Background technology
Theory and realization technology thereof that how the main research of network spoofing part pretended legacy network, thus improve the fail safe of network and solve some outstanding safety problems in the network, as by network spoofing, can avoid being subject to DoS attack; Can stop detection and the attack of active and passive remote operating system type, network topology structure etc.; Can detect and stop the propagation of spam, the feature of detection worm-type virus etc.
The patent of invention content
Patent of the present invention technical problem to be solved is for the deficiency in the above-mentioned existing technology, provide a kind of advanced technology, powerful, high security, high-adaptability, be easy to dispose and manage pass through initiatively camouflage, namely the packet that flows out is pretended, make the passive detection softwares such as POF can't correctly identify the OS Type of main frame, or obtain other type different from real OS Type; By passive camouflage, namely assailant's active probe information is distinguished, and surveyed purpose according to it and return corresponding camouflage information, thereby make the assailant obtain other type different from real OS Type.
For addressing the above problem, the technical scheme that patent of the present invention adopts is: by the network service of some camouflages is set, can follow the tracks of assailant's behavior such as the Telnet of simulation, and its attack is analyzed, to find the new attack method; As simulate the attack that some system vulnerabilities detect worm-type virus etc.; Inveigle, detect spam such as model SMTP, and the propagation of prevention spam etc.
Above-mentioned network security network spoofing technology is done unified planning to the safety of the whole network, realizes the network spoofing service.For the camouflage network service, by the login process of Telnet as can be known, different login modes has just embodied the otherness of login process.If similarly service state and event driven status change are sorted out, then can greatly simplify the above-mentioned network spoofing technology of camouflage network service [0006] of describing based on the event-driven status change, it is characterized in that: use for reference colored Petri network, be the similar service state abstraction (class) service state, different elements (service state) wherein are by distinguishing for it adds different colors
Above-mentioned network spoofing technology, it is characterized in that: equally similar event driven service state transition abstract be the transition of (class) service state, transition have wherein just formed the network service simulation model based on coloured event-driven status change by distinguishing for it adds different colors
Above-mentioned network security is worked in coordination with defence system, it is characterized in that: the service state set that is made of the service state after abstract then is a finite aggregate.Define thus and realized the Changes of attack and based on the quantified controlling model of the camouflage network service of adjacency matrix.
Above-mentioned network security is worked in coordination with defence system, it is characterized in that: use a kind of virtual interface technology, make the IP address of simulation and real host IP address have same behavioral trait, make anti-sniffle think that the IP address of simulation is real host IP address.
Above-mentioned network security is worked in coordination with defence system, it is characterized in that: the main frame in the same broadcast domain is by collaborative work, IP address in the competition address pool by variation and the detecting periodically of control race condition, realizes dynamically pretending model without the IP of control centre's session Network Based
Above-mentioned network security is worked in coordination with defence system, it is characterized in that: the IP by session Network Based dynamically pretends, and can well prevent from attacking based on the Network Sniffing of IP address statistics.
Above-mentioned network security is worked in coordination with defence system, it is characterized in that: by the competition mechanism of camouflage IP address, same camouflage IP address constantly may be applied to the BlueDrama of different main frames in difference, communicates by letter with phase-split network and the difficulty of Content of Communication thereby increased according to the accurate seat offence target in IP address.
Above-mentioned network security is worked in coordination with defence system, it is characterized in that: two-layer IDS refers to the IDS of kernel Network Based and based on the IDS that uses, the IDS that embeds kernel mainly detects network layer, transport layer header, and mainly the entrained content of datagram is detected based on the IDS that uses, in conjunction with the network service simulation, can well solve detection and prevention to unknown attack simultaneously.
Above-mentioned network security is worked in coordination with defence system, it is characterized in that: two-layer IDS provides the signal of passive camouflage to encourage to the network spoofing core, and namely which type of BlueDrama need to carry out passive camouflage etc.
Patent of the present invention has the following advantages compared with prior art:
(1) network spoofing is when the active and passive detection of defence is attacked, but the envelop of function of Extended ID S and fire compartment wall again
(2) IDS is in the generation that detects active probe and attack, and for passive network spoofing with fire compartment wall sends pumping signal and when making it take corresponding defensive measure, can calculate by network spoofing again the detected characteristics value of unknown attack mode
(3) testing result of fire compartment wall real-time response network spoofing and network attack filtered prevention.
Embodiment
As shown in Figure 1, patent of the present invention is by accepting the control request of computer
1-namely pretends the packet that flows out by initiatively camouflage request, judges that whether the remaining IP of this network segment address is less than certain value K
The remaining IP of this network segment address is worth K less than certain, remaining ip address is selected, and then selected at random K IP value address
2-namely distinguishes assailant's active probe information by passive camouflage, and surveys purpose according to it and return corresponding camouflage information, judges whether the network segment of request does not distribute to other main frame
The network segment of judgement request need to be distributed to other main frame, just distributes to the network segment to requesting host
1 and 2 judge select with the data that distribute and 1 in the KWH ip address selected at random in distributing issue in the lump the computer control end, the IP by session Network Based dynamically pretends, and can well prevent the Network Sniffing attack based on IP address statistics.
In sum, in the practical work process, this figure is the major function exploded view
The above; it only is the preferred embodiment of patent of the present invention; be not that patent of the present invention is imposed any restrictions; every any simple modification that patented technology essence is done above embodiment according to the present invention, change and equivalent structure change, and all still belong in the protection range of patented technology scheme of the present invention.