Unlock instant, AI-driven research and patent intelligence for your innovation.

A camouflage-based cyberspace security defense method and system

A security defense and network space technology, applied in the field of network security, can solve problems such as lack of initiative and unfavorable malicious traffic research, and achieve the effect of increasing the probability of transferring to a disguised network

Inactive Publication Date: 2021-02-02
黄小勇
View PDF20 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The embodiment of the present invention provides a cyberspace security defense method and system based on camouflage, which aims to solve the problem that the existing methods lack the initiative to defend against malicious attackers and are not conducive to the research of malicious traffic

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A camouflage-based cyberspace security defense method and system
  • A camouflage-based cyberspace security defense method and system
  • A camouflage-based cyberspace security defense method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0028] figure 1 It shows a flow chart of a camouflage-based cyberspace security defense method provided by the first embodiment of the present invention, which is described in detail as follows:

[0029] In step S11, the controller receives an IP packet including network address information forwarded by the switch.

[0030] In this step, the controller may be an SDN controller based on the OpenFlow protocol, and the switch may be a switch based on the OpenFlow protocol. After the switch receives the IP packet containing network address information, if it judges that there is no match with any flow table, it sends it to the controller, and the controller receives the IP packet containing network address information forwarded by the switch, and The above IP packet requests authorization. Specifically, the information stored in the flow table in the switch includes but is not limited to network address information, and the judging that no flow table matches it specifically incl...

Embodiment 2

[0057] Figure 5 It shows a structural block diagram of a cyberspace security defense system provided by the second embodiment of the present invention. For the convenience of description, only the parts related to this embodiment are shown, and the details are as follows:

[0058] The cyberspace security defense system includes a controller 21 and a switch 22; the controller 21 is used to receive the IP packet including network address information forwarded by the switch 22.

[0059] Specifically, the controller 21 and the switch 22 are logically separated, and in practice they can be integrated into the same unit to provide the same function.

[0060] Specifically, the controller 21 may be an SDN controller based on the OpenFlow protocol, and the switch 22 may be a switch based on the OpenFlow protocol. After the switch 22 receives the IP packet containing the network address information, if it judges that no flow table matches it, it sends it to the controller 21, and the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention is applicable to the field of network security, and provides a camouflage-based network space security defense method and system. The method includes: the controller receives the IP packet forwarded by the switch and includes the network address information, and when the network address information matches the pre-stored virtual network address of the masquerading target, the controller sends the first set of flow tables to the In the switch, the first group of flow tables stores the corresponding relationship between the real network address of the masquerading target and the virtual network address of the masquerading target, and the switch transfers the network address information from the masquerading target’s virtual network address according to the received first group of flow tables The virtual network address is translated to the real network address of the masquerading target. Through the above method, the limited camouflage targets in the network are virtualized into a complex camouflage network, actively defending against malicious traffic, and providing convenience for studying its offensive intentions.

Description

technical field [0001] The embodiments of the present invention belong to the field of network security, and in particular relate to a camouflage-based cyberspace security defense method and system. Background technique [0002] SDN is a new network innovation architecture proposed by the Clean Slate research group of Stanford University in the United States. It can define and control the network through software programming. It is considered to be a revolution in the network field. Its essential feature is the control plane and forwarding Plane separation. In addition, SDN supports users to control network processing behavior through open interfaces, thus providing a new experimental approach for the research of new Internet architecture and greatly promoting the development of the next generation Internet. [0003] Moving target defense (Moving Target Defense) is one of the revolutionary technologies proposed by the United States in recent years to "change the rules of th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1441
Inventor 黄小勇
Owner 黄小勇