CN114363051B - Mimicry switch and mimicry system internal one-way communication method - Google Patents

Mimicry switch and mimicry system internal one-way communication method Download PDF

Info

Publication number
CN114363051B
CN114363051B CN202111670961.XA CN202111670961A CN114363051B CN 114363051 B CN114363051 B CN 114363051B CN 202111670961 A CN202111670961 A CN 202111670961A CN 114363051 B CN114363051 B CN 114363051B
Authority
CN
China
Prior art keywords
switch
input
output
mimicry
data stream
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111670961.XA
Other languages
Chinese (zh)
Other versions
CN114363051A (en
Inventor
吕青松
冯志峰
李松泽
张建军
郭义伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuhai Comleader Information Technology Co Ltd
Henan Xinda Wangyu Technology Co Ltd
Original Assignee
Zhuhai Comleader Information Technology Co Ltd
Henan Xinda Wangyu Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuhai Comleader Information Technology Co Ltd, Henan Xinda Wangyu Technology Co Ltd filed Critical Zhuhai Comleader Information Technology Co Ltd
Priority to CN202111670961.XA priority Critical patent/CN114363051B/en
Publication of CN114363051A publication Critical patent/CN114363051A/en
Application granted granted Critical
Publication of CN114363051B publication Critical patent/CN114363051B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a mimicry switch and a mimicry system internal unidirectional communication method, which are used for ensuring the unidirectionality of mimicry link communication by connecting the mimicry switch in series on a mimicry component and an executive body communication link, on one hand, the problem of poor rule configuration flexibility of traditional iptables and switch ACL is solved, on the other hand, the problem of rule failure caused by the existence of holes in the iptables is avoided, the safety and the flexibility of the mimicry system communication link are improved, and meanwhile, a flow recording function in the mimicry switch can assist a user to quickly search an attack source.

Description

Mimicry switch and mimicry system internal one-way communication method
Technical Field
The invention relates to the field of communication of a mimicry system, in particular to a mimicry switch and an internal one-way communication method of the mimicry system.
Background
The mimicry defense technology changes the game rules of network space defense and provides a brand new solution for network equipment to realize network security. In order to ensure the safety of all modules in the mimicry system, when some modules attack, the attacks should be ensured not to spread to other modules, so the mimicry system requires the communication among all modules to be unidirectional. In engineering practice, firewall rules are configured on an operating system where a module is located or ACL rules are configured on a switch, however, the method is limited by the configuration conditions of the firewall or the ACL rules, the message cannot be deeply detected and controlled, the flexibility is poor, and on the other hand, under the same kernel operating system based on the firewall rules of the operating system, loopholes are likely to exist, so that the firewall rules are invalid. Therefore, how to improve the unidirectional security of the network communication system inside the mimicry component has important significance for enhancing the reliability and stability of the mimicry system.
In order to solve the above problems, an ideal technical solution is always sought.
Disclosure of Invention
The invention aims at overcoming the defects of the prior art, and provides a mimicry switch and a mimicry system internal one-way communication method.
To achieve the above object, a first aspect of the present invention provides a mimicry switch, including an input network interface for forwarding an upstream data stream and an output network interface for forwarding a downstream data stream, further including:
the input rule detector is connected with the input network interface and is used for detecting whether the uplink data stream forwarded by the input network interface accords with an input detection rule, sending the uplink data stream out through the output network interface when the uplink data stream accords with the input detection rule, recording the uplink data stream in an input flow memory when the uplink data stream does not accord with the input detection rule, and discarding the uplink data stream;
the output rule detector is connected with the output network interface and is used for detecting whether the downlink data flow forwarded by the output network interface accords with an output detection rule, sending the downlink data flow out through the input network interface when the downlink data flow accords with the output detection rule, recording the downlink data flow in an output flow memory when the downlink data flow does not accord with the output detection rule, and discarding the downlink data flow;
the input detection rule comprises a source equipment IP address, a target equipment IP address, a network port and a communication protocol of an uplink data stream; the output detection rule comprises a source device IP address, a target device IP address, a network port and a communication protocol of the downlink data stream.
The second aspect of the invention provides a method for one-way communication inside a mimicry system, which comprises the following steps:
the input agent/output judging module is configured to carry out flow transmission with each executive body through a first IP sub-network segment of the internal switching network; configuring each executive body and the arbiter and the dispatcher to carry out flow transmission through a second sub-network segment of the internal switching network; the dispatcher is configured to carry out flow transmission with each execution body and the input agent through a third sub-network segment of the internal switching network;
setting the above-mentioned mimicry switches on the communication links between the input agent/output arbitration module and each execution body, between each execution body and the arbiter, and between the scheduler and each execution body and the input agent, respectively;
and detecting whether the uplink data flow forwarded by the input network interface of the pseudo-switch accords with the input detection rule or whether the downlink data flow forwarded by the output network interface of the pseudo-switch accords with the output detection rule, so as to realize the unidirectionality of the communication links between the input agent/output arbitration module and each execution body, between each execution body and the arbiter and between the dispatcher and the arbiter and the communication links between the dispatcher and each execution body and the input agent.
Specifically, the mimicry switch is set on the communication link between the input agent/output arbitration module and each execution body, the communication link between each execution body and the arbitrator, and the communication link between the dispatcher and each execution body and the input agent, and specifically includes the following steps:
setting a switch, and connecting an input agent/output arbitration module, each execution body, an arbitrator and a dispatcher with the switch in a communication way;
defining the data flow sent by the input agent/output judging module to the switch as an uplink data flow, and defining the data flow sent by the switch to the input agent/output judging module as a downlink data flow; defining the data flow sent by the switch to each executive body as an uplink data flow, and the data flow sent by each executive body to the switch as a downlink data flow; defining the data stream sent by the switch to the arbiter as an uplink data stream, and the data stream sent by the arbiter to the switch as a downlink data stream; defining data sent by the switch to the scheduler as an uplink data stream, and defining data sent by the scheduler to the switch as a downlink data stream;
mimicry switches are arranged between the input proxy/output arbitration module and the switch, between each execution body and the switch, between the dispatcher and the switch and between the arbiter and the switch;
and configuring input detection rules and output detection rules for the corresponding mimicry switches according to the uplink and downlink directions of data flows between the input proxy/output arbitration module and the switch, between each executive body and the switch, between the dispatcher and the switch and between the arbiter and the switch.
Compared with the prior art, the invention has outstanding substantive characteristics and remarkable progress, and particularly provides the mimicry switch, which realizes the separation of uplink and downlink flow through two physical network interfaces, an input rule detector and an output rule detector and lays a foundation for the unidirectionality of communication links between mimicry components (input agents, resolvers and schedulers) of a subsequent mimicry system.
The invention provides an internal unidirectional communication method of a mimicry system, which realizes the unidirectional communication of the mimicry link by connecting mimicry switches in series on communication links between mimicry components (input agents, resolvers and schedulers) of the mimicry system and between the mimicry components and an executive body, solves the problem of poor rule configuration flexibility of traditional iptables and switch ACL, avoids the problem of rule failure caused by the existence of holes in the iptables on the one hand, improves the safety and flexibility of the mimicry system communication link, and simultaneously can assist users to quickly search attack sources by a flow recording function in the mimicry switch.
Drawings
Fig. 1 is a schematic diagram of the structure of a mimicry switch of the present invention.
FIG. 2 is a flow chart of a method of one-way communication within a mimicry system of the present invention.
Fig. 3 is a specific embodiment of the method of unidirectional communication within the mimicry system of the present invention.
Detailed Description
The technical scheme of the invention is further described in detail through the following specific embodiments.
Example 1
The present embodiment provides a mimicry switch, as shown in fig. 1, including an input network interface for forwarding an upstream data stream and an output network interface for forwarding a downstream data stream, and further including:
the input rule detector is connected with the input network interface and is used for detecting whether the uplink data stream forwarded by the input network interface accords with an input detection rule, sending the uplink data stream out through the output network interface when the uplink data stream accords with the input detection rule, recording the uplink data stream in an input flow memory when the uplink data stream does not accord with the input detection rule, and discarding the uplink data stream;
the output rule detector is connected with the output network interface and is used for detecting whether the downlink data flow forwarded by the output network interface accords with an output detection rule, sending the downlink data flow out through the input network interface when the downlink data flow accords with the output detection rule, recording the downlink data flow in an output flow memory when the downlink data flow does not accord with the output detection rule, and discarding the downlink data flow;
the input detection rule comprises a source equipment IP address, a target equipment IP address, a network port and a communication protocol of an uplink data stream; the output detection rule comprises a source device IP address, a target device IP address, a network port and a communication protocol of the downlink data stream.
The mimicry switch realizes the separation of uplink and downlink flow through two physical network interfaces, an input rule detector and an output rule detector, and lays a foundation for the unidirectionality of communication links between mimicry components (input agents, arbitrators and schedulers) of a subsequent mimicry system and between the mimicry components and an executive body.
Based on the above, the system further comprises a rule configurator, wherein the rule configurator is used for determining an input network interface and an output network interface in the uplink and downlink directions of the data flow, and is also used for storing input detection rules and output detection rules written by a user in a serial port mode.
It can be understood that the input network interface and the output network interface are both physical network interfaces, and are defined according to the uplink and downlink directions of the data flow when in use; the uplink data stream is a data stream from outside to inside, and the downlink data stream is a data stream from inside to outside; when the physical form of the network interface is fixed in the network link, the input network interface may also be considered an output network interface, and the output network interface may also be considered an input network interface.
Example 2
The embodiment provides a method for one-way communication in a mimicry system, as shown in fig. 2, comprising the following steps:
the input agent/output judging module is configured to carry out flow transmission with each executive body through a first IP sub-network segment of the internal switching network; configuring each executive body and the arbiter and the dispatcher to carry out flow transmission through a second sub-network segment of the internal switching network; the dispatcher is configured to carry out flow transmission with each execution body and the input agent through a third sub-network segment of the internal switching network;
setting the mimicry switch described in embodiment 1 on the communication links between the input agent/output arbitration module and each of the execution bodies, between each of the execution bodies and the arbiter, and between the scheduler and each of the execution bodies and the input agent, respectively;
and detecting whether the uplink data flow forwarded by the input network interface of the pseudo-switch accords with the input detection rule or whether the downlink data flow forwarded by the output network interface of the pseudo-switch accords with the output detection rule, so as to realize the unidirectionality of the communication links between the input agent/output arbitration module and each execution body, between each execution body and the arbiter and between the dispatcher and the arbiter and the communication links between the dispatcher and each execution body and the input agent.
Specifically, the mimicry switch is set on the communication link between the input agent/output arbitration module and each execution body, the communication link between each execution body and the arbitrator, and the communication link between the dispatcher and each execution body and the input agent, and specifically includes the following steps:
setting a switch, and connecting an input agent/output arbitration module, each execution body, an arbitrator and a dispatcher with the switch in a communication way;
defining the data flow sent by the input agent/output judging module to the switch as an uplink data flow, and defining the data flow sent by the switch to the input agent/output judging module as a downlink data flow; defining the data flow sent by the switch to each executive body as an uplink data flow, and the data flow sent by each executive body to the switch as a downlink data flow; defining the data stream sent by the switch to the arbiter as an uplink data stream, and the data stream sent by the arbiter to the switch as a downlink data stream; defining data sent by the switch to the scheduler as an uplink data stream, and defining data sent by the scheduler to the switch as a downlink data stream;
mimicry switches are arranged between the input proxy/output arbitration module and the switch, between each execution body and the switch, between the dispatcher and the switch and between the arbiter and the switch;
and configuring input detection rules and output detection rules for the corresponding mimicry switches according to the uplink and downlink directions of data flows between the input proxy/output arbitration module and the switch, between each executive body and the switch, between the dispatcher and the switch and between the arbiter and the switch.
It can be understood that when the input agent sends the data stream to each execution body, it sequentially detects whether the data stream accords with the input detection rule of the mimicry switch between the input agent/output arbitration module and the switch and accords with the input detection rule of the mimicry switch between the switch and each execution body;
when each executive body sends a data stream to the arbiter, sequentially detecting whether the data stream accords with an output detection rule of a mimicry switch between each executive body and the switch and accords with an input detection rule of the mimicry switch between the switch and the arbiter;
when the arbiter sends the data stream to the scheduler, sequentially detecting whether the data stream accords with the output detection rule of the mimicry switch between the exchanger and the arbiter and accords with the input detection rule of the mimicry switch between the exchanger and the scheduler;
when the dispatcher sends the data stream to the executive body, sequentially detecting whether the data stream accords with an output detection rule of a mimicry switch between the dispatcher and the switch and accords with an input detection rule of the mimicry switch between the switch and the executive body;
when the dispatcher sends the data stream to the input agent/output judging module, sequentially detecting whether the data stream accords with the output detection rule of the mimicry switch between the dispatcher and the switch and whether the data stream accords with the output detection rule of the mimicry switch between the switch and the input agent/output judging module;
when the executive body sends the data flow to the input agent/output judging module, whether the data flow accords with the output detection rule of the mimicry switch between the switch and each executive body and whether the data flow accords with the output detection rule of the mimicry switch between the switch and the input agent/output judging module are sequentially detected.
Preferably, the input agent/output arbitration module is communicated with each execution body and the input agent/output arbitration module by adopting an HTTP protocol; the dispatcher and the arbitrator, the dispatcher and each execution body, the input agent/output arbitrator module and each execution body adopt UDP protocol communication.
In particular, the basis of HTTP and UDP protocol communication is ARP normal learning, in order to avoid flow camouflage based on MAC address, the mimicry component and the executive body adopt static ARP tables, and ARP dynamic learning is not used, so the mimicry switch does not process ARP messages.
Furthermore, in order to express the specificity of the HTTP application flow between the input agent/output arbitration module and each execution body, and between each execution body and the input agent/output arbitration module, the HTTP data is encrypted by MD5 and then added into the header as a mimic keyword; adding a mic keyword into the header of the input detection rule and the header of the output detection rule; then setting the input detection rule to comprise a source equipment IP address, a target equipment network port, a communication protocol and a header of the uplink data flow; and setting the output detection rule to comprise a source equipment IP address, a target equipment IP address, a source equipment network port, a communication protocol and a header of the downlink data stream, and performing matching detection on the mic key words in the header.
The invention provides an internal unidirectional communication method of a mimicry system, which controls the unidirectionality of communication links between mimicry components (input agent/output arbitration module, arbiter and scheduler) and between the mimicry components and an executive body by connecting mimicry switches in series on the communication links between the mimicry components (input agent/output arbitration module, arbiter and scheduler) of the mimicry system, so that the problem of poor rule configuration flexibility of traditional iptables and switches ACL is solved, the problem of rule invalidation caused by the fact that attacks are diffused on a network link when the executive body or the mimicry components are attacked due to the existence of holes is avoided, the safety and flexibility of the communication links of the mimicry system are improved, and meanwhile, a flow recording function in the mimicry switches can assist users to quickly find attack sources.
Example 3
The present embodiment provides a specific embodiment. The embodiment is described in a simulated HTTP application, as shown in fig. 3, where the input agent realizes the copy and distribution of the HTTP protocol by means of a reverse proxy, and the IP address exposed by the input agent is 192.168.3.2, and the port is 80.
The input agent/output judging module communicates with each executive body by adopting different IP addresses of 192.168.2 network segments, specifically, the IP address of the communication between the input agent/output judging module and the executive body is 192.168.2.2, the IP address bound by the HTTP application of the executive body 1 is 192.168.2.3, and the port is 70; the IP address of the HTTP application binding of the executive body 2 is 192.168.2.4, and the port is 70; the executable 3HTTP application binds to an IP address 192.168.2.5 and a port 70.
Specifically, when the user communicates with the input proxy/output arbitration module, a port to the input proxy/output arbitration module is required, and when the input proxy/output arbitration module communicates with each execution body, a port number to each execution body is required. The input proxy/output arbitration acts as a transfer station, and no port number is required for the executable side.
The arbiter communicates with each executor and the scheduler by adopting 192.168.3 sections of different IP addresses;
specifically, the resolver IP address is 192.168.3.1, port 34; the IP address bound by the database of the executive body 1 is 192.168.3.2, and the port is 33; the IP address bound by the database of the executive body 2 is 192.16.3.3, and the port is 33; the IP address bound by the database of the executive body 3 is 192.168.3.4; the IP address of the dispatcher is 192.168.3.5, and the port is 35;
the dispatcher communicates with each executive by adopting 192.168.4 sections of different IP addresses;
specifically, when the client communicates with the server, the source port used by the client is generally randomly generated, and the destination port of the server is generally required to be designated; when the scheduler communicates with each executable, the scheduler acts as a client, the executable acts as a server, and the ports of the executors need to be specified. Therefore, the scheduler scheduling communication IP address is set to 192.168.4.1; the executive body 1 dispatches the communication IP address to 192.168.4.2 and the port to 6000; the executive body 2 dispatches the communication IP address to 192.168.4.3 and the port to 6000; the executive 3 dispatches the communication IP address to 192.168.4.4 and the port to 6000;
when the input agent/output arbitration module is communicated with the scheduler, the input agent/output arbitration module is used as a client, a port is not required to be specified, and the port is randomly generated by an operating system; the dispatcher serves as a server end, the dispatching communication IP address is 192.168.4.5, and the port is 6600.
A mimicry switch 1 is arranged between the input proxy/output judging module and the switch, a mimicry switch 2 is arranged between the switch and the executing body 1, a mimicry switch 3 is arranged between the switch and the executing body 2, and a mimicry switch 4 is arranged between the switch and the executing body 3; a mimicry switch 5 is arranged between the switch and the arbiter, and a mimicry switch 6 is arranged between the switch and the scheduler.
Since it is ensured that the communication of the input agent/output arbitration module with the execution bodies 1, 2, 3 is unidirectional, the communication of the execution bodies 1, 2, 3 with the input agent/output arbitration module is unidirectional.
Thus, the input detection rule of the mimicry switch 1 is configured according to the following table.
ID SRC DEST DesPORT Protocol HEADER ACTION Port (port)
1 192.168.2.2 192.168.2.3 70 HTTP mimic Forward Input network interface
2 192.168.2.2 192.168.2.4 70 HTTP mimic Forward Input network interface
3 192.168.2.2 192.168.2.5 70 HTTP mimic Forward Input network interface
The output detection rules of the mimicry switch 1 are configured according to the following table.
ID SRC DEST SRCPORT Protocol HEADER ACTION Port (port)
1 192.168.2.3 192.168.2.2 70 HTTP mimic Forward Output network interface
2 192.168.2.4 192.168.2.2 70 HTTP mimic Forward Output network interface
3 192.168.2.5 192.168.2.2 70 HTTP mimic Forward Output network interface
The executing body 1 receives the information sent by the input agent/output arbitration module, and thus configures the input detection rules of the mimicry switch 2 according to the following table.
ID SRC DEST DesPORT Protocol HEADER ACTION Port (port)
1 192.168.2.2 192.168.2.3 70 HTTP mimic Forward Input network interface
The executing body 1 sends information to the input agent/output arbitration module, and thus configures the output detection rules of the mimicry switch 2 according to the following table.
ID SRC DEST SRCPORT Protocol HEADER ACTION Port (port)
1 192.168.2.3 192.168.2.2 70 HTTP mimic Forward Output network interface
The executable 2 receives the information sent by the input agent/output arbitration module and therefore configures the input detection rules of the mimicry switch 3 according to the following table.
ID SRC DEST DesPORT Protocol HEADER ACTION Port (port)
1 192.168.2.2 192.168.2.4 70 HTTP mimic Forward Input network interface
The executing body 2 sends information to the input agent/output arbitration module, thus configuring the output detection rules of the mimicry switch 3 according to the following table.
ID SRC DEST SRCPORT Protocol HEADER ACTION Port (port)
1 192.168.2.4 192.168.2.2 70 HTTP mimic Forward Output network interface
The executable 3 receives the information sent by the input agent/output arbitration module and therefore configures the input detection rules of the mimicry switch 4 according to the following table.
ID SRC DEST DesPORT Protocol HEADER ACTION Port (port)
1 192.168.2.2 192.168.2.5 70 HTTP mimic Forward Input network interface
