CN113225315A - MTD anti-network scanning method based on port fuzzy processing response - Google Patents
MTD anti-network scanning method based on port fuzzy processing response Download PDFInfo
- Publication number
- CN113225315A CN113225315A CN202110377975.6A CN202110377975A CN113225315A CN 113225315 A CN113225315 A CN 113225315A CN 202110377975 A CN202110377975 A CN 202110377975A CN 113225315 A CN113225315 A CN 113225315A
- Authority
- CN
- China
- Prior art keywords
- port
- network
- mtd
- message
- attacker
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012545 processing Methods 0.000 title claims abstract description 40
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000004044 response Effects 0.000 title claims abstract description 14
- 238000013507 mapping Methods 0.000 claims abstract description 26
- 238000001514 detection method Methods 0.000 claims abstract description 9
- 230000002159 abnormal effect Effects 0.000 claims description 21
- 238000005070 sampling Methods 0.000 claims description 11
- 230000006978 adaptation Effects 0.000 claims description 7
- 238000004458 analytical method Methods 0.000 claims description 6
- 230000000739 chaotic effect Effects 0.000 claims description 6
- 239000000284 extract Substances 0.000 claims description 6
- 230000003044 adaptive effect Effects 0.000 claims description 2
- 238000004364 calculation method Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 description 5
- 230000007123 defense Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
An MTD anti-network scanning method based on port fuzzy processing response comprises the following steps: s1, aiming at the network mapping attack, setting an anti-network reconnaissance algorithm based on MTD; s2, responding to TCP port scanning through an anti-network detection algorithm, and executing MTD fuzzy processing; s3, operating each data packet and storing the operation in a buffer area; s4, performing operation based on an anti-network detection algorithm to enable a random port to appear in a scanning stage as an open port; s5, setting an MTD algorithm aiming at the operating system fingerprint, wherein the MTD algorithm is used for ensuring that the service version and the operating system are not correctly identified by an attacker; s6, mapping the service port to the unused port dynamically and randomly, so that the attacker can not find out the open port used by the network service accurately. The invention can confuse the attack behavior of the attacker, ensure that the service version and the operating system are not correctly identified by the attacker, obviously increase the attack time and the flow cost of the attacker, and has better network security performance.
Description
Technical Field
The invention relates to the technical field of network security, in particular to an MTD anti-network scanning method based on port fuzzy processing response.
Background
The internet is also called internet or transliteration internet, and is a huge network formed by connecting networks in series, and the networks are connected by a set of general protocols to form a single huge international network logically; the method for connecting computer networks together can be called network interconnection, and on the basis, a global interconnection network covering the whole world is developed, namely the interconnection network, namely the network is not equal to the world wide web, and the world wide web is only one of the services which can be provided by the internet and is formed by interlinking based on hypertext; the Internet is taken alone, is generally the Internet or is accessed to a certain network, is sometimes referred to as the network or the network for communication, social contact or online trade;
with the continuous development of the internet, the network security is increasingly paid attention by people, the technology related to the network security is continuously improved, and aiming at the inherent attack-defense asymmetry characteristic of the current network, in order to balance the attack-defense environment of the current network, a mobile target defense technology (MTD) is generated as a new concept for dealing with novel network attack; the core idea of MTD is that the change of the attacked surface is utilized to make the network system dynamic, and a dynamic and active network defense function is provided through a mechanism strategy of taking statics as the main and taking the counter-customer as the main, so that the system has less certainty, statics and isomorphism, and the randomization and diversification are utilized to cause difficulty and obstacle for attackers, so that the attackers are difficult to complete the attack task, thereby reducing the possibility of successful attack of the attackers, and ensuring that the defenders obtain a favorable situation; the anti-network scanning method adopted in the network attack at present is simpler, an attacker can easily and correctly identify the service version and the operating system, the attack time of the attacker is short, the attack cost is low, the network security performance is poor, and improvement is needed.
Disclosure of Invention
Objects of the invention
In order to solve the technical problems in the background art, the invention provides an MTD anti-network scanning method based on port fuzzy processing response, which can confuse the attack behavior of an attacker, ensure that a service version and an operating system are not correctly identified by the attacker, remarkably increase the attack time and the flow cost of the attacker, increase the attack overhead of the attacker, has good use effect and better network security performance, and is suitable for popularization and use.
(II) technical scheme
The invention provides an MTD anti-network scanning method based on port fuzzy processing response, which comprises the following steps:
s1, aiming at the network mapping attack, setting an anti-network reconnaissance algorithm based on MTD;
s2, responding to TCP port scanning through an anti-network detection algorithm, and executing MTD fuzzy processing;
s3, operating each data packet, and storing the operation in a buffer area to ensure consistent behavior;
s4, performing operation based on an anti-network detection algorithm to enable a random port to appear in a scanning stage as an open port;
s5, setting an MTD algorithm aiming at the operating system fingerprint, wherein the MTD algorithm is used for ensuring that the service version and the operating system are not correctly identified by an attacker;
s6, mapping the service port to the unused port dynamically and randomly, so that the attacker can not find the open port used by the network service accurately and confuses the attack behavior of the attacker.
Preferably, in S1, the MTD is composed of an MTD network model, an analysis engine, an adaptation engine, a computation engine, configuration management, and a programmable plug-in, and is not limited to deployment at the control layer.
Preferably, the method further comprises the following steps:
the network equipment port receives the abnormal message, extracts the characteristics of the abnormal message and stores the characteristics;
setting an access control list rule for a corresponding port according to the abnormal message characteristics, and prohibiting the port from forwarding the message with the abnormal message characteristics;
starting a sampling task for a port with an access control list rule, sampling a message received by the port, extracting message characteristics of the received message, and comparing the message characteristics obtained by sampling with the stored abnormal message characteristics.
Preferably, when comparing the sampled message feature with the abnormal message feature, if the sampled message feature is not matched with the stored abnormal message feature, the set access control list rule is cancelled, and the port is allowed to receive the message, otherwise, the port is not allowed to receive the message.
Preferably, when the message is received, it is further required to determine whether the length of the message is greater than a threshold, and if the length of the message is greater than the threshold, the message with the length greater than the threshold is mirrored to the slave processing chip, and whether the attack is received is determined according to the number and frequency of the related messages.
Preferably, when determining whether the attack is received, if the determination result is that the attack is received, the message with the length greater than the threshold is processed, and the processing process specifically includes:
the method comprises the steps of preventing the message with the length larger than the threshold value from being sent to the main processing chip, and limiting the flow of the message with the length larger than the threshold value from being sent to the main processing chip.
Preferably, in S1, the MTD security model is adapted by the SDN network, the controller abstracts the current network state, the adaptation engine periodically executes a random network adaptation policy, and the analysis engine derives real-time data events from the network elements and the current configuration to evaluate the exposure of the SDN network to threats and attacks.
Preferably, in S6, the specific process of port hopping is as follows:
s61, the port hopping controller generates a random port hopping pattern based on space-time two-dimension, and the port hopping controller generates a virtual machine mapping table;
s62, the port jump controller extracts the jump logic node, IP address and port information from the virtual machine mapping table to generate a service instance definition table;
s63, the port jump proxy device traverses the jump pattern, and inquires the actual IP address and port corresponding to the current jump logic node from the service instance definition table, and executes each jump.
Preferably, the specific process of S61 is as follows:
and carrying out chaotic random processing on the hopping logic nodes to obtain a group of logic node space sequences, generating a group of time sequences subjected to chaotic random processing, and matching the space sequences with the time sequences to finally obtain the hopping pattern.
Preferably, the hopping pattern includes hopping logic nodes and corresponding residence time, and the virtual machine mapping table includes mapping relationships between the hopping logic nodes and virtual machine names, IP addresses, ports, and mirrors.
The technical scheme of the invention has the following beneficial technical effects:
aiming at network mapping attack, an MTD-based anti-network reconnaissance algorithm is provided so as to respond to TCP port scanning to execute MTD fuzzy processing, the operation of each data packet is stored in a buffer area to ensure consistent behavior, as a result of the algorithm, a random port appears in a scanning stage as an open port, and an attacker needs more resources to dig deeply to identify services running on the false open ports; then, an MTD algorithm aiming at the operating system fingerprint is provided, so that the service version and the operating system are not correctly identified by an attacker; and through mapping the service port to the unused port dynamically and randomly, make the attacker unable to find the open port that the network service uses accurately, so as to achieve the goal of confusing the attack behavior of the attacker, through the assessment to the time and flow cost of the attacker, the relevant experimental results show that, the method can increase the attack overhead of the attacker apparently, the result of use is good, the network security performance is better, suitable for popularizing and using.
Drawings
Fig. 1 is a flowchart of an MTD anti-network scanning method based on port fuzzy processing response according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings in conjunction with the following detailed description. It should be understood that the description is intended to be exemplary only, and is not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
As shown in fig. 1, the MTD anti-network scanning method based on port fuzzy processing response proposed by the present invention includes the following steps:
s1, aiming at the network mapping attack, setting an anti-network reconnaissance algorithm based on MTD;
s2, responding to TCP port scanning through an anti-network detection algorithm, and executing MTD fuzzy processing;
s3, operating each data packet, and storing the operation in a buffer area to ensure consistent behavior;
s4, performing operation based on an anti-network detection algorithm to enable a random port to appear in a scanning stage as an open port;
s5, setting an MTD algorithm aiming at the operating system fingerprint, wherein the MTD algorithm is used for ensuring that the service version and the operating system are not correctly identified by an attacker;
s6, mapping the service port to the unused port dynamically and randomly, so that the attacker can not find the open port used by the network service accurately and confuses the attack behavior of the attacker.
In an alternative embodiment, in S1, the MTD is composed of an MTD network model, an analysis engine, an adaptation engine, a calculation engine, a configuration management, and a programmable plug-in, and is not limited to being deployed at the control layer; the MTD security model is adaptively adjusted through the SDN, the controller abstracts the current network state, the adaptive engine periodically executes a random network adaptation strategy, and the analysis engine derives real-time data events from network elements and the current configuration so as to evaluate the exposure degree of the SDN to threats and attacks.
In an optional embodiment, the method further comprises the following steps: the network equipment port receives the abnormal message, extracts the characteristics of the abnormal message and stores the characteristics; setting an access control list rule for a corresponding port according to the abnormal message characteristics, and prohibiting the port from forwarding the message with the abnormal message characteristics; starting a sampling task for a port with an access control list rule, sampling a message received by the port, extracting message characteristics of the received message, and comparing the message characteristics obtained by sampling with stored abnormal message characteristics; when the message characteristics obtained by sampling are compared with the abnormal message characteristics, if the message characteristics obtained by sampling are not matched with the stored abnormal message characteristics, the set access control list rule is cancelled, and the port is allowed to receive the message, otherwise, the port is not allowed to receive the message.
In an optional embodiment, when receiving the message, it is further required to determine whether the length of the message is greater than a threshold, and if the length of the message is greater than the threshold, the message with the length greater than the threshold is mirrored to the slave processing chip, and whether the attack is received is determined according to the number and frequency of the related messages; when judging whether the attack is received or not, if the judgment result is that the attack is received, processing the message with the length larger than the threshold value, wherein the processing process specifically comprises the following steps: the method comprises the steps of preventing the message with the length larger than the threshold value from being sent to the main processing chip, and limiting the flow of the message with the length larger than the threshold value from being sent to the main processing chip.
In an alternative embodiment, in S6, the specific process of port hopping is as follows: s61, the port jump controller generates a random port jump pattern based on space-time two-dimension, the jump pattern comprises jump logic nodes and corresponding residence time, the port jump controller generates a virtual machine mapping table, the virtual machine mapping table comprises the mapping relation between the jump logic nodes and the virtual machine names, IP addresses, ports and mirror images, and the specific operation is as follows: chaotic random processing is carried out on the hopping logic nodes to obtain a group of logic node space sequences, a group of time sequences subjected to chaotic random processing is generated, the space sequences and the time sequences are matched, and finally hopping patterns are obtained; s62, the port jump controller extracts the jump logic node, IP address and port information from the virtual machine mapping table to generate a service instance definition table; s63, the port jump proxy device traverses the jump pattern, and inquires the actual IP address and port corresponding to the current jump logic node from the service instance definition table, and executes each jump.
When the method is used, firstly, an anti-network reconnaissance algorithm based on the MTD is set for network mapping attack, and the anti-network reconnaissance algorithm responds to TCP port scanning to execute MTD fuzzy processing; then, each data packet is operated, and the operation is stored in a buffer area to ensure consistent behavior; then, operation is carried out based on an anti-network detection algorithm, so that a random port is used as an open port to appear in a scanning stage; then setting an MTD algorithm aiming at the operating system fingerprint, wherein the MTD algorithm is used for ensuring that the service version and the operating system are not correctly identified by an attacker, and finally dynamically and randomly mapping the service port to an unused port, so that the attacker cannot accurately find an open port used by the network service, and the attack behavior of the attacker is confused;
aiming at network mapping attack, an MTD-based anti-network reconnaissance algorithm is provided so as to respond to TCP port scanning to execute MTD fuzzy processing, the operation of each data packet is stored in a buffer area to ensure consistent behavior, as a result of the algorithm, a random port appears in a scanning stage as an open port, and an attacker needs more resources to dig deeply to identify services running on the false open ports; then, an MTD algorithm aiming at the operating system fingerprint is provided, so that the service version and the operating system are not correctly identified by an attacker; and through mapping the service port to the unused port dynamically and randomly, make the attacker unable to find the open port that the network service uses accurately, so as to achieve the goal of confusing the attack behavior of the attacker, through the assessment to the time and flow cost of the attacker, the relevant experimental results show that, the method can increase the attack overhead of the attacker apparently, the result of use is good, the network security performance is better, suitable for popularizing and using.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.
Claims (10)
1. An MTD anti-network scanning method based on port fuzzy processing response is characterized by comprising the following steps:
s1, aiming at the network mapping attack, setting an anti-network reconnaissance algorithm based on MTD;
s2, responding to TCP port scanning through an anti-network detection algorithm, and executing MTD fuzzy processing;
s3, operating each data packet, and storing the operation in a buffer area to ensure consistent behavior;
s4, performing operation based on an anti-network detection algorithm to enable a random port to appear in a scanning stage as an open port;
s5, setting an MTD algorithm aiming at the operating system fingerprint, wherein the MTD algorithm is used for ensuring that the service version and the operating system are not correctly identified by an attacker;
s6, mapping the service port to the unused port dynamically and randomly, so that the attacker can not find the open port used by the network service accurately and confuses the attack behavior of the attacker.
2. The method of claim 1, wherein in S1, the MTD is composed of MTD network model, analysis engine, adaptation engine, calculation engine, configuration management and programmable plug-in, and is not limited to be deployed in the control layer.
3. The MTD anti-network scanning method based on port fuzzy processing response as claimed in claim 1, further comprising the steps of:
the network equipment port receives the abnormal message, extracts the characteristics of the abnormal message and stores the characteristics;
setting an access control list rule for a corresponding port according to the abnormal message characteristics, and prohibiting the port from forwarding the message with the abnormal message characteristics;
starting a sampling task for a port with an access control list rule, sampling a message received by the port, extracting message characteristics of the received message, and comparing the message characteristics obtained by sampling with the stored abnormal message characteristics.
4. The MTD anti-network scanning method based on the port fuzzy processing response as claimed in claim 3, wherein when comparing the sampled message feature and the abnormal message feature, if the sampled message feature is not matched with the stored abnormal message feature, the set access control list rule is cancelled, allowing the port to receive the message, otherwise, not allowing the port to receive the message.
5. The MTD anti-network scanning method based on the port fuzzy processing response as claimed in claim 2, wherein when receiving the message, it is further required to determine whether the length of the message is greater than a threshold, and if the length of the message is greater than the threshold, the message with the length greater than the threshold is mirrored to the slave processing chip, and whether the attack is received is determined according to the number and frequency of the related messages.
6. The method according to claim 5, wherein when determining whether the packet is under attack, if the determination result is that the packet is under attack, the packet with the length greater than the threshold is processed, and the processing procedure is as follows:
the method comprises the steps of preventing the message with the length larger than the threshold value from being sent to the main processing chip, and limiting the flow of the message with the length larger than the threshold value from being sent to the main processing chip.
7. The method of claim 1, wherein in S1, the MTD security model is adaptively adjusted by the SDN network, the controller abstracts the current network state, the adaptive engine periodically executes a random network adaptation policy, and the analysis engine derives real-time data events from the network elements and the current configuration to evaluate the exposure of the SDN network to threats and attacks.
8. The MTD anti-network scanning method based on port fuzzy processing response according to claim 1, wherein in S6, the specific procedure of port hopping is as follows:
s61, the port hopping controller generates a random port hopping pattern based on space-time two-dimension, and the port hopping controller generates a virtual machine mapping table;
s62, the port jump controller extracts the jump logic node, IP address and port information from the virtual machine mapping table to generate a service instance definition table;
s63, the port jump proxy device traverses the jump pattern, and inquires the actual IP address and port corresponding to the current jump logic node from the service instance definition table, and executes each jump.
9. The MTD anti-network scanning method based on port fuzzy processing response as claimed in claim 8, wherein the specific procedure of S61 is as follows:
and carrying out chaotic random processing on the hopping logic nodes to obtain a group of logic node space sequences, generating a group of time sequences subjected to chaotic random processing, and matching the space sequences with the time sequences to finally obtain the hopping pattern.
10. The method of claim 8, wherein the hopping pattern includes hopping logical nodes and corresponding residence times, and the virtual machine mapping table includes mapping relationships between the hopping logical nodes and virtual machine names, IP addresses, ports, and mirror images.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110377975.6A CN113225315A (en) | 2021-04-08 | 2021-04-08 | MTD anti-network scanning method based on port fuzzy processing response |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110377975.6A CN113225315A (en) | 2021-04-08 | 2021-04-08 | MTD anti-network scanning method based on port fuzzy processing response |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113225315A true CN113225315A (en) | 2021-08-06 |
Family
ID=77086652
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110377975.6A Pending CN113225315A (en) | 2021-04-08 | 2021-04-08 | MTD anti-network scanning method based on port fuzzy processing response |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113225315A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1878082A (en) * | 2005-06-09 | 2006-12-13 | 杭州华为三康技术有限公司 | Protective method for network attack |
| CN103051612A (en) * | 2012-12-13 | 2013-04-17 | 华为技术有限公司 | Firewall and method for preventing network attack |
| CN104506511A (en) * | 2014-12-15 | 2015-04-08 | 蓝盾信息安全技术股份有限公司 | Moving target defense system and moving target defense method for SDN (self-defending network) |
| CN105978875A (en) * | 2016-05-11 | 2016-09-28 | 中国人民解放军国防信息学院 | Dynamic service realization method and system base on service hopping and intelligent cleaning |
| US20200034254A1 (en) * | 2018-07-30 | 2020-01-30 | EMC IP Holding Company LLC | Seamless mobility for kubernetes based stateful pods using moving target defense |
-
2021
- 2021-04-08 CN CN202110377975.6A patent/CN113225315A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1878082A (en) * | 2005-06-09 | 2006-12-13 | 杭州华为三康技术有限公司 | Protective method for network attack |
| CN103051612A (en) * | 2012-12-13 | 2013-04-17 | 华为技术有限公司 | Firewall and method for preventing network attack |
| CN104506511A (en) * | 2014-12-15 | 2015-04-08 | 蓝盾信息安全技术股份有限公司 | Moving target defense system and moving target defense method for SDN (self-defending network) |
| CN105978875A (en) * | 2016-05-11 | 2016-09-28 | 中国人民解放军国防信息学院 | Dynamic service realization method and system base on service hopping and intelligent cleaning |
| US20200034254A1 (en) * | 2018-07-30 | 2020-01-30 | EMC IP Holding Company LLC | Seamless mobility for kubernetes based stateful pods using moving target defense |
Non-Patent Citations (1)
| Title |
|---|
| 谭晶磊 等: "面向SDN 的移动目标防御技术研究进展", 《网络与信息安全学报 》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Aydeger et al. | A moving target defense and network forensics framework for ISP networks using SDN and NFV | |
| Kesavamoorthy et al. | Swarm intelligence based autonomous DDoS attack detection and defense using multi agent system | |
| Feng et al. | A signaling game model for moving target defense | |
| CN112134891B (en) | Configuration method, system and monitoring method for generating multiple honey can nodes by single host based on linux system | |
| Jiang et al. | Detecting network attacks in the internet via statistical network traffic normality prediction | |
| CN111683106B (en) | Active protection system and method | |
| CN113691504B (en) | Network trapping method and system based on software defined network | |
| Saravanan et al. | A new framework to alleviate DDoS vulnerabilities in cloud computing. | |
| Anwar et al. | A game-theoretic framework for dynamic cyber deception in internet of battlefield things | |
| Kandoussi et al. | Toward an integrated dynamic defense system for strategic detecting attacks in cloud networks using stochastic game | |
| CN116471064A (en) | Network safety protection system, method and device based on active defense strategy | |
| CN112702347A (en) | SDN-based intrusion detection technology | |
| CN117375961A (en) | Network intrusion active defense method and system based on mobile attack surface | |
| Aravindan et al. | An extensive research on cyber threats using learning algorithm | |
| Kim et al. | Time-based moving target defense using Bayesian attack graph analysis | |
| CN106357661B (en) | A kind of distributed refusal service attack defending method based on interchanger rotation | |
| Kavisankar et al. | Efficient syn spoofing detection and mitigation scheme for ddos attack | |
| CN113225315A (en) | MTD anti-network scanning method based on port fuzzy processing response | |
| CN114157479B (en) | Intranet attack defense method based on dynamic spoofing | |
| Saritakumar et al. | Detection and mitigation of MITM attack in software defined networks | |
| Trabelsi et al. | On investigating ARP spoofing security solutions | |
| Abou Haidar et al. | High perception intrusion detection system using neural networks | |
| Kiekintveld et al. | Strategic Cyber Camouflage | |
| Kushwah et al. | Distributed denial of service attacks and defense in cloud computing | |
| CN115632891B (en) | Active security defense technology-oriented confrontation model design method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20220914 Address after: 361000 units 1702 and 1703, No. 59, Chengyi North Street, phase III, software park, Xiamen, Fujian Applicant after: XIAMEN USEEAR INFORMATION TECHNOLOGY Co.,Ltd. Address before: Unit 1701, 59 Chengyi North Street, phase III, software park, Xiamen City, Fujian Province, 361000 Applicant before: FUJIAN QIDIAN SPACE-TIME DIGITAL TECHNOLOGY Co.,Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210806 |