Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network security defense system and network security defense method based on dynamic transformation

A technology of dynamic transformation and defense system, applied in the field of network security

Active Publication Date: 2019-04-30
北京卫达信息技术有限公司
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, due to the static nature of the existing network topology information, attackers often have sufficient time to analyze the intranet architecture and network address information, thereby gradually infiltrating the intranet and reaching the attack target

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network security defense system and network security defense method based on dynamic transformation
  • Network security defense system and network security defense method based on dynamic transformation
  • Network security defense system and network security defense method based on dynamic transformation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0071] The difference between the network security defense system based on dynamic transformation described in the second preferred embodiment of the present invention and the above-mentioned first preferred embodiment is only that, as Figure 7 As shown, the user can set the static feature of wIP in the terminal information table stored in the terminal information storage unit 14 through the management unit 11, that is, the wIP of a specific network terminal accessing the network in the intranet can be set to a static wIP, preferably A flag bit can be set in the terminal information table of the specific network terminal, and a corresponding flag value can be set in the flag bit to distinguish whether the wIP of the specific network terminal is a static wIP. In this way, two network terminals connected to the network in the intranet can communicate not only through the vIP, but also through the statically configured wIP. The reason for such modification is that in the existin...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention proposes a network security defense system and method based on dynamic transformation. The network security defense system includes a communication processing unit, a terminal information unit and a dynamic transformation unit. The communication processing unit configures a terminal for each network terminal in the intranet information table, the terminal information table includes the real IP address assigned to the network terminal, the virtual IP address and the external network access IP address, the dynamic transformation unit dynamically transforms the virtual IP address, and the communication processing unit enables the network terminals in the internal network to use vIP for communication, and wIP for communication between network terminals in the internal network and the external network. The present invention breaks the static characteristics of the traditional intranet, and dynamically transforms the IP address information of the network terminal in the intranet, so that the attacker cannot obtain the topological structure of the intranet, and cannot accurately obtain the real information of the network terminal in the intranet, thereby effectively defending against Intranet attacks are prevented and the security of the intranet is improved.

Description

technical field [0001] The invention relates to the field of network security, in particular to a network security defense system and a network security defense method based on dynamic transformation. Background technique [0002] Intranet security is very important in the actual network environment, but it is ignored by most network security devices. Existing methods generally detect attack behaviors by collecting traffic, but abnormal traffic is often generated after the attack behavior, so such methods cannot provide real-time defense against the attack behavior. Another method is to deploy a network security defense system on hosts connected to the network. Although it can defend against some attacks, it cannot defend against unknown intranet attacks. Static IP address assignments allow attackers to accurately and quickly target attacks by scanning local or remote networks. Determining the IP address of the active host in the target network is the first step in most at...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1441H04L61/5014H04L61/4511
Inventor 耿童童
Owner 北京卫达信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products