The executing body 3 sends information to the input agent/output arbitration module, thus configuring the output detection rules of the mimicry switch 4 according to the following table.
ID SRC DEST SRCPORT Protocol HEADER ACTION Port (port)
1 192.168.2.5 192.168.2.2 70 HTTP mimic Forward Output network interface
The arbitrator communicates with the executing bodies 1, 2 and 3 by adopting UDP communication protocol, the executing bodies 1, 2 and 3 send the data to be arbitrated to the arbitrator for processing, and the arbitrator sends the abnormal result to the dispatcher for processing.
To ensure that the communication of the execution bodies 1, 2, 3 with the arbiter is unidirectional,
the output detection rules of the mimicry switch 2 are configured according to the following table.
ID SRC DEST SRCPORT Protocol USERDEF ACTION Port (port)
2 192.168.3.2 192.168.3.1 33 UDP mimic Forward Output network interface
The output detection rules of the mimicry switch 3 are configured according to the following table.
ID SRC DEST SRCPORT Protocol USERDEF ACTION Port (port)
2 192.168.3.3 192.168.3.1 33 UDP mimic Forward Output network interface
The output detection rules of the mimicry switch 4 are configured according to the following table.
ID SRC DEST SRCPORT Protocol USERDEF ACTION Port (port)
2 192.168.3.4 192.168.3.1 33 UDP mimic Forward Output network interface
The input detection rules of the mimicry switch 5 are configured according to the following table.
ID SRC DEST SRCPORT Protocol USERDEF ACTION Port (port)
1 192.168.3.2 192.168.3.1 33 UDP mimic Forward Input network interface
2 192.168.3.3 192.168.3.1 33 UDP mimic Forward Input network interface
3 192.168.3.4 192.168.3.1 33 UDP mimic Forward Input network interface
To ensure that the arbiter's communication with the scheduler is unidirectional, the output detection rules of the mimicry switch 5 are configured as follows.
ID SRC DEST SRCPORT Protocol USERDEF ACTION Port (port)
1 192.168.3.1 192.168.3.5 34 UDP mimic Forward Output network interface
The input detection rules of the mimicry switch 6 are configured according to the following table.
ID SRC DEST DesPORT Protocol USERDEF ACTION Port (port)
1 192.168.3.1 192.168.3.5 34 UDP mimic Forward Input network interface
The dispatcher and the execution body are communicated by adopting a UDP communication protocol, and the execution body is dispatched to perform offline cleaning. Thus, in order to ensure that the scheduler is unidirectional in communication with the execution bodies 1, 2, 3, the output detection rules of the mimicry switch 6 are configured according to the following table.
ID SRC DEST SRCPORT Protocol USERDEF ACTION Port (port)
1 192.168.4.1 192.168.4.2 6000 UDP mimic Forward Output network interface
2 192.168.4.1 192.168.4.3 6000 UDP mimic Forward Output network interface
3 192.168.4.1 192.168.4.3 6000 UDP mimic Forward Output network interface
The dispatcher communicates with the input agent/output arbitration module by adopting a UDP communication protocol, and the dispatcher transmits the on-line and off-line information of the executive body to the input agent for processing.
Thus, in order to ensure that the scheduler's communication with the input agent/output arbitration module is unidirectional, the output detection rules of the mimicry switch 6 and the output detection rules of the mimicry switch 1 are configured as follows.
ID SRC DEST SRCPORT Protocol USERDEF ACTION Port (port)
4 192.168.4.1 192.168.4.5 6600 UDP mimic Forward Output network interface
The executing body 1 is to receive the information sent by the scheduler, and thus configures the input detection rules of the mimicry switch 2 according to the following table.
ID SRC DEST DesPORT Protocol USERDEF ACTION Port (port)
2 192.168.4.1 192.168.4.2 6000 UDP mimic Forward Input network interface
The executing body 2 is to receive the information sent by the scheduler, and thus configures the input detection rules of the mimicry switch 3 according to the following table.
ID SRC DEST DesPORT Protocol USERDEF ACTION Port (port)
2 192.168.4.1 192.168.4.3 6000 UDP mimic Forward Input network interface
The executing body 3 is to receive the information sent by the scheduler, and thus configures the input detection rules of the mimicry switch 4 according to the following table.
ID SRC DEST DesPORT Protocol USERDEF ACTION Port (port)
2 192.168.4.1 192.168.4.4 6000 UDP mimic Forward Input network interface
When the input agent sends data streams to each executive body, sequentially detecting whether the data streams accord with the input detection rule of the mimicry switch 1 and accord with the input detection rule of the mimicry switches 2-4;
when each executing body sends the data stream to the arbitrator, whether the data stream accords with the output detection rule of the mimicry switch 2-4 and whether the data stream accords with the input detection rule of the mimicry switch 5 are sequentially detected.
When the arbiter sends the data stream to the scheduler, sequentially detecting whether the data stream accords with the output detection rule of the mimicry switch 5 and whether the data stream accords with the input detection rule of the mimicry switch 6;
when the dispatcher sends the data stream to the executive body, sequentially detecting whether the data stream accords with the output detection rule of the mimicry switch 6 and whether the data stream accords with the input detection rule of the mimicry switches 2-4;
when the executive body sends the data stream to the input agent/output judging module, whether the data stream accords with the output detection rule of the mimicry switch 2-4 and whether the data stream accords with the output detection rule of the mimicry switch 1 are sequentially detected.
Finally, it should be noted that the above-mentioned embodiments are only for illustrating the technical scheme of the present invention and are not limiting; while the invention has been described in detail with reference to the preferred embodiments, those skilled in the art will appreciate that: modifications may be made to the specific embodiments of the present invention or equivalents may be substituted for part of the technical features thereof; without departing from the spirit of the invention, it is intended to cover the scope of the invention as claimed.

Claims (3)

1. The method for simulating the one-way communication inside the system is characterized by comprising the following steps of:
the input agent/output judging module is configured to carry out flow transmission with each executive body through a first IP sub-network segment of the internal switching network; configuring each executive body and the arbiter and the dispatcher to carry out flow transmission through a second sub-network segment of the internal switching network; the dispatcher is configured to carry out flow transmission with each execution body and the input agent through a third sub-network segment of the internal switching network;
setting mimicry switches on communication links between the input agent/output arbitration module and each execution body, between each execution body and the arbiter, and between the scheduler and each execution body and the input agent, respectively;
the mimicry switch includes an input network interface for forwarding an upstream data stream and an output network interface for forwarding a downstream data stream, and further includes:
the input rule detector is connected with the input network interface and is used for detecting whether the uplink data stream forwarded by the input network interface accords with an input detection rule, sending the uplink data stream out through the output network interface when the uplink data stream accords with the input detection rule, recording the uplink data stream in an input flow memory when the uplink data stream does not accord with the input detection rule, and discarding the uplink data stream;
the output rule detector is connected with the output network interface and is used for detecting whether the downlink data flow forwarded by the output network interface accords with an output detection rule, sending the downlink data flow out through the input network interface when the downlink data flow accords with the output detection rule, recording the downlink data flow in an output flow memory when the downlink data flow does not accord with the output detection rule, and discarding the downlink data flow;
a rule configurator, which is used for determining an input network interface and an output network interface in the uplink and downlink directions of the data flow, and is used for storing the input detection rule and the output detection rule;
and detecting whether the uplink data flow forwarded by the input network interface of the pseudo-switch accords with the input detection rule or whether the downlink data flow forwarded by the output network interface of the pseudo-switch accords with the output detection rule, so as to realize the unidirectionality of the communication links between the input agent/output arbitration module and each execution body, between each execution body and the arbiter and between the dispatcher and the arbiter and the communication links between the dispatcher and each execution body and the input agent.
2. The mimicry system internal unidirectional communication method of claim 1, wherein: setting mimicry switches on communication links between the input agent/output arbitration module and each execution body, between each execution body and the arbiter, and between the scheduler and each execution body and the input agent, respectively, specifically comprising the following steps:
setting a switch, and connecting an input agent/output arbitration module, each execution body, an arbitrator and a dispatcher with the switch in a communication way;
defining the data flow sent by the input agent/output judging module to the switch as an uplink data flow, and defining the data flow sent by the switch to the input agent/output judging module as a downlink data flow; defining the data flow sent by the switch to each executive body as an uplink data flow, and the data flow sent by each executive body to the switch as a downlink data flow; defining the data stream sent by the switch to the arbiter as an uplink data stream, and the data stream sent by the arbiter to the switch as a downlink data stream; defining data sent by the switch to the scheduler as an uplink data stream, and defining data sent by the scheduler to the switch as a downlink data stream;
mimicry switches are arranged between the input proxy/output arbitration module and the switch, between each execution body and the switch, between the dispatcher and the switch and between the arbiter and the switch;
and configuring input detection rules and output detection rules for the corresponding mimicry switches according to the uplink and downlink directions of data flows between the input proxy/output arbitration module and the switch, between each executive body and the switch, between the dispatcher and the switch and between the arbiter and the switch.
3. The mimicry system internal unidirectional communication method of claim 1, wherein: the input agent/output arbitration module is communicated with each executive body by adopting an HTTP protocol; the dispatcher and the arbitrator, the dispatcher and each execution body adopt UDP protocol communication.
CN202111670961.XA 2021-12-31 2021-12-31 Mimicry switch and mimicry system internal one-way communication method Active CN114363051B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111670961.XA CN114363051B (en) 2021-12-31 2021-12-31 Mimicry switch and mimicry system internal one-way communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111670961.XA CN114363051B (en) 2021-12-31 2021-12-31 Mimicry switch and mimicry system internal one-way communication method

Publications (2)

Publication Number Publication Date
CN114363051A CN114363051A (en) 2022-04-15
CN114363051B true CN114363051B (en) 2023-07-21

Family

ID=81104503

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111670961.XA Active CN114363051B (en) 2021-12-31 2021-12-31 Mimicry switch and mimicry system internal one-way communication method

Country Status (1)

Country Link
CN (1) CN114363051B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112202645A (en) * 2020-11-12 2021-01-08 福州大学 Measuring system based on mimicry defense and Sketch algorithm and abnormal flow detection method
CN113285917A (en) * 2021-04-07 2021-08-20 中国人民解放军战略支援部队信息工程大学 Method, equipment and architecture for protecting endogenous security boundary of industrial network

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104754048B (en) * 2015-03-30 2018-05-22 中国人民解放军信息工程大学 A kind of mimicry institutional framework of server cluster
CN110177080A (en) * 2019-04-18 2019-08-27 中国人民解放军战略支援部队信息工程大学 Mimicry interchanger, the network equipment and system
CN111669367B (en) * 2020-04-30 2022-08-16 河南信大网御科技有限公司 Mimicry intranet and construction method thereof
CN112367288B (en) * 2020-05-25 2023-06-20 河南信大网御科技有限公司 Single mimicry bracket device, method, readable storage medium, and mimicry defense architecture
CN111859390B (en) * 2020-07-06 2022-07-26 河南信大网御科技有限公司 Mimicry bracket device, defense method and defense architecture
CN112653707B (en) * 2020-12-31 2022-08-16 河南信大网御科技有限公司 Enhanced mimicry input agent
CN112799705B (en) * 2021-02-07 2022-10-21 河南信大网御科技有限公司 Simulation structure system upgrading method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112202645A (en) * 2020-11-12 2021-01-08 福州大学 Measuring system based on mimicry defense and Sketch algorithm and abnormal flow detection method
CN113285917A (en) * 2021-04-07 2021-08-20 中国人民解放军战略支援部队信息工程大学 Method, equipment and architecture for protecting endogenous security boundary of industrial network

Also Published As

Publication number Publication date
CN114363051A (en) 2022-04-15

Similar Documents

Publication Publication Date Title
US20060002391A1 (en) Multicast packet relay device adapted for virtual router
CN104272656A (en) Network feedback in software-defined networks
US11575625B2 (en) System and method for identifying relationships between users of computer applications
CN105991444A (en) Business processing method and business processing apparatus
CN105939291A (en) Message processing unit and network device
WO2014020445A2 (en) Systems and methods for deep packet inspection with a virtual machine
CN105743687B (en) Method and device for judging node fault
CN107786386B (en) Selective transmission of Bidirectional Forwarding Detection (BFD) messages for authenticating multicast connections
US20170223045A1 (en) Method of forwarding data between computer systems, computer network infrastructure and computer program product
CN114363051B (en) Mimicry switch and mimicry system internal one-way communication method
US7688821B2 (en) Method and apparatus for distributing data packets by using multi-network address translation
CN107241455B (en) Apparatus and method for performing duplicate address detection for integrated routing and bridging devices
US9712501B2 (en) Packet header randomization
CN105939220A (en) Remote port mirroring realization method and device
JP2008060747A (en) Layer 2 load balancing system, layer 2 load balancer, and layer 2 load balancing method for the same
CN113472698A (en) Switching equipment and message forwarding method thereof
JP4461017B2 (en) Data packet routing method and apparatus for implementing the method
US20070266127A1 (en) Internal virtual local area network (lan)
US20070025362A1 (en) Method and apparatus for multiple connections to group of switches
JP2008271347A (en) Illegal access prevention apparatus, and determination result transmission method
US20240259234A1 (en) Local port grouping with rails of network links
CN103428083B (en) Information processor and image processing system
US11336738B2 (en) System and method for tracking users of computer applications
US9537750B2 (en) Multicast router topology discovery
KR100918581B1 (en) method and apparatus for processing IGMP join report packet

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant