一种面向C/S模式的地址跳变主动网络防御方法

刘江; 张红旗; 杨英杰; 王义功

doi:10.11999/JEIT160514

一种面向C/S模式的地址跳变主动网络防御方法

doi: 10.11999/JEIT160514

基金项目:

国家863计划项目(2012AA012704)，郑州市科技领军人才项目(131PLJRC644)

计量
- 文章访问数: 1078
- HTML全文浏览量: 150
- PDF下载量: 380
- 被引次数: 0
出版历程
- 收稿日期: 2016-05-19
- 修回日期: 2016-12-26
- 刊出日期: 2017-04-19

A Proactive Network Defense Method Based on Address Hopping for C/S Model

Funds:

The National 863 Program of China (2012AA012704), The Scientific and Technological Leading Talent Project of Zhengzhou (131PLJRC644)

摘要

摘要: 现有地址跳变方法需要设计新的地址交互协议，扩展性较差，跳变周期缺乏自适应调整，该文提出一种基于改进DHCP协议的地址跳变方法。利用自回归求和平均模型对网络流量进行建模和预测以计算预分配地址数目，根据地址空置周期选择预分配地址，利用基于动态时间弯曲距离的时间序列相似性度量算法检测网络异常并动态调整地址租用期，客户端和服务器基于地址映射关系进行跳变通信。该方法在无需修改现有DHCP协议的基础上实现了跳变地址和跳变周期的动态调整，增加了攻击者进行流量截获和拒绝服务攻击的难度，提高了攻击者代价。
- 地址跳变 /
- C/S通信模式 /
- 动态目标防御 /
- 主动防御
Abstract: The existing address hopping methods need to design a new protocol of address exchanging and the scalability is usually limited. Also, its hopping cycle is difficult to make self-adaption. This paper proposes an address hopping method based on an improved Dynamic Host Configuration Protocol (DHCP). The number of hopping addresses is calculated by fitting and predicting network traffic which uses the auto regression integration moving average model. The hopping addresses are selected according to the address vacant time. The address lease time is adjusted dynamically according to the network anomaly which is detected by using the time series similarity measure algorithm based on dynamic time warping distance. Clients and application server are able to complete hopping communication based on the address mapping relationships. The proposed method can adjust hopping address and cycle dynamically without to modify the existing DHCP protocol, which not only increases attackers difficult of intercepting traffic and launching denial of service attack but also enhances the attackers overhead.
- Address hopping /
- C/S communication model /
- Moving target defense /
- Proactive defense

HTML全文

参考文献(16)

ZHUANG Rui, BARDAS A G, DELOACH S A, et al. A theory of cyber attacks: A step towards analyzing MTD systems[C]. Proceedings of the Second ACM Workshop on Moving Target Defense, Denver, Colorado, 2015: 11-20.

GREEN M, MACFARLAND D C, SMESTAD D R, et al. Characterizing network-based moving target defenses[C]. Proceedings of the Second ACM Workshop on Moving Target Defense, Denver, Colorado, 2015: 31-35.

JAFARIAN J H, AL-SHAER E, and QI Duan. An effective address mutation approach for disrupting reconnaissance attacks[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(12): 2562-2577. doi: 10.1109/TIFS.2015. 2467358.

石乐义, 贾春福, 吕述望. 基于端信息跳变的主动网络防护研究[J]. 通信学报, 2008, 29(2): 106-110.

SHI Leyi, JIA Chunfu, and LShuwang. Research on end hopping for active network confrontation[J]. Journal on Communications, 2008, 29(2): 106-110.

ATIGHETCHI M, PAL P, WEBBER F, et al. Adaptive use of network-centric mechanisms in cyber-defense[C]. Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, Cambridge, MA, 2003: 183-192.

SIFALAKIS M, SCHMID S, and HUTCHISON D. Network address hopping: A mechanism to enhance data protection for packet communications[C]. 2005 IEEE International Conference on Communications, London, 2005: 1518-1523.

ANTONATOS S, AKRITIDIS P, MARKATOS E P, et al. Defending against hitlist worms using network address space randomization[J]. Computer Networks, 2007, 51(12): 3471-3490.

DUNLOP M, GROAT S, URBANSKI W, et al. MT6D: A moving target IPv6 defense[C]. 2011 IEEE Military Communications Conference, Baltimore, MD, 2011: 1321-1326.

刘慧生, 王振兴, 郭毅. 一种基于多穴跳变的IPv6主动防御模型[J]. 电子与信息学报, 2012, 34(7): 1715-1720. doi: 10.3724/SP.J.1146.2011.01350.

LIU Huisheng, WANG Zhenxing, and GUO Yi. An IPv6 proactive network defense model based on multi-homing hopping[J]. Journal of Electronics Information Technology, 2012, 34(7): 1715-1720. doi: 10.3724/SP.J.1146.2011.01350.

姜明, 吴春明, 张旻, 等. 网络流量预测中的时间序列模型比较[J]. 电子学报, 2009, 37(11): 2353-2358.

JIANG Ming, WU Chunming, ZHANG Min, et al. Research on the comparison of time series models for network traffic prediction[J]. Acta Electronica Sinica, 2009, 37(11): 2353-2358.

LI Junkui and WANG Yuanzhen. EA DTW: Early abandon to accelerate exact dynamic time warping[C]. 2007 International Conference on Intelligent Systems and Knowledge Engineering, Chengdu, China, 2007: 144-152.

赵春蕾. 端信息跳变系统自适应策略研究[D]. [博士论文], 南开大学, 2012.

ZHAO Chunlei. Research on adaptive strategies for end- hopping system[D]. [Ph.D. dissertation], Nankai University, 2012.

施引文献

资源附件(0)

访问统计