CN117040943A - Cloud network endophytic security defense method and device based on IPv6 address driving - Google Patents
Cloud network endophytic security defense method and device based on IPv6 address driving Download PDFInfo
- Publication number
- CN117040943A CN117040943A CN202311305187.1A CN202311305187A CN117040943A CN 117040943 A CN117040943 A CN 117040943A CN 202311305187 A CN202311305187 A CN 202311305187A CN 117040943 A CN117040943 A CN 117040943A
- Authority
- CN
- China
- Prior art keywords
- port
- address
- ipv6
- network
- current
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 230000007123 defense Effects 0.000 title claims abstract description 33
- 238000012795 verification Methods 0.000 claims abstract description 86
- 230000002159 abnormal effect Effects 0.000 claims abstract description 84
- 230000007704 transition Effects 0.000 claims abstract description 40
- 238000012544 monitoring process Methods 0.000 claims abstract description 7
- 238000004458 analytical method Methods 0.000 claims description 54
- 238000001514 detection method Methods 0.000 claims description 23
- 238000012423 maintenance Methods 0.000 claims description 9
- 230000008520 organization Effects 0.000 claims description 4
- 230000011218 segmentation Effects 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 150000003839 salts Chemical class 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/659—Internet protocol version 6 [IPv6] addresses
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention discloses a cloud network endophytic security defense method and device based on IPv6 address driving, which belong to the technical field of cloud network security, and the method comprises the following steps: at the address generation layer, the identity information of the tenant in the cloud network is converted into a network unique identifier, the network unique identifier is spliced and encrypted with the information to generate an IPv6 interface identifier, and the IPv6 interface identifier is combined with a network prefix to obtain an IPv6 real address. At the address verification layer, monitoring the flow and flow table entry data of each network host port in real time, and determining the state transition condition of each network host port; aiming at network host ports with different state transition conditions, a differentiated verification strategy is adopted to verify the validity of the IPv6 real address. At the address utilization layer, when abnormal traffic is monitored, the current IPv6 real address corresponding to the abnormal traffic is obtained from the address verification layer, the identity of the current IPv6 real address is traced quickly, and meanwhile, the endogenous security defense capacity of the cloud network is improved by combining a dynamic source address verification method.
Description
Technical Field
The invention belongs to the technical field of cloud network security, and particularly relates to a cloud network endophytic security defense method and device based on IPv6 address driving.
Background
The cloud network is an important infrastructure forming the cloud platform, can provide virtual network resources for different service scenes, and users can dynamically adjust the network resources according to different service requirements, so that the service development requirements are better met. However, many security problems still exist in the cloud network, and compared with the traditional network, the cloud network is more widely affected after being attacked. Therefore, how to better ensure the security of the cloud network has become a focus of attention in the current network security field. The opaque black box characteristic of the tenant subnetwork in the cloud platform increases the defending difficulty of attack behaviors in the cloud and the management and control difficulty of the tenant.
After relevant research and analysis, the traceability of network traffic of different tenants in the existing cloud network security solution is found to be poor. At present, a set of complete and easily-deployed endogenous security solution does not exist in a cloud network, most of the existing endogenous security solution needs to be subjected to mimicry defense in a mode of improving attack cost of an attacker by constructing isomers, or an existing network infrastructure needs to be modified to provide endogenous security capability, and the two modes need to add additional deployment expenditure, are not strong in expansibility and are large in actual landing difficulty.
The existing source address verification technology is based on the existing real source address verification architecture, and performs source address verification by constructing a binding table. However, the static source address verification scheme can cause a large amount of redundant verification in the cloud network, increase responsibility of the controller, obviously reduce network service quality, and meanwhile, the existing dynamic source address verification method is inaccurate in tracing and positioning of the suspicious host.
Disclosure of Invention
Aiming at the defects or improvement demands of the prior art, the invention provides a cloud network endophytic security defense method and device based on IPv6 address driving, which aims to combine a dynamic source address verification method and an IPv6 real address generation and tracing method, provide real and credible terminal equipment addresses, facilitate verification and identity tracing, and provide endophytic security capability for a cloud network at a most basic underlying facility level, thereby solving the technical problems of poor defense and tracing capability of the existing cloud network security defense method to network flows of different tenants.
To achieve the above object, according to one aspect of the present invention, there is provided an IPv6 address driving-based cloud network endophytic security defense method, the IPv6 address driving-based cloud network including: the cloud network endophytic security defense method comprises the following steps of:
s1: at the address generation layer, tenant identity information in a cloud network is converted into a network unique identifier, and the network unique identifier and time information are spliced and encrypted to generate an IPv6 interface identifier; combining the IPv6 interface identifier with a network prefix to obtain an IPv6 real address;
s2: monitoring flow and flow table entry data of each network host port in real time at the address verification layer to determine the state transition condition of each network host port, wherein the network host ports are divided into normal ports, ports to be observed and abnormal ports; aiming at network host ports with different state transition conditions, adopting a differentiated verification strategy to verify the validity of the IPv6 real address;
s3: and when abnormal traffic is monitored in the address utilization layer, acquiring a current IPv6 real address corresponding to the abnormal traffic from the address verification layer, and carrying out identity tracing on the current IPv6 real address.
In one embodiment, the S1 includes, at the address generation layer:
s11: splicing the organization part and the segmentation part with the user identification corresponding to the identity information of the tenant in the cloud network to generate the network unique identification;
s12: splicing the time information with the network unique identifier, and encrypting to obtain a front interface identifier; performing hash operation on the time stamp at the key updating moment to obtain a time hash value; performing exclusive OR operation on the time hash value and the front interface identifier to generate the IPv6 interface identifier;
s13: and splicing and combining the IPv6 interface identifier and a network prefix to obtain the IPv6 real address.
In one embodiment, the time information is a time interval generated by the IPv6 real address, and is defined as a difference between a current time timestamp and a 1 month, 1 day, 0 hour, 0 minute, 0 second time timestamp of a year in which the current time is located.
In one embodiment, the step S3 includes: at the address utilization layer:
s31: when abnormal traffic is monitored, a current IPv6 real address corresponding to the abnormal traffic is obtained from the address verification layer;
s32: according to the network prefix in the current IPv6 real address, locating the current tenant network to which the network prefix belongs, and extracting the current IPv6 interface identification in the current IPv6 real address; sending an analysis request carrying the current IPv6 interface identifier to an address generation server in the current tenant network;
s33: and analyzing the IPv6 interface identifier by using the address generation server so as to trace the identity of the current IPv6 real address.
In one embodiment, the step S33 includes:
the address generation server inquires a current prepositive interface identifier corresponding to the current IPv6 interface identifier in a database, obtains a corresponding current time hash value by utilizing the exclusive OR of the current IPv6 interface identifier and the current prepositive interface identifier, searches a corresponding key in a key bank according to the current time hash value, decrypts by utilizing the current prepositive interface identifier and the key to obtain a current network unique identifier, and analyzes the current network unique identifier to obtain current user identity information.
In one embodiment, the step S2 includes the step of:
s21: collecting flow statistical information of a normal port, a port to be observed and an abnormal port by using a timing task;
s22: performing flow characteristic entropy analysis on the flow statistical information of the normal port, performing abnormal state detection on the flow statistical information of the port to be observed by adopting a packet loss threshold analysis method, and performing continuous packet loss threshold analysis detection on the flow statistical information of the abnormal port;
s23: determining the state transition condition of each network host port according to the analysis result; the state transition condition includes: interconversion between the normal port and the port to be observed and interconversion between the port to be observed and the abnormal port;
s24: aiming at network host ports with different state transition conditions, a differentiated verification strategy is adopted to verify the validity of the IPv6 real address.
In one embodiment, the step S23 includes:
if the analysis result shows that the flow characteristic entropy value of the normal port exceeds a first threshold value, the normal port is regarded as being converted to the port to be observed;
if the analysis result shows that the flow characteristic entropy value of the port to be observed is lower than a second threshold value, the port to be observed is converted into the normal port;
if the analysis result shows that the packet loss rate of the port to be observed exceeds a third threshold, the port to be observed is converted into the abnormal port;
and if the analysis result shows that the packet loss rate of the abnormal port is lower than a fourth threshold value, the abnormal port is converted to the port to be observed.
In one embodiment, the step S24 includes:
when detecting that the normal port is converted into the port to be observed, issuing a verification rule and a wildcard rule to a host corresponding to the port to be observed;
when detecting that the port to be observed is converted into the normal port, canceling the verification rule and the wildcard rule of the host corresponding to the port to be observed;
when the port to be observed is detected to be converted into the abnormal port, maintaining the current verification rule and the wild-type rule;
when the abnormal port is detected to be converted into the port to be observed, maintaining the current verification rule and the wild-type rule.
According to another aspect of the present invention, there is provided an IPv6 address driven cloud network endophytic security defense device, including:
the address generation module is used for converting tenant identity information in the cloud network into a network unique identifier, splicing the network unique identifier with the information, and encrypting the information to generate an IPv6 interface identifier; combining the IPv6 interface identifier with a network prefix to obtain an IPv6 real address;
the address verification module is used for monitoring the flow and flow table entry data of each network host port in real time so as to determine the state transition condition of each network host port, wherein the network host ports are divided into normal ports, ports to be observed and abnormal ports; aiming at network host ports with different state transition conditions, adopting a differentiated verification strategy to verify the validity of the IPv6 real address;
and the address utilization module is used for acquiring a current IPv6 real address corresponding to the abnormal traffic from the address verification layer when the abnormal traffic is monitored, and carrying out identity tracing on the current IPv6 real address.
In one embodiment, the address verification module includes:
the information acquisition module is used for acquiring flow and flow table item statistical information of the normal port, the port to be observed and the abnormal port by utilizing the timing task;
the port state detection module is used for carrying out flow characteristic entropy analysis on the flow statistical information of the normal port, carrying out abnormal state detection on the flow statistical information of the port to be observed by adopting a packet loss threshold analysis method, and carrying out continuous packet loss threshold analysis detection on the flow statistical information of the abnormal port;
the port state maintenance module is used for determining the state transition condition of each network host port according to the analysis result; the state transition condition includes: interconversion between the normal port and the port to be observed and interconversion between the port to be observed and the abnormal port;
and the flow table item deployment module is used for verifying the legality of the IPv6 real address by adopting a differentiated verification strategy aiming at network host ports with different state transition conditions.
In general, the above technical solutions conceived by the present invention, compared with the prior art, enable the following beneficial effects to be obtained:
(1) The invention can generate the real IPv6 address carrying the user identity information in the address generation layer, manage the generation and distribution of the real address, carry out flexible source address verification on the host in the network in the address verification layer, carry out quick tracing on the message by utilizing the real IPv6 address characteristic in the address utilization layer, provide the safety management and control service and filter the falsified message by utilizing the source address verification. And the real IPv6 address characteristic is utilized to realize quick tracing of tenant identity information, and meanwhile, the endophytic security defense capability of the cloud network is improved by combining with a dynamic source address verification method.
(2) In the embodiment, splicing the time information and the network unique identifier corresponding to the identity information of the tenant, and encrypting to obtain a front interface identifier; performing hash operation on the timestamp of the key updating moment to obtain a time hash value, encrypting the time hash value and the preposed interface identifier to generate the IPv6 interface identifier, and finally performing splicing and combination with a network prefix to obtain the IPv6 real address; the dynamic time information and the tenant identity information are utilized to realize the generation of the IPv6 real address in the cloud network, optimize the address coding mode, improve the identity information tracing efficiency, and lay a foundation for multi-tenant network management and tracing in the cloud network.
(3) In this embodiment, the time information is a time interval generated by an IPv6 real address, which indicates the time interval generated by the real address, so that the subsequent key lookup and flow tracing management are facilitated; the time stamp difference value can be further reduced with the precision of 10 seconds, 15 seconds, 30 seconds and the like, the length of the time stamp difference value is ensured to be maintained at 24 bits, and the inconvenience brought by the length limitation to symmetric encryption is overcome.
(4) In the address utilization layer, the embodiment locates the current tenant network to which the network prefix in the current IPv6 real address corresponding to the abnormal traffic belongs, and sends an analysis request carrying the current IPv6 interface identifier to an address generation server in the current tenant network; and carrying out identity tracing on the current IPv6 real address. The method and the device realize rapid analysis of identity information according to the IPv6 address, and can accurately locate and track abnormal traffic.
(5) In the embodiment, the address generation server adopts a symmetric algorithm to decrypt, the current identity information and the current time information are gradually analyzed from the current IPv6 interface identifier, the calculation complexity is low, and the calculation efficiency of the security defense method in the whole cloud network can be improved, so that the defense difficulty is reduced.
(6) In the embodiment, flow characteristic entropy analysis is performed on the flow statistical information of the normal port, abnormal state detection is performed on the flow statistical information of the port to be observed by adopting a packet loss threshold analysis method, and continuous packet loss threshold analysis detection is performed on the flow statistical information of the abnormal port; the method and the device realize differential source address verification according to different network security states, and can flexibly manage and control source address verification security of different hosts in a cloud network.
(7) According to the method, the conversion between the normal port and the port to be observed is determined by the aid of the flow characteristic entropy value, the conversion between the abnormal port and the port to be observed is determined by the aid of the packet loss rate, the calculation complexity is low, the calculation efficiency of the whole cloud network endophytic security defense method can be improved, and therefore the defense difficulty is reduced.
(8) In this embodiment, when it is detected that the normal port or the abnormal port is converted into the port to be observed, a verification rule and a wild-type rule are issued to the host corresponding to the port to be observed; when detecting that the port to be observed is converted into the normal port, canceling the verification rule and the wild-type rule; when detecting that the port to be observed is converted into the abnormal port, maintaining a current verification rule; the method can implement targeted source address verification strategies for hosts in different network security states, and increases the flexibility of source address verification while reducing the storage overhead of a flow table.
Drawings
Fig. 1 is a flowchart of a cloud network endophytic security defense method based on IPv6 address driving in an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of a cloud network based on IPv6 address driving according to an embodiment of the present invention.
Fig. 3 is a schematic diagram of an IPv6 real address generation process in an IPv6 address driven based cloud network endophytic security defense method according to an embodiment of the present invention.
Fig. 4 is an overall framework diagram of an address verification layer in an IPv6 address driven based cloud network in accordance with an embodiment of the present invention.
FIG. 5 is a schematic diagram illustrating a transition relationship between states in a port state maintenance module according to an embodiment of the present invention.
Fig. 6 is a schematic diagram of an IPv6 real address tracing process under a cloud network according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention. In addition, the technical features of the embodiments of the present invention described below may be combined with each other as long as they do not collide with each other.
As shown in fig. 1, the present invention provides a cloud network endophytic security defense method based on IPv6 address driving, and in fig. 2, the cloud network based on IPv6 address driving includes the following sequential communication: the cloud network endophytic security defense method comprises the following steps of:
s1: and at the address generation layer, the identity information of the tenant in the cloud network is converted into a network unique identifier, and the network unique identifier and the time information are spliced and encrypted to generate an IPv6 interface identifier. Combining the IPv6 interface identifier with the network prefix to obtain an IPv6 real address.
Specifically, the specification of the network identifier in the software-defined cloud network environment is further determined, and the user information in the cloud network is converted into the network unique identifier. And if a symmetric encryption algorithm is utilized, generating an IPv6 interface identifier according to the combination of the network unique identifier and the time information, and generating an IPv6 real address by splicing with the network.
S2: and at the address verification layer, monitoring the flow and flow table entry data of each network host port in real time to determine the state transition condition of each network host port, wherein the network host ports are divided into normal ports, ports to be observed and abnormal ports. Aiming at network host ports with different state transition conditions, a differentiated verification strategy is adopted to verify the validity of the IPv6 real address.
Specifically, a cloud network dynamic source address verification state transition model is designed and realized, the states of the network host ports are divided into three states, namely a normal port, a port to be observed and an abnormal port. The method for analyzing the state transition condition of the multi-stage port is designed and realized, for example, the method comprises a detection method based on a flow characteristic entropy value and a packet loss analysis method, and differentiated security policies are implemented on ports in different state transition conditions.
S3: and when abnormal traffic is monitored in the address utilization layer, obtaining a current IPv6 real address corresponding to the abnormal traffic from the address verification layer, and carrying out identity tracing on the current IPv6 real address.
Specifically, when an attack occurs in the cloud network environment, for example, by using a symmetric decryption algorithm, a manager can analyze user information according to a real IPv6 address, and query and trace the identity information of the user.
In one embodiment, S1 comprises at the address generation layer:
s11: and splicing the organization part and the segmentation part with the user identification corresponding to the identity information of the tenant in the cloud network to generate a network unique identification.
S12: and splicing the time information with the network unique identifier, and encrypting to obtain the front interface identifier. And carrying out hash operation on the time stamp at the key updating moment to obtain a time hash value. And performing exclusive OR on the time hash value and the front interface identifier to generate an IPv6 interface identifier.
S13: and splicing and combining the IPv6 interface identifier and the network prefix to obtain the IPv6 real address.
As shown in fig. 3, the user identity information and the source address may be combined to generate the IPv6 real address by using a hash algorithm, symmetric encryption, concatenation, and other algorithms. The method comprises the following steps:
splicing identity information of tenants in the cloud network to obtain a spliced character string; performing salt hash operation on the spliced character strings to obtain a digest with a length of 256 bits, and taking the first 16 bits of the digest as a user identifier; and splicing the user identifier with the organization part and the segmentation part to obtain the network unique identifier. Time information of address generation time needs to be calculated, and the time information indicates a time interval of real address generation; splicing the generated network unique identifier with the time information; and encrypting the spliced result by using an international data encryption algorithm to obtain a front interface identifier. The dynamic key improves security, but also increases the difficulty in resolving the address. By utilizing the characteristic of key timing updating, the time stamp at the key updating moment is subjected to hash operation to obtain a time hash value; performing exclusive OR operation on the time hash value and the front interface identifier to obtain a final interface identifier; and storing the interface identifier, and combining the interface identifier with the network prefix to obtain the final real IPv6 address.
In one embodiment, the time information is a time interval generated by the IPv6 real address, and is defined as a difference between a current time timestamp and a 1 month, 1 day, 0 hour, 0 minute, 0 second time timestamp of a year in which the current time is located.
Specifically, the time information indicates the time interval of the real address generation, which is beneficial to subsequent key searching and flow tracing management. The time information is defined as the difference between the time stamp and the time stamp of 1 month, 1 day, 0 hour, 0 minute and 0 second of the year of the current time, and the time stamp difference can be further reduced with the precision of 10 seconds, 15 seconds, 30 seconds and the like, so that the length of the time stamp is ensured to be maintained at 24 bits.
In one embodiment, S3 comprises: at the address utilization layer:
s31: when abnormal traffic is monitored, the current IPv6 real address corresponding to the abnormal traffic is obtained from the address verification layer.
S32: and according to the network prefix positioning of the current IPv6 real address, extracting the current IPv6 interface identification of the current IPv6 real address. And sending an analysis request carrying the current IPv6 interface identifier to an address generation server in the current tenant network.
S33: and analyzing the IPv6 interface identification by using the address generation server to trace the identity of the current IPv6 real address.
In one embodiment, S33 includes:
the address generation server searches a current pre-interface identifier corresponding to the current IPv6 interface identifier in a database, obtains a corresponding current time hash value by utilizing the current IPv6 interface identifier and the current pre-interface identifier, searches a corresponding key in a key bank according to the time hash value, decrypts by utilizing the current pre-interface identifier and the key to obtain a current network unique identifier, and analyzes the current network unique identifier to obtain current user identity information.
Specifically, when abnormal traffic is detected in a complex cloud network, tracing analysis needs to be performed on the abnormal traffic, and the address utilization layer provides a service for tracing and managing the real address generated by the address generation layer. Fig. 6 is a process of real address tracing, where tracing query is generally initiated by a destination application server when a problem traffic is intercepted, and basically is an inverse process of address generation, and the specific flow is as follows:
when a certain address needs to be traced to the source in the network, firstly, the tenant network to which the address belongs is positioned according to the network prefix information, then the last 64 bits of the IPv6 address to be traced are extracted as an interface identifier, and an analysis request is sent to an address tracing server of the tenant network; each tenant sub-network is provided with an address tracing server and an address generating server, and the address tracing server receives the analysis request and stores and manages the private key of the tenant sub-network. The address tracing server sends the interface identification to the address generating server for further analysis.
The address generation server is equivalent to a dynamic host configuration server role in a network and is responsible for generating and managing the address, and stores a plurality of important library tables in the address generation process. The address generation server queries a preposed interface identifier corresponding to the interface identifier in a database, and the preposed interface identifier and the database are exclusive-or to obtain a time hash value; the address generation server searches a corresponding key in the key bank according to the time hash value, and decrypts the front interface identifier by using the key; the address generation server obtains 24 bits after the network unique identifier according to the first 40 bits of the decrypted data, so as to obtain time information; and finally, analyzing the unique network identifier, searching the corresponding user identity information, and simultaneously converting the time information into the address generation time of the standard format, thereby completing the tracing of the real IPv6 address.
In addition, when the fake source address attack exists in the cloud network, the address utilization layer also utilizes a dynamic source address verification method to filter attack traffic of the fake source address, and provides more flexible and perfect traffic safety control service for the cloud network by combining an address tracing method, so that the endogenous safety defense capacity of the whole cloud network is improved.
In one embodiment, S2 is included in the address verification layer:
s21: and collecting flow and flow table item statistical information of the normal port, the port to be observed and the abnormal port by using the timing task.
S22: and carrying out flow characteristic entropy analysis on the flow statistical information of the normal port, carrying out abnormal state detection on the flow statistical information of the port to be observed by adopting a packet loss threshold analysis method, and carrying out continuous packet loss threshold analysis detection on the flow statistical information of the abnormal port.
S23: and determining the state transition condition of each network host port according to the analysis result. The state transition cases include: interconversion between the normal port and the port to be observed and interconversion between the port to be observed and the abnormal port.
S24: aiming at network host ports with different state transition conditions, a differentiated verification strategy is adopted to verify the validity of the IPv6 real address.
In one embodiment, S23 includes:
and if the analysis result shows that the flow characteristic entropy value of the normal port exceeds the first threshold value, the normal port is converted to the port to be observed.
And if the analysis result shows that the flow characteristic entropy value of the port to be observed is lower than the second threshold value, the port to be observed is converted into a normal port.
And if the analysis result shows that the packet loss rate of the port to be observed exceeds a third threshold value, the port to be observed is converted to the abnormal port.
And if the analysis result shows that the packet loss rate of the abnormal port is lower than the fourth threshold value, the abnormal port is converted to the port to be observed.
In one embodiment, S24 includes:
when the normal port is detected to be converted into the port to be observed, issuing verification rules and wild-type rules to the corresponding host of the port to be observed.
And when detecting that the port to be observed is converted into a normal port, canceling the verification rule and the wild-type rule of the host corresponding to the port to be observed.
When the port to be observed is detected to be converted into the abnormal port, the current verification rule and the wild-type rule are maintained.
When detecting that the abnormal port is converted into the port to be observed, maintaining the current verification rule and the wild-type rule.
According to another aspect of the present invention, there is provided an IPv6 address driven cloud network endophytic security defense device, including:
the address generation module is used for converting the identity information of the tenant in the cloud network into a network unique identifier, splicing the network unique identifier with the information, and encrypting the information to generate an IPv6 interface identifier. Combining the IPv6 interface identifier with the network prefix to obtain an IPv6 real address.
The address verification module is used for monitoring the flow and flow table entry data of each network host port in real time so as to determine the state transition condition of each network host port, and the network host ports are divided into a normal port, a port to be observed and an abnormal port. Aiming at network host ports with different state transition conditions, a differentiated verification strategy is adopted to verify the validity of the IPv6 real address.
The address utilization module is used for acquiring a current IPv6 real address corresponding to the abnormal traffic from the address verification layer when the abnormal traffic is monitored, and carrying out identity tracing on the current IPv6 real address.
Specifically, for the address generation module, based on a symmetric encryption algorithm, tenant identity information is embedded into an IPv6 address and then is 64 bits, an address allocation strategy of an IPv6 dynamic host configuration protocol is modified, and the implementation is performed based on a network service component of the existing cloud platform.
And for the address verification module, a targeted transfer method and a security verification strategy are designed according to different port state transfer conditions, and more accurate issuing of IPv6 source address verification rules is realized through flow characteristic entropy detection analysis and packet loss analysis, so that more flexible source address verification is performed on a host in a cloud network.
And for the address utilization module, the characteristics of the lower IPv6 real address are utilized, so that tenant identity information tracing based on the IPv6 address and traffic safety management and control based on dynamic source address verification are realized.
In one embodiment, the address verification module includes:
and the information acquisition module is used for acquiring flow and flow table item statistical information of the normal port, the port to be observed and the abnormal port by utilizing the timing task.
The port state detection module is used for carrying out flow characteristic entropy analysis on the flow statistical information of the normal port, carrying out abnormal state detection on the flow statistical information of the port to be observed by adopting a packet loss threshold analysis method, and carrying out packet loss threshold analysis detection on the flow statistical information of the abnormal port.
And the port state maintenance module is used for determining the state transition condition of each network host port according to the analysis result. The state transition cases include: interconversion between the normal port and the port to be observed and interconversion between the port to be observed and the abnormal port.
The flow table item deployment module is used for verifying the legality of the IPv6 real address by adopting a differentiated verification strategy aiming at network host ports with different state transition conditions.
FIG. 4 is a block diagram of a dynamic source address verification method according to the present invention, which mainly includes four modules: the system comprises an information acquisition module, a port state maintenance module, a port state detection module and a flow table item deployment module, wherein the information acquisition module, the port state maintenance module, the port state detection module and the flow table item deployment module are described below:
the information acquisition module is mainly responsible for periodically collecting data such as flow and flow table items and is used by other modules. The information acquisition module acquires different statistical information from the normal port, the port to be observed and the abnormal port through the timing task.
The port state maintenance module is responsible for maintaining the change of the port state transition condition, which is the core basis for the operations of information acquisition, flow table issuing and the like, and a module is used for managing the set independently in consideration of the robustness of the system.
The port state detection module is based on a port state maintenance module and mainly comprises three threads, wherein the thread 1 reads the statistical information of a normal port to analyze the flow characteristic entropy value, and the thread 2 reads the statistical information of the port to be observed to detect the abnormal state; and the thread 3 reads the statistical information of the abnormal port to perform packet loss threshold analysis.
The flow table item deployment module is mainly responsible for updating the binding table, issuing verification rules to the host in the abnormal port and filtering the falsified source address message.
FIG. 5 shows the transition relationships among the states in the port state maintenance module, and the system adopts different processes for the ports in different state transition conditions, and the following describes the transition method among the states of dynamic source address verification and the processing means for the ports in different states:
the normal port is switched with the port to be observed. First, in a normal network state, the host is at a normal port. Judging whether a normal port needs to be moved to a port to be observed or not according to the entropy value of the flow characteristic, when the port flow characteristic entropy value of a certain switch exceeds a threshold value, moving the port connected with the switch port into the port to be observed, and issuing a verification rule and a wild-type rule to the port to be observed for further observation and analysis; when the flow characteristic entropy value of the port to be observed is detected to be lower than the threshold value, the port is moved into a normal port, and the verification rule and the wild-type rule are cancelled.
And converting the port to be observed and the abnormal port. After judging based on the flow characteristic entropy value, the port to be observed can be classified into a large flow data packet port which sends a fake source address by high probability. However, some misjudgment still exists in judging according to the characteristic entropy value of the flow, so that further detection is needed. The host in the port to be observed has issued a wildcard rule and a verification rule, and the port packet loss rate can be calculated according to the verification rule and the wildcard rule. The data packet number successfully matched by the verification rule is marked as a normal data packet, the data packet number successfully matched by the wild rule is marked as a lost data packet, the packet loss rate is calculated to be used as a main judgment basis for detecting whether abnormal traffic exists in a port, when the packet loss rate is greater than a threshold value, the traffic corresponding to the host is judged to be abnormal, the host is moved into the abnormal port from a set to be observed, and the current verification rule is maintained; when the packet loss rate is lower than the threshold value, the abnormal port is transferred into the set to be observed.
It will be readily appreciated by those skilled in the art that the foregoing description is merely a preferred embodiment of the invention and is not intended to limit the invention, but any modifications, equivalents, improvements or alternatives falling within the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (10)
1. The cloud network endophytic security defense method based on IPv6 address driving is characterized in that the cloud network based on IPv6 address driving comprises the following steps of sequentially communicating: the cloud network endophytic security defense method comprises the following steps of:
s1: at the address generation layer, tenant identity information in a cloud network is converted into a network unique identifier, and the network unique identifier and time information are spliced and encrypted to generate an IPv6 interface identifier; combining the IPv6 interface identifier with a network prefix to obtain an IPv6 real address;
s2: monitoring flow and flow table entry data of each network host port in real time at the address verification layer to determine the state transition condition of each network host port, wherein the network host ports are divided into normal ports, ports to be observed and abnormal ports; aiming at network host ports with different state transition conditions, adopting a differentiated verification strategy to verify the validity of the IPv6 real address;
s3: and when abnormal traffic is monitored in the address utilization layer, acquiring a current IPv6 real address which passes verification and corresponds to the abnormal traffic from the address verification layer, and carrying out identity tracing on the current IPv6 real address.
2. The IPv6 address driven based cloud network endophytic security defense method of claim 1, wherein S1 comprises, at the address generation layer:
s11: splicing the organization part and the segmentation part with the user identification corresponding to the identity information of the tenant in the cloud network to generate the network unique identification;
s12: splicing the time information with the network unique identifier, and encrypting to obtain a front interface identifier; performing hash operation on the time stamp at the key updating moment to obtain a time hash value; performing exclusive OR operation on the time hash value and the front interface identifier to generate the IPv6 interface identifier;
s13: and splicing and combining the IPv6 interface identifier and a network prefix to obtain the IPv6 real address.
3. The method for defending against internal security of a cloud network based on IPv6 address driving as claimed in claim 2, wherein the time information is a time interval generated by an IPv6 real address and is defined as a difference between a current time timestamp and a 1 month 1 day 0 hour 0 minute 0 second time timestamp of a year in which the current time is located.
4. The cloud network endophytic security defense method based on IPv6 address driving of claim 2, wherein S3 comprises: at the address utilization layer:
s31: when abnormal traffic is monitored, a current IPv6 real address corresponding to the abnormal traffic is obtained from the address verification layer;
s32: according to the network prefix in the current IPv6 real address, locating the current tenant network to which the network prefix belongs, and extracting the current IPv6 interface identification in the current IPv6 real address; sending an analysis request carrying the current IPv6 interface identifier to an address generation server in the current tenant network;
s33: and analyzing the IPv6 interface identifier by using the address generation server so as to trace the identity of the current IPv6 real address.
5. The cloud network endophytic security defense method based on IPv6 address driving of claim 4, wherein S33 comprises:
the address generation server inquires a current prepositive interface identifier corresponding to the current IPv6 interface identifier in a database, obtains a corresponding current time hash value by utilizing the exclusive OR of the current IPv6 interface identifier and the current prepositive interface identifier, searches a corresponding key in a key bank according to the current time hash value, decrypts by utilizing the current prepositive interface identifier and the key to obtain a current network unique identifier, and analyzes the current network unique identifier to obtain current user identity information.
6. The IPv6 address driven based cloud network endophytic security defense method of claim 1, wherein S2 comprises, at the address verification layer:
s21: collecting flow statistical information of a normal port, a port to be observed and an abnormal port by using a timing task;
s22: performing flow characteristic entropy analysis on the flow statistical information of the normal port, performing abnormal state detection on the flow statistical information of the port to be observed by adopting a packet loss threshold analysis method, and performing continuous packet loss threshold analysis detection on the flow statistical information of the abnormal port;
s23: determining the state transition condition of each network host port according to the analysis result; the state transition condition includes: interconversion between the normal port and the port to be observed and interconversion between the port to be observed and the abnormal port;
s24: aiming at network host ports with different state transition conditions, a differentiated verification strategy is adopted to verify the validity of the IPv6 real address.
7. The cloud network endophytic security defense method based on IPv6 address driving of claim 6, wherein S23 comprises:
if the analysis result shows that the flow characteristic entropy value of the normal port exceeds a first threshold value, the normal port is regarded as being converted to the port to be observed;
if the analysis result shows that the flow characteristic entropy value of the port to be observed is lower than a second threshold value, the port to be observed is converted into the normal port;
if the analysis result shows that the packet loss rate of the port to be observed exceeds a third threshold, the port to be observed is converted into the abnormal port;
and if the analysis result shows that the packet loss rate of the abnormal port is lower than a fourth threshold value, the abnormal port is converted to the port to be observed.
8. The cloud network endophytic security defense method based on IPv6 address driving of claim 7, wherein S24 comprises:
when detecting that the normal port is converted into the port to be observed, issuing a verification rule and a wildcard rule to a host corresponding to the port to be observed;
when detecting that the port to be observed is converted into the normal port, canceling the verification rule and the wildcard rule of the host corresponding to the port to be observed;
when the port to be observed is detected to be converted into the abnormal port, maintaining the current verification rule and the wild-type rule;
when the abnormal port is detected to be converted into the port to be observed, maintaining the current verification rule and the wild-type rule.
9. An IPv6 address driven cloud network endophytic security defense device, comprising:
the address generation module is used for converting tenant identity information in the cloud network into a network unique identifier, splicing and encrypting the network unique identifier and time information to generate an IPv6 interface identifier; combining the IPv6 interface identifier with a network prefix to obtain an IPv6 real address;
the address verification module is used for monitoring the flow and flow table entry data of each network host port in real time so as to determine the state transition condition of each network host port, wherein the network host ports are divided into normal ports, ports to be observed and abnormal ports; aiming at network host ports with different state transition conditions, adopting a differentiated verification strategy to verify the validity of the IPv6 real address;
and the address utilization module is used for acquiring a current IPv6 real address which passes verification and corresponds to the abnormal traffic from the address verification layer when the abnormal traffic is monitored, and carrying out identity tracing on the current IPv6 real address.
10. The IPv6 address driven based cloud network endophytic security defense device of claim 9, wherein the address verification module comprises:
the information acquisition module is used for acquiring flow and flow table item statistical information of the normal port, the port to be observed and the abnormal port by utilizing the timing task;
the port state detection module is used for carrying out flow characteristic entropy analysis on the flow statistical information of the normal port, carrying out abnormal state detection on the flow statistical information of the port to be observed by adopting packet loss threshold analysis, and carrying out continuous packet loss threshold analysis detection on the flow statistical information of the abnormal port;
the port state maintenance module is used for determining the state transition condition of each network host port according to the analysis result; the state transition condition includes: interconversion between the normal port and the port to be observed and interconversion between the port to be observed and the abnormal port;
and the flow table item deployment module is used for verifying the legality of the IPv6 real address by adopting a differentiated verification strategy aiming at network host ports with different state transition conditions.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311305187.1A CN117040943B (en) | 2023-10-10 | 2023-10-10 | Cloud network endophytic security defense method and device based on IPv6 address driving |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311305187.1A CN117040943B (en) | 2023-10-10 | 2023-10-10 | Cloud network endophytic security defense method and device based on IPv6 address driving |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117040943A true CN117040943A (en) | 2023-11-10 |
| CN117040943B CN117040943B (en) | 2023-12-26 |
Family
ID=88643506
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311305187.1A Active CN117040943B (en) | 2023-10-10 | 2023-10-10 | Cloud network endophytic security defense method and device based on IPv6 address driving |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117040943B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117354063A (en) * | 2023-12-04 | 2024-01-05 | 明阳产业技术研究院(沈阳)有限公司 | IPv 6-based intelligent internet terminal management method, system, medium and equipment |
Citations (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040083306A1 (en) * | 2002-10-24 | 2004-04-29 | International Business Machines Corporation | Method and apparatus for maintaining internet domain name data |
| US20070118885A1 (en) * | 2005-11-23 | 2007-05-24 | Elrod Craig T | Unique SNiP for use in secure data networking and identity management |
| US20090204691A1 (en) * | 2008-02-13 | 2009-08-13 | Futurewei Technologies, Inc. | USAGE OF HOST GENERATING INTERFACE IDENTIFIERS IN DHCPv6 |
| EP2160886A2 (en) * | 2007-06-22 | 2010-03-10 | Telefonaktiebolaget LM Ericsson (PUBL) | System and method for access network multi-homing |
| CN101710906A (en) * | 2009-12-18 | 2010-05-19 | 工业和信息化部电信传输研究所 | IPv6 address structure and method and device for allocating and tracing same |
| EP2250784A1 (en) * | 2008-03-04 | 2010-11-17 | Telefonaktiebolaget L M Ericsson (PUBL) | Ip address delegation |
| CN102447694A (en) * | 2011-11-03 | 2012-05-09 | 富春通信股份有限公司 | IPv6 network false source address data packet tracking method and device |
| US20130103819A1 (en) * | 2011-10-18 | 2013-04-25 | Bluecat Networks | Method and system for implementing a user network identity address provisioning server |
| CN103348662A (en) * | 2011-04-15 | 2013-10-09 | 西门子企业通讯有限责任两合公司 | Method for generating addresses in a computer network |
| CN105282266A (en) * | 2015-06-30 | 2016-01-27 | 清华大学 | IPV6 address generating and analyzing methods and systems |
| CN105323329A (en) * | 2015-06-30 | 2016-02-10 | 清华大学 | IPv6 address generating method and device, and IPv6 address analyzing method and device |
| WO2016061925A1 (en) * | 2014-10-22 | 2016-04-28 | 中兴通讯股份有限公司 | Method, apparatus for maintaining routing table and storage medium |
| US20160119316A1 (en) * | 2013-09-30 | 2016-04-28 | Beijing Zhigu Rui Tuo Tech Co., Ltd. | Wireless network authentication method and wireless network authentication apparatus |
| WO2016150014A1 (en) * | 2015-03-24 | 2016-09-29 | 中兴通讯股份有限公司 | Method and apparatus for generating internet protocol address prefix |
| CN108881241A (en) * | 2018-06-26 | 2018-11-23 | 华中科技大学 | A kind of software-oriented defines the dynamic source address verification method of network |
| CN109361562A (en) * | 2018-10-31 | 2019-02-19 | 广东电网有限责任公司信息中心 | A kind of automated testing method based on the access of related network equipment |
| CN109413228A (en) * | 2018-12-20 | 2019-03-01 | 全链通有限公司 | IPv6 generation method and system based on block chain domain name system |
| CN109495440A (en) * | 2018-09-06 | 2019-03-19 | 国家电网有限公司 | A kind of random device of Intranet dynamic security |
| KR102047342B1 (en) * | 2018-11-20 | 2019-11-26 | (주)소만사 | Data loss prevention system implemented on cloud and operating method thereof |
| CN111787130A (en) * | 2020-05-28 | 2020-10-16 | 武汉思普崚技术有限公司 | IPv6 address and prefix distribution method, device and computer readable storage medium |
| US20220060498A1 (en) * | 2020-08-20 | 2022-02-24 | Intrusion, Inc. | System and method for monitoring and securing communications networks and associated devices |
| CN114172731A (en) * | 2021-12-09 | 2022-03-11 | 赛尔网络有限公司 | Method, device, equipment and medium for quickly verifying and tracing IPv6 address |
| CN114338044A (en) * | 2022-01-13 | 2022-04-12 | 王鹏 | Method for verifying identity of network user, storage device and processing device |
| CN114389835A (en) * | 2021-12-01 | 2022-04-22 | 青海师范大学 | IPv6 option explicit source address encryption security verification gateway and verification method |
| CN114448936A (en) * | 2022-01-28 | 2022-05-06 | 广州根链国际网络研究院有限公司 | IPv 6-based encoding traceable network transmission rule verification method |
| CN115460175A (en) * | 2022-08-11 | 2022-12-09 | 中国电信股份有限公司 | IPv6 address generation method and device, electronic equipment and storage medium |
| CN116582287A (en) * | 2023-01-06 | 2023-08-11 | 天翼云科技有限公司 | Safety transmission method and device for IPv6 flow in cloud network |
| CN116668408A (en) * | 2023-08-01 | 2023-08-29 | 华中科技大学 | IPv6 container cloud platform real address coding verification and tracing method and system |
| CN116684869A (en) * | 2023-07-20 | 2023-09-01 | 华中科技大学 | IPv 6-based park wireless network trusted access method, system and medium |
-
2023
- 2023-10-10 CN CN202311305187.1A patent/CN117040943B/en active Active
Patent Citations (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040083306A1 (en) * | 2002-10-24 | 2004-04-29 | International Business Machines Corporation | Method and apparatus for maintaining internet domain name data |
| US20070118885A1 (en) * | 2005-11-23 | 2007-05-24 | Elrod Craig T | Unique SNiP for use in secure data networking and identity management |
| EP2160886A2 (en) * | 2007-06-22 | 2010-03-10 | Telefonaktiebolaget LM Ericsson (PUBL) | System and method for access network multi-homing |
| US20090204691A1 (en) * | 2008-02-13 | 2009-08-13 | Futurewei Technologies, Inc. | USAGE OF HOST GENERATING INTERFACE IDENTIFIERS IN DHCPv6 |
| EP2250784A1 (en) * | 2008-03-04 | 2010-11-17 | Telefonaktiebolaget L M Ericsson (PUBL) | Ip address delegation |
| CN101710906A (en) * | 2009-12-18 | 2010-05-19 | 工业和信息化部电信传输研究所 | IPv6 address structure and method and device for allocating and tracing same |
| CN103348662A (en) * | 2011-04-15 | 2013-10-09 | 西门子企业通讯有限责任两合公司 | Method for generating addresses in a computer network |
| US20130103819A1 (en) * | 2011-10-18 | 2013-04-25 | Bluecat Networks | Method and system for implementing a user network identity address provisioning server |
| CN102447694A (en) * | 2011-11-03 | 2012-05-09 | 富春通信股份有限公司 | IPv6 network false source address data packet tracking method and device |
| US20160119316A1 (en) * | 2013-09-30 | 2016-04-28 | Beijing Zhigu Rui Tuo Tech Co., Ltd. | Wireless network authentication method and wireless network authentication apparatus |
| WO2016061925A1 (en) * | 2014-10-22 | 2016-04-28 | 中兴通讯股份有限公司 | Method, apparatus for maintaining routing table and storage medium |
| WO2016150014A1 (en) * | 2015-03-24 | 2016-09-29 | 中兴通讯股份有限公司 | Method and apparatus for generating internet protocol address prefix |
| CN105282266A (en) * | 2015-06-30 | 2016-01-27 | 清华大学 | IPV6 address generating and analyzing methods and systems |
| CN105323329A (en) * | 2015-06-30 | 2016-02-10 | 清华大学 | IPv6 address generating method and device, and IPv6 address analyzing method and device |
| CN108881241A (en) * | 2018-06-26 | 2018-11-23 | 华中科技大学 | A kind of software-oriented defines the dynamic source address verification method of network |
| CN109495440A (en) * | 2018-09-06 | 2019-03-19 | 国家电网有限公司 | A kind of random device of Intranet dynamic security |
| CN109361562A (en) * | 2018-10-31 | 2019-02-19 | 广东电网有限责任公司信息中心 | A kind of automated testing method based on the access of related network equipment |
| KR102047342B1 (en) * | 2018-11-20 | 2019-11-26 | (주)소만사 | Data loss prevention system implemented on cloud and operating method thereof |
| CN109413228A (en) * | 2018-12-20 | 2019-03-01 | 全链通有限公司 | IPv6 generation method and system based on block chain domain name system |
| CN111787130A (en) * | 2020-05-28 | 2020-10-16 | 武汉思普崚技术有限公司 | IPv6 address and prefix distribution method, device and computer readable storage medium |
| US20220060498A1 (en) * | 2020-08-20 | 2022-02-24 | Intrusion, Inc. | System and method for monitoring and securing communications networks and associated devices |
| CN114389835A (en) * | 2021-12-01 | 2022-04-22 | 青海师范大学 | IPv6 option explicit source address encryption security verification gateway and verification method |
| CN114172731A (en) * | 2021-12-09 | 2022-03-11 | 赛尔网络有限公司 | Method, device, equipment and medium for quickly verifying and tracing IPv6 address |
| CN114338044A (en) * | 2022-01-13 | 2022-04-12 | 王鹏 | Method for verifying identity of network user, storage device and processing device |
| CN114448936A (en) * | 2022-01-28 | 2022-05-06 | 广州根链国际网络研究院有限公司 | IPv 6-based encoding traceable network transmission rule verification method |
| CN115460175A (en) * | 2022-08-11 | 2022-12-09 | 中国电信股份有限公司 | IPv6 address generation method and device, electronic equipment and storage medium |
| CN116582287A (en) * | 2023-01-06 | 2023-08-11 | 天翼云科技有限公司 | Safety transmission method and device for IPv6 flow in cloud network |
| CN116684869A (en) * | 2023-07-20 | 2023-09-01 | 华中科技大学 | IPv 6-based park wireless network trusted access method, system and medium |
| CN116668408A (en) * | 2023-08-01 | 2023-08-29 | 华中科技大学 | IPv6 container cloud platform real address coding verification and tracing method and system |
Non-Patent Citations (6)
| Title |
|---|
| 刘莹;任罡;包丛笑;李贺武;: "基于IPv6的下一代互联网技术与实践", 信息通信技术, no. 06 * |
| 周启钊: "软件定义的数据中心网络流表安全保护性能优化方法研究", 《中国博士学位论文全文数据库(电子期刊)》, no. 2, pages 139 - 14 * |
| 周启钊;于俊清;李冬;: "SDN环境下SAVI动态配置技术研究", 通信学报, no. 1 * |
| 张连成;郭毅;: "IPv6网络安全威胁分析", 信息通信技术, no. 06 * |
| 邵婧;陈越;谭鹏许;: "IPv6源地址和网络业务验证体系结构", 计算机工程与设计, no. 07 * |
| 黄宸;: "真实IPv6源地址验证体系结构", 科技风, no. 03, pages 139 - 4 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117354063A (en) * | 2023-12-04 | 2024-01-05 | 明阳产业技术研究院(沈阳)有限公司 | IPv 6-based intelligent internet terminal management method, system, medium and equipment |
| CN117354063B (en) * | 2023-12-04 | 2024-04-02 | 明阳产业技术研究院(沈阳)有限公司 | IPv 6-based intelligent internet terminal management method, system, medium and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117040943B (en) | 2023-12-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110753064B (en) | Machine learning and rule matching fused security detection system | |
| CN103607399B (en) | Private IP network network safety monitoring system and method based on darknet | |
| CN101924757B (en) | Method and system for reviewing Botnet | |
| CN111683097B (en) | Cloud network flow monitoring system based on two-stage architecture | |
| CN108737439B (en) | Large-scale malicious domain name detection system and method based on self-feedback learning | |
| CN117040943B (en) | Cloud network endophytic security defense method and device based on IPv6 address driving | |
| CN111586033A (en) | Asset data middle platform of data center | |
| KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
| CN110505206B (en) | Internet threat monitoring and defense method based on dynamic joint defense | |
| JP2016508353A (en) | Improved streaming method and system for processing network metadata | |
| CN102571487A (en) | Distributed bot network scale measuring and tracking method based on multiple data sources | |
| CN110213280A (en) | Ddos attack detection method based on LDMDBF under a kind of SDN environment | |
| CN111510463B (en) | Abnormal behavior recognition system | |
| Fei et al. | The abnormal detection for network traffic of power iot based on device portrait | |
| CN115865526A (en) | Industrial internet security detection method and system based on cloud edge cooperation | |
| CN104883362A (en) | Method and device for controlling abnormal access behaviors | |
| CN116668408B (en) | IPv6 container cloud platform real address coding verification and tracing method and system | |
| Sen et al. | Towards an approach to contextual detection of multi-stage cyber attacks in smart grids | |
| TWI744545B (en) | Decentralized network flow analysis approach and system for malicious behavior detection | |
| CN112422483B (en) | Identity protection strategy for ubiquitous power Internet of things | |
| KR100799558B1 (en) | Apparatus and method for tracking harmful file in P2P network | |
| CN114024830A (en) | Grubbs-based alarm correlation method | |
| CN112291213A (en) | Abnormal flow analysis method and device based on intelligent terminal | |
| CN114257459B (en) | Information physical system and cross-layer attack path tracing method thereof | |
| CN114157496B (en) | Intelligent machine room equipment management platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |