Unlock instant, AI-driven research and patent intelligence for your innovation.

A mobile target defense method against scanning attacks in sdn network

A mobile target defense and network technology, applied in the field of mobile target defense against scanning attacks, can solve problems such as network offensive and defensive imbalances, and achieve the effects of avoiding attacks, reducing burdens, and avoiding participation

Active Publication Date: 2022-02-22
TIANJIN UNIVERSITY OF TECHNOLOGY
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In traditional networks, attackers have time advantages, cost advantages, and information asymmetry advantages, resulting in an unbalanced network attack and defense

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A mobile target defense method against scanning attacks in sdn network
  • A mobile target defense method against scanning attacks in sdn network
  • A mobile target defense method against scanning attacks in sdn network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The present invention is described in further detail below in conjunction with accompanying drawing

[0027] Such as figure 2 , image 3 As shown, in the SDN network provided by the present invention, the mobile target defense method for scanning attack comprises the following steps carried out in order:

[0028] Step 1) build as figure 1 The SDN network shown is composed of the controller, openflow switch, DNS server, Apache server and host h1; the DNS server and Apache server are called the scanned host, and the host h1 is called the attacker

[0029] Step 2) In the SDN network, the controller performs data collection according to the flow entry; the scanned host attacker sends a scanning data packet, and the openflow switch receives the scanning data packet and matches it with its own flow entry, and forwards it if the match is successful , if the matching fails, the scanned data packet will be encapsulated into the Packet_in packet and uploaded to the controller...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A moving target defense method against scanning attacks in SDN networks. It includes constructing an SDN network; collecting data; judging whether the scanned host is under scanning attack, and if so, selecting different MTD strategies according to the type of scanning data packet, constructing an MTD response packet and sending it to the attacker; judging whether the scanned host exists , if it exists, generate a flow entry according to the MTD forwarding rule and send it to the corresponding switch; end the MTD policy and other steps. Effects of the present invention: Random data response is performed in the software-defined network scanning phase, and different jump defense methods are used for different scanning data packet types by utilizing the programmable and logical centralized control characteristics of the software-defined network. By randomizing the response data packets, the attacker cannot determine the status of the scanned host, thereby achieving the effect of active defense and effectively avoiding attacks.

Description

technical field [0001] The invention belongs to the technical field of mobile target defense, and more specifically relates to a mobile target defense method against scanning attacks in an SDN network. Background technique [0002] Moving target defense (Moving target defense, MTD) is to increase the attacker's attack difficulty through a dynamic and unpredictable attack surface, so as to improve the current situation in the network that is easy to attack and difficult to defend. In traditional networks, attackers have time advantages, cost advantages, and information asymmetry advantages, resulting in an imbalance in the network's offense and defense. The emergence of MTD has constructed a dynamic network that can narrow the gap between offense and defense. [0003] Software defined network (software defined network, SDN) separates the data plane and control plane in the traditional network, abstracts the network resources of the data plane, and supports direct programming...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/1425H04L63/1441
Inventor 韩俐张博峰吕星璇
Owner TIANJIN UNIVERSITY OF TECHNOLOGY