A method and system for deception prevention based on dynamic network constructed by SDN

A dynamic network, six-tuple technology, applied in the field of defense against network attacks, can solve the problems of inability to achieve dynamic construction, difficult to actively defend, and inability to obtain attacker information.

Inactive Publication Date: 2018-12-25
杭州默安科技有限公司
View PDF5 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] The concept of honeypots was proposed in the 1990s. At first, security researchers such as Fred Cohen and Niels Provos used low-interaction honeypots to deceive attackers. Because they were easy to be detected, most security researchers used real systems to build honeypots. Network, honeypot technology has developed to the present, the independent honeypot network has been relatively mature, but there are still some obvious defects, such as the dense network system is still independent and static, it is difficult to carry out active defense, and can only passively wait for attackers to enter Honeypot network, and then capture attack behavior
There are a large number of false positives in traditional IPS products. When an attack is discovered, the only choice is to block the attack to stop the loss. It is impossible to obtain more attacker information and give the attacker more deterrence.
Moreover, with the prevalence of cloud computing today, there are few security technologies that combine honeypot network technology with cloud computing. Some honeypot networks on the cloud are only independent and static, waiting for attackers to attack, and cannot be dynamically constructed. induce

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for deception prevention based on dynamic network constructed by SDN
  • A method and system for deception prevention based on dynamic network constructed by SDN
  • A method and system for deception prevention based on dynamic network constructed by SDN

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] A deception defense method based on SDN to construct a dynamic network, such as figure 1 shown, including the following steps:

[0038] S100. Monitor all traffic data of the cloud platform in a bypass mode, obtain six-tuple information data therefrom, and store them in a traffic database;

[0039] S200. Establish a malicious signature database and a threat intelligence database according to relevant regular expression matching strategies;

[0040] S300. Perform similarity matching on each six-tuple information data in the traffic database in sequence according to the threat intelligence database, and determine whether the six-tuple information data carries threat intelligence, and if so, initially identify the six-tuple information data as an attack If not, then continue to match with the malicious signature database, judge whether the six-tuple information data matches, if match, then initially identify the six-tuple information data as an attacker;

[0041] S400. Re...

Embodiment 2

[0053] A deception defense system based on SDN to build a dynamic network, such as figure 2 As shown, it includes an acquisition module 100, an establishment module 200, a judgment module 300, a recording module 400, a calling module 500 and an interception module 600;

[0054] The acquisition module 100 is used to monitor all traffic data of the cloud platform in a bypass mode, obtain the six-tuple information data therefrom, and store it in the traffic database;

[0055] The establishment module 200 is used to establish a malicious signature database and a threat intelligence database according to relevant regular expression matching strategies;

[0056] The judging module 300 is configured to sequentially perform similarity matching on each six-tuple information data of the traffic database according to the threat intelligence database, and judge whether the six-tuple information data carries threat intelligence, and if so, compare the six-tuple information data The infor...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A method for deception prevention based on dynamic network constructed by SDN comprises steps as follows, firstly, the attacker is identified and recorded, and the SDN interface is called according tothe related information of the attacker, and the traffic data from the IP of the attacker server to the IP of the attacker server and the corresponding port are forwarded to the same port of the honeypot. If the honeypot captures the traffic data of an attacker, the attacker server IP address is defined as a high-risk IP address and the high-risk IP address is blocked. The invention combines thedistribution and scheduling of the honeypot network with the SDN technology, dynamically adjusts the flow direction of the attacker according to the behavior of the attacker, and dynamically changes the static network. Honeypot network intercepts and blocks the high-risk IP address, so that attackers can no longer get the real information of the target port, service or system, so as to actively induce attackers to attack the honeypot, capture the attacker's behavior, isolate the attack.

Description

technical field [0001] The invention relates to the technical field of defending against network attacks, in particular to a method and system for defending against deception based on SDN to construct a dynamic network. Background technique [0002] The concept of honeypots was proposed in the 1990s. At first, security researchers such as Fred Cohen and Niels Provos used low-interaction honeypots to deceive attackers. Because they were easy to be detected, most security researchers used real systems to build honeypots. Network, honeypot technology has developed to the present, the independent honeypot network has been relatively mature, but there are still some obvious defects, such as the dense network system is still independent and static, it is difficult to carry out active defense, and can only passively wait for attackers to enter Honeypot network, and then capture the attack behavior. Traditional IPS products have a large number of false positives. When an attack is ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1491H04L63/20
Inventor 程进聂万泉汪利辉魏兴国
Owner 杭州默安科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap