CN111628993A - Network spoofing defense method and device based on host fingerprint hiding - Google Patents

Network spoofing defense method and device based on host fingerprint hiding Download PDF

Info

Publication number
CN111628993A
CN111628993A CN202010453955.8A CN202010453955A CN111628993A CN 111628993 A CN111628993 A CN 111628993A CN 202010453955 A CN202010453955 A CN 202010453955A CN 111628993 A CN111628993 A CN 111628993A
Authority
CN
China
Prior art keywords
host
fingerprint
fingerprint information
hiding
type
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010453955.8A
Other languages
Chinese (zh)
Other versions
CN111628993B (en
Inventor
贾哲
李炳彰
张林杰
朱晓明
刘蓓
李吉良
赵海强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 54 Research Institute
Original Assignee
CETC 54 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 54 Research Institute filed Critical CETC 54 Research Institute
Priority to CN202010453955.8A priority Critical patent/CN111628993B/en
Publication of CN111628993A publication Critical patent/CN111628993A/en
Application granted granted Critical
Publication of CN111628993B publication Critical patent/CN111628993B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a network spoofing defense method and device based on host fingerprint hiding, and belongs to the technical field of network spoofing defense. A host fingerprint hiding mechanism is added at the position of a host access network, and the fingerprint characteristics of the host are hidden by a disguising or confusing method, so that the network deception defense to an attacker is realized. The invention stores various types of host fingerprint information by constructing the host fingerprint information base, carries out fingerprint camouflage or confusion processing on an IP data packet sent by the host according to a host hiding strategy, replaces or changes the real fingerprint information of the host according to the processing of the legal host fingerprint information in the host fingerprint information base on the specific protocol field of the IP data packet, presents the false or constantly changed host fingerprint characteristics to an attacker, realizes the hiding of the real fingerprint information of the host, ensures that the host fingerprint information detected by the attacker is false or uncertain, and realizes the safety defense of a host system.

Description

Network spoofing defense method and device based on host fingerprint hiding
Technical Field
The invention relates to the technical field of network spoofing defense, in particular to a network spoofing defense method and device based on host fingerprint hiding.
Background
The long-term network attack and defense practice results show that the costs of both the attack and defense parties present serious 'attack and defend easily' and 'difficult' non-alignment situations: while network defenders need to protect complex systems containing a variety of unknown vulnerabilities at an exponentially growing cost, network attackers need only find one or a few available vulnerabilities to defeat the system. The objective reasons for this situation include several aspects:
(1) the vulnerability in the information system is ubiquitous due to the limitation of human technological capability and engineering technical level;
(2) under the global configuration of the information industry, the back door is very easy to implant through links such as a product design chain, a tool chain, a manufacturing chain, a processing chain, a supply chain, a service chain and the like;
(3) the network system exhibits static, homogeneous and deterministic characteristics in order to meet the requirements of high performance, high reliability, low manufacturing cost, etc.
The characteristics provide very favorable conditions for the attacker to observe, test and analyze the target network for a long time.
In the face of diversified network security threats, the main ideas of traditional network security defense research are focused on eliminating vulnerability and reducing attack surface, trying to construct an absolutely secure network, or proposing a security mechanism which can meet all security requirements and is effective everywhere. It has been shown that such networks and mechanisms either have an availability that is not practical or can be bypassed in an unexpected manner by an attacker.
Disclosure of Invention
In view of the above, the present invention provides a network spoofing defense method and device based on host fingerprint hiding, which adds a host fingerprint hiding mechanism at a host access network location, and hides the fingerprint characteristics of the host by a disguising or obfuscating method, so that the system presents to an attacker a limited or even completely hidden or wrong attack surface, thereby reducing the available resources exposed to the attacker, resulting in increased attack complexity and attacker cost.
In order to achieve the purpose, the invention provides the technical scheme that:
a network spoofing defense method based on host fingerprint hiding comprises the following steps:
(1) analyzing the scanning rule of the network scanning software and the Banner information of the network application service to form a host fingerprint information base; each piece of fingerprint information in the host fingerprint information base comprises a fingerprint information type, a protocol type, a field value mode and Banner information;
(2) a host fingerprint hiding strategy is formulated, the hiding strategy takes a host IP address and a protocol type as an index, the hiding strategy comprises a disguise type and a confusion type, and the disguise type hiding strategy specifies the used false fingerprint information type;
(3) analyzing an IP data packet sent by a host, extracting a source IP address and a protocol type, and matching a host fingerprint hiding strategy by the source IP address and the protocol type;
(4) according to the matched host fingerprint hiding strategy, if the fingerprint hiding mode is disguised, taking the fingerprint information type specified by the strategy and the protocol type analyzed from the IP data packet as indexes, and reading corresponding fingerprint information from a host fingerprint information base; if the fingerprint hiding mode is confusion, randomly selecting a fingerprint information type, taking the selected fingerprint information type and a protocol type analyzed from the IP data packet as an index, and reading corresponding fingerprint information from a host fingerprint information base;
(5) and correspondingly modifying the IP data packet sent by the host according to the field type, the field value mode and the Banner information in the read fingerprint information, and then sending out the modified IP data packet.
Further, the protocol types include TCP, FTP, SSH, HTTP, TELNET, SNMP.
Further, the fingerprint information type includes two types of operating system fingerprints and application protocol fingerprints, wherein the operating system fingerprints include Windows, Linux and Unix, and the application protocol fingerprints include FTP, SSH, HTTP, TELNET and SNMP.
A network spoofing defense device based on host fingerprint hiding comprises the following modules:
the flow engine module is used for extracting the IP data packet sent by the host from the input interface and transmitting the IP data packet to the IP data analysis module, and is also used for calling a corresponding protocol stack for processing the IP data packet with the hidden fingerprint according to the protocol type of the IP data packet and sending the IP data packet out through the output interface;
the IP data analysis module is used for analyzing the IP data packet transmitted by the flow engine module and extracting a source IP address and a protocol type;
the fingerprint hiding strategy matching module is used for matching a host fingerprint hiding strategy in a host fingerprint hiding strategy library by taking a source IP address and a protocol type as indexes, and sending a matched fingerprint hiding mode to the host fingerprint hiding control module;
the system comprises a host fingerprint hiding strategy library, a database and a database, wherein the host fingerprint hiding strategy library is used for storing a host fingerprint hiding strategy, the host fingerprint hiding strategy takes a source IP address and a protocol type as indexes and comprises a disguise type and an confusion type, and the disguise type hiding strategy specifies a used false fingerprint information type;
the host fingerprint hiding control module is used for reading corresponding fingerprint information from a host fingerprint information base by taking a fingerprint information type specified by a strategy and a protocol type analyzed from an IP data packet as indexes if the fingerprint hiding mode is disguised; if the fingerprint hiding mode is confusion, randomly selecting a fingerprint information type, taking the selected fingerprint information type and a protocol type analyzed from the IP data packet as an index, and reading corresponding fingerprint information from a host fingerprint information base;
the system comprises a host fingerprint information base, a network application service database and a network database, wherein the host fingerprint information base is used for storing fingerprint information, the fingerprint information is formed by analyzing scanning rules of network scanning software and Banner information of network application service, and each piece of fingerprint information comprises a fingerprint information type, a protocol type, a field value mode and the Banner information;
and the protocol data processing module is used for correspondingly modifying the IP data packet sent by the host according to the field type, the field value mode and the Banner information in the fingerprint information read by the host fingerprint hiding control module, and then transmitting the modified IP data packet to the flow engine module.
The fingerprint information management module is used for managing the host fingerprint information base and updating the host fingerprint information base in real time.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention skillfully utilizes the disguise and confusion processing of the specific field of the IP data packet protocol, realizes the hiding of the fingerprint characteristics of the host and increases the difficulty of accurately identifying the host by an attacker.
2. The invention ensures that the host fingerprint information detected by an attacker is false or uncertain by means of fingerprint hiding, so that the attacker has no effect or cannot attack according to the attack, thereby realizing the security defense of the host system.
3. The invention is easy to realize in the form of defense software and easy to popularize and implement.
Drawings
Fig. 1 is a schematic diagram of a network spoofing defending device in an embodiment of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
A network spoofing defense method based on host fingerprint hiding performs fingerprint disguising and confusion processing through a protocol data packet sent by a host, and presents a limited or even completely hidden or wrong attack surface to an attacker, so that the attack complexity and the cost of the attacker are increased. The method specifically comprises the following steps:
(1) analyzing the scanning rules of common scanning software and the Banner information of common services to form a host fingerprint information base;
(2) a host fingerprint hiding strategy is formulated, the IP address and the protocol type of the host are used as indexes, the hiding strategy comprises two fingerprint hiding modes of disguising and confusing, and the false fingerprint information type used for the fingerprint disguising mode is appointed;
(3) analyzing an IP data packet sent by a host, extracting a source IP address and a protocol type, and matching a host fingerprint hiding strategy by the source IP address and the protocol type;
(4) according to the host fingerprint hiding strategy matched in the step (3), if the fingerprint hiding mode is disguised, reading fingerprint information from a host fingerprint information base according to the fingerprint information type specified by the strategy and the protocol type of the IP data packet; if the fingerprint hiding mode is confusion, selecting the fingerprint information type through a randomized fingerprint selection algorithm, and reading the fingerprint information from the host fingerprint information base according to the selected fingerprint information type and the protocol type of the IP data packet;
(5) and (4) processing the IP data packet sent by the host according to the protocol processing mode defined in the fingerprint information determined in the step (4).
The method adds a host fingerprint hiding mechanism at the host access network position, and hides the fingerprint characteristics of the host in a disguising or confusing mode to realize the network deception defense to the attacker. The host fingerprint information detected by an attacker is false or uncertain through a fingerprint hiding means, so that the attacker cannot launch the attack or cannot launch the attack according to the false attack, and the security defense of a host system is realized.
Referring to fig. 1, a network spoofing defending device based on host fingerprint hiding is characterized by comprising the following modules:
the flow engine module is used for extracting the IP data packet sent by the host from the input interface and transmitting the IP data packet to the IP data analysis module, and is also used for calling a corresponding protocol stack for processing the IP data packet with the hidden fingerprint according to the protocol type of the IP data packet and sending the IP data packet out through the output interface;
the IP data analysis module is used for analyzing the IP data packet transmitted by the flow engine module and extracting a source IP address and a protocol type;
the fingerprint hiding strategy matching module is used for matching a host fingerprint hiding strategy in a host fingerprint hiding strategy library by taking a source IP address and a protocol type as indexes, and sending a matched fingerprint hiding mode to the host fingerprint hiding control module;
the system comprises a host fingerprint hiding strategy library, a database and a database, wherein the host fingerprint hiding strategy library is used for storing a host fingerprint hiding strategy, the host fingerprint hiding strategy takes a source IP address and a protocol type as indexes and comprises a disguise type and an confusion type, and the disguise type hiding strategy specifies a used false fingerprint information type;
the host fingerprint hiding control module is used for reading corresponding fingerprint information from a host fingerprint information base by taking a fingerprint information type specified by a strategy and a protocol type analyzed from an IP data packet as indexes if the fingerprint hiding mode is disguised; if the fingerprint hiding mode is confusion, randomly selecting a fingerprint information type, taking the selected fingerprint information type and a protocol type analyzed from the IP data packet as an index, and reading corresponding fingerprint information from a host fingerprint information base;
the system comprises a host fingerprint information base, a network application service database and a network database, wherein the host fingerprint information base is used for storing fingerprint information, the fingerprint information is formed by analyzing scanning rules of network scanning software and Banner information of network application service, and each piece of fingerprint information comprises a fingerprint information type, a protocol type, a field value mode and the Banner information;
and the protocol data processing module is used for correspondingly modifying the IP data packet sent by the host according to the field type, the field value mode and the Banner information in the fingerprint information read by the host fingerprint hiding control module, and then transmitting the modified IP data packet to the flow engine module.
The device stores various types of host fingerprint information by constructing a host fingerprint information base, performs fingerprint camouflage or confusion processing on an IP data packet sent by a host according to a host hiding strategy, replaces or changes the real fingerprint information of the host according to the processing of the legal host fingerprint information in the host fingerprint information base on a specific protocol field of the IP data packet, and presents the fake or constantly changed host fingerprint characteristics to an attacker, thereby realizing the hiding of the real fingerprint information of the host.
The following is a more specific example:
still referring to fig. 1, a network spoofing defense method based on host fingerprint hiding includes the following steps:
(1) before communication, the system collects fingerprint information of a host system by using matching rules of common scanning software such as Nmap, Xprobe and the like to form a host fingerprint information base; the fingerprint information management module is responsible for managing the fingerprint information of the host computer and ensuring the real-time update of the fingerprint information of the host computer;
the host fingerprint information stored in the host fingerprint information base comprises: fingerprint information type, protocol type, field value, field dereferencing mode, Banner information and the like;
(2) taking a host IP address and a protocol type as indexes, and formulating a host fingerprint hiding strategy, wherein the hiding strategy comprises two fingerprint hiding modes of disguising and confusing, and a false fingerprint information type is assigned in the hiding strategy of the disguising type;
the protocol types include: TCP, FTP, SSH, HTTP, TELNET, SNMP, etc.; the fingerprint information types include: an operating system fingerprint and an application protocol fingerprint. Operating system fingerprints include Windows, Linux, Unix, wherein the Linux system includes: RedHat, CentOS, Ubuntu, and Fedora; the application protocol fingerprints include: FTP, SSH, HTTP, TELNET, SNMP;
(3) the flow engine module extracts an IP data packet sent by the host from the input interface; the IP data analysis module analyzes an IP data packet sent by the host and extracts a source IP address and a protocol type; the hidden strategy matching module takes the source IP address and the protocol type as indexes, matches a host fingerprint hidden strategy in a host fingerprint hidden strategy library and sends the strategy to a host fingerprint hidden control module;
(4) the host fingerprint hiding control module reads a fingerprint hiding mode in the matched host fingerprint hiding strategy, and if the fingerprint hiding mode is a disguised mode, fingerprint information is read from a host fingerprint information base according to the fingerprint information type specified by the strategy; if the fingerprint information is in a confusion mode, selecting the type of the fingerprint information through a randomized fingerprint selection algorithm; then, reading corresponding fingerprint information from a host fingerprint information base according to the fingerprint information type obtained by the host fingerprint hiding control module and the protocol type of the IP data packet;
(5) the protocol data processing module processes the IP data packet according to the fingerprint information and then sends the IP data packet subjected to fingerprint hiding processing to the flow engine module;
(6) and the flow engine module receives the IP data packet after the fingerprint hiding processing, calls a corresponding protocol stack for processing according to the protocol type of the IP data packet, and then sends out the IP data packet through the output interface.
In conclusion, the invention can hide the fingerprint characteristics of the host computer in a disguising or confusing mode, so that the system presents a limited or even completely hidden or wrong attack surface to an attacker, thereby reducing the resources exposed and utilized by the attacker, and leading to the increase of attack complexity and cost of the attacker.
The present invention is not limited to the above-described embodiments, and various changes may be made by those skilled in the art, and any changes equivalent or similar to the present invention are intended to be included within the scope of the claims.

Claims (5)

1. A network spoofing defense method based on host fingerprint hiding is characterized by comprising the following steps:
(1) analyzing the scanning rule of the network scanning software and the Banner information of the network application service to form a host fingerprint information base; each piece of fingerprint information in the host fingerprint information base comprises a fingerprint information type, a protocol type, a field value mode and Banner information;
(2) a host fingerprint hiding strategy is formulated, the hiding strategy takes a host IP address and a protocol type as an index, the hiding strategy comprises a disguise type and a confusion type, and the disguise type hiding strategy specifies the used false fingerprint information type;
(3) analyzing an IP data packet sent by a host, extracting a source IP address and a protocol type, and matching a host fingerprint hiding strategy by the source IP address and the protocol type;
(4) according to the matched host fingerprint hiding strategy, if the fingerprint hiding mode is disguised, taking the fingerprint information type specified by the strategy and the protocol type analyzed from the IP data packet as indexes, and reading corresponding fingerprint information from a host fingerprint information base; if the fingerprint hiding mode is confusion, randomly selecting a fingerprint information type, taking the selected fingerprint information type and a protocol type analyzed from the IP data packet as an index, and reading corresponding fingerprint information from a host fingerprint information base;
(5) and correspondingly modifying the IP data packet sent by the host according to the field type, the field value mode and the Banner information in the read fingerprint information, and then sending out the modified IP data packet.
2. The host fingerprint hiding based network spoofing defense method of claim 1 wherein said protocol types include TCP, FTP, SSH, HTTP, TELNET, SNMP.
3. The host fingerprint hiding-based network spoofing defense method of claim 1, wherein the fingerprint information types include operating system fingerprints and application protocol fingerprints, wherein the operating system fingerprints include Windows, Linux and Unix, and the application protocol fingerprints include FTP, SSH, HTTP, TELNET and SNMP.
4. A network spoofing defense device based on host fingerprint hiding is characterized by comprising the following modules:
the flow engine module is used for extracting the IP data packet sent by the host from the input interface and transmitting the IP data packet to the IP data analysis module, and is also used for calling a corresponding protocol stack for processing the IP data packet with the hidden fingerprint according to the protocol type of the IP data packet and sending the IP data packet out through the output interface;
the IP data analysis module is used for analyzing the IP data packet transmitted by the flow engine module and extracting a source IP address and a protocol type;
the fingerprint hiding strategy matching module is used for matching a host fingerprint hiding strategy in a host fingerprint hiding strategy library by taking a source IP address and a protocol type as indexes, and sending a matched fingerprint hiding mode to the host fingerprint hiding control module;
the system comprises a host fingerprint hiding strategy library, a database and a database, wherein the host fingerprint hiding strategy library is used for storing a host fingerprint hiding strategy, the host fingerprint hiding strategy takes a source IP address and a protocol type as indexes and comprises a disguise type and an confusion type, and the disguise type hiding strategy specifies a used false fingerprint information type;
the host fingerprint hiding control module is used for reading corresponding fingerprint information from a host fingerprint information base by taking a fingerprint information type specified by a strategy and a protocol type analyzed from an IP data packet as indexes if the fingerprint hiding mode is disguised; if the fingerprint hiding mode is confusion, randomly selecting a fingerprint information type, taking the selected fingerprint information type and a protocol type analyzed from the IP data packet as an index, and reading corresponding fingerprint information from a host fingerprint information base;
the system comprises a host fingerprint information base, a network application service database and a network database, wherein the host fingerprint information base is used for storing fingerprint information, the fingerprint information is formed by analyzing scanning rules of network scanning software and Banner information of network application service, and each piece of fingerprint information comprises a fingerprint information type, a protocol type, a field value mode and the Banner information;
and the protocol data processing module is used for correspondingly modifying the IP data packet sent by the host according to the field type, the field value mode and the Banner information in the fingerprint information read by the host fingerprint hiding control module, and then transmitting the modified IP data packet to the flow engine module.
5. The device for defending network spoofing based on host fingerprint hiding according to claim 4, characterized by further comprising the following modules:
and the fingerprint information management module is used for managing the host fingerprint information base and updating the host fingerprint information base in real time.
CN202010453955.8A 2020-05-26 2020-05-26 Network spoofing defense method and device based on host fingerprint hiding Active CN111628993B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010453955.8A CN111628993B (en) 2020-05-26 2020-05-26 Network spoofing defense method and device based on host fingerprint hiding

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010453955.8A CN111628993B (en) 2020-05-26 2020-05-26 Network spoofing defense method and device based on host fingerprint hiding

Publications (2)

Publication Number Publication Date
CN111628993A true CN111628993A (en) 2020-09-04
CN111628993B CN111628993B (en) 2022-01-21

Family

ID=72259962

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010453955.8A Active CN111628993B (en) 2020-05-26 2020-05-26 Network spoofing defense method and device based on host fingerprint hiding

Country Status (1)

Country Link
CN (1) CN111628993B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112702363A (en) * 2021-03-24 2021-04-23 远江盛邦(北京)网络安全科技股份有限公司 Node hiding method, system and equipment based on deception
CN113055406A (en) * 2021-04-16 2021-06-29 中国电子科技集团公司第五十四研究所 Operating system feature hiding method and system based on communication protocol
CN113556356A (en) * 2021-07-30 2021-10-26 中国电子科技集团公司第五十四研究所 Service software feature hiding method and system based on communication protocol
CN114338155A (en) * 2021-12-28 2022-04-12 四川邦辰信息科技有限公司 Network privacy protection method and system based on multi-dimensional fingerprint confusion
CN114363087A (en) * 2022-01-27 2022-04-15 杭州默安科技有限公司 Scanner countermeasure method and system based on bypass interference

