一种基于多穴跳变的IPv6主动防御模型
doi: 10.3724/SP.J.1146.2011.01350
An IPv6 Proactive Network Defense Model Based on Multi-homing Hopping
-
摘要: 该文利用IPv6多穴技术,借鉴跳频通信的跳变思想,提出多穴跳变的概念,将主机的地址在网络提供的多个地址域内动态变化,增大攻击者地址搜索范围,增大攻击者流量监听难度。在此基础上,建立了IPv6主动防御模型。给出了双重随机地址生成算法,保证了地址的随机性,给出了快速切换和过保留两个地址切换策略,保证了地址切换过程中通信持续有效。从地址和流量两方面对模型的安全性进行了理论分析,从功能和性能两方面对模型进行了实验测试。理论分析与实验测试结果表明所提出的模型可有效提高攻击者开销,保护网络安全。Abstract: Utilized the multi-homing in IPv6, motivated by the idea of frequency hopping communications, multi- homing hopping conception is proposed which can increase the address search space and difficulty of traffic monitoring for attackers by changing the host node address in multiple address domains dynamically. An active defense model is established based on multi-homing hopping. The double random address generation algorithm is proposed which ensured the IP address of the host scattered in multiple address domains randomly. Two address handoff tactics are proposed which ensure the continuance and efficiency of communication. Host address security and traffic security are analyzed. The performance and function of the proposed model are evaluated empirically. The results show that multi-homing hopping based IPv6 proactive network defense model can effectively enhance the attacker overhead and protect the network.
-
Key words:
- IPv6 /
- Multi-homing hopping /
- Proactive network defense /
- Traffic analysis attack
-
计量
- 文章访问数: 2311
- HTML全文浏览量: 93
- PDF下载量: 848
- 被引次数: 0
下载:
