一级黄色片免费播放|中国黄色视频播放片|日本三级a|可以直接考播黄片影视免费一级毛片

高級搜索

留言板

尊敬的讀者、作者、審稿人, 關(guān)于本刊的投稿、審稿、編輯和出版的任何問題, 您可以本頁添加留言。我們將盡快給您答復(fù)。謝謝您的支持!

姓名
郵箱
手機號碼
標(biāo)題
留言內(nèi)容
驗證碼

一種面向C/S模式的地址跳變主動網(wǎng)絡(luò)防御方法

劉江 張紅旗 楊英杰 王義功

劉江, 張紅旗, 楊英杰, 王義功. 一種面向C/S模式的地址跳變主動網(wǎng)絡(luò)防御方法[J]. 電子與信息學(xué)報, 2017, 39(4): 1007-1011. doi: 10.11999/JEIT160514
引用本文: 劉江, 張紅旗, 楊英杰, 王義功. 一種面向C/S模式的地址跳變主動網(wǎng)絡(luò)防御方法[J]. 電子與信息學(xué)報, 2017, 39(4): 1007-1011. doi: 10.11999/JEIT160514
LIU Jiang, ZHANG Hongqi, YANG Yingjie, WANG Yigong. A Proactive Network Defense Method Based on Address Hopping for C/S Model[J]. Journal of Electronics & Information Technology, 2017, 39(4): 1007-1011. doi: 10.11999/JEIT160514
Citation: LIU Jiang, ZHANG Hongqi, YANG Yingjie, WANG Yigong. A Proactive Network Defense Method Based on Address Hopping for C/S Model[J]. Journal of Electronics & Information Technology, 2017, 39(4): 1007-1011. doi: 10.11999/JEIT160514

一種面向C/S模式的地址跳變主動網(wǎng)絡(luò)防御方法

doi: 10.11999/JEIT160514 cstr: 32379.14.JEIT160514
基金項目: 

國家863計劃項目(2012AA012704),鄭州市科技領(lǐng)軍人才項目(131PLJRC644)

A Proactive Network Defense Method Based on Address Hopping for C/S Model

Funds: 

The National 863 Program of China (2012AA012704), The Scientific and Technological Leading Talent Project of Zhengzhou (131PLJRC644)

  • 摘要: 現(xiàn)有地址跳變方法需要設(shè)計新的地址交互協(xié)議,擴展性較差,跳變周期缺乏自適應(yīng)調(diào)整,該文提出一種基于改進DHCP協(xié)議的地址跳變方法。利用自回歸求和平均模型對網(wǎng)絡(luò)流量進行建模和預(yù)測以計算預(yù)分配地址數(shù)目,根據(jù)地址空置周期選擇預(yù)分配地址,利用基于動態(tài)時間彎曲距離的時間序列相似性度量算法檢測網(wǎng)絡(luò)異常并動態(tài)調(diào)整地址租用期,客戶端和服務(wù)器基于地址映射關(guān)系進行跳變通信。該方法在無需修改現(xiàn)有DHCP協(xié)議的基礎(chǔ)上實現(xiàn)了跳變地址和跳變周期的動態(tài)調(diào)整,增加了攻擊者進行流量截獲和拒絕服務(wù)攻擊的難度,提高了攻擊者代價。
    Abstract: The existing address hopping methods need to design a new protocol of address exchanging and the scalability is usually limited. Also, its hopping cycle is difficult to make self-adaption. This paper proposes an address hopping method based on an improved Dynamic Host Configuration Protocol (DHCP). The number of hopping addresses is calculated by fitting and predicting network traffic which uses the auto regression integration moving average model. The hopping addresses are selected according to the address vacant time. The address lease time is adjusted dynamically according to the network anomaly which is detected by using the time series similarity measure algorithm based on dynamic time warping distance. Clients and application server are able to complete hopping communication based on the address mapping relationships. The proposed method can adjust hopping address and cycle dynamically without to modify the existing DHCP protocol, which not only increases attackers difficult of intercepting traffic and launching denial of service attack but also enhances the attackers overhead.
    • HTML全文
  • ZHUANG Rui, BARDAS A G, DELOACH S A, et al. A theory of cyber attacks: A step towards analyzing MTD systems[C]. Proceedings of the Second ACM Workshop on Moving Target Defense, Denver, Colorado, 2015: 11-20.
    GREEN M, MACFARLAND D C, SMESTAD D R, et al. Characterizing network-based moving target defenses[C]. Proceedings of the Second ACM Workshop on Moving Target Defense, Denver, Colorado, 2015: 31-35.
    JAFARIAN J H, AL-SHAER E, and QI Duan. An effective address mutation approach for disrupting reconnaissance attacks[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(12): 2562-2577. doi: 10.1109/TIFS.2015. 2467358.
    石樂義, 賈春福, 呂述望. 基于端信息跳變的主動網(wǎng)絡(luò)防護研究[J]. 通信學(xué)報, 2008, 29(2): 106-110.
    SHI Leyi, JIA Chunfu, and LShuwang. Research on end hopping for active network confrontation[J]. Journal on Communications, 2008, 29(2): 106-110.
    ATIGHETCHI M, PAL P, WEBBER F, et al. Adaptive use of network-centric mechanisms in cyber-defense[C]. Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, Cambridge, MA, 2003: 183-192.
    SIFALAKIS M, SCHMID S, and HUTCHISON D. Network address hopping: A mechanism to enhance data protection for packet communications[C]. 2005 IEEE International Conference on Communications, London, 2005: 1518-1523.
    ANTONATOS S, AKRITIDIS P, MARKATOS E P, et al. Defending against hitlist worms using network address space randomization[J]. Computer Networks, 2007, 51(12): 3471-3490.
    DUNLOP M, GROAT S, URBANSKI W, et al. MT6D: A moving target IPv6 defense[C]. 2011 IEEE Military Communications Conference, Baltimore, MD, 2011: 1321-1326.
    劉慧生, 王振興, 郭毅. 一種基于多穴跳變的IPv6主動防御模型[J]. 電子與信息學(xué)報, 2012, 34(7): 1715-1720. doi: 10.3724/SP.J.1146.2011.01350.
    LIU Huisheng, WANG Zhenxing, and GUO Yi. An IPv6 proactive network defense model based on multi-homing hopping[J]. Journal of Electronics Information Technology, 2012, 34(7): 1715-1720. doi: 10.3724/SP.J.1146.2011.01350.
    姜明, 吳春明, 張旻, 等. 網(wǎng)絡(luò)流量預(yù)測中的時間序列模型比較[J]. 電子學(xué)報, 2009, 37(11): 2353-2358.
    JIANG Ming, WU Chunming, ZHANG Min, et al. Research on the comparison of time series models for network traffic prediction[J]. Acta Electronica Sinica, 2009, 37(11): 2353-2358.
    LI Junkui and WANG Yuanzhen. EA DTW: Early abandon to accelerate exact dynamic time warping[C]. 2007 International Conference on Intelligent Systems and Knowledge Engineering, Chengdu, China, 2007: 144-152.
    趙春蕾. 端信息跳變系統(tǒng)自適應(yīng)策略研究[D]. [博士論文], 南開大學(xué), 2012.
    ZHAO Chunlei. Research on adaptive strategies for end- hopping system[D]. [Ph.D. dissertation], Nankai University, 2012.
  • 加載中
計量
  • 文章訪問數(shù):  1162
  • HTML全文瀏覽量:  174
  • PDF下載量:  382
  • 被引次數(shù): 0
出版歷程
  • 收稿日期:  2016-05-19
  • 修回日期:  2016-12-26
  • 刊出日期:  2017-04-19

目錄

    /

    返回文章
    返回