Mimicry defense system based on certificate identity authentication and certificate issuing method

Abstract

The invention discloses a mimicry defense system based on certificate identity authentication and a certificate issuing method. The system is applied to the technical field of network security, and comprises bottom-layer equipment, an intermediate controller and a certificate issuing center, the intermediate controller and the certificate issuing center are respectively provided with a unique certificate, a public key and a corresponding private key of the certificate are stored in the certificate, and the corresponding private key is stored privately by each piece of equipment and is not disclosed to the outside; according to the method, a device sends a certificate request file to an intermediate controller, the intermediate controller applies for a certificate to a certificate issuing center after verifying the identity, the certificate issuing center issues the certificate and sends the certificate to an underlying device through the intermediate controller, and the underlying device installs the certificate. The intermediate controller of the mimicry structure can effectively resist attacks of attackers, meanwhile, when the judgment module works, if the output results of the heterogeneous executors are inconsistent, whether the heterogeneous executors are attacked can be judged in time, and the system can be maintained in time.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a mimetic defense system based on certificate identity authentication and a certificate issuing method. Background technique [0002] Cyberspace mimicry defense theory is an active defense theory, which is used to deal with unknown threats based on unknown vulnerabilities, backdoors, viruses or Trojan horses at the application level in different fields in cyberspace. [0003] figure 1 It is a typical dynamic heterogeneous redundant architecture of the mimic defense system. When a message is input, it is transmitted to each heterogeneous executive in the heterogeneous pool through the input agent. After all the heterogeneous executives process the message, the result is transmitted to the multi-mode arbitration module. If the results are consistent, output them. If they are not consistent, it is possible to identify an exception in the output message of a certain executi...

AI Technical Summary

Problems solved by technology

[0006] Purpose of the invention: Aiming at the defects in the prior art that certificates cannot be issued to devices in mimic defense under the premise of security, the present invention discloses a mimic defense system based on certificate identity authentication and a certificate issuing method. The mimic defense system includes The underlying device, the intermediate controller and the certificate issuance center; the intermediate controller adopting the mimic structure can effectively resist the attack of the attacker, and the back door of each heterogeneous executive is different, and the attacker cannot understand the properties of the isomer and carry out targeted attacks, each heterogeneous implementation manages a certificate revocation list, greatly improving security

Images