CN114465749A - Virtual gateway device based on network topology confusion and construction method - Google Patents
Virtual gateway device based on network topology confusion and construction method Download PDFInfo
- Publication number
- CN114465749A CN114465749A CN202111147001.5A CN202111147001A CN114465749A CN 114465749 A CN114465749 A CN 114465749A CN 202111147001 A CN202111147001 A CN 202111147001A CN 114465749 A CN114465749 A CN 114465749A
- Authority
- CN
- China
- Prior art keywords
- virtual
- gateway
- module
- network
- real
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
Abstract
The application relates to the technical field of network communication, and discloses a network topology confusion virtual gateway device based on a virtual network and a construction method thereof, wherein the network topology confusion virtual gateway device comprises a virtual node module, a virtual network construction module, a virtual gateway generation module, a data receiving module and a data sending module; the virtual node module is used for modifying the real IP address of the virtual node module into a virtual IP address; the virtual network construction module is used for constructing a plurality of virtual node modules modified into virtual IP addresses into a virtual network, and the virtual network is also provided with a real node module virtual gateway generation module which is used for selecting one or more virtual node modules in the virtual network as a virtual gateway capable of replacing the real gateway; the data receiving module is used for receiving the DHCP packet by the virtual gateway; and the data sending module is used for sending the DHCP packet received by the virtual gateway. The method and the device can achieve the protection effect on the real gateway, thereby reducing the attack risk on the real IP address of the PC in the using process.
Description
Technical Field
The invention relates to the technical field of network communication, in particular to a virtual gateway device based on network topology confusion and a construction method thereof.
Background
A Network Topology (Network Topology) architecture refers to the physical layout of interconnecting various devices using a transmission medium. Refers to a particular physical, i.e., real, or logical, i.e., virtual, arrangement of members that make up a network. If the connection structure of two networks is the same we say that their network topologies are the same.
Gateways, also called internetwork connectors and protocol converters, exist in the network topology. The gateway realizes network interconnection above a network layer, is a complex network interconnection device and is only used for interconnection of two networks with different high-level protocols. The gateway can be used for interconnection of both wide area networks and local area networks. A gateway is a computer system or device that acts as a switch-operative between two systems of different communication protocols, data formats or languages, or even completely different architectures, and is a translator that simply communicates information to the bridge, and repacks the received information to suit the needs of the destination system.
For the above related art, the inventor thinks that in the face of malicious network attacks, when the gateway is attacked, the attack risk to the real IP of some PCs in use is large.
Disclosure of Invention
In order to reduce the attack risk to the real IP address of the PC in the using process and improve the effect of network security, the application provides a virtual gateway device based on network topology confusion and a construction method thereof.
In a first aspect, the present application provides a virtual gateway device based on network topology confusion, which adopts the following technical solutions:
a network topology confusion virtual gateway device based on a virtual network comprises a virtual node module, a virtual network construction module, a virtual gateway generation module, a data receiving module and a data sending module;
the virtual node module is at least provided with one virtual node module and is used for modifying the real IP address of the virtual node module into a virtual IP address;
the virtual network construction module is used for constructing a plurality of virtual node modules modified into virtual IP addresses into a virtual network, and the virtual network also comprises a real node module;
the virtual gateway generation module is used for selecting one or more virtual node modules in the virtual network as a virtual gateway capable of replacing a real gateway;
the data receiving module is used for the virtual gateway to receive a DHCP packet;
and the data sending module is used for forwarding the DHCP packet received by the virtual gateway.
By adopting the technical scheme, when a virtual gateway is required to be constructed so as to induce an attack, a proper virtual node module is selected as the virtual gateway according to the constructed virtual network, the virtual node is formed by modifying the real IP address of the virtual node to a virtual IP address which can be identified as an attack target by an attacker, and then the virtual node modules with the modified IP addresses are assembled into a virtual network which also comprises the original real gateway; one or more virtual node modules are selected as a virtual gateway, the virtual gateway can replace a real gateway, when an attacker attacks the gateway, the attacker can avoid the real gateway and directly attack the virtual gateway, the protection effect on the real gateway can be achieved, and the attack risk on the real IP address of the PC in the use process is reduced.
Optionally, the virtual node module includes an access response unit, and the access response unit is configured to implement a data access function and a data response function of the real gateway.
By adopting the technical scheme, when the virtual node module is used as the virtual gateway, the virtual gateway only needs to realize data access and data response compared with a real gateway, other functions of the real gateway are not needed to be realized, and the complexity of the virtual network can be reduced.
Optionally, the virtual node module may be a PC or a switch.
By adopting the technical scheme, the virtual node module is set as the PC or the switch, and the PC or the switch is a hardware device, so that the PC or the switch can be easily discovered and identified when attacking the virtual node module.
Optionally, the virtual gateway apparatus further includes a gateway selection module, where the gateway selection module is configured to select the virtual node module with a higher security factor as the gateway.
By adopting the technical scheme, the virtual node modules with higher safety factor are selected as the gateway, the historical interactive data amount of the virtual node modules is less, the virtual node modules are used as the virtual gateway, and the influence of the virtual node modules in the attack process is not too great, so that the virtual node modules with important data are not easy to attack, and the network safety can be improved.
Optionally, the virtual gateway device further includes a data transfer module and an attack early warning module;
the attack early warning module is used for generating attack early warning information before the virtual gateway is attacked;
and the data transfer module is used for transferring the relevant data of the attacked virtual gateway to other virtual gateways or other virtual node modules after receiving the attack early warning information.
By adopting the technical scheme, since an attacker may attack the virtual gateway with a large data interaction amount, before attacking the gateway, attack early warning information needs to be generated, and then relevant data of the virtual gateway to be attacked is transferred, so that data loss caused by the attack of the IP address connected with the gateway is prevented, the attack risk on the real IP address of the PC in the using process can be reduced, and the effect of improving the network security is achieved.
Optionally, the virtual gateway apparatus further includes a gateway inducing module, where the gateway inducing module is configured to obtain configuration information of a real gateway that is historically attacked, and apply the configuration information to the virtual gateway.
By adopting the technical scheme, the configuration information of the real gateway which is historically attacked is acquired by using the virtual gateway induction module, and the configuration information is applied to the virtual gateway in order to discover the law of the attacked object, for example, whether the data has the characteristic of attracting attack or not, so that the virtual gateway is favorable for inducing the attack, the risk of attacking the real gateway is reduced, and the safety of the network can be improved.
In a second aspect, the present application provides a virtual gateway construction method based on network topology confusion, which adopts the following technical scheme:
a virtual gateway construction method based on network topology confusion is applied to the virtual gateway device based on network topology confusion, and comprises the following steps:
acquiring a plurality of virtual node modules in an unused state;
modifying the real IP address of the virtual node module into a virtual IP address;
constructing a plurality of virtual node modules modified into virtual IP addresses into a virtual network, and selecting at least one virtual node module in the virtual network as a virtual gateway to replace a real gateway;
and sending the DHCP packet sent by the first network equipment to the second network equipment through the virtual gateway.
By adopting the technical scheme, when the virtual gateway is required to be constructed so as to induce attack, a proper virtual node module is selected as the virtual gateway according to the constructed virtual network, and the virtual node is formed by modifying the real IP address of the virtual node to a virtual IP address which can be identified as an attack target by an attacker, and then the virtual node modules with the modified IP addresses are assembled into a virtual network; one or more virtual node modules are selected as a virtual gateway, the virtual gateway can replace a real gateway, when an attacker attacks the gateway, the attacker can avoid the real gateway and directly attack the virtual gateway, the protection effect on the real gateway can be achieved, and the attack risk on the real IP address of the PC in the use process is reduced.
Optionally, the step of selecting at least one of the virtual node modules in the virtual network as a virtual gateway includes:
acquiring historical transmission data volume of all the virtual node modules in the virtual network;
acquiring safety factors of a plurality of virtual node modules based on the historical transmission data volume, wherein the historical transmission data volume and the safety factors are in an inverse proportion relation;
and taking the virtual node module with higher safety factor as a virtual gateway.
By adopting the technical scheme, the virtual node modules with higher safety factor are selected as the gateway, the historical interactive data amount of the virtual node modules is less, the virtual node modules are used as the virtual gateway, and the influence of the virtual node modules in the attack process is not too great, so that the virtual node modules with important data are not easy to attack, and the network safety can be improved.
Optionally, the step of sending the DHCP packet sent by the first network device to the second network device through the virtual gateway includes:
generating attack early warning information before the virtual gateway is attacked;
and after receiving the attack early warning information, transferring the relevant data of the attacked virtual gateway to other virtual gateways or other virtual node modules.
By adopting the technical scheme, since an attacker may attack the virtual gateway with a large data interaction amount, before attacking the gateway, attack early warning information needs to be generated, and then relevant data of the virtual gateway to be attacked is transferred, so that data loss caused by the attack of the IP address connected with the gateway is prevented, the attack risk on the real IP address of the PC in the using process can be reduced, and the effect of improving the network security is achieved.
Optionally, the step of replacing the real gateway with the virtual gateway includes:
acquiring configuration information of a real gateway which is attacked historically;
applying the configuration information to the virtual gateway based on configuration information of a real gateway.
By adopting the technical scheme, the configuration information of the real gateway which is historically attacked is acquired by using the virtual gateway induction module, and the configuration information is applied to the virtual gateway in order to discover the law of the attacked object, for example, whether the data has the characteristic of attracting attack or not, so that the virtual gateway is favorable for inducing the attack, the risk of attacking the real gateway is reduced, and the safety of the network can be improved.
In summary, the present application includes at least one of the following beneficial technical effects:
one or more virtual node modules are selected as a virtual gateway, the virtual gateway can replace a real gateway, when an attacker attacks the gateway, the real gateway can be avoided, the virtual gateway can be directly attacked, the protection effect on the real gateway can be achieved, and the attack risk on the real IP address of the PC in the using process is reduced;
the virtual node modules with higher safety coefficient are selected as gateways, the historical interactive data amount of the virtual node modules is less, and the virtual node modules are used as the virtual gateways, so that the influence of the virtual node modules when being attacked is not too great, the virtual node modules with important data are not easily attacked, and the network safety can be improved;
the virtual gateway inducing module is used for acquiring the configuration information of the real gateway which is attacked historically, and in order to find out the rule of the attacked object, for example, whether the data has the characteristic of attracting the attack or not, the configuration information is applied to the virtual gateway, so that the virtual gateway is favorable for inducing the attack, the risk of attacking the real gateway is reduced, and the safety of the network can be improved.
Drawings
Fig. 1 is a schematic diagram of a hardware architecture of a virtual network-based network topology obfuscating virtual gateway device according to an embodiment of the present application.
Fig. 2 is a flowchart of a virtual network-based network topology obfuscating virtual gateway device according to an embodiment of the present application.
Detailed Description
The present application is described in further detail below with reference to figures 1-2.
The embodiment of the application discloses a network topology confusion virtual gateway device based on a virtual network. Referring to fig. 1, the system comprises a virtual node module, a virtual network construction module, a virtual gateway generation module, a gateway selection module, a gateway induction module, a data transfer module, an attack early warning module, a data receiving module and a data sending module.
The virtual node module can be at least one of a switch or a PC, and aims to modify the real IP address of the virtual node module into a virtual IP address, the virtual IP address is easy to identify by an attacker after the address is modified, the virtual node modules and the real PC form the whole virtual network, the attack complexity of the attacker is increased, and the attacker is not easy to attack the real PC.
The virtual node module is arranged between the first network equipment and the second network equipment, and the first network equipment and the second network equipment can both comprise routers and switches; and if the first network equipment is a router, the second network equipment is a switch, and if the first network equipment is a switch, the second network equipment is a router, which represents that the data packet is transmitted between the uplink channel or the downlink channel. The switch is in communication connection with a plurality of PCs, only a plurality of PCs are in use, the IP address of the PC in use is easy to become an attacked object, and the PC not in use does not transmit data, so that the IP address of the PC is not identified as a target attack object by an attacker, and the PCs not in use need to be used as virtual node modules, thereby inducing attack through the PCs not in use and protecting the PCs in use.
The virtual node module comprises an access response unit, the access response unit only needs to be used for realizing the data access function and the data response function of the real gateway, other application functions do not need to be realized, the condition identified by an attacker can be met, the function of the virtual node module is simplified, and the complexity of the device can be reduced.
The virtual network construction module is used for constructing a plurality of virtual node modules modified into virtual IP addresses into a virtual network, and the virtual network also comprises a real node module; the virtual network comprises a plurality of nodes, not only a plurality of constructed virtual nodes, but also the existing real nodes, and the purpose is to simulate the virtual nodes into the form of the real nodes, so that when an attacker attacks, the constructed virtual nodes can transfer the attention of the attacker, and the attack probability to the real nodes is reduced.
The virtual network is formed by a plurality of virtual node modules and a real node module, the virtual network can be in a structure of at least one layer, each layer comprises at least one virtual node module, and after the virtual network is built, when an attacker attacks a PC, a plurality of attack objects are added, so that the real node is not easy to attack accurately.
The virtual gateway generation module is used for selecting one or more virtual node modules in a virtual network as a virtual gateway capable of replacing a real gateway.
And the gateway selection module is used for selecting the virtual node module with higher safety coefficient as the gateway.
The virtual node modules with higher safety coefficient are selected as gateways, the historical interactive data amount of the virtual node modules is less, and the virtual node modules are used as the virtual gateways, so that the influence of the virtual node modules when being attacked is not too great, the virtual node modules with important data are not easily attacked, and the network safety can be improved; for example, when the historical data amount of 10 virtual node modules is 10 units, 9 units and 8 units … … 1 units in sequence, the security factor of the virtual node module with 1 unit of data interaction amount is the highest, and when the virtual node module with the highest security factor is selected as the gateway, even if the gateway is attacked, the lost data is the least, so the security factor is the highest.
And the gateway inducing module is used for acquiring the configuration information of the real gateway which is historically attacked and applying the configuration information to the virtual gateway. The method comprises the steps of obtaining a historical attacked real gateway from a database or a memory, then obtaining configuration information of the real gateway, wherein the configuration information comprises port information, equipment identification, subnet masks and the like, and then assigning the configuration information to a virtual gateway, so that the probability of attacking the virtual gateway is higher, and the effect of inducing the attack is achieved.
The attack early warning module is used for generating attack early warning information before the virtual gateway is attacked; the early warning information can be in a sound-light alarm mode, a telephone mode, a short message mode, an email mode and the like.
The data transfer module can be some hardware with a data transmission function, such as an optical fiber, and is used for transferring relevant data of the attacked virtual gateway to other virtual gateways or other virtual node modules after receiving the attack early warning information; if the virtual gateway is about to be attacked, the data transfer module transfers the related data being transmitted to other virtual gateways or other virtual node modules, so as to prevent the data loss caused by the attack.
And the data receiving module is used for receiving the DHCP packet by the virtual gateway.
And the data sending module is used for forwarding the DHCP packet received by the virtual gateway.
The implementation principle of the network topology confusion virtual gateway device based on the virtual network in the embodiment of the application is as follows: when a virtual gateway is required to be constructed so as to induce attack, a proper virtual node module is selected as the virtual gateway according to the constructed virtual network, and the virtual node is formed by modifying the real IP address of the virtual node to a virtual IP address which can be identified as an attack target by an attacker, and then forming the virtual node module components with the modified IP addresses into a virtual network; one or more virtual node modules are selected as a virtual gateway, the virtual gateway can replace a real gateway, when an attacker attacks the gateway, the attacker can avoid the real gateway and directly attack the virtual gateway, and the protection effect on the real gateway can be achieved; when the virtual gateway is about to be attacked, the data of the virtual gateway can be transferred, and meanwhile, the configuration information of the gateway which is attacked historically can be applied to the virtual gateway, so that the virtual gateway is easy to induce the attack, and the attack risk to the real IP address of the PC in the using process is reduced.
Referring to fig. 2, based on the above hardware architecture, an embodiment of the present application further discloses a virtual gateway construction method based on network topology confusion, including steps S100 to S400:
step S100: a plurality of virtual node modules in an unused state are acquired.
The unused PCs are used as virtual node modules and are connected with the switch, when the router and the switch transmit DHCP data packets before, the real IP addresses of the PCs are not easy to be found by an attacker, and the attacker only can intensively attack the PCs in the using process.
Step S200: and modifying the real IP address of the virtual node module into a virtual IP address.
When the DHCP packet is transmitted between the router and the switch, the DHCP packet is intercepted, and then the real IP address of the virtual node module is modified into a virtual IP address which can be identified by an attacker.
Step S300: constructing a plurality of virtual node modules modified into virtual IP addresses into a virtual network, and selecting at least one virtual node module in the virtual network as a virtual gateway to replace a real gateway.
The virtual network is a computer network containing at least partial virtual network links, the virtual network is composed of a plurality of virtual node modules, the virtual node modules are corresponding to a plurality of IP addresses, one IP address can correspond to a plurality of virtual node modules, the virtual network simultaneously comprises real nodes, namely a PC in the using process, the virtual network is added with a plurality of virtual node modules, the range of the virtual network can be enlarged, and an attacker is not easy to accurately attack the real nodes when attacking, so when the virtual gateway replaces the real gateway, the virtual network is beneficial to protecting the real nodes.
The step of selecting at least one of the virtual node modules in the virtual network as a virtual gateway in step S300 includes steps S310 to S330:
step S310: and acquiring historical transmission data volume of all the virtual node modules in the virtual network.
Step S320: and acquiring the safety factors of the plurality of virtual node modules based on the historical transmission data volume, wherein the historical transmission data volume and the safety factors are in an inverse relation.
Step S330: and taking the virtual node module with higher safety factor as a virtual gateway.
The virtual node modules with higher safety coefficient are selected as gateways, the historical interactive data amount of the virtual node modules is less, and the virtual node modules are used as the virtual gateways, so that the influence of the virtual node modules when being attacked is not too great, the virtual node modules with important data are not easily attacked, and the network safety can be improved; for example, when the historical data amount of 10 virtual node modules is 10 units, 9 units and 8 units … … 1 units in sequence, for example, the security factor of a virtual node module with 10 units of historical data amount is 0.1, and the security factor of a virtual node module with 1 unit of historical data amount is 1, the security factor of the virtual node module with 1 unit of data interaction amount is the highest, and when the virtual node module with the highest security factor is selected as a gateway, even if an attack is suffered, the lost data is the least, and therefore the security factor is the highest.
The step of replacing the real gateway with the virtual gateway in the step S300 includes steps S3a 0-S3B 0:
step S3a 0: and acquiring the configuration information of the real gateway which is attacked historically.
Step S3B 0: applying the configuration information to the virtual gateway based on configuration information of a real gateway.
The method comprises the steps of obtaining a historical attacked real gateway from a database or a memory, then obtaining configuration information of the real gateway, wherein the configuration information comprises port information, equipment identification, subnet masks and the like, and then assigning the configuration information to a virtual gateway, so that the probability of attacking the virtual gateway is higher, and the effect of inducing the attack is achieved.
Step S400: and sending the DHCP packet sent by the first network equipment to the second network equipment through the virtual gateway.
Step S400 includes steps S410 to S420:
step S410: and generating attack early warning information before the virtual gateway is attacked.
Step S420: and after receiving the attack early warning information, transferring the relevant data of the attacked virtual gateway to other virtual gateways or other virtual node modules.
The system is used for transferring relevant data of the attacked virtual gateway to other virtual gateways or other virtual node modules through some hardware equipment (such as optical fibers) with a data transmission function after the attack early warning information is received; if the virtual gateway is about to be attacked, the related data which is being transmitted is transferred to other virtual gateways or other virtual node modules, so that the data loss caused by the attack is prevented.
The above embodiments are preferred embodiments of the present application, and the protection scope of the present application is not limited by the above embodiments, so: all equivalent changes made according to the structure, shape and principle of the present application shall be covered by the protection scope of the present application.
Claims (10)
1. A network topology confusion virtual gateway device based on virtual network is characterized in that: the system comprises a virtual node module, a virtual network construction module, a virtual gateway generation module, a data receiving module and a data sending module;
the virtual node module is at least provided with one virtual node module and is used for modifying the real IP address of the virtual node module into a virtual IP address;
the virtual network construction module is used for constructing a plurality of virtual node modules modified into virtual IP addresses into a virtual network, and the virtual network also comprises a real node module;
the virtual gateway generation module is used for selecting one or more virtual node modules in the virtual network as a virtual gateway capable of replacing a real gateway;
the data receiving module is used for the virtual gateway to receive a DHCP packet;
and the data sending module is used for forwarding the DHCP packet received by the virtual gateway.
2. The virtual gateway device based on network topology confusion of claim 1, wherein: the virtual node module comprises an access response unit, and the access response unit is used for realizing the data access function and the data response function of the real gateway.
3. The virtual gateway device based on network topology confusion of claim 1, wherein: the virtual node module may be a PC or a switch.
4. The virtual gateway device based on network topology confusion of claim 1, wherein: the virtual gateway device also comprises a gateway selection module, wherein the gateway selection module is used for selecting the virtual node module with higher safety coefficient as the gateway.
5. The virtual gateway device based on network topology confusion of claim 1, wherein: the virtual gateway device also comprises a data transfer module and an attack early warning module;
the attack early warning module is used for generating attack early warning information before the virtual gateway is attacked;
and the data transfer module is used for transferring the relevant data of the attacked virtual gateway to other virtual gateways or other virtual node modules after receiving the attack early warning information.
6. The virtual gateway device based on network topology confusion of claim 5, wherein: the virtual gateway device also comprises a gateway inducing module, wherein the gateway inducing module is used for acquiring the configuration information of the real gateway which is attacked historically and applying the configuration information to the virtual gateway.
7. A virtual gateway construction method based on network topology confusion is characterized in that: the virtual gateway device based on network topology confusion applied to claims 1-6, comprising:
acquiring a plurality of virtual node modules in an unused state;
modifying the real IP address of the virtual node module into a virtual IP address;
constructing a plurality of virtual node modules modified into virtual IP addresses into a virtual network, and selecting at least one virtual node module in the virtual network as a virtual gateway to replace a real gateway;
and sending the DHCP packet sent by the first network equipment to the second network equipment through the virtual gateway.
8. The method for constructing a virtual gateway based on network topology confusion according to claim 7, wherein: the step of selecting at least one of said virtual node modules in said virtual network as a virtual gateway comprises:
acquiring historical transmission data volume of all the virtual node modules in the virtual network;
acquiring safety factors of a plurality of virtual node modules based on the historical transmission data volume, wherein the historical transmission data volume and the safety factors are in an inverse proportion relation;
and taking the virtual node module with higher safety factor as a virtual gateway.
9. The method for constructing a virtual gateway based on network topology confusion according to claim 7, wherein: the step of sending the DHCP packet sent by the first network device to the second network device through the virtual gateway includes:
generating attack early warning information before the virtual gateway is attacked;
and after receiving the attack early warning information, transferring the relevant data of the virtual gateway suffering the attack to other virtual gateways or other virtual node modules.
10. The method for constructing a virtual gateway based on network topology confusion according to claim 7, wherein: the step of replacing the real gateway by the virtual gateway comprises the following steps:
acquiring configuration information of the real gateway which is attacked historically;
applying the configuration information to the virtual gateway based on the configuration information of the real gateway.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111147001.5A CN114465749B (en) | 2021-09-28 | 2021-09-28 | Virtual gateway device based on network topology confusion and construction method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111147001.5A CN114465749B (en) | 2021-09-28 | 2021-09-28 | Virtual gateway device based on network topology confusion and construction method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114465749A true CN114465749A (en) | 2022-05-10 |
| CN114465749B CN114465749B (en) | 2022-11-15 |
Family
ID=81406530
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111147001.5A Active CN114465749B (en) | 2021-09-28 | 2021-09-28 | Virtual gateway device based on network topology confusion and construction method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114465749B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120011230A1 (en) * | 2010-07-12 | 2012-01-12 | Cisco Technology, Inc. | Utilizing a Gateway for the Assignment of Internet Protocol Addresses to Client Devices in a Shared Subset |
| CN108616386A (en) * | 2018-03-29 | 2018-10-02 | 西安交通大学 | A kind of construction method and SDN virtual network environments of SDN virtual network environments |
| CN110381041A (en) * | 2019-06-28 | 2019-10-25 | 奇安信科技集团股份有限公司 | Distributed denial of service attack situation detection method and device |
| CN110800262A (en) * | 2017-03-08 | 2020-02-14 | 艾锐势有限责任公司 | Dynamic access point link aggregation |
| CN111385236A (en) * | 2018-12-27 | 2020-07-07 | 北京卫达信息技术有限公司 | Dynamic defense system based on network spoofing |
-
2021
- 2021-09-28 CN CN202111147001.5A patent/CN114465749B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120011230A1 (en) * | 2010-07-12 | 2012-01-12 | Cisco Technology, Inc. | Utilizing a Gateway for the Assignment of Internet Protocol Addresses to Client Devices in a Shared Subset |
| CN110800262A (en) * | 2017-03-08 | 2020-02-14 | 艾锐势有限责任公司 | Dynamic access point link aggregation |
| CN108616386A (en) * | 2018-03-29 | 2018-10-02 | 西安交通大学 | A kind of construction method and SDN virtual network environments of SDN virtual network environments |
| CN111385236A (en) * | 2018-12-27 | 2020-07-07 | 北京卫达信息技术有限公司 | Dynamic defense system based on network spoofing |
| CN110381041A (en) * | 2019-06-28 | 2019-10-25 | 奇安信科技集团股份有限公司 | Distributed denial of service attack situation detection method and device |
Non-Patent Citations (3)
| Title |
|---|
| 张亚甫: "基于网络拓扑动态变化的主动防御系统研究与实现", 《硕士学位论文》 * |
| 李志奇等: "基于Netfilter/Iptables的动态安全防御系统设计", 《通信学报》 * |
| 马卫局: "网络空间安全进入动态防御时代", 《现代军事》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114465749B (en) | 2022-11-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101764709B (en) | Network physical topology discovering method and network management server based on SNMP | |
| US8214528B2 (en) | Address identifier scaling in converged networks | |
| JP3760767B2 (en) | Network management apparatus and network management method | |
| CN101257523B (en) | Method for supporting IP network interconnectivity between partitions in a virtualized environment | |
| JP3574184B2 (en) | Method and apparatus for analysis of information contained in a data structure | |
| JP2017204887A (en) | Configuring communications between computing nodes | |
| CN111885046B (en) | Linux-based transparent intranet access method and device | |
| CN102420762B (en) | Message forwarding method, message forwarding system, network equipment and firewall wire card | |
| CN107809386B (en) | IP address translation method, routing device and communication system | |
| GB2409602A (en) | Communicating between a management station and networks having duplicate IP addresses | |
| CN1668030B (en) | System and a method for processing field frames for multiprotocol use in a communications, and network equipment | |
| CN114268491A (en) | Network security system based on honeypot technology | |
| CN114465749B (en) | Virtual gateway device based on network topology confusion and construction method | |
| CN114124802B (en) | Cross-domain black hole route centralized management and control method and device | |
| KR20050051632A (en) | A filter for traffic separation | |
| US20060133297A1 (en) | Network topology mapper | |
| CN111885068B (en) | Bypass deployment traffic distribution method and system | |
| KR20190110719A (en) | Apparatus and method for concealing network | |
| Moz et al. | Campus Network Configuration, Monitoring and Data Flow Simulation using Cisco Packet Tracer | |
| JP2006013732A (en) | Routing device and authentication method of information processor | |
| US8036218B2 (en) | Technique for achieving connectivity between telecommunication stations | |
| WO2007061404A2 (en) | Network topology mapper | |
| JP2006025457A (en) | Network management system | |
| CN114465750B (en) | Network topology confusion virtual path creating method, device, terminal and system | |
| Chukwu et al. | Consolidating policy chains using one pass packet steering in software defined data centers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |