Malicious scanning defense method and system based on adaptive IP address conversion

An IP address and defense system technology, applied in the field of network security, can solve problems such as the blindness of network transition strategies, reduce the effectiveness of defense, and the lack of adaptability of malicious scanning strategies, so as to improve the success rate of defense and improve the adaptive jump rate. change and improve manageability

An IP address and defense system technology, applied in the field of network security, can solve problems such as the blindness of network transition strategies, reduce the effectiveness of defense, and the lack of adaptability of malicious scanning strategies, so as to improve the success rate of defense and improve the adaptive jump rate. change and improve manageability

CN106982206AInactive Publication Date: 2017-07-25INST OF INFORMATION ENG CAS
3 Cites 23 Cited by

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious scanning defense method and system based on adaptive IP address conversion
  • Malicious scanning defense method and system based on adaptive IP address conversion

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. It should be understood that the described embodiments are only part of the embodiments of the present invention, not all of them. example. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without making creative efforts belong to the protection scope of the present invention.

[0049] Such as figure 1 Shown is a schematic structural diagram of a malicious scanning defense system based on IP address adaptive conversion in an embodiment of the present invention. When the attacker scans the network IP address, a detection agent is deployed in each subnet, and the detection agent is used to collect request data packets, calculate and count the distribution probability of the source IP address and destination I...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a malicious scanning defense method based on adaptive IP address conversion, applied to an SDN. The method comprises the following steps: 1) in the case of a scanning attack, sampling a request data packet from each subnet of the SDN, and analyzing the request data packet to generate statistical data within different time intervals; 2) calculating the distribution of a source IP address, a destination IP address and a destination port number within each time interval according to the statistical data; 3) calculating the Sibson entropy of the same distribution of the source IP addresses, the destination IP addresses and the destination port numbers within adjacent time intervals, and judging a scanning attack strategy accordingly; and 4) generating an IP address transfer strategy according to the scanning attack strategy, and implementing virtual IP address conversion according to the IP address transfer strategy. Meanwhile, the invention further provides a system for implementing the method. The system comprises constructing a controller, hopping proxy and detection proxy in the SDN architecture for implementing the steps in the method.

Description

technical field [0001] The invention belongs to the field of network security. Specifically, it relates to a malicious scanning defense method and system based on IP address adaptive conversion in a software-defined network environment. Background technique [0002] Software-defined networking (SDN) is a network architecture that decouples the control function of network devices such as routers and switches from the data forwarding function based on the design idea of ​​separating logic control and data forwarding. It manages the entire network by a programmable logical centralized controller; the data forwarding function is realized by the underlying forwarding equipment. The characteristics of SDN centralized control enable the controller to obtain network performance indicators online, and on this basis, allocate resources in a timely manner and implement global decisions. The OpenFlow protocol is a standardized interface for controllers to manage and configure underlyi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
25 Jul 2017
Publication
CN106982206A
IPC
H04L29/06; H04L29/12
CPC
H04L61/2503; H04L63/1466; H04L63/20
Inventors
王利明; 雷程