一种面向C/S模式的地址跳变主动网络防御方法
|
摘要
现有地址跳变方法需要设计新的地址交互协议,扩展性较差,跳变周期缺乏自适应调整,该文提出一种基于改进DHCP协议的地址跳变方法。利用自回归求和平均模型对网络流量进行建模和预测以计算预分配地址数目,根据地址空置周期选择预分配地址,利用基于动态时间弯曲距离的时间序列相似性度量算法检测网络异常并动态调整地址租用期,客户端和服务器基于地址映射关系进行跳变通信。该方法在无需修改现有DHCP协议的基础上实现了跳变地址和跳变周期的动态调整,增加了攻击者进行流量截获和拒绝服务攻击的难度,提高了攻击者代价。
The existing address hopping methods need to design a new protocol of address exchanging and the scalability is usually limited. Also, its hopping cycle is difficult to make self-adaption. This paper proposes an address hopping method based on an improved Dynamic Host Configuration Protocol(DHCP). The number of hopping addresses is calculated by fitting and predicting network traffic which uses the auto regression integration moving average model. The hopping addresses are selected according to the address vacant time. The address lease time is adjusted dynamically according to the network anomaly which is detected by using the time series similarity measure algorithm based on dynamic time warping distance. Clients and application server are able to complete hopping communication based on the address mapping relationships. The proposed method can adjust hopping address and cycle dynamically without to modify the existing DHCP protocol, which not only increases attacker's difficult of intercepting traffic and launching denial of service attack but also enhances the attacker's overhead.
The existing address hopping methods need to design a new protocol of address exchanging and the scalability is usually limited. Also, its hopping cycle is difficult to make self-adaption. This paper proposes an address hopping method based on an improved Dynamic Host Configuration Protocol(DHCP). The number of hopping addresses is calculated by fitting and predicting network traffic which uses the auto regression integration moving average model. The hopping addresses are selected according to the address vacant time. The address lease time is adjusted dynamically according to the network anomaly which is detected by using the time series similarity measure algorithm based on dynamic time warping distance. Clients and application server are able to complete hopping communication based on the address mapping relationships. The proposed method can adjust hopping address and cycle dynamically without to modify the existing DHCP protocol, which not only increases attacker's difficult of intercepting traffic and launching denial of service attack but also enhances the attacker's overhead.
引文
[1]ZHUANG Rui,BARDAS A G,DELOACH S A,et al.Atheory of cyber attacks:A step towards analyzing MTDsystems[C].Proceedings of the Second ACM Workshop on Moving Target Defense,Denver,Colorado,2015:11-20.
[2]GREEN M,MACFARLAND D C,SMESTAD D R,et al.Characterizing network-based moving target defenses[C].Proceedings of the Second ACM Workshop on Moving Target Defense,Denver,Colorado,2015:31-35.
[3]JAFARIAN J H,AL-SHAER E,and QI Duan.An effective address mutation approach for disrupting reconnaissance attacks[J].IEEE Transactions on Information Forensics and Security,2015,10(12):2562-2577.doi:10.1109/TIFS.2015.2467358.
[4]石乐义,贾春福,吕述望.基于端信息跳变的主动网络防护研究[J].通信学报,2008,29(2):106-110.SHI Leyi,JIA Chunfu,and LüShuwang.Research on end hopping for active network confrontation[J].Journal on Communications,2008,29(2):106-110.
[5]ATIGHETCHI M,PAL P,WEBBER F,et al.Adaptive use of network-centric mechanisms in cyber-defense[C].Sixth IEEE International Symposium on Object-Oriented RealTime Distributed Computing,Cambridge,MA,2003:183-192.
[6]SIFALAKIS M,SCHMID S,and HUTCHISON D.Network address hopping:A mechanism to enhance data protection for packet communications[C].2005 IEEE International Conference on Communications,London,2005:1518-1523.
[7]ANTONATOS S,AKRITIDIS P,MARKATOS E P,et al.Defending against hitlist worms using network address space randomization[J].Computer Networks,2007,51(12):3471-3490.
[8]DUNLOP M,GROAT S,URBANSKI W,et al.MT6D:Amoving target IPv6 defense[C].2011 IEEE Military Communications Conference,Baltimore,MD,2011:1321-1326.
[9]刘慧生,王振兴,郭毅.一种基于多穴跳变的IPv6主动防御模型[J].电子与信息学报,2012,34(7):1715-1720.doi:10.3724/SP.J.1146.2011.01350.LIU Huisheng,WANG Zhenxing,and GUO Yi.An IPv6proactive network defense model based on multi-homing hopping[J].Journal of Electronics&Information Technology,2012,34(7):1715-1720.doi:10.3724/SP.J.1146.2011.01350.
[10]姜明,吴春明,张旻,等.网络流量预测中的时间序列模型比较[J].电子学报,2009,37(11):2353-2358.JIANG Ming,WU Chunming,ZHANG Min,et al.Research on the comparison of time series models for network traffic prediction[J].Acta Electronica Sinica,2009,37(11):2353-2358.
[11]LI Junkui and WANG Yuanzhen.EA DTW:Early abandon to accelerate exact dynamic time warping[C].2007International Conference on Intelligent Systems and Knowledge Engineering,Chengdu,China,2007:144-152.
[12]赵春蕾.端信息跳变系统自适应策略研究[D].[博士论文],南开大学,2012.ZHAO Chunlei.Research on adaptive strategies for endhopping system[D].[Ph.D.dissertation],Nankai University,2012.
[2]GREEN M,MACFARLAND D C,SMESTAD D R,et al.Characterizing network-based moving target defenses[C].Proceedings of the Second ACM Workshop on Moving Target Defense,Denver,Colorado,2015:31-35.
[3]JAFARIAN J H,AL-SHAER E,and QI Duan.An effective address mutation approach for disrupting reconnaissance attacks[J].IEEE Transactions on Information Forensics and Security,2015,10(12):2562-2577.doi:10.1109/TIFS.2015.2467358.
[4]石乐义,贾春福,吕述望.基于端信息跳变的主动网络防护研究[J].通信学报,2008,29(2):106-110.SHI Leyi,JIA Chunfu,and LüShuwang.Research on end hopping for active network confrontation[J].Journal on Communications,2008,29(2):106-110.
[5]ATIGHETCHI M,PAL P,WEBBER F,et al.Adaptive use of network-centric mechanisms in cyber-defense[C].Sixth IEEE International Symposium on Object-Oriented RealTime Distributed Computing,Cambridge,MA,2003:183-192.
[6]SIFALAKIS M,SCHMID S,and HUTCHISON D.Network address hopping:A mechanism to enhance data protection for packet communications[C].2005 IEEE International Conference on Communications,London,2005:1518-1523.
[7]ANTONATOS S,AKRITIDIS P,MARKATOS E P,et al.Defending against hitlist worms using network address space randomization[J].Computer Networks,2007,51(12):3471-3490.
[8]DUNLOP M,GROAT S,URBANSKI W,et al.MT6D:Amoving target IPv6 defense[C].2011 IEEE Military Communications Conference,Baltimore,MD,2011:1321-1326.
[9]刘慧生,王振兴,郭毅.一种基于多穴跳变的IPv6主动防御模型[J].电子与信息学报,2012,34(7):1715-1720.doi:10.3724/SP.J.1146.2011.01350.LIU Huisheng,WANG Zhenxing,and GUO Yi.An IPv6proactive network defense model based on multi-homing hopping[J].Journal of Electronics&Information Technology,2012,34(7):1715-1720.doi:10.3724/SP.J.1146.2011.01350.
[10]姜明,吴春明,张旻,等.网络流量预测中的时间序列模型比较[J].电子学报,2009,37(11):2353-2358.JIANG Ming,WU Chunming,ZHANG Min,et al.Research on the comparison of time series models for network traffic prediction[J].Acta Electronica Sinica,2009,37(11):2353-2358.
[11]LI Junkui and WANG Yuanzhen.EA DTW:Early abandon to accelerate exact dynamic time warping[C].2007International Conference on Intelligent Systems and Knowledge Engineering,Chengdu,China,2007:144-152.
[12]赵春蕾.端信息跳变系统自适应策略研究[D].[博士论文],南开大学,2012.ZHAO Chunlei.Research on adaptive strategies for endhopping system[D].[Ph.D.dissertation],Nankai University,2012.