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080013804A1 (en) * 2005-12-09 2008-01-17 Electronics And Telecommunications Research Institute Method and apparatus for recognizing fingerprint by hiding minutiae
CN103312689A (en) * 2013-04-08 2013-09-18 西安电子科技大学 Network hiding method for computer and network hiding system based on method
CN107276978A (en) * 2017-04-25 2017-10-20 中国科学院信息工程研究所 A kind of Anonymizing networks of Intrusion Detection based on host fingerprint hide service source tracing method
CN109495583A (en) * 2018-12-19 2019-03-19 中国电子科技集团公司第五十四研究所 A kind of data safety exchange method that Intrusion Detection based on host feature is obscured

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080013804A1 (en) * 2005-12-09 2008-01-17 Electronics And Telecommunications Research Institute Method and apparatus for recognizing fingerprint by hiding minutiae
CN103312689A (en) * 2013-04-08 2013-09-18 西安电子科技大学 Network hiding method for computer and network hiding system based on method
CN107276978A (en) * 2017-04-25 2017-10-20 中国科学院信息工程研究所 A kind of Anonymizing networks of Intrusion Detection based on host fingerprint hide service source tracing method
CN109495583A (en) * 2018-12-19 2019-03-19 中国电子科技集团公司第五十四研究所 A kind of data safety exchange method that Intrusion Detection based on host feature is obscured

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112702363A (en) * 2021-03-24 2021-04-23 远江盛邦(北京)网络安全科技股份有限公司 Node hiding method, system and equipment based on deception
CN113055406A (en) * 2021-04-16 2021-06-29 中国电子科技集团公司第五十四研究所 Operating system feature hiding method and system based on communication protocol
CN113556356A (en) * 2021-07-30 2021-10-26 中国电子科技集团公司第五十四研究所 Service software feature hiding method and system based on communication protocol
CN114338155A (en) * 2021-12-28 2022-04-12 四川邦辰信息科技有限公司 Network privacy protection method and system based on multi-dimensional fingerprint confusion
CN114338155B (en) * 2021-12-28 2024-04-30 四川邦辰信息科技有限公司 Network privacy protection method and system based on multidimensional fingerprint confusion
CN114363087A (en) * 2022-01-27 2022-04-15 杭州默安科技有限公司 Scanner countermeasure method and system based on bypass interference
CN114363087B (en) * 2022-01-27 2024-05-14 杭州默安科技有限公司 Scanner countermeasure method and system based on bypass interference

Also Published As

Publication number Publication date
CN111628993B (en) 2022-01-21

Similar Documents

Publication Publication Date Title
CN111628993B (en) Network spoofing defense method and device based on host fingerprint hiding
Alshamrani et al. A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities
Poisel Information warfare and electronic warfare systems
Steingartner et al. Cyber threats and cyber deception in hybrid warfare
Tagra et al. Technique for preventing DoS attacks on RFID systems
Goel et al. Attribution across cyber attack types: network intrusions and information operations
Anwar et al. A game-theoretic framework for dynamic cyber deception in internet of battlefield things
Rae et al. Internet of things device hardening using shodan. io and shovat: A survey
Islam et al. Chimera: Autonomous planning and orchestration for malware deception
Hussain et al. Advance persistent threat—a systematic review of literature and meta-analysis of threat vectors
Rana et al. Offensive security: Cyber threat intelligence enrichment with counterintelligence and counterattack
Onyema et al. Cyber threats, attack strategy, and ethical hacking in telecommunications systems
Khosravi-Farmad et al. Moving target defense against advanced persistent threats for cybersecurity enhancement
Tanaka et al. Internet-wide scanner fingerprint identifier based on TCP/IP header
Gandhi et al. Ethical hacking: Types of hackers, cyber attacks and security
Koch et al. The cyber decade: cyber defence at a x-ing point
Anwar et al. Understanding internet of things malware by analyzing endpoints in their static artifacts
Torres et al. Cyber Threat Intelligence Methodologies: Hunting Cyber Threats with Threat Intelligence Platforms and Deception Techniques
Asbaş et al. Cyberwarfare: War activities in cyberspace
Javaid Cyber security: Challenges ahead
Mahmudov Cyber Warfare: understanding the elements, effects, and future trends of cyber-attacks and defences
Vera et al. Cyber defence triage for multimedia data intelligence: Hellsing, Desert Falcons and Lotus Blossom APT campaigns as case studies
Larkin A Stochastic Game Theoretical Model for Cyber Security
US20020188859A1 (en) DNA intrusion detection method
US20240267409A1 (en) Cyber clone of a computing entity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant