Network protection method and system based on false topology generation and system architecture

A topology generation and network technology, applied in the field of network security, can solve problems such as spoofing

Pending Publication Date: 2021-05-07
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF7 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] To this end, the present invention provides a network protection method, system and system architecture based on false topology generation. Aiming at the problems that the existing static network is easy to be detected by the n

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network protection method and system based on false topology generation and system architecture
  • Network protection method and system based on false topology generation and system architecture
  • Network protection method and system based on false topology generation and system architecture

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] In order to make the purpose, technical solution and advantages of the present invention more clear and understandable, the present invention will be further described in detail below in conjunction with the accompanying drawings and technical solutions.

[0030] Embodiment of the present invention, see figure 1 As shown, a network protection method based on false topology generation is provided to deceive internal attackers to improve network security, including the following content:

[0031] S101. Constructing different false network topologies for different real host nodes in the network according to network-related information, wherein the network-related information at least includes honeypot information, number of subnets, and real host node information;

[0032] S102. Adjust the response message delay and link bandwidth of the destination host node according to the location of the destination host node in the false network topology;

[0033] S103. Combining rel...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of network security, and particularly relates to a network protection method and system based on false topology generation and a system architecture, and the method comprises the steps: constructing different false network topologies for different real host nodes in a network according to network related information, wherein the network related information at least comprises honeypot information, the number of subnets and real host node information; adjusting the response message delay and link bandwidth of the destination host node according to the position of the destination host node in the false network topology; and identifying the malicious traffic source host by combining the related data packet transmitted to the honeypot and utilizing the SDN controller to carry out flow rule traffic statistics on the SDN switch, and isolating the identified host. In order to solve the problem that real network configuration is easy to obtain by network investigation in the existing static network, the invention uses the idea of mimicry defense to cheat internal attackers by constructing a false network topology so as to protect a benign host in the network and improve the stability and reliability of network operation.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a network protection method, system and system architecture based on false topology generation. Background technique [0002] While static configuration of networks and hosts simplifies reachability and manageability, it also makes network reconnaissance easier. Attackers can perform network reconnaissance and identify exploitable vulnerabilities, giving attackers a tactical advantage. In particular, an insider attacker probing a networked environment can identify hosts and open ports, and map their topology for known vulnerabilities or zero-day vulnerabilities for further attack operations. Sophisticated targeted attacks such as APTs rely on network fingerprinting to identify hosts and vulnerabilities. According to authoritative statistics, as many as 70% of network attacks are caused by network reconnaissance. [0003] Static network configurations allow...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1491
Inventor 张震白松浩谢记超陈祥王文博陆杰贺磊
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap