CN112217832B - Local area network active defense method, device, medium and equipment - Google Patents
Local area network active defense method, device, medium and equipment Download PDFInfo
- Publication number
- CN112217832B CN112217832B CN202011133723.0A CN202011133723A CN112217832B CN 112217832 B CN112217832 B CN 112217832B CN 202011133723 A CN202011133723 A CN 202011133723A CN 112217832 B CN112217832 B CN 112217832B
- Authority
- CN
- China
- Prior art keywords
- dnac
- message
- data communication
- inspection
- communication equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
Abstract
The present disclosure relates to the field of internet defense technology, and provides a method, an apparatus, a medium and a device for active defense of a local area network, wherein the method comprises: the data communication equipment establishes a DNAC table item by analyzing the DNS response message; and performing DNAC inspection on the message received by the data communication equipment according to the DNAC table entry, if the inspection is passed, continuing to process the service, and if the inspection is not passed, trapping the message to the honeypot. In the local area network, each host has a unique IP and a host name, and the hosts can mutually access by using the IP and the host name. The present disclosure adds an access restriction on data communication equipment, specifies that hosts within a given network must be accessed using a host name, and notifies all intranet users of this access restriction. If the IP access is directly used in the network, the IP access is identified as suspicious access, and the suspicious access is trapped in a honeypot and traced to the attack intention.
Description
Technical Field
The present disclosure relates to the field of internet defense technologies, and more particularly, to an active defense method, an active defense device, an active defense medium, and an active defense apparatus for a local area network.
Background
With the rapid development of the internet, more and more terminal devices are accessed into the network space, various software runs on the devices, great convenience is brought to the life of people, and the safety problem of the network space generated therewith is also obvious. These software have a large number of unknown and known vulnerabilities that hackers exploit to invade the network and to exploit the internal structure of the network with scanning tools, ultimately spreading the risk throughout the network.
Traditional network protection means are based on security policy rules and message feature identification. Generally, after an attack occurs, the features of the attack are analyzed, and corresponding rules are configured to protect the attack. This passive network defense has significant hysteresis and often already loses network space when an attack is discovered, even spreading widely.
The active defense technology is an emerging technology in the field of network security, namely, suspicious threat behaviors are identified before the intrusion behaviors damage the network or the system, so that network isolation or traffic trapping can be performed in time. In recent years, active defense technology for cyberspace has become an increasingly important research topic.
Disclosure of Invention
The method aims to solve the technical problem that the user is attacked by a network and loses the user caused by the traditional passive defense hysteresis in the prior art.
In order to achieve the technical purpose, the disclosure provides a method for realizing active defense of a local area network based on a DNAC technology, which comprises the following steps:
the data communication equipment establishes a DNAC table item by analyzing the DNS response message, wherein the DNAC table item is the corresponding relation between the IP address of the domain name requester and the IP address of the domain name;
and performing DNAC (deoxyribonucleic acid) check on the message received by the data communication equipment according to the DNAC table entry, if the message passes the check, continuing to process the service, and if the message does not pass the check, trapping the message to a honeypot.
Further, in the present invention,
the process of establishing the DNAC table entry by the data communication equipment through analyzing the DNS response message specifically comprises the following steps:
the data communication equipment analyzes and processes the DNS response message;
if the domain name IP belongs to the protection object, establishing a corresponding relation between the domain name requester IP address and the domain name IP address, and recording the creation time of the table item.
Further, after establishing a corresponding relationship between the domain name requester IP address and the domain name IP address, the method further includes:
and modifying the TTL field of the DNS response message to 300.
Further, in the present invention,
checking whether the source IP or the target IP belongs to a white list, and if so, skipping DNAC (fast access communication) check to continue processing the service;
and if not, continuing to execute the step of DNAC inspection on the message received by the data communication equipment according to the DNAC table entry.
Further, if the source IP or the destination IP belongs to the white list, the method further includes:
checking whether the source IP or the target IP belongs to a DNAC protection object, and skipping DNAC checking to continue processing the service if the source IP or the target IP does not belong to the DNAC protection object;
and if the answer is positive, continuing to execute the step of DNAC inspection on the message received by the data communication equipment according to the DNAC table entry.
Further, if the source IP or the destination IP does not belong to the DNAC protected object, the method further comprises:
checking whether the message is a TCP-SYN message, and skipping DNAC to check to continue processing the service if the message is not the TCP-SYN message;
and if so, continuing to execute the step of DNAC inspection on the message received by the data communication equipment according to the DNAC table entry.
Further, still include:
setting the aging time of the DNAC table items to be 300 s;
and starting a second-level timer, periodically checking the creation time of the DNAC table entry, and deleting the DNAC table entry exceeding the aging time.
Further, the data communication apparatus includes:
firewalls, switches and/or routers.
In order to achieve the above technical object, the present disclosure can also provide an apparatus for implementing active defense of a local area network based on DNAC technology, including:
the DNAC construction module is used for establishing a DNAC table entry by the data communication equipment through analyzing the DNS response message, wherein the DNAC table entry is the corresponding relation between the IP address of the domain name requester and the IP address of the domain name;
and the DNAC inspection module is used for performing DNAC inspection on the message according to the DNAC table entry, continuing to process the service if the inspection is passed, and trapping the message to the honeypot if the inspection is not passed.
To achieve the above technical objects, the present disclosure can also provide a computer storage medium having a computer program stored thereon, where the computer program is used to implement the steps of implementing the method for active defense of local area network based on DNAC technology as described above when the computer program is executed by a processor.
In order to achieve the above technical objective, the present disclosure further provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of implementing the method for implementing active defense of local area network based on DNAC technology when executing the computer program.
The beneficial effect of this disclosure does:
the disclosure provides a method for realizing active defense of a local area network based on a DNAC technology, which formulates an intranet access limit, guides suspicious flow of an attacker to a honeypot and traces the attack intention of the attacker. Meanwhile, the user can change the complex host name by himself at regular intervals, and differentiated defense among hosts is achieved.
Drawings
Fig. 1 shows a schematic flow diagram of embodiment 1 of the present disclosure;
FIG. 2 illustrates a DNAC message inspection process diagram of the present disclosure;
fig. 3 shows a schematic flow diagram of embodiment 2 of the present disclosure;
fig. 4 shows a schematic structural diagram of embodiment 3 of the present disclosure;
fig. 5 shows a schematic structural diagram of embodiment 5 of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
Various structural schematics according to embodiments of the present disclosure are shown in the figures. The figures are not drawn to scale, wherein certain details are exaggerated and possibly omitted for clarity of presentation. The shapes of various regions, layers, and relative sizes and positional relationships therebetween shown in the drawings are merely exemplary, and deviations may occur in practice due to manufacturing tolerances or technical limitations, and a person skilled in the art may additionally design regions/layers having different shapes, sizes, relative positions, as actually required.
The present disclosure relates to the interpretation of terms:
DNS: domain Name System, Domain Name System
DNAC: domain Name Access Control, Domain Name Access Control
TTL: time To Live, Time To Live value
In a local area network, each host has a unique IP and a host name, and the hosts can access each other by using both IP and host names. The present disclosure adds an access restriction on data communication equipment, specifies that hosts within a given network must be accessed using a host name, and notifies all intranet users of this access restriction. If the IP access is directly used in the network, the IP access is identified as suspicious access, trapped in a honeypot and traced to the attack intention.
Based on the above technical concept, the present disclosure provides the following embodiments:
the first embodiment is as follows:
as shown in fig. 1:
the invention provides a DNAC technology-based method for realizing active defense of a local area network, which comprises the following steps:
s101: the data communication equipment establishes a DNAC table item by analyzing the DNS response message, wherein the DNAC table item is the corresponding relation between the IP address of the domain name requester and the IP address of the domain name;
wherein, the data communication equipment that this disclosure indicates specifically includes:
firewalls, switches and/or routers.
The preferred firewall implements the DNAC technology-based method for realizing active defense of the local area network.
Specifically, the process of establishing the DNAC entry by the firewall by analyzing the DNS reply message specifically includes:
the firewall establishes a corresponding relation between the IP address of the domain name requester and the IP address of the domain name, namely a DNAC table entry, and records the creation time of the table entry by analyzing the DNS response message, if the domain name IP is found to belong to a protection object, and modifies the TTL field of the DNS response message to 300.
The purpose of TTL is to limit the time that IP packets can exist in a computer network.
Although TTL is literally translated and is the time that can survive, in practice TTL is the maximum number of hops an IP packet can forward in a computer network. The TTL field is set by the sender of the IP packet, and the router modifies the TTL field value every time the IP packet passes through a router on the entire forwarding path from the source to the destination, specifically, the TTL field value is decremented by 1, and then the IP packet is forwarded. If the TTL is reduced to 0 before the IP packet reaches the destination IP, the router discards the received IP packet with TTL of 0 and sends an ICMP time exceeded message to the sender of the IP packet.
The TTL has the main functions of avoiding infinite circulation and receiving and transmitting of the IP packet in the network, saving network resources and enabling a sender of the IP packet to receive an alarm message.
The TTL is set by the sending host to prevent packets from ever looping around the IP internetwork. When forwarding an IP packet, the router is required to reduce TTL by at least 1.
The time-to-live is the time that a domain name resolution record persists in the DNS server. When receiving an analysis request, the DNS servers in various places send the analysis request to a DNS server (authoritative domain name server) designated by a domain name so as to obtain an analysis record; after obtaining this record, the record will be stored in the DNS server (cache servers in various places, also called recursive domain name servers) for a period of time, and if receiving the resolution request of this domain name again, the DNS server will not send a request to the NS server, but directly return the record that was obtained; and the time that this record is retained on the DNS server is the TTL value.
S102: and performing DNAC inspection on the message according to the DNAC table entry, if the inspection is passed, continuing to process the service, and if the inspection is not passed, trapping the message to a honeypot.
The honeypot of the present disclosure refers to a honeypot technique.
The honeypot technology is a technology for cheating attackers essentially, the attackers are induced to attack the attackers by arranging hosts, network services or information as decoys, so that the attack behavior can be captured and analyzed, tools and methods used by the attackers are known, attack intentions and motivations are presumed, defenders can clearly know the security threats faced by the attackers, and the security protection capability of an actual system is enhanced through technical and management means.
Honeypots are better than intelligence collection systems. The honeypot seems to be an intentional target for a person to attack, and attracts hackers to attack from the beginning. Therefore, after the attacker invades, the attacker can know how successful he has been, and know the latest attack and vulnerability launched by the server at any time. It is also possible to gather all kinds of tools used by hackers and master their social network by eavesdropping on the connections between the hackers.
Specifically, as shown in fig. 2:
before the DNAC inspection of the message according to the DNAC table entry, the method further comprises the following steps:
checking whether the source IP or the target IP belongs to a white list, and if so, skipping DNAC (fast access communication) check to continue processing the service;
and further, if the answer is not yes, continuing to execute the step of DNAC inspection on the message received by the data communication equipment according to the DNAC table entry.
If the source IP or the destination IP belongs to the white list, the method further comprises the following steps:
checking whether the source IP or the target IP belongs to a DNAC protection object, and skipping DNAC checking to continue processing the service if the source IP or the target IP does not belong to the DNAC protection object;
and if the answer is positive, continuing to execute the step of DNAC inspection on the message received by the data communication equipment according to the DNAC table entry.
Further, if the source IP or the destination IP does not belong to the DNAC protected object, the method further comprises:
checking whether the message is a TCP-SYN message, and skipping DNAC to check to continue processing the service if the message is not the TCP-SYN message;
and if so, continuing to execute the step of DNAC inspection on the message received by the data communication equipment according to the DNAC table entry.
Furthermore, the DNAC technology allows a user to change complex host names periodically and automatically, and differential protection among hosts can be realized.
Examples are:
the personal host of a certain user does not want to be accessed by others, and the host name can be modified into a special long character string to realize higher security requirements without influencing the normal access of the user.
Example two:
as shown in fig. 3:
the present disclosure can also be improved on the technical solution of the first embodiment as follows:
further comprising:
s103: setting the aging time of the DNAC table items to be 300 s;
and starting a second-level timer, periodically checking the creation time of the DNAC table entry, and deleting the DNAC table entry exceeding the aging time.
Example three:
as shown in figure 4 of the drawings,
the present disclosure also provides a device for implementing active defense of a local area network based on the DNAC technology, including:
the DNAC constructing module 401 is configured to establish a DNAC entry by the data communication device by analyzing the DNS response packet, where the DNAC entry is a correspondence between a domain name requester IP address and a domain name IP address;
and the DNAC inspection module 402 is used for performing DNAC inspection on the message according to the DNAC table entry, continuing to process the service if the DNAC table entry passes the inspection, and trapping the message to the honeypot if the DNAC table entry does not pass the inspection.
Example four:
the present disclosure can also provide a computer storage medium having a computer program stored thereon, where the computer program is used to implement the steps of implementing the method for active defense of local area network based on DNAC technology as described above when the computer program is executed by a processor.
The computer storage medium of the present disclosure may be implemented using semiconductor memory or magnetic core memory.
Semiconductor memories are mainly used as semiconductor memory elements of computers, and there are two types, Mos and bipolar memory elements. Mos devices have high integration, simple process, but slow speed. The bipolar element has the advantages of complex process, high power consumption, low integration level and high speed. NMos and CMos were introduced to make Mos memory dominate in semiconductor memory. NMos is fast, e.g. 45ns for 1K bit sram from intel. The CMos power consumption is low, and the access time of the 4K-bit CMos static memory is 300 ns. The semiconductor memories described above are all Random Access Memories (RAMs), i.e. read and write new contents randomly during operation. And a semiconductor Read Only Memory (ROM), which can be read out randomly but cannot be written in during operation, is used to store solidified programs and data. The ROM is classified into a non-rewritable fuse type ROM, PROM, and a rewritable EPROM.
The magnetic core memory has the characteristics of low cost and high reliability, and has more than 20 years of practical use experience. Magnetic core memories were widely used as main memories before the mid 70's. The storage capacity can reach more than 10 bits, and the access time is 300ns at the fastest speed. The typical international magnetic core memory has a capacity of 4 MS-8 MB and an access cycle of 1.0-1.5 mus. After semiconductor memory is rapidly developed to replace magnetic core memory as a main memory location, magnetic core memory can still be applied as a large-capacity expansion memory.
Example five:
the disclosure also provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the steps of implementing the method for implementing active defense of local area network based on DNAC technology are implemented.
Fig. 5 is a schematic diagram of an internal structure of the electronic device in one embodiment. As shown in fig. 5, the electronic device includes a processor, a storage medium, a memory, and a network interface connected through a system bus. The storage medium of the computer device stores an operating system, a database and computer readable instructions, the database can store control information sequences, and the computer readable instructions, when executed by the processor, can enable the processor to realize a method for realizing active defense of a local area network based on the DNAC technology. The processor of the electrical device is used to provide computing and control capabilities to support the operation of the entire computer device. The memory of the computer device may have computer readable instructions stored therein, which when executed by the processor, may cause the processor to perform a method for implementing active defense of local area networks based on DNAC technology. The network interface of the computer device is used for connecting and communicating with the terminal. Those skilled in the art will appreciate that the architecture shown in fig. 5 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
The electronic device includes, but is not limited to, a smart phone, a computer, a tablet, a wearable smart device, an artificial smart device, a mobile power source, and the like.
The processor may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same or different functions, including one or more Central Processing Units (CPUs), microprocessors, digital processing chips, graphics processors, and combinations of various control chips. The processor is a control unit (control unit) of the electronic device, connects various components of the whole electronic device by using various interfaces and lines, and executes various functions and processes data of the electronic device by running or executing programs or modules (for example, executing remote data reading and writing programs, etc.) stored in the memory and calling data stored in the memory.
The bus may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus. The bus may be divided into an address bus, a data bus, a control bus, etc. The bus is arranged to enable connected communication between the memory and at least one processor or the like.
Fig. 5 shows only an electronic device having components, and those skilled in the art will appreciate that the structure shown in fig. 5 does not constitute a limitation of the electronic device, and may include fewer or more components than those shown, or some components may be combined, or a different arrangement of components.
For example, although not shown, the electronic device may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor through a power management device, so that functions such as charge management, discharge management, and power consumption management are implemented through the power management device. The power supply may also include any component of one or more dc or ac power sources, recharging devices, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The electronic device may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
Further, the electronic device may further include a network interface, and optionally, the network interface may include a wired interface and/or a wireless interface (such as a WI-FI interface, a bluetooth interface, etc.), which are generally used to establish a communication connection between the electronic device and other electronic devices.
Optionally, the electronic device may further comprise a user interface, which may be a Display (Display), an input unit (such as a Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable, among other things, for displaying information processed in the electronic device and for displaying a visualized user interface.
Further, the computer usable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the blockchain node, and the like.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.
Claims (10)
1. A method for realizing local area network active defense based on DNAC technology is characterized by comprising the following steps:
the data communication equipment establishes a DNAC table item by analyzing the DNS response message, wherein the DNAC table item is the corresponding relation between the IP address of the domain name requester and the IP address of the domain name;
and performing DNAC (deoxyribonucleic acid) check on the message received by the data communication equipment according to the DNAC table entry, if the message passes the check, continuing to process the service, and if the message does not pass the check, trapping the message to a honeypot.
2. The method according to claim 1, wherein the process of establishing the DNAC entry by the data communication device by analyzing the DNS reply message specifically comprises:
the data communication equipment analyzes and processes the DNS response message;
if the domain name IP address belongs to the protection object, establishing a corresponding relation between the domain name requester IP address and the domain name IP address, and recording the creation time of the table item.
3. The method of claim 1, wherein before performing the DNAC check on the message received by the data communication device according to the DNAC entry, the method further comprises:
judging whether a source IP or a target IP included in a message received by the data communication equipment belongs to a white list, and skipping DNAC (direct memory access) check to continue processing services if the source IP or the target IP belongs to the white list;
and if not, continuing to execute the step of DNAC inspection on the message received by the data communication equipment according to the DNAC table entry.
4. The method of claim 3, wherein if the source IP or the destination IP belongs to a white list, the method further comprises:
judging whether the source IP or the target IP belongs to a DNAC protection object, and if not, skipping DNAC to check and continue processing the service;
and if the answer is positive, continuing to execute the step of DNAC inspection on the message received by the data communication equipment according to the DNAC table entry.
5. The method of claim 4, wherein if the source IP or the destination IP does not belong to a DNAC defending object, the method further comprises:
judging whether the message is a TCP-SYN message or not, and skipping DNAC to check and continue processing the service if the message is not the TCP-SYN message;
and if so, continuing to execute the step of DNAC inspection on the message received by the data communication equipment according to the DNAC table entry.
6. The method of any one of claims 1 to 5, further comprising:
setting the aging time of the DNAC table items to be 300 s;
and starting a second-level timer, periodically checking the creation time of the DNAC table entry, and deleting the DNAC table entry exceeding the aging time.
7. The method according to any one of claims 1 to 5, wherein the data communication device comprises:
firewalls, switches and/or routers.
8. A device for realizing active defense of a local area network based on DNAC technology is characterized by comprising:
the DNAC construction module is used for establishing a DNAC table entry by the data communication equipment through analyzing the DNS response message, wherein the DNAC table entry is the corresponding relation between the IP address of the domain name requester and the IP address of the domain name;
and the DNAC inspection module is used for performing DNAC inspection on the message according to the DNAC table entry, continuing to process the service if the inspection is passed, and trapping the message to the honeypot if the inspection is not passed.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of implementing the DNAC technology-based active defense method as claimed in any one of claims 1 to 7 when executing the computer program.
10. A computer storage medium having stored thereon computer program instructions, wherein the program instructions, when executed by a processor, are configured to implement the steps corresponding to the method for implementing an active defense against local area networks based on DNAC technology as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011133723.0A CN112217832B (en) | 2020-10-21 | 2020-10-21 | Local area network active defense method, device, medium and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011133723.0A CN112217832B (en) | 2020-10-21 | 2020-10-21 | Local area network active defense method, device, medium and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112217832A CN112217832A (en) | 2021-01-12 |
| CN112217832B true CN112217832B (en) | 2022-03-29 |
Family
ID=74056313
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011133723.0A Active CN112217832B (en) | 2020-10-21 | 2020-10-21 | Local area network active defense method, device, medium and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112217832B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789882A (en) * | 2016-11-18 | 2017-05-31 | 汉柏科技有限公司 | Defence method and system that a kind of domain name request is attacked |
| CN108206814A (en) * | 2016-12-20 | 2018-06-26 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus and system for defending DNS attacks |
| CN108737452A (en) * | 2018-08-09 | 2018-11-02 | 孙晨 | Access control and virus defense method based on DNS Protocol and system |
| CN110855697A (en) * | 2019-11-20 | 2020-02-28 | 国网湖南省电力有限公司 | Active defense method for network security in power industry |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8752174B2 (en) * | 2010-12-27 | 2014-06-10 | Avaya Inc. | System and method for VoIP honeypot for converged VoIP services |
-
2020
- 2020-10-21 CN CN202011133723.0A patent/CN112217832B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789882A (en) * | 2016-11-18 | 2017-05-31 | 汉柏科技有限公司 | Defence method and system that a kind of domain name request is attacked |
| CN108206814A (en) * | 2016-12-20 | 2018-06-26 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus and system for defending DNS attacks |
| CN108737452A (en) * | 2018-08-09 | 2018-11-02 | 孙晨 | Access control and virus defense method based on DNS Protocol and system |
| CN110855697A (en) * | 2019-11-20 | 2020-02-28 | 国网湖南省电力有限公司 | Active defense method for network security in power industry |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112217832A (en) | 2021-01-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109495443B (en) | Method and system for resisting Lexong software attack based on host honeypot | |
| Modi et al. | A survey of intrusion detection techniques in cloud | |
| Lever et al. | The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers. | |
| US10289838B2 (en) | Scoring for threat observables | |
| US10135785B2 (en) | Network security system to intercept inline domain name system requests | |
| CN114145004B (en) | System and method for using DNS messages to selectively collect computer forensic data | |
| EP2683130A2 (en) | Social network protection system | |
| CN101901232A (en) | Method and device for processing webpage data | |
| WO2020107446A1 (en) | Method and apparatus for obtaining attacker information, device, and storage medium | |
| CN112688900B (en) | Local area network safety protection system and method for preventing ARP spoofing and network scanning | |
| CN113612783A (en) | Honeypot protection system | |
| Teng et al. | A cooperative intrusion detection model for cloud computing networks | |
| CN113382010B (en) | Large-scale network security defense system based on cooperative intrusion detection | |
| CN112217832B (en) | Local area network active defense method, device, medium and equipment | |
| CN111865876B (en) | Network access control method and equipment | |
| CN108092943A (en) | A kind of method and system for defending APT attacks | |
| CN107547504B (en) | Intrusion prevention method and device | |
| WO2016118153A1 (en) | Marking nodes for analysis based on domain name system resolution | |
| Zhao et al. | Network security model based on active defense and passive defense hybrid strategy | |
| CN111683063B (en) | Message processing method, system, device, storage medium and processor | |
| Brahmi et al. | A Snort-based mobile agent for a distributed intrusion detection system | |
| Ding et al. | Network security defense model based on firewall and IPS | |
| JP4753264B2 (en) | Method, apparatus, and computer program for detecting network attacks (network attack detection) | |
| CN114465750A (en) | Network topology confusion virtual path creating method, device, terminal and system | |
| Jin et al. | Mitigating HTTP GET Flooding attacks through modified NetFPGA reference router |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |