CN111131169A - A Dynamic ID Hiding Method for Switching Networks - Google Patents

A Dynamic ID Hiding Method for Switching Networks Download PDF

Info

Publication number
CN111131169A
CN111131169A CN201911208371.8A CN201911208371A CN111131169A CN 111131169 A CN111131169 A CN 111131169A CN 201911208371 A CN201911208371 A CN 201911208371A CN 111131169 A CN111131169 A CN 111131169A
Authority
CN
China
Prior art keywords
internal
external network
network
hidden
dynamic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911208371.8A
Other languages
Chinese (zh)
Other versions
CN111131169B (en
Inventor
张文建
刘勤让
宋克
沈剑良
魏帅
高彦钊
赵博
汤先拓
于洪
张霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PLA Information Engineering University
Original Assignee
PLA Information Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PLA Information Engineering University filed Critical PLA Information Engineering University
Priority to CN201911208371.8A priority Critical patent/CN111131169B/en
Publication of CN111131169A publication Critical patent/CN111131169A/en
Application granted granted Critical
Publication of CN111131169B publication Critical patent/CN111131169B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明属于交换网络安全技术领域,公开一种面向交换网络的动态ID隐藏方法,包括:步骤1:设置交换设备端口的内外网属性,建立端口内外网属性表;步骤2:构建隐藏ID池;步骤3:设置内外网ID隐藏表;步骤4:动态调整ID映射算法。本发明针对特定ID的普通类型攻击,攻击者无法通过扫描用户的ID达到攻击用户的目的,比如DDos攻击等;针对特定ID的APT攻击,本发明可以动态的变换内外网ID映射关系,理论上,只要动态ID变换周期小于攻击者破解周期,就可以避免该类攻击;该方法采用软件构建隐藏ID池,硬件实现隐藏表,并通过随机动态调度隐藏ID池的方式实现了动态ID变换,可以防御针对用户ID的攻击手段。

Figure 201911208371

The invention belongs to the technical field of switching network security, and discloses a dynamic ID hiding method oriented to switching networks. Step 3: Set the ID hidden table of the internal and external networks; Step 4: Dynamically adjust the ID mapping algorithm. The present invention is aimed at common types of attacks with specific IDs, and attackers cannot achieve the purpose of attacking users by scanning user IDs, such as DDos attacks, etc.; for APT attacks with specific IDs, the present invention can dynamically change the mapping relationship between internal and external network IDs, theoretically , as long as the dynamic ID transformation period is less than the attacker's cracking period, this type of attack can be avoided; this method uses software to build a hidden ID pool, hardware implements a hidden table, and realizes dynamic ID transformation by randomly and dynamically scheduling the hidden ID pool. Defense against attacks targeting user IDs.

Figure 201911208371

Description

Switching network-oriented dynamic ID hiding method
Technical Field
The invention belongs to the technical field of switched network security, and particularly relates to a switched network-oriented dynamic ID hiding method.
Background
With the rapid development of the internet, network security is becoming a focus of attention, and especially in a switching network, ID information is one of the sensitive information that is most concerned by an attacker. An attacker can easily obtain ID information of a specific user by means of sniffing or the like. Once the attacker acquires the ID information of the data packet, further APT attacks (lisv, lischev, wang surpass. typical APT attack event case analysis [ J ] information network security (s 1)) may be performed, such as stealing information of a specific user by disguising means, or launching a DDoS attack (xumada. DDoS attack principle and coping strategy [ J ] information network security (5): 48-50.) against the specific user, thereby causing system paralysis of the target user. Therefore, in the switching network, how to transmit the ID securely becomes one of the research hotspots.
The current ID protection measures mainly include the following ways: 1. the ID protection is performed on the endpoint device, that is, the ID is directly protected on the source, for example, data transmission is performed by using an encryption protocol or the ID is encrypted separately, the method is simple and feasible, but each user accessing the switching network needs to deploy an ID protection measure, which increases the cost of the user; 2. in the switching network, the ID hiding function is completed by handing the data packet to the control management layer, for example, the data packet requiring ID hiding is sent to the processor, and the processor completes the operations such as ID conversion and the like and then sends the data packet to the forwarding device. Therefore, in order to eliminate such an influence, it is necessary to propose a protection technique that can be deployed in a switching network, does not affect forwarding performance, and can protect a specific user ID. The patent provides a dynamic ID hiding method facing a switching network from the ID protection requirement of the switching network.
Disclosure of Invention
The invention provides a switching network-oriented dynamic ID hiding method aiming at the problems of high cost and influence on the performance of forwarding equipment in the existing ID protection method of the switching network.
In order to achieve the purpose, the invention adopts the following technical scheme:
a switching network-oriented dynamic ID hiding method comprises the following steps:
step 1: setting internal and external network attributes of a port of the switching equipment, and establishing a port internal and external network attribute table to make ID of user data passing through an internal network attribute port, namely, internal network ID, be private ID, and make ID of user data passing through an external network attribute port, namely, external network ID, be public ID;
step 2: constructing a hidden ID pool;
and step 3: setting an internal and external network ID hidden table;
and 4, step 4: the ID mapping algorithm is dynamically adjusted.
Further, the step 2 comprises:
performing logical operation on the intranet ID and the random value, and performing hash operation mapping by taking the intranet ID as input to obtain an output as an extranet ID, wherein the mapping meets the requirements of A-type, B-type or C-type subnet division of the extranet;
and each intranet ID needs to map a plurality of extranet IDs, an internal ID group and an external ID group obtained by operation are stored to form a hidden ID pool, and for each intranet ID, an extranet ID corresponding to the intranet ID is randomly selected to form an internal and external ID pair for configuration of an internal and external ID hidden table.
Further, the step 3 comprises:
configuring an internal and external network ID hidden table according to the internal and external network mapping relation provided by the hidden ID pool, and associating the internal and external network ID hidden table with a routing forwarding table:
checking the internal and external network attributes of the port through the internal and external network attribute table of the port;
if the user data is the user data sent by the internal network to the external network, replacing the source ID of the data in the route forwarding table by the external network ID in the internal and external network ID hidden table, and then carrying out route forwarding search;
if the user data is the user data sent to the intranet by the extranet, firstly carrying out route searching, and then replacing the destination ID of the data in the route forwarding table by the intranet ID in the intranet ID hidden table;
and if the user data is forwarded between the internal networks or between the external networks, directly carrying out route forwarding search.
Further, the step 4 comprises:
and (4) carrying out periodic internal and external network ID mapping transformation according to the mapping method in the step (2).
Compared with the prior art, the invention has the following beneficial effects:
the invention relates to a switching network-oriented dynamic ID hiding method, which achieves ID protection of user data forwarded by switching equipment by setting internal and external network attributes of a port of the switching equipment, constructing a hidden ID pool, setting an internal and external network ID hiding table and periodically and dynamically adjusting ID mapping. Has the following advantages:
aiming at common type attack of specific ID, an attacker can not achieve the purpose of attacking the user by scanning the ID of the user, such as DDos attack and the like;
aiming at the APT attack of a specific ID, an attacker possibly obtains the ID of an external network of the specific user within a certain time and carries out subsequent attack aiming at the corresponding ID of the internal network, but the dynamic ID hiding method provided by the invention can dynamically transform the mapping relation of the ID of the internal network and the ID of the external network, and theoretically, the attack can be avoided as long as the dynamic ID transformation period is less than the cracking period of the attacker.
The method adopts software to construct a hidden ID pool, hardware to realize a hidden table, and realizes dynamic ID conversion by randomly and dynamically scheduling the hidden ID pool, and the method can defend an attack means aiming at the user ID.
Drawings
Fig. 1 is a basic flowchart of a switching network-oriented dynamic ID hiding method according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating a location of a dynamic ID hidden in a system according to an embodiment of the present invention.
Detailed Description
The invention is further illustrated by the following examples in conjunction with the accompanying drawings:
example 1:
as shown in fig. 1, a method for hiding a dynamic ID facing a switching network includes:
step S101: setting internal and external network attributes of a port of the switching equipment, and establishing a port internal and external network attribute table to make ID of user data passing through an internal network attribute port, namely, internal network ID, be private ID, and make ID of user data passing through an external network attribute port, namely, external network ID, be public ID;
according to application requirements, internal and external network attribute setting is carried out on the switch port, namely, the switch port is set as an internal network attribute (internal network) port or an external network attribute (external network) port. The ID of the user data passing through the intranet attribute port, namely the intranet ID, is a private ID and is internally visible, namely only an intranet user is visible; the ID of the user data passing through the attribute port of the external network, namely the ID of the external network, is a public ID and is externally visible, namely all external network users and attackers can see the user data.
Step S102: constructing a hidden ID pool;
specifically, the step S102 includes:
performing logical operation on the intranet ID and the random value, and performing hash operation mapping by taking the intranet ID as input to obtain an output as an extranet ID, wherein the mapping meets the requirements of A-type, B-type or C-type subnet division of the extranet;
and each intranet ID needs to map a plurality of extranet IDs, an internal ID group and an external ID group obtained by operation are stored to form a hidden ID pool, and for each intranet ID, an extranet ID corresponding to the intranet ID is randomly selected to form an internal and external ID pair for configuration of an internal and external ID hidden table.
Step S103: setting an internal and external network ID hidden table;
specifically, the step S103 includes:
configuring an internal and external network ID hidden table according to the internal and external network mapping relation provided by the hidden ID pool, and associating the internal and external network ID hidden table with a routing forwarding table:
checking the internal and external network attributes of the port through the internal and external network attribute table of the port;
if the user data is the user data sent by the internal network to the external network, replacing the source ID of the data in the route forwarding table by the external network ID in the internal and external network ID hidden table, and then carrying out route forwarding search;
if the user data is the user data sent to the intranet by the extranet, firstly carrying out route searching, and then replacing the destination ID of the data in the route forwarding table by the intranet ID in the intranet ID hidden table;
and if the user data is forwarded between the internal networks or between the external networks, directly carrying out route forwarding search.
Step S104: the ID mapping algorithm is dynamically adjusted.
Specifically, the step S104 includes:
and performing periodic internal and external network ID mapping transformation according to the mapping method in the step S102, and increasing the dynamic property of mapping so as to ensure the dynamic property of user ID hiding.
It should be noted that, in this embodiment, the ID may be an IP address or a MAC address, so the hidden ID pool may also be referred to as a hidden address pool.
As a specific implementable manner, as shown in fig. 2, the dynamic ID is hidden in a position in the switching network system, and the key module includes: a dynamic ID mapping algorithm, a hidden ID pool, a port internal and external network attribute table and an internal and external network ID hidden table. The dynamic ID mapping algorithm and the hidden ID pool are arranged in a system control management layer, and the port internal and external network attribute table and the internal and external network ID hidden table are arranged in the hardware (a switching chip) of the switching equipment. Among them, the two hidden tables (intranet and extranet ID hidden tables) shown in fig. 2 may be one or two physically.
In a system control management layer, a dynamic ID mapping algorithm for hiding dynamic IDs refers to: firstly, selecting a random number and an intranet ID to carry out logic operation; secondly, will transportAnd taking the calculation result as input, and mapping by using a hash algorithm, wherein the hash algorithm can select CRC-32, and the generating polynomial is as follows: x16+X15+X5+ 1; and finally, mapping each intranet ID for multiple times, storing the mapping relation into a hidden ID pool, randomly and dynamically selecting an intranet ID pair from the hidden pool, storing the mapping relation to be issued, and issuing an updated ID conversion mapping relation to switching equipment hardware (a switching chip).
And issuing configuration to the exchange chip according to a common configuration flow, and realizing dynamic change of an internal and external network ID hidden table in the chip by periodic calling so as to achieve dynamic ID hiding.
Dynamic ID hiding is implemented in the switching hardware (switching chip). Because the dynamic ID is hidden for a specific user, the specific user is set as an intranet user, an unprotected user is set as an extranet user, and for different scenes, the processing modes of data messages through the switching chip are different:
1. when an intranet user sends a data message to an extranet user, firstly, header analysis is carried out, intranet attributes of a data packet are determined through an port intranet attribute table and an extranet attribute table, a target port is inquired through routing forwarding, after the intranet attributes cannot be matched, an intranet ID hidden table and an extranet ID hidden table are inquired, the source ID is replaced by the inquired result, the source ID is modified and hidden, the target port is inquired through routing forwarding, and finally, packet forwarding is carried out;
2. when an external network user sends a data message to an internal network user, firstly, header analysis is carried out, external network attributes of a data packet are determined through an internal and external network attribute table of a port, then a routing forwarding table is carried out to query a target port, then an internal and external network ID hidden table is queried, a corresponding internal network ID is obtained, a query result replaces the target ID in the data packet, and finally, packet forwarding is carried out;
3. when communication is carried out between external network users, firstly, header analysis is carried out, external network attributes of a data packet are determined through an internal and external network attribute table of a port, a destination port is inquired by routing forwarding, and packet forwarding is carried out;
4. when an intranet user sends a data message to the intranet user, firstly, header analysis is carried out, the intranet attribute of the data packet is determined through the port intranet and intranet attribute table, the destination port is inquired through routing forwarding, matching can be carried out, the destination port is inquired through routing forwarding, and after the attribute of the intranet port is confirmed, packet forwarding is carried out.
The embodiment of the invention provides a switching network-oriented dynamic ID hiding method, which achieves ID protection of user data forwarded by switching equipment by setting internal and external network attributes of a port of the switching equipment, constructing a hidden ID pool, setting an internal and external network ID hiding table and periodically and dynamically adjusting ID mapping. Has the following advantages:
aiming at common type attack of specific ID, an attacker can not achieve the purpose of attacking the user by scanning the ID of the user, such as DDos attack and the like;
aiming at the APT attack of a specific ID, an attacker possibly obtains the ID of an external network of the specific user within a certain time and carries out subsequent attack aiming at the corresponding ID of the internal network, but the dynamic ID hiding method provided by the patent can dynamically transform the mapping relation of the ID of the internal network and the ID of the external network, and theoretically, the attack can be avoided as long as the dynamic ID transformation period is less than the cracking period of the attacker.
The method adopts software to construct a hidden ID pool in a control management layer of a switching network system, realizes a hidden table by hardware, and realizes dynamic ID conversion by randomly and dynamically scheduling the address of the hidden pool.
The above shows only the preferred embodiments of the present invention, and it should be noted that it is obvious to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and these modifications and improvements should also be considered as the protection scope of the present invention.

Claims (4)

1.一种面向交换网络的动态ID隐藏方法,其特征在于,包括:1. a kind of dynamic ID concealment method for switching network, is characterized in that, comprises: 步骤1:设置交换设备端口的内外网属性,建立端口内外网属性表,使得经过内网属性端口的用户数据的ID、即内网ID为私有ID,使得经过外网属性端口的用户数据的ID、即外网ID为公有ID;Step 1: Set the internal and external network attributes of the switching device port, and establish the internal and external network attribute table of the port, so that the ID of the user data passing through the internal network attribute port, that is, the internal network ID is a private ID, so that the ID of the user data passing through the external network attribute port is , that is, the external network ID is a public ID; 步骤2:构建隐藏ID池;Step 2: Build a hidden ID pool; 步骤3:设置内外网ID隐藏表;Step 3: Set the internal and external network ID hidden table; 步骤4:动态调整ID映射算法。Step 4: Dynamically adjust the ID mapping algorithm. 2.根据权利要求1所述的一种面向交换网络的动态ID隐藏方法,其特征在于,所述步骤2包括:2. a kind of dynamic ID hiding method oriented to switching network according to claim 1, is characterized in that, described step 2 comprises: 将内网ID与随机值进行逻辑运算,然后以内网ID为输入进行哈希运算映射后的输出为外网ID,所述映射满足外网的A类、B类或者C类子网划分要求;Perform a logical operation on the intranet ID and the random value, and then perform a hash operation mapping with the intranet ID as the input, and the output is the extranet ID, and the mapping satisfies the class A, class B or class C subnetting requirements of the external network; 每个内网ID需要映射多个外网ID,将运算得到的内外ID组进行保存构成隐藏ID池,对每个内网ID,随机选取与其对应的外网ID,组成内外网ID对,供内外网ID隐藏表配置使用。Each intranet ID needs to map multiple external network IDs, and the internal and external ID groups obtained by the operation are stored to form a hidden ID pool. For each intranet ID, the corresponding external network ID is randomly selected to form an internal and external network ID pair for The internal and external network ID hidden table configuration is used. 3.根据权利要求2所述的一种面向交换网络的动态ID隐藏方法,其特征在于,所述步骤3包括:3. a kind of dynamic ID hiding method oriented to switching network according to claim 2, is characterized in that, described step 3 comprises: 根据隐藏ID池提供的内外网映射关系配置内外网ID隐藏表,将内外网ID隐藏表和路由转发表进行关联:Configure the internal and external network ID hidden table according to the internal and external network mapping relationship provided by the hidden ID pool, and associate the internal and external network ID hidden table with the routing forwarding table: 通过端口内外网属性表查看端口的内外网属性;View the internal and external network attributes of the port through the port internal and external network attribute table; 如果是内网发往外网的用户数据,用内外网ID隐藏表中的外网ID替换路由转发表中数据的源ID,再进行路由转发查找;If it is user data sent from the internal network to the external network, replace the source ID of the data in the routing forwarding table with the external network ID in the internal and external network ID hidden table, and then perform routing forwarding search; 如果是外网发往内网的用户数据,先进行路由查找,再用内外网ID隐藏表中的内网ID替换路由转发表中数据的目的ID;If the user data is sent from the external network to the internal network, the route search is performed first, and then the internal network ID in the internal and external network ID hidden table is used to replace the destination ID of the data in the routing forwarding table; 如果是内网之间或者外网之间的用户数据转发,则直接进行路由转发查找。If it is user data forwarding between intranets or between extranets, route forwarding search is performed directly. 4.根据权利要求2所述的一种面向交换网络的动态ID隐藏方法,其特征在于,所述步骤4包括:4. a kind of dynamic ID hiding method oriented to switching network according to claim 2, is characterized in that, described step 4 comprises: 根据步骤2中的映射方法进行周期性内外网ID映射变换。According to the mapping method in step 2, perform periodic internal and external network ID mapping transformation.
CN201911208371.8A 2019-11-30 2019-11-30 A Dynamic ID Hiding Method for Switching Networks Active CN111131169B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911208371.8A CN111131169B (en) 2019-11-30 2019-11-30 A Dynamic ID Hiding Method for Switching Networks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911208371.8A CN111131169B (en) 2019-11-30 2019-11-30 A Dynamic ID Hiding Method for Switching Networks

Publications (2)

Publication Number Publication Date
CN111131169A true CN111131169A (en) 2020-05-08
CN111131169B CN111131169B (en) 2022-05-06

Family

ID=70496845

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911208371.8A Active CN111131169B (en) 2019-11-30 2019-11-30 A Dynamic ID Hiding Method for Switching Networks

Country Status (1)

Country Link
CN (1) CN111131169B (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101447980A (en) * 2008-12-25 2009-06-03 中国电子科技集团公司第五十四研究所 Collision-resistance method for mapping public-private key pairs by utilizing uniform user identification
US7609689B1 (en) * 2001-09-27 2009-10-27 Cisco Technology, Inc. System and method for mapping an index into an IPv6 address
US8464334B1 (en) * 2007-04-18 2013-06-11 Tara Chand Singhal Systems and methods for computer network defense II
US20130298228A1 (en) * 2012-05-01 2013-11-07 Harris Corporation Router for communicating data in a dynamic computer network
US20130298227A1 (en) * 2012-05-01 2013-11-07 Harris Corporation Systems and methods for implementing moving target technology in legacy hardware
CN104580233A (en) * 2015-01-16 2015-04-29 重庆邮电大学 Internet of Things smart home security gateway system
CN105721442A (en) * 2016-01-22 2016-06-29 耿童童 Spurious response system and method based on dynamic variation and network security system and method
CN105721457A (en) * 2016-01-30 2016-06-29 耿童童 Network security defense system and network security defense method based on dynamic transformation
US20160315914A1 (en) * 2015-04-24 2016-10-27 Agency For Defense Development Method for hiding receiver's address for link layer in group communication
CN107071075A (en) * 2016-11-16 2017-08-18 国家数字交换系统工程技术研究中心 The device and method of network address dynamic hop
CN107682470A (en) * 2017-10-16 2018-02-09 杭州迪普科技股份有限公司 The method and device of public network IP availability in a kind of detection nat address pool
CN110365496A (en) * 2019-07-23 2019-10-22 泰州学院 A Network Security Defense System Based on Dynamic Transformation

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7609689B1 (en) * 2001-09-27 2009-10-27 Cisco Technology, Inc. System and method for mapping an index into an IPv6 address
US8464334B1 (en) * 2007-04-18 2013-06-11 Tara Chand Singhal Systems and methods for computer network defense II
CN101447980A (en) * 2008-12-25 2009-06-03 中国电子科技集团公司第五十四研究所 Collision-resistance method for mapping public-private key pairs by utilizing uniform user identification
US20130298228A1 (en) * 2012-05-01 2013-11-07 Harris Corporation Router for communicating data in a dynamic computer network
US20130298227A1 (en) * 2012-05-01 2013-11-07 Harris Corporation Systems and methods for implementing moving target technology in legacy hardware
CN104322027A (en) * 2012-05-01 2015-01-28 贺利实公司 Router for communicating data in a dynamic computer network
CN104580233A (en) * 2015-01-16 2015-04-29 重庆邮电大学 Internet of Things smart home security gateway system
US20160315914A1 (en) * 2015-04-24 2016-10-27 Agency For Defense Development Method for hiding receiver's address for link layer in group communication
CN105721442A (en) * 2016-01-22 2016-06-29 耿童童 Spurious response system and method based on dynamic variation and network security system and method
CN105721457A (en) * 2016-01-30 2016-06-29 耿童童 Network security defense system and network security defense method based on dynamic transformation
CN107071075A (en) * 2016-11-16 2017-08-18 国家数字交换系统工程技术研究中心 The device and method of network address dynamic hop
CN107682470A (en) * 2017-10-16 2018-02-09 杭州迪普科技股份有限公司 The method and device of public network IP availability in a kind of detection nat address pool
CN110365496A (en) * 2019-07-23 2019-10-22 泰州学院 A Network Security Defense System Based on Dynamic Transformation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
罗跃斌: "网络主动防御关键技术研究", 《中国博士学位论文全文库信息科技辑》 *

Also Published As

Publication number Publication date
CN111131169B (en) 2022-05-06

Similar Documents

Publication Publication Date Title
CN104853003B (en) A kind of address based on Netfilter, port-hopping Realization Method of Communication
US10505961B2 (en) Digitally signed network address
JP5291725B2 (en) IP address delegation
US8181014B2 (en) Method and apparatus for protecting the routing of data packets
US8576845B2 (en) Method and apparatus for avoiding unwanted data packets
CN101159718B (en) Embedded Industrial Ethernet Security Gateway
US20170195295A1 (en) Anonymous communications in software-defined neworks via route hopping and ip address randomization
CN100364306C (en) Verification method of IPv6 real source address between autonomous systems based on signature
CN102546661B (en) A kind of method and system preventing IPv6 gateway neighbours spoofing attack
CN103297563B (en) A kind of method preventing repeated address detection attack of identity-based certification
CN103701700A (en) Node discovering method and system in communication network
CN106027527A (en) Anonymous communication method based on software defined network (SDN) environment
CN103402197B (en) A kind of position based on IPv6 technology and path concealment guard method
CN107071075B (en) Device and method for dynamically jumping network address
CN111131169B (en) A Dynamic ID Hiding Method for Switching Networks
CN116684869B (en) An IPv6-based trusted access method, system and medium for campus wireless networks
CN111327628A (en) Anonymous communication system based on SDN
Zhang et al. Petri Net Model of MITM Attack Based on NDP Protocol
Jia et al. RISP: An RPKI-based inter-AS source protection mechanism
Tan et al. A hierarchical source address validation technique based on cryptographically generated address
Murugesan et al. Security mechanism for IPv6 router discovery based on distributed trust management
CN102571816B (en) A kind of method and system preventing neighbor learning attack
Huang et al. Efficient DoS-limiting support by indirect mapping in networks with locator/identifier separation
Praveena et al. New Mitigating Technique to Overcome DDOS Attack
Kouachi et al. OTFI: Communication Privacy in the IoT Based on One Time Flow Information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant