CN117714212B - Network topology confusion method and system for defending link flooding attack - Google Patents
Network topology confusion method and system for defending link flooding attack Download PDFInfo
- Publication number
- CN117714212B CN117714212B CN202410162256.6A CN202410162256A CN117714212B CN 117714212 B CN117714212 B CN 117714212B CN 202410162256 A CN202410162256 A CN 202410162256A CN 117714212 B CN117714212 B CN 117714212B
- Authority
- CN
- China
- Prior art keywords
- network
- link
- flow
- virtual
- links
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000004220 aggregation Methods 0.000 claims description 4
- 238000003780 insertion Methods 0.000 claims description 3
- 230000037431 insertion Effects 0.000 claims description 3
- 238000000638 solvent extraction Methods 0.000 claims description 3
- 238000004891 communication Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a network topology confusion method and a system for defending link flooding attack, wherein the method comprises the following steps: s1: collecting node sets of a network to be protectedNetwork link setNetwork link bandwidthNetwork flow setAndRouting paths of (a)S2: calculate each stripFlow density higher thanThen join the critical link set; S3: if it isContains critical links, willAdding a to-be-confused flow set; s4: splitting a set of streams to be confused into a constant stream and an operation stream; step S5: splitting a key link of an operation flow into two virtual links to obtain a virtual routing path; s6: randomly selecting a virtual link and calculating the traffic density of the virtual link, and if the traffic density is lower than a threshold value, adding a plurality of security flows into an operation flow and executing S5; s7: after the operation flow is executed by S4-S6, output. The method of the invention can effectively hide the bottleneck links and key nodes in the network.
Description
Technical Field
The invention relates to the field of network security, in particular to a network topology confusion method and system for defending link flooding attack.
Background
The ICMP protocol is an important protocol in existing internet protocol stacks and its main role is to deliver control, error and diagnostic messages in an IP network. However, abuse of ICMP has led to serious security problems. In Link-flooding Attack (LFA), an attacker constructs a large number of probe data messages by using a Time To Live (TTL) field in an ICMP message, and after collecting icmp_ttl_exceeded replies, reproduces nodes and links in the network, and searches for a key entity in the topology that bears a large number of routing tasks. After searching partial key nodes and links, an attacker can initiate flooding to a small number of key links so as to achieve the purpose of cutting off network communication within a certain range of a victim.
Currently, link flooding attacks have caused serious losses to the global internet. To address this problem, programmable routers may attempt to hide, confuse, portions of particular links by modifying ICMP messages to prevent an attacker from discovering a valid target. However, the method of only confusing the IP address and creating the simple virtual path cannot achieve the effect of confusing the importance of the link, and even if the name and code of the link are changed, the attacker can still identify the position of the link in the topology, evaluate the importance of the link, and successfully launch the attack, thereby threatening the network availability.
Disclosure of Invention
In order to solve the technical problems, the invention provides a network topology confusion method and system for defending link flooding attack.
The technical scheme of the invention is as follows: a network topology confusion method for defending against link flooding attacks, comprising:
Step S1: network administrator is in the physical network to be protected In the scope, collecting node sets/>, within the scope of the network to be protectedNetwork link setCorresponding to each network link bandwidth/>Network flow aggregationWherein/>Comprising stream source address, stream destination address, stream generation location, stream average rate per second information, and routing path/>, per network streamWherein/>Is the source node,/>Is a destination node;
Step S2: computing each network link Traffic density of bearer/>And find all/>Greater than or equal to network link bandwidth/>Network links of (a) to build a set of critical links/>;
Step S3: for the followingEach of the critical links/>Traversing all network flows, if network flows/>Routing path/>Including the critical link/>It is added to the set of streams to be confused/>If a network flow does not belong to any set of flows to be confused, the network flow is denoted as security flow/>;
Step S4: for the purpose ofTo be confused link/>1 Virtual network node/>, is generatedPair/>To-be-confused flow set/>Randomly dividing the set into two parts; wherein, one part of the paths is kept unchanged and is recorded as a constant flow without confusion; another part is denoted as operation flow/>Confusion is performed in a subsequent step;
Step S5: for the operation flow Performing a confusion operation such that critical links/>, in the routing path of the operation flowSplit into two virtual links/>And/>Original route pathModified to virtual routing Path/>;
Step S6: in two virtual linksAnd/>Randomly selecting one piece to carry out the following steps: calculating the traffic density of the virtual link, if the traffic density of the virtual link is lower than/>Then a certain number of security flows are randomly selected and added to the operation flow set/>In the meantime from/>And then add to the operation flow set/>, for each new pieceStep S5 is executed to carry out confusion operation;
Step S7: when paired After all the key links in the network have been executed in the steps S4-S6, each network flow/> isobtainedVirtual routing Path/>。
Compared with the prior art, the invention has the following advantages:
The invention discloses a network topology confusion method for defending link flooding attack, which carries out confusion on network topology and link flow distribution by randomly adding virtual nodes to a full network detection flow and selectively splitting key links, thereby effectively hiding bottleneck links and key nodes in a network.
Drawings
Fig. 1 is a flowchart of a network topology confusion method for defending link flooding attack in an embodiment of the present invention;
FIG. 2 is a schematic diagram of a network structure according to an embodiment of the present invention;
Fig. 3 is a block diagram of a network topology confusion system for defending link flooding attacks according to an embodiment of the present invention.
Detailed Description
The invention provides a network topology confusion method for defending link flooding attack, which is used for carrying out confusion on network topology and link traffic distribution and effectively hiding bottleneck links and key nodes in a network.
The present invention will be further described in detail below with reference to the accompanying drawings by way of specific embodiments in order to make the objects, technical solutions and advantages of the present invention more apparent.
Example 1
As shown in fig. 1, the network topology confusion method for defending link flooding attack provided by the embodiment of the invention includes the following steps:
Step S1: network administrator is in the physical network to be protected Within the scope, collecting node sets/>, within the scope of the network to be protectedNetwork link set/>Corresponding to each network link bandwidth/>Network flow set/>Wherein/>Comprising source address, destination address, stream generation location, average rate per second information of streams, and routing path for each network streamWherein/>Is the source node,/>Is a destination node;
Step S2: computing each network link Traffic density of bearer/>And find all/>Greater than or equal to network link bandwidth/>Network links of (a) to build a set of critical links/>;
Step S3: for the followingEach of the critical links/>Traversing all network flows, if network flows/>Routing path/>Including the critical link/>It is added to the set of streams to be confused/>If a network flow does not belong to any set of flows to be confused, the network flow is denoted as security flow/>;
Step S4: for the purpose ofTo be confused link/>1 Virtual network node/>, is generatedPair/>To-be-confused flow set/>Randomly dividing the set into two parts; wherein, one part of the paths is kept unchanged and is recorded as a constant flow without confusion; another part is denoted as operation flow/>Confusion is performed in a subsequent step;
step S5: for operation flows Performing a confusion operation such that critical links/>, in the routing path of the operation flowSplit into two virtual links/>And/>Original route pathModified to virtual routing Path/>;
Step S6: in two virtual linksAnd/>Randomly selecting one piece to carry out the following steps: calculating the traffic density of the virtual link, if the traffic density of the virtual link is lower than/>Then a certain number of security flows are randomly selected and added to the operation flow set/>In the meantime from/>And then add to the operation flow set/>, for each new pieceStep S5 is executed to carry out confusion operation;
Step S7: when paired After all the key links in the network have been executed in the steps S4-S6, each network flow/> isobtainedVirtual routing Path/>。
In one embodiment, step S1 described above: network administrator is in the physical network to be protectedWithin the scope, collecting node sets/>, within the scope of the network to be protectedNetwork link setCorresponding to each network link bandwidth/>Network flow aggregationWherein/>Comprising stream source address, stream destination address, stream generation location, stream average rate per second information, and routing path/>, per network streamWherein/>Is the source node,/>The method specifically comprises the following steps of:
as shown in fig. 2, the physical network topology is a 6-node The barbell-shaped network of (a) includes a network flow set when all nodes are the originating node and the destination node, and a total of 30 network flow sets are used as follows for convenience of descriptionTo identify the source node/>Issue, to destination node/>Is consistent with the average rate; in this embodiment, the network uses the shortest path method to route, and each network link has equal bandwidth, so that 15 network flows can be accommodated at the same time at the highest.
In one embodiment, step S2 above: computing each network linkTraffic density of bearer/>And find all/>Greater than network link bandwidth/>Network links of (a) to build a set of critical links/>The method specifically comprises the following steps:
step S21: each time there is a network flow through the network link Then the link traffic density/>= />+Average rate per second of the network flow;
step S22: finding out a link set meeting the network link traffic density of more than or equal to the network link bandwidth: Denoted as Critical Link set/> ; Or may specify the set of critical links by itself.
In FIG. 2, on the linkCarries network thing bidirectional traffic with a traffic density equal to 18, higher than the link bandwidth 15 and plays an important communication role in the topology, thus link/>As a critical link.
In one embodiment, the step S3: for the followingEach of the critical links/>Traversing all network flows, if network flows/>Routing path/>Including the critical link/>It is added to the set of streams to be confused/>If a network flow does not belong to any set of flows to be confused, the network flow is denoted as security flow/>The method specifically comprises the following steps:
Step S31: for each critical link Initializing its set of streams to be confused/>;
Step S32: if the network flowsRouting path/>Including the critical link/>Will/>Join/>I.e./>Finally get/>To-be-confused flow set/>;
Step S33: for network flows not belonging to any to-be-confused flow set, the network flows are regarded as safe flows, and the safe flow set is added。
In fig. 2, for example, network flows,/>Are all inclusive of critical links/>And thus belong to the stream to be confused/>The critical link is not included and belongs to the secure flow.
In one embodiment, S4 above: for the purpose ofTo be confused link/>1 Virtual network node/>, is generatedPair/>To-be-confused flow set/>Randomly dividing the set into two parts; wherein, one part of the paths is kept unchanged and is recorded as a constant flow without confusion; another part is denoted as operation flow/>The confusion in the subsequent steps specifically comprises:
step S41: using node randomly generating IP address as virtual network node ;
Step S42: to-be-confused flow setRandom partitioning is performed, splitting the set into two parts: wherein a part of the network flow bandwidth of the part which is not required to be confused is equal to half of the original network link bandwidth, namely/>, the original path is kept unchanged; Another part is to be confused in the subsequent step, denoted as operation flow/>The sum of the network flow bandwidths of the operation flows is equal to the traffic density of the links to be confused minus half of the original network link bandwidth, i.e。
As shown in fig. 2, on critical linksThe generation of 1 virtual network node/>,/>Random generation of parameters of (a) and then the set of streams to be confused on the critical link/>Random partitioning is performed, since the bandwidth of the critical link is 15, from the time of passing the critical link/>Random selection/>, of 18 network flowsThe stripe network flow (rounding down to 7) is not confused, and the original path is kept unchanged; the remaining 11 network flows are used as operation flows.
In one embodiment, the step S5 is as follows: for operation flowsPerforming a confusion operation such that critical links/>, in the routing path of the operation flowSplit into two virtual links/>AndOriginal route/>Modified to virtual routing Path/>The method specifically comprises the following steps:
In the operation flow Routing path/>In finding critical links/>Location, will/>Insertion/>In, will/>Splitting into two virtual linksAnd/>And let the original route path/>Modifying to virtual routing paths。
As shown in fig. 2, in 11 operation flows, virtual nodes are inserted in critical paths of the routing paths thereofFor example,/>Is the routing path origin/>Wherein critical path/>Middle insertion/>The modified virtual routing path is/>In which two virtual links are includedAnd/>。
In one embodiment, step S6 above: in two virtual linksAnd/>Randomly selecting one piece to carry out the following steps: calculating the traffic density of the virtual link, if the traffic density of the virtual link is lower than/>Then a certain number of security flows are randomly selected and added to the operation flow set/>In the meantime from/>And then add to the operation flow set/>, for each new pieceStep S5 is executed to carry out confusion operation;
Assuming randomly selected virtual links as Calculating in step S2 to obtain the key link/>And the current virtual link has a traffic density of 18 and a traffic density of 11, less than/>It is therefore necessary to reselect at least 4 security flows, add the virtual link at random locations on its routing path, e.g. if security flow/>, is selectedIts original route is/>The modified virtual routing path is/>。
In one embodiment, step S7 above: when pairedAfter all the key links in the network have been executed in the steps S4-S6, each network flow/> isobtainedVirtual routing Path/>。
Repeating the steps S4-S6 for all key links in the network to obtain all network flowsVirtual routing paths of (a)And outputting the result.
For newly joined network flows, the processing is performed as follows:
if the network flow does not pass through any path of the flow to be confused, the network flow is not processed; if the network flow passes through the path of the flow to be confused, it is determined with a random 50% probability whether to perform the confusion operation of step S5.
Example two
As shown in fig. 3, an embodiment of the present invention provides a network topology confusion system for defending link flooding attack, which includes the following modules:
A network information collecting module 81 for a network manager to protect a physical network to be protected Within the scope, collecting node sets/>, within the scope of the network to be protectedNetwork link setCorresponding to each network link bandwidth/>Network flow aggregationWherein/>Comprising stream source address, stream destination address, stream generation location, stream average rate per second information, and routing path/>, per network streamWherein/>Is the source node,/>Is a destination node;
A build key link set module 82 for computing each network link Traffic density of bearer/>And find all/>Greater than or equal to network link bandwidth/>Network links of (a) to build a set of critical links/>;
A to-be-confused flow collection module 83 is constructed forEach of the critical links/>Traversing all network flows, if network flows/>Routing path/>Including the critical link/>It is added to the set of streams to be confused/>If a network flow does not belong to any set of flows to be confused, the network flow is denoted as security flow/>;
Splitting the to-be-confused flow set module 84 forTo be confused link/>1 Virtual network node/>, is generatedPair/>To-be-confused flow set/>Randomly dividing the set into two parts; wherein, one part of the paths is kept unchanged and is recorded as a constant flow without confusion; another part is denoted as operation flow/>Confusion is performed in a subsequent step;
A first confusion module 85 for the operation flow Performing a confusion operation such that critical links/>, in the routing path of the operation flowSplit into two virtual links/>And/>Original route/>Modified to virtual routing Path/>;
A second confusion module 86 for use in two virtual linksAnd/>Randomly selecting one piece to carry out the following steps: calculating the traffic density of the virtual link, if the traffic density of the virtual link is lower than/>Then a certain number of security flows are randomly selected and added to the operation flow set/>In the meantime from/>And then add to the operation flow set/>, for each new pieceStep S5 is executed to carry out confusion operation;
A module 87 for obtaining a virtual routing path for use in the pairing process After all key links in the network are executed to split the to-be-confused flow collection module, the first confusion module and the second confusion module, each network flow/> isobtainedVirtual routing path at。
The above examples are provided for the purpose of describing the present invention only and are not intended to limit the scope of the present invention. The scope of the invention is defined by the appended claims. Various equivalents and modifications that do not depart from the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (7)
1. A network topology confusion method for defending against link flooding attacks, comprising:
Step S1: network administrator is in the physical network to be protected In the scope, collecting node sets/>, within the scope of the network to be protectedNetwork link set/>Corresponding to each network link bandwidth/>Network flow set/>Wherein/>Comprising source address, destination address, stream generation location, average rate per second information of streams, and routing path for each network streamWherein/>Is the source node,/>Is a destination node;
Step S2: computing each network link Traffic density of bearer/>And find all/>Greater than or equal to network link bandwidth/>Network links of (a) to build a set of critical links/>;
Step S3: for the followingEach of the critical links/>Traversing all network flows, if network flows/>Routing paths of (a)Including the critical link/>It is added to the set of streams to be confused/>If a network flow does not belong to any set of flows to be confused, the network flow is denoted as security flow/>;
Step S4: for the purpose ofTo be confused link/>1 Virtual network node/>, is generatedPair/>To-be-confused flow set/>Randomly dividing the set into two parts; wherein, one part of the paths is kept unchanged and is recorded as a constant flow without confusion; another part is denoted as operation flow/>Confusion is performed in a subsequent step;
Step S5: for the operation flow Performing a confusion operation such that critical links/>, in the routing path of the operation flowSplit into two virtual links/>And/>The original route path is processedModified to virtual routing Path/>;
Step S6: in two virtual linksAnd/>Randomly selecting one piece to carry out the following steps: calculating the traffic density of the virtual link, if the traffic density of the virtual link is lower than/>Then a certain number of security flows are randomly selected and added to the operation flow set/>In the meantime from/>And then add to the operation flow set/>, for each new pieceStep S5 is executed to carry out confusion operation;
Step S7: when paired After all the key links in the network have been executed in the steps S4-S6, each network flow/> isobtainedVirtual routing Path/>。
2. The network topology confusion method for defending against link flooding attacks according to claim 1, wherein the step S2: computing each network linkTraffic density of bearer/>And find all/>Greater than network link bandwidth/>Network links of (a) to build a set of critical links/>The method specifically comprises the following steps:
step S21: each time there is a network flow through the network link Then the link traffic density/>= />+Average rate per second of the network flow;
step S22: finding out a link set meeting the network link traffic density of more than or equal to the network link bandwidth: Denoted as Critical Link set/> ; Or may specify the set of critical links by itself.
3. The network topology confusion method for defending against link flooding attacks according to claim 2, wherein the step S3: for the followingEach of the critical links/>Traversing all network flows, if network flows/>Routing path/>Including the critical link/>It is added to the set of streams to be confused/>If a network flow does not belong to any set of flows to be confused, the network flow is denoted as security flow/>The method specifically comprises the following steps:
Step S31: for each critical link Initializing its set of streams to be confused/>;
Step S32: if the network flowsRouting path/>Including the critical link/>Will/>Join/>I.e.Finally get/>To-be-confused flow set/>;
Step S33: for network flows not belonging to any to-be-confused flow set, the network flows are regarded as safe flows, and the safe flow set is added。
4. A network topology confusion method for defending against link flooding attacks as recited in claim 3, wherein the step S4: for the purpose ofTo be confused link/>1 Virtual network node/>, is generatedPair/>To-be-confused flow set/>Randomly dividing the set into two parts; wherein, one part of the paths is kept unchanged and is recorded as a constant flow without confusion; another part is denoted as operation flow/>The confusion in the subsequent steps specifically comprises:
step S41: using node randomly generating IP address as virtual network node ;
Step S42: to-be-confused flow setRandom partitioning is performed, splitting the set into two parts: wherein a part of the network paths are kept unchanged, no confusion is needed, and the network flow bandwidth of the no-confusion part is equal to half of the original network link bandwidth, namely; Another part is to be confused in the subsequent step, denoted as operation flow/>The sum of the network flow bandwidths of the operation flows is equal to the traffic density of the links to be confused minus half of the original network link bandwidth, i.e。
5. The network topology confusion method for defending against link flooding attacks as recited in claim 4, wherein the step S5: for the operation flowPerforming a confusion operation such that critical links/>, in the routing path of the operation flowSplit into two virtual links/>And/>Original route/>Modified to virtual routing Path/>The method specifically comprises the following steps:
In the operation flow Routing path/>In finding critical linksLocation, will/>Insertion/>In, will/>Split into two virtual links/>And/>And let the original route path/>Modified to virtual routing Path/>。
6. The network topology confusion method for defending against link flooding attacks as recited in claim 5, wherein the step S6: in two virtual linksAnd/>Randomly selecting one piece to carry out the following steps: calculating the traffic density of the virtual link, if the traffic density of the virtual link is lower than/>Then a certain number of security flows are randomly chosen and added to the operation flow set/>In the meantime from/>And then add to the operation flow set/>, for each new pieceThe step S5 of executing the secure flow of the above process to perform the obfuscation operation specifically includes:
step S61: in two virtual links And/>In (2) randomly selecting a virtual link/>Calculation/>Traffic density of bearer, if/>Flow Density/>Lower than the pre-confusion flow density/>, step S2Randomly selecting m security flows from the security flow set, and meeting the conditions: the sum of bandwidths of m security streams is greater than or equal to;
Step S62: adding a random selection of the secure stream to a set of operational streamsIn the meantime from/>And then add to the operation flow set/>, for each new pieceIs subjected to a step S5 for performing a obfuscation operation.
7. A network topology confusion system for defending against link flooding attacks, comprising the following modules:
a network information collecting module for network manager to protect physical network In the scope, collecting node sets/>, within the scope of the network to be protectedNetwork link setCorresponding to each network link bandwidth/>Network flow aggregationWherein/>Comprising stream source address, stream destination address, stream generation location, stream average rate per second information, and routing path/>, per network streamWherein/>Is the source node,/>Is a destination node;
constructing a key link set module for calculating each network link Traffic density of bearer/>And find all/>Greater than or equal to network link bandwidth/>Network links of (a) to build a set of critical links/>;
Constructing a to-be-confused flow collection module forEach of the critical links/>Traversing all network flows, if network flows/>Routing path/>Including the critical link/>It is added to the set of streams to be confused/>If a network flow does not belong to any set of flows to be confused, the network flow is denoted as security flow/>;
Splitting a to-be-confused flow set module for aiming atTo be confused link/>1 Virtual network node/>, is generatedPair/>To-be-confused flow set/>Randomly dividing the set into two parts; wherein, one part of the paths is kept unchanged and is recorded as a constant flow without confusion; another part is denoted as operation flow/>Confusion is performed in a subsequent step;
a first confusion module for the operation flow Performing a confusion operation such that critical links/>, in the routing path of the operation flowSplit into two virtual links/>And/>Original route/>Modified to virtual routing Path/>;
A second confusion module for use in two virtual linksAnd/>Randomly selecting one piece to carry out the following steps: calculating the traffic density of the virtual link, if the traffic density of the virtual link is lower than/>Then a certain number of security flows are randomly selected and added to the operation flow set/>In the meantime from/>And then add to the operation flow set/>, for each new pieceStep S5 is executed to carry out confusion operation;
A module for obtaining virtual route path for use in the pairing process After all key links in the network are executed, the splitting and mixing flow collection module, the first mixing module and the second mixing module are used for obtaining each network flow/>Virtual routing Path/>。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410162256.6A CN117714212B (en) | 2024-02-05 | 2024-02-05 | Network topology confusion method and system for defending link flooding attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410162256.6A CN117714212B (en) | 2024-02-05 | 2024-02-05 | Network topology confusion method and system for defending link flooding attack |
Publications (2)
Publication Number | Publication Date |
---|---|
CN117714212A CN117714212A (en) | 2024-03-15 |
CN117714212B true CN117714212B (en) | 2024-05-17 |
Family
ID=90148324
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202410162256.6A Active CN117714212B (en) | 2024-02-05 | 2024-02-05 | Network topology confusion method and system for defending link flooding attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117714212B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114465750A (en) * | 2021-09-28 | 2022-05-10 | 北京卫达信息技术有限公司 | Network topology confusion virtual path creating method, device, terminal and system |
CN114465745A (en) * | 2021-09-28 | 2022-05-10 | 北京卫达信息技术有限公司 | Network topology confusion virtual device and virtual method based on virtual network |
CN116389120A (en) * | 2023-04-06 | 2023-07-04 | 西安电子科技大学 | Novel DDOS attack defense system and method based on IP and topology confusion |
EP4231589A1 (en) * | 2022-02-17 | 2023-08-23 | Telefonica Digital España, S.L.U. | Method and system for network topology obfuscation |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9774401B1 (en) * | 2013-07-15 | 2017-09-26 | Paul Borrill | Entangled links, transactions and trees for distributed computing systems |
-
2024
- 2024-02-05 CN CN202410162256.6A patent/CN117714212B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114465750A (en) * | 2021-09-28 | 2022-05-10 | 北京卫达信息技术有限公司 | Network topology confusion virtual path creating method, device, terminal and system |
CN114465745A (en) * | 2021-09-28 | 2022-05-10 | 北京卫达信息技术有限公司 | Network topology confusion virtual device and virtual method based on virtual network |
EP4231589A1 (en) * | 2022-02-17 | 2023-08-23 | Telefonica Digital España, S.L.U. | Method and system for network topology obfuscation |
CN116389120A (en) * | 2023-04-06 | 2023-07-04 | 西安电子科技大学 | Novel DDOS attack defense system and method based on IP and topology confusion |
Non-Patent Citations (1)
Title |
---|
TopoObfu:一种对抗网络侦察的网络拓扑混淆机制;刘亚群 等;《计算机科学》;20211015;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN117714212A (en) | 2024-03-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107567704B (en) | Network path pass authentication using in-band metadata | |
EP2529516B1 (en) | Packet routing in a network by modifying in-packet bloom filter | |
Wang et al. | Woodpecker: Detecting and mitigating link-flooding attacks via SDN | |
Laufer et al. | Towards stateless single-packet IP traceback | |
Tapolcai et al. | Optimal false-positive-free bloom filter design for scalable multicast forwarding | |
Alston et al. | Neutralizing interest flooding attacks in named data networks using cryptographic route tokens | |
CN117714212B (en) | Network topology confusion method and system for defending link flooding attack | |
Sangeetha et al. | A novel traffic dividing and scheduling mechanism for enhancing security and performance in the tor network | |
Borokhovich et al. | The show must go on: Fundamental data plane connectivity services for dependable SDNs | |
EP4231589A1 (en) | Method and system for network topology obfuscation | |
Alzahrani et al. | Key management in information centric networking | |
Balyk et al. | A survey of modern IP traceback methodologies | |
Baumeister et al. | Using randomized routing to counter routing table insertion attack on Freenet | |
Eltaief | Flex-CC: A flexible connected chains scheme for multicast source authentication in dynamic SDN environment | |
Alzahrani et al. | Selecting Bloom-filter header lengths for secure information centric networking | |
CN110620785B (en) | Parallel detection method, system and storage medium based on message marking data stream | |
Byrenheid et al. | Secure embedding of rooted spanning trees for scalable routing in topology-restricted networks | |
Gao et al. | UniROPE: Universal and robust packet trajectory tracing for software-defined networks | |
Sairam et al. | Coloring networks for attacker identification and response | |
Salami et al. | Development of Internet Protocol Traceback Scheme for Detection of Denial-of-Service Attack | |
Hemalatha et al. | An effective performance for Denial of Service Attack (DoS) detection | |
Alenezi et al. | IP traceback methodologies | |
Yang | Storage‐efficient 16‐bit hybrid IP traceback with single packet | |
Kirci et al. | Mass surveillance of VoIP calls in the data plane | |
US11838201B1 (en) | Optimized protected segment-list determination for weighted SRLG TI-LFA protection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |