working points are repeated and consistent, each region transposition module performs virtual random space exchange at the space position corresponding to each virtual random space, and the region transposition module can perform space position exchange on any virtual random space.
2. A shift register based computer network security system according to claim 1, wherein: for the virtual random space which has been transposed, the region transposition module is authorized to transpose the transposed virtual random space according to the old virtual random space.
3. A shift register based computer network security system according to claim 2, wherein: the system also comprises a clock signal module, wherein the clock signal module is connected with the information stream transmission module and the computer transmission module, the clock signal module acquires a clock signal of the information stream in the information stream transmission module, and the position working point acquisition clock signal module measures the clock signal of the information stream in the computer transmission module.
4. A shift register based computer network security system according to claim 3, wherein: the clock signal module judges the period change condition corresponding to the information flow conducted in the computer transmission module for a plurality of different virtual random spaces in one period.
5. A shift register based computer network security system according to claim 4, wherein: and the shift register determines the position of a position working point according to a change node of the clock signal after the clock signal module confirms the clock signal change condition of the information flow.
6. A shift register based computer network security system according to claim 5, wherein: the computer transmission module is used for carrying out image collection on the computer transmission module, the shift register module and the area simulation module under the current condition, and the image collection result is the space positions of the shift register and the virtual random space on the main path in the computer transmission module at present.
7. A shift register based computer network security system according to claim 6, wherein: and the mirror image module carries out mirror image simulation on the transposition condition of the virtual random space according to the area transposition module.
8. A shift register based computer network security system according to claim 7, wherein: the system comprises a clock signal module, a computer transmission module and a connection transfer module, wherein the clock signal module is used for judging whether a period is finished or not, the connection transfer module is connected with the computer transmission module and an external network, and the connection transfer module transfers the connection of the external network to the mirror image result of the mirror image module after the clock signal module judges that the period is finished.
CN201911007441.3A 2019-10-22 2019-10-22 Computer network safety system based on shift register Withdrawn CN110830456A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911007441.3A CN110830456A (en) 2019-10-22 2019-10-22 Computer network safety system based on shift register

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911007441.3A CN110830456A (en) 2019-10-22 2019-10-22 Computer network safety system based on shift register

Publications (1)

Publication Number Publication Date
CN110830456A true CN110830456A (en) 2020-02-21

Family

ID=69550022

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911007441.3A Withdrawn CN110830456A (en) 2019-10-22 2019-10-22 Computer network safety system based on shift register

Country Status (1)

Country Link
CN (1) CN110830456A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111510458A (en) * 2020-04-24 2020-08-07 太仓红码软件技术有限公司 Working method of network attack defense system based on Internet of things
CN111510459A (en) * 2020-04-24 2020-08-07 太仓红码软件技术有限公司 Network attack defense system based on clock signal
CN113132381A (en) * 2021-04-19 2021-07-16 何文刚 Computer network information safety controller

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111510458A (en) * 2020-04-24 2020-08-07 太仓红码软件技术有限公司 Working method of network attack defense system based on Internet of things
CN111510459A (en) * 2020-04-24 2020-08-07 太仓红码软件技术有限公司 Network attack defense system based on clock signal
CN113132381A (en) * 2021-04-19 2021-07-16 何文刚 Computer network information safety controller
CN113132381B (en) * 2021-04-19 2022-08-02 何文刚 Computer network information safety controller

Similar Documents

Publication Publication Date Title
US10530799B1 (en) Non-harmful insertion of data mimicking computer network attacks
Javaid et al. Blockpro: Blockchain based data provenance and integrity for secure iot environments
Cassola et al. A Practical, Targeted, and Stealthy Attack Against WPA Enterprise Authentication.
Mallouhi et al. A testbed for analyzing security of SCADA control systems (TASSCS)
CN110830456A (en) Computer network safety system based on shift register
Mittal et al. Shadowwalker: peer-to-peer anonymous communication using redundant structured topologies
CN113315742B (en) Attack behavior detection method and device and attack detection equipment
CN113347156B (en) Intelligent flow confusion method and system for website fingerprint defense and computer storage medium
CN105429940B (en) A method of the extraction of network data flow zero watermarking is carried out using comentropy and hash function
Zhao et al. A Classification Detection Algorithm Based on Joint Entropy Vector against Application‐Layer DDoS Attack
Mejri et al. Entropy as a new metric for denial of service attack detection in vehicular ad-hoc networks
CN102510386A (en) Distributed attack prevention method and device
Liou et al. Side-channel information leaks of Z-wave smart home IoT devices: Demo abstract
CN110784449A (en) Space arrangement-based network security system for distributed attack
CN104660563B (en) A kind of processing method, equipment and the system of active probe response
KR20170139817A (en) Method for generating data set for cyber warface exercise and technology verification and apparatus thereof
Narteni et al. Evaluating the Possibility to Perpetrate Tunneling Attacks Exploiting Short-Message-Service.
CN112118572B (en) Data safety transmission system and method based on 5G communication in industrial network scene
CN114745283A (en) Network information protection method and device and electronic equipment
Chen et al. Trust propagation and aggregation in wireless sensor networks
Yasinsac Detecting intrusions in security protocols
Kong et al. Distinguishing flooding distributed denial of service from flash crowds using four data mining approaches
Cao et al. Covert Channels in SDN: Leaking Out Information from Controllers to End Hosts
CN112422483A (en) Identity protection strategy for ubiquitous power Internet of things
Shorov et al. The framework for simulation of bioinspired security mechanisms against network infrastructure attacks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20200221

WW01 Invention patent application withdrawn after publication