CN104869120A - Active hiding method of router identity characteristic information - Google Patents
Active hiding method of router identity characteristic information Download PDFInfo
- Publication number
- CN104869120A CN104869120A CN201510264761.2A CN201510264761A CN104869120A CN 104869120 A CN104869120 A CN 104869120A CN 201510264761 A CN201510264761 A CN 201510264761A CN 104869120 A CN104869120 A CN 104869120A
- Authority
- CN
- China
- Prior art keywords
- information
- pseudo
- identity
- probe messages
- router
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
Abstract
The invention relates to an active hiding method of router identity characteristic information. Through a message parsing mechanism, arrived detection messages are parsed and legal detection messages and illegal detection messages are distinguished. Through a randomization pseudonym information scheduling mechanism, corresponding pseudonym information is scheduled according to an illegal message detection demand so that a hiding purpose is reached. Through dynamic perception learning, a fake identity information pool is generated so that an attacker identity which is responded and given by the router is highly similar with a node identity in a surrounding network environment and attacker identification difficulty is increased. When an identity characteristic needs to be hidden, the router adopts a Hash mapping mode to randomly select the identity characteristic to respond from the fake identity information pool according to an identity characteristic of an attacker. A consistent strategy is used so as to ensure that response contents which are given to the same attacker are consistent so that the attacker is deceived.
Description
Technical field
The present invention relates to computer network security field, particularly a kind of router identification characteristic information initiatively hidden method.
Background technology
Current, network is one of infrastructure becoming information-intensive society, plays more and more important effect in daily life.Under this background, the safety of network security particularly core network just seems particular importance.Network attack person is the chief threat that current network security faces, the related protocol leak that network attack person often utilizes router to exist illegally detects the characteristic information of router, and then utilize router characteristic information routers to carry out attacking and controlling, reach the object attacking and destroy whole network.
The existence of router characteristic information is that conveniently keeper's routers is configured, administers and maintains, network attack person adopts the method for illegal detection to obtain router characteristic information, although and then routers is carried out attacking and is stamped patch to related protocol leak, but this fundamentally can not solve the safety problem of router, and network attack person implements to control toward contact by cracking administrator password routers.These are the serious threat normal operation of network and the information security of user all.
Summary of the invention
For deficiency of the prior art, the invention provides a kind of router identification characteristic information initiatively hidden method, from the angle promoting network security ability and network protection ability, for router administration plane Problems existing, by the problem causing the various identity of router to be revealed due to related protocol leak that randomization pseudo-identity response generating algorithm solves that current router exists, when invalid information probe messages enters router administration plane, by mimicry from using identity concealing technology, namely by the pseudo-identity response generating algorithm of randomization, produce pseudo-identity response message and send to opposite end, reach and the identity of assailant is hidden.
According to design provided by the present invention, a kind of router identification characteristic information is hidden method initiatively, comprises following steps:
Step 1. is resolved the probe messages arrived, and judges that whether probe messages is legal, if legal probe messages, the characteristic information that then router normal response is correct, otherwise, judge that this probe messages is as illegal probe messages, extract illegal probe messages information, enter step 2;
Step 2., for the illegal probe messages information extracted in step 1, is taked the pseudo-identity response generating algorithm of randomization to generate corresponding pseudo-identity information, is selected corresponding pseudo-identity information object group in pseudo-mib information pond;
Step 3., according to the pseudo-identity information generated in step 2, dynamically produce random uncertain pseudo-identity response information, and the pseudo-identity response information of same assailant is consistent to take consistent strategy to guarantee by the pseudo-identity response generating algorithm of randomization;
Step 4. pseudo-mib information pond stores pseudo-identity information, administers and maintains, different pseudo-identity information is stored in different pseudo-identity information object group according to the difference of identity information, stores the pseudo-identity information of same identity information in same pseudo-identity information object group.
Described pseudo-mib information pond is that the MIB tree structure according to standard in router administration plane produces at random, and according to the corresponding illegal probe messages of pseudo-identity information response.
Extract illegal probe messages packets of information in described step 1 containing the characteristic information extracting illegal probe messages, described characteristic information comprises IP address and detection content characteristic.
The pseudo-identity response generating algorithm of described randomization adopts the Hash mapping algorithm in the pseudo-identity information scheduling mechanism of randomization.
Beneficial effect of the present invention:
1. the active hidden method that the present invention proