CN111885014A - Mimic bracket device with master-slave switching function, mimic defense method and architecture - Google Patents
Mimic bracket device with master-slave switching function, mimic defense method and architecture Download PDFInfo
- Publication number
- CN111885014A CN111885014A CN202010641131.3A CN202010641131A CN111885014A CN 111885014 A CN111885014 A CN 111885014A CN 202010641131 A CN202010641131 A CN 202010641131A CN 111885014 A CN111885014 A CN 111885014A
- Authority
- CN
- China
- Prior art keywords
- module
- flow
- heterogeneous
- mimicry
- tcp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a mimicry bracket device with a master-slave switching function, which comprises an I/O interface module, a flow dividing module, two heterogeneous mimicry brackets which are mutually master-slave, a flow control module and a confluence module, wherein each heterogeneous mimicry bracket receives and processes flow distributed by the flow dividing module, calculates an output vector of the flow dividing module, and performs master-slave switching after receiving a master-slave switching instruction; comparing the output vectors of the two heterogeneous mimicry brackets under the slave state, and sending the comparison result to the flow control module; the flow control module outputs a switching instruction to the two heterogeneous mimicry brackets and the confluence module when the comparison result is inconsistent; and the flow converging module receives the flow processed by the two heterogeneous mimicry brackets, and selects one flow processed by the heterogeneous mimicry brackets to transmit to the I/O interface after receiving the switching instruction of the flow control module.
Description
Technical Field
The invention relates to the field of mimicry defense, in particular to a mimicry bracket device with a master-slave switching function, a mimicry defense method and a framework.
Background
The classic mimicry defense architecture is shown in fig. 1, and the architecture realizes mimicry transformation of an executive body, and a user indirectly interacts with the executive body through mimicry brackets. The mimicry bracket consists of an input distribution and agent, an output agent and a resolver and refers to a protection boundary of a heterogeneous mimicry bracket set which possibly contains uncertain disturbance factors such as unknown vulnerability backdoor or virus trojan and the like. The mimicry architecture solves the problem of endogenous safety of the executive body, and converts the safety problem of the executive body with complex function into the safety problem of the mimicry bracket with simple function, so that the mimicry bracket needs to meet the characteristic that the loophole of the mimicry bracket is unreachable or unavailable, and the safety of the mimicry bracket is guaranteed. In addition, whether the mimicry bracket is reliable determines whether the executive is available, so that the reliability of the mimicry bracket needs to be improved.
In the past engineering practice, the function complexity of the mimicry bracket can be simplified and the attack surface can be reduced as far as possible, but the fact that the mimicry bracket function does not have a bug or a virus Trojan and the like in the implementation process cannot be absolutely guaranteed. In addition, the mimicry bracket may have a single point of failure resulting in unavailability of the service. Therefore, the fault needs to be timely found and processed when the mimicry bracket fails.
In order to solve the above problems, people are always seeking an ideal technical solution.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, and provides a mimic bracket device with a master-slave switching function, a mimic defense method and a framework.
In order to achieve the above object, a first aspect of the present invention provides a mimic bracket device with a master-slave switching function, including an I/O interface module, a splitting module, two heterogeneous mimic brackets which are master-slave to each other, a flow control module, and a merging module, where the splitting module is connected to the I/O interface module and the two heterogeneous mimic brackets, the two heterogeneous mimic brackets are connected to the flow control module and the merging module, and the merging module is connected to the flow control module and the I/O interface module;
the I/O interface module supports flow input and output;
the flow distribution module is used for copying and distributing the flow sent by the I/O interface module to each heterogeneous mimicry bracket;
each heterogeneous mimicry bracket includes a master state and a slave state; in the main state: the flow distribution module is used for receiving and processing the flow distributed by the flow distribution module, calculating and outputting an output vector of the flow distribution module; and for switching to a slave state after receiving a master-slave switching instruction; from the state: the flow distribution module is used for receiving and processing the flow distributed by the flow distribution module, calculating an output vector of the flow distribution module, comparing the output vector with the received output vector and outputting a comparison result; and is used for switching to the master state after receiving the master-slave switching instruction;
the flow control module receives an output vector output by the heterogeneous mimicry bracket in the master state and forwards the output vector to the heterogeneous executive body in the slave state; receiving a comparison result output by the slave heterogeneous executive body, and outputting a switching instruction to the two heterogeneous mimicry brackets and the confluence module when the comparison result is inconsistent;
the flow converging module receives the flow processed by the two heterogeneous mimicry brackets and transmits the flow processed by the heterogeneous mimicry brackets in the main state to the I/O interface when the switching instruction of the flow control module is not received; and after receiving a switching instruction of the flow control module, transmitting the flow processed by the other heterogeneous mimicry bracket to the I/O interface.
Based on the above, in the slave state, the heterogeneous mimicry bracket is further configured to receive a first TCP request data packet, record TCP header field information of the first TCP request data packet, and send the first TCP request data packet out; receiving a TCP response data packet, recording TCP head field information of the TCP response data packet, and sending the TCP response data packet out; and receiving a TCP request data packet, modifying the TCP header field information of the TCP request data packet by using the recorded TCP header field information of the TCP response data packet, and sending out the modified TCP request data packet.
Based on the above, after the heterogeneous mimicry bracket in the master state is switched to the slave state, the recorded TCP header field information of the TCP response needs to be cached in the flow control module; after the heterogeneous mimicry bracket in the slave state is switched to the master state, the TCP header field information of the TCP response needs to be acquired from the flow control module.
Based on the above, the I/O interface module includes an I/O interface module a and an I/O interface module B, the shunting module includes a shunting module a and a shunting module B, the merging module includes a merging module a and a merging module B, the I/O interface module a is connected with the shunting module a and the merging module B, respectively, and the I/O interface module B is connected with the merging module a and the shunting module B, respectively.
Based on the above, the shunting module adopts an optical fiber splitter, the converging module adopts an optical switch, and the flow control module adopts an FPGA.
Based on the above, the flow splitting module, the flow converging module and the flow control module are realized based on FPGA hardware programmable logic and are solidified in FPGA.
The second aspect of the present invention provides a mimicry defense method with master-slave switching function, comprising the following steps:
the flow of the I/O interface module reaches the shunting module, the shunting module copies two flows with the same flow and sends the two flows to the heterogeneous mimicry bracket in the master state and the heterogeneous mimicry bracket in the slave state;
the heterogeneous mimicry bracket in the main state receives and processes the flow copied and distributed by the flow dividing module, sends the processed flow to the flow converging module, and simultaneously calculates an output vector and sends the output vector to the flow control module;
the heterogeneous mimicry bracket in the slave state receives and processes the flow copied and distributed by the flow splitting module, sends the processed flow to the flow converging module, simultaneously obtains the output vector of the heterogeneous mimicry bracket in the master state from the flow control module, compares the output vector of the heterogeneous mimicry bracket in the master state with the output vector of the heterogeneous mimicry bracket per se, and returns the comparison result to the flow control module;
the flow control module does not act when the comparison result is consistent, and the flow converging module transmits the flow processed by the heterogeneous mimicry bracket in the main state to the I/O interface;
the flow control module outputs a switching instruction to the two heterogeneous mimicry brackets and the confluence module when the comparison result is inconsistent; the two heterogeneous mimicry brackets switch the master state and the slave state after receiving a switching instruction; and after receiving the switching instruction of the flow control module, the flow converging module transmits the flow processed by the other heterogeneous mimicry bracket to the I/O interface.
Based on the above, in the slave state, when the heterogeneous mimicry bracket receives a first TCP request data packet, the TCP header field information of the first TCP request data packet is recorded, and the first TCP request data packet is sent out;
when a TCP response data packet is received, recording TCP head field information of the TCP response data packet, and sending the TCP response data packet out;
and when a non-first TCP request data packet is received, modifying the TCP header field information of the TCP request data packet by using the recorded TCP header field information of the TCP response data packet, and sending out the modified TCP request data packet.
Based on the above, after the heterogeneous mimicry bracket in the master state is switched to the slave state, the recorded TCP header field information of the TCP response needs to be cached in the flow control module; after the heterogeneous mimicry bracket in the slave state is switched to the master state, the TCP header field information of the TCP response needs to be acquired from the flow control module.
The third aspect of the present invention provides a mimicry defense architecture, comprising a heterogeneous executive set and a mimicry bracket device, wherein the mimicry bracket device is the above-mentioned mimicry bracket device.
Compared with the prior art, the invention has outstanding substantive characteristics and remarkable progress, particularly,
1. the scheme of the invention realizes the separation of input stream and output stream at the I/O interface by the respective processing of the shunting module, the converging module and the flow control module; meanwhile, the flow distribution module, the flow converging module and the flow control module are all realized by hardware or hardware logic, leak injection does not exist in the modules, and the safety of the mimicry bracket device is ensured.
2. Comparing the processing results by using the slave heterogeneous mimicry brackets, and when the comparison results are not consistent, namely when a leak or a backdoor exists in the master heterogeneous mimicry brackets, sending a switching instruction to the master-slave heterogeneous mimicry brackets and the confluence module by the flow control module, and selectively outputting the processing results of the slave heterogeneous mimicry brackets by the master-slave heterogeneous mimicry brackets according to the switching instruction; the continuity of output information and the high availability of the mimicry bracket device are ensured by ensuring that the service is not interfered by a leak or a backdoor existing in the main heterogeneous mimicry bracket; meanwhile, the function of verifying the two heterogeneous mimicry brackets is transferred from the flow control module to the heterogeneous mimicry brackets, so that the processing function and the operation amount of the flow control module can be reduced, the selection speed of the flow control module is increased, and the processing efficiency of the whole mimicry bracket device is improved.
3. The mimicry bracket device realizes the processing mode of leading in a production line in the key control link of the mimicry system, so that the control function is segmented, and a single-line or one-way connection mechanism which is independent of the absolute credibility of the control segment is formed to control the potential influence and the possible diffusion range of unknown threats. The processing flow of the pipeline can cause the accessibility obstacle of an attack channel, make the construction or maintenance of the information transmission or virus Trojan uploading mechanism required by the matched attack difficult, and finally cause the situation that even the loophole exists in the mimicry bracket device, the loophole is difficult to utilize.
Drawings
FIG. 1 is a diagram of a classical mimicry defense architecture.
FIG. 2 is a logic diagram of the pseudo bracket device according to embodiment 1 of the present invention.
Fig. 3 is a flowchart illustrating a TCP virtual connection maintenance according to embodiment 2 of the present invention.
FIG. 4 is a flowchart of the mimicry defense method according to embodiment 3 of the present invention.
Detailed Description
The technical solution of the present invention is further described in detail by the following embodiments.
Example 1
As shown in fig. 2, this embodiment provides a mimic bracket device with a master-slave switching function, which includes an I/O interface module, a splitting module, two heterogeneous mimic brackets that are master-slave to each other, a flow control module, and a merging module, where the splitting module is connected to the I/O interface module and the two heterogeneous mimic brackets, the two heterogeneous mimic brackets are connected to the flow control module and the merging module, and the merging module is connected to the flow control module and the I/O interface module, respectively;
the I/O interface module supports flow input and output;
the flow distribution module is used for copying and distributing the flow sent by the I/O interface module to each heterogeneous mimicry bracket;
each heterogeneous mimicry bracket includes a master state and a slave state; in the main state: the flow distribution module is used for receiving and processing the flow distributed by the flow distribution module, calculating and outputting an output vector of the flow distribution module; and for switching to a slave state after receiving a master-slave switching instruction; from the state: the flow distribution module is used for receiving and processing the flow distributed by the flow distribution module, calculating an output vector of the flow distribution module, comparing the output vector with the received output vector and outputting a comparison result; and is used for switching to the master state after receiving the master-slave switching instruction;
the flow control module receives an output vector output by the heterogeneous mimicry bracket in the master state and forwards the output vector to the heterogeneous executive body in the slave state; receiving a comparison result output by the slave heterogeneous executive body, and outputting a switching instruction to the two heterogeneous mimicry brackets and the confluence module when the comparison result is inconsistent;
the flow converging module receives the flow processed by the two heterogeneous mimicry brackets and transmits the flow processed by the heterogeneous mimicry brackets in the main state to the I/O interface when the switching instruction of the flow control module is not received; and after receiving a switching instruction of the flow control module, transmitting the flow processed by the other heterogeneous mimicry bracket to the I/O interface.
In a specific implementation process, the heterogeneous mimicry bracket includes an input distribution agent module and a decision output agent module, the input distribution agent module is configured to perform copy distribution processing on traffic, and the decision output agent module is configured to perform decision output processing on traffic.
In a specific implementation process, the I/O interface module includes an I/O interface module a and an I/O interface module B, the shunting module includes a shunting module a and a shunting module B, the merging module includes a merging module a and a merging module B, the I/O interface module a is connected with the shunting module a and the merging module B, respectively, and the I/O interface module B is connected with the merging module a and the shunting module B, respectively.
The mimicry bracket device of the embodiment separates the flow and the output flow at the I/O interface by respectively processing the shunting module, the converging module and the flow control module, and realizes a processing mode of leading in a key control link of a mimicry system into a production line, so that the control function is segmented, and a single-line or one-way connection mechanism independent of control segmentation and 'absolute credibility' is formed to control the potential influence and possible diffusion range of unknown threats. The processing flow of the pipeline can cause the accessibility obstacle of an attack channel, make the construction or maintenance of the information transmission or virus Trojan uploading mechanism required by the matched attack difficult, and finally cause the situation that even the loophole exists in the mimicry bracket device, the loophole is difficult to utilize.
Meanwhile, the mimicry bracket device of the embodiment compares the processing results by using the slave heterogeneous mimicry brackets, when the comparison results are found to be inconsistent, namely when a leak or a back door exists in the master heterogeneous mimicry brackets, the flow control module sends a switching instruction to the master-slave heterogeneous mimicry brackets and the confluence module, and the master-slave heterogeneous mimicry brackets select to output the processing results of the slave heterogeneous mimicry brackets according to the switching instruction; the continuity of output information and the high availability of the mimicry bracket device are ensured by ensuring that the service is not interfered by a leak or a backdoor existing in the main heterogeneous mimicry bracket; meanwhile, the function of verifying the two heterogeneous mimicry brackets is transferred from the flow control module to the heterogeneous mimicry brackets, so that the processing function and the operation amount of the flow control module can be reduced, the selection speed of the flow control module is increased, and the processing efficiency of the whole mimicry bracket device is improved.
The mimic bracket device in this embodiment may be implemented in a pure hardware manner, that is, the shunting module employs an optical fiber splitter, the converging module employs an optical switch, and the current control module employs an FPGA.
The mimic bracket device in this embodiment may also be implemented in a hardware logic programming manner during specific implementation, that is, the shunting module, the converging module, and the flow control module are implemented based on FPGA hardware programmable logic and are solidified in an FPGA. Logic programming based on FPGA belongs to hardware description language, logic is solidified, attack script can not be injected, and safety of the mimic bracket device is improved.
Example 2
The present embodiment 1 is different from embodiment 2 in that: as shown in fig. 3, in the slave state, the heterogeneous mimicry bracket is further configured to receive a first TCP request packet, record TCP header field information of the first TCP request packet, and send the first TCP request packet out; receiving a TCP response data packet, recording TCP head field information of the TCP response data packet, and sending the TCP response data packet out; and receiving a TCP request data packet, modifying the TCP header field information of the TCP request data packet by using the recorded TCP header field information of the TCP response data packet, and sending out the modified TCP request data packet.
The embodiment enables the heterogeneous mimicry bracket in the slave state to maintain one TCP virtual connection by maintaining the interactive flow of the TCP data packet header information field in the heterogeneous mimicry bracket in the slave state, so that the heterogeneous mimicry bracket in the slave state can have the same IP request connection with the heterogeneous mimicry bracket in the master state.
In a specific implementation process, after the heterogeneous mimicry bracket in the master state is switched to the slave state, the recorded TCP header field information of the TCP response needs to be cached in the flow control module; after the heterogeneous mimicry bracket in the slave state is switched to the master state, the TCP header field information of the TCP response needs to be acquired from the flow control module.
The information synchronization function of the TCP virtual connection maintenance and the TCP connection can ensure the continuity of output information.
Example 3
As shown in fig. 4, the present embodiment provides a mimicry defense method with a master-slave switching function, which includes the following steps:
the flow of the I/O interface module reaches the shunting module, the shunting module copies two flows with the same flow and sends the two flows to the heterogeneous mimicry bracket in the master state and the heterogeneous mimicry bracket in the slave state;
the heterogeneous mimicry bracket in the main state receives and processes the flow copied and distributed by the flow dividing module, sends the processed flow to the flow converging module, and simultaneously calculates an output vector and sends the output vector to the flow control module;
the heterogeneous mimicry bracket in the slave state receives and processes the flow copied and distributed by the flow splitting module, sends the processed flow to the flow converging module, simultaneously obtains the output vector of the heterogeneous mimicry bracket in the master state from the flow control module, compares the output vector of the heterogeneous mimicry bracket in the master state with the output vector of the heterogeneous mimicry bracket per se, and returns the comparison result to the flow control module;
the flow control module does not act when the comparison result is consistent, and the flow converging module transmits the flow processed by the heterogeneous mimicry bracket in the main state to the I/O interface;
the flow control module outputs a switching instruction to the two heterogeneous mimicry brackets and the confluence module when the comparison result is inconsistent; the two heterogeneous mimicry brackets switch the master state and the slave state after receiving a switching instruction; and after receiving the switching instruction of the flow control module, the flow converging module transmits the flow processed by the other heterogeneous mimicry bracket to the I/O interface.
Specifically, in a slave state, when the heterogeneous mimicry bracket receives a first TCP request data packet, the heterogeneous mimicry bracket records TCP header field information of the first TCP request data packet, and sends the first TCP request data packet out;
when a TCP response data packet is received, recording TCP head field information of the TCP response data packet, and sending the TCP response data packet out;
and when a non-first TCP request data packet is received, modifying the TCP header field information of the TCP request data packet by using the recorded TCP header field information of the TCP response data packet, and sending out the modified TCP request data packet.
Specifically, after the heterogeneous mimicry bracket in the master state is switched to the slave state, the recorded TCP header field information of the TCP response needs to be cached in the flow control module; after the heterogeneous mimicry bracket in the slave state is switched to the master state, the TCP header field information of the TCP response needs to be acquired from the flow control module.
Example 4
The present embodiment provides a mimicry defense architecture comprising a heterogeneous executive set and a mimicry bracket device, the mimicry bracket device being the mimicry bracket device described in any of embodiments 1-2.
Finally, it should be noted that the above examples are only used to illustrate the technical solutions of the present invention and not to limit the same; although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art will understand that: modifications to the specific embodiments of the invention or equivalent substitutions for parts of the technical features may be made; without departing from the spirit of the present invention, it is intended to cover all aspects of the invention as defined by the appended claims.
Claims (10)
1. A mimicry bracket device with a master-slave switching function is characterized by comprising an I/O interface module, a flow dividing module, two heterogeneous mimicry brackets which are master-slave with each other, a flow control module and a confluence module, wherein the flow dividing module is respectively connected with the I/O interface module and the two heterogeneous mimicry brackets;
the I/O interface module supports flow input and output;
the flow distribution module is used for copying and distributing the flow sent by the I/O interface module to each heterogeneous mimicry bracket;
each heterogeneous mimicry bracket includes a master state and a slave state; in the main state: the flow distribution module is used for receiving and processing the flow distributed by the flow distribution module, calculating and outputting an output vector of the flow distribution module, and switching to a slave state after receiving a master-slave switching instruction; from the state: the system is used for receiving and processing the flow distributed by the flow distribution module, calculating an output vector of the flow distribution module, comparing the output vector with the received output vector, outputting a comparison result, and switching to a main state after receiving a master-slave switching instruction;
the flow control module receives an output vector output by the heterogeneous mimicry bracket in the master state and forwards the output vector to the heterogeneous executive body in the slave state; receiving a comparison result output by the slave heterogeneous executive body, and outputting a switching instruction to the two heterogeneous mimicry brackets and the confluence module when the comparison result is inconsistent;
the flow converging module receives the flow processed by the two heterogeneous mimicry brackets and transmits the flow processed by the heterogeneous mimicry brackets in the main state to the I/O interface when the switching instruction of the flow control module is not received; and after receiving a switching instruction of the flow control module, transmitting the flow processed by the other heterogeneous mimicry bracket to the I/O interface.
2. The mimic bracket device with master-slave switching function according to claim 1, characterized in that: under the slave state, the heterogeneous mimicry bracket is also used for receiving a first TCP request data packet, recording TCP head field information of the first TCP request data packet, and sending the first TCP request data packet out; receiving a TCP response data packet, recording TCP head field information of the TCP response data packet, and sending the TCP response data packet out; and receiving a TCP request data packet, modifying the TCP header field information of the TCP request data packet by using the recorded TCP header field information of the TCP response data packet, and sending out the modified TCP request data packet.
3. The mimic bracket device with master-slave switching functionality according to claim 2, characterized in that: after the heterogeneous mimicry bracket in the master state is switched to the slave state, the recorded TCP header field information of the TCP response needs to be cached in the flow control module; after the heterogeneous mimicry bracket in the slave state is switched to the master state, the TCP header field information of the TCP response needs to be acquired from the flow control module.
4. The mimic bracket device with master-slave switching function according to any of claims 1-3, characterized in that: the I/O interface module comprises an I/O interface module A and an I/O interface module B, the shunting module comprises a shunting module A and a shunting module B, the converging module comprises a converging module A and a converging module B, the I/O interface module A is respectively connected with the shunting module A and the converging module B, and the I/O interface module B is respectively connected with the converging module A and the shunting module B.
5. The mimic bracket device with master-slave switching function according to any of claims 1-3, characterized in that: the flow dividing module adopts an optical fiber splitter, the flow converging module adopts an optical switch, and the flow control module adopts an FPGA.
6. The mimic bracket device with master-slave switching function according to any of claims 1-3, characterized in that: the flow distribution module, the flow converging module and the flow control module are realized based on FPGA hardware programmable logic and are solidified in the FPGA.
7. A mimicry defense method with master-slave switching function is characterized in that:
the flow of the I/O interface module reaches the shunting module, the shunting module copies two flows with the same flow and sends the two flows to the heterogeneous mimicry bracket in the master state and the heterogeneous mimicry bracket in the slave state;
the heterogeneous mimicry bracket in the main state receives and processes the flow copied and distributed by the flow dividing module, sends the processed flow to the flow converging module, and simultaneously calculates an output vector and sends the output vector to the flow control module;
the heterogeneous mimicry bracket in the slave state receives and processes the flow copied and distributed by the flow splitting module, sends the processed flow to the flow converging module, simultaneously obtains the output vector of the heterogeneous mimicry bracket in the master state from the flow control module, compares the output vector of the heterogeneous mimicry bracket in the master state with the output vector of the heterogeneous mimicry bracket per se, and returns the comparison result to the flow control module;
the flow control module does not act when the comparison result is consistent, and the flow converging module transmits the flow processed by the heterogeneous mimicry bracket in the main state to the I/O interface;
the flow control module outputs a switching instruction to the two heterogeneous mimicry brackets and the confluence module when the comparison result is inconsistent; the two heterogeneous mimicry brackets switch the master state and the slave state after receiving a switching instruction; and after receiving the switching instruction of the flow control module, the flow converging module transmits the flow processed by the other heterogeneous mimicry bracket to the I/O interface.
8. The mimicry defense method of claim 7, wherein: under the slave state, when the heterogeneous mimicry bracket receives a first TCP request data packet, recording TCP head field information of the first TCP request data packet, and sending the first TCP request data packet out;
when a TCP response data packet is received, recording TCP head field information of the TCP response data packet, and sending the TCP response data packet out;
and when a non-first TCP request data packet is received, modifying the TCP header field information of the TCP request data packet by using the recorded TCP header field information of the TCP response data packet, and sending out the modified TCP request data packet.
9. The mimicry defense method of claim 7, wherein: after the heterogeneous mimicry bracket in the master state is switched to the slave state, the recorded TCP header field information of the TCP response needs to be cached in the flow control module; after the heterogeneous mimicry bracket in the slave state is switched to the master state, the TCP header field information of the TCP response needs to be acquired from the flow control module.
10. A mimicry defense architecture, characterized by: comprising a heterogeneous executive set and a pseudo-bracket device, said pseudo-bracket device being as claimed in any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010641131.3A CN111885014B (en) | 2020-07-06 | 2020-07-06 | Mimic bracket device with master-slave switching function, mimic defense method and architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010641131.3A CN111885014B (en) | 2020-07-06 | 2020-07-06 | Mimic bracket device with master-slave switching function, mimic defense method and architecture |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111885014A true CN111885014A (en) | 2020-11-03 |
| CN111885014B CN111885014B (en) | 2022-04-26 |
Family
ID=73150978
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010641131.3A Active CN111885014B (en) | 2020-07-06 | 2020-07-06 | Mimic bracket device with master-slave switching function, mimic defense method and architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111885014B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013084305A1 (en) * | 2011-12-06 | 2013-06-13 | 株式会社日立製作所 | Virtualization multi-system configuration control method and computer system |
| CN110691107A (en) * | 2019-12-11 | 2020-01-14 | 南京红阵网络安全技术研究院有限公司 | Endogenous safety user access authentication management system and method |
-
2020
- 2020-07-06 CN CN202010641131.3A patent/CN111885014B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013084305A1 (en) * | 2011-12-06 | 2013-06-13 | 株式会社日立製作所 | Virtualization multi-system configuration control method and computer system |
| CN110691107A (en) * | 2019-12-11 | 2020-01-14 | 南京红阵网络安全技术研究院有限公司 | Endogenous safety user access authentication management system and method |
Non-Patent Citations (3)
| Title |
|---|
| 仝青等: "拟态防御Web服务器设计与实现", 《软件学报》 * |
| 王梦童等: "Ceph分布式存储系统拟态防御设计", 《信息技术》 * |
| 魏帅等: "面向工控领域的拟态安全处理机架构", 《信息安全学报》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111885014B (en) | 2022-04-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5570345A (en) | Protection switching system with single line control | |
| US6289002B1 (en) | Automatic isolation in loops | |
| US7551627B2 (en) | Offloading routing functions from network routers | |
| JP2019512974A (en) | Method for Migration of Virtual Network Function | |
| US7663480B2 (en) | Wire emulation through a network for propagation of failure information | |
| US11917023B2 (en) | Fast session restoration for latency sensitive middleboxes | |
| US8675498B2 (en) | System and method to provide aggregated alarm indication signals | |
| US20140050092A1 (en) | Load sharing method and apparatus | |
| US8976644B2 (en) | Multicast traffic forwarding on pruned interface | |
| CN111885014B (en) | Mimic bracket device with master-slave switching function, mimic defense method and architecture | |
| US6603736B1 (en) | Communication device for transmitting message signals | |
| CN104468347B (en) | Control method and device of the network data from loopback | |
| CN111859390B (en) | Mimicry bracket device, defense method and defense architecture | |
| US20090103554A1 (en) | Data transfer device for ring protocol high speed switching and method for the same | |
| CN106559406B (en) | Physical network safety equipment and its control method and device | |
| CN107911250B (en) | Stacking system and method for preventing traffic loss | |
| US20230336406A1 (en) | Communication control device, communication system, communication control method, and program | |
| US20060002305A1 (en) | Generation of stressed flow of packets | |
| CN111859389B (en) | Mimicry bracket device, method and architecture based on flow control verification strategy | |
| CN110875880B (en) | Data transmission method, related equipment, system and computer storage medium | |
| Ra et al. | Implementation of FPGA‐based MPLS‐TP linear protection switching for 4000+ tunnels in packet transport network for optical carrier Ethernet | |
| JP4680151B2 (en) | Data transmission method and apparatus | |
| US20070268916A1 (en) | System and method of interface association for interface operational status event monitoring | |
| US10439841B2 (en) | Network interface, network and method for data transmission within the network | |
| KR100328475B1 (en) | A Dual Communication Bus Control System of Serial Data Communication System and a Controlling Method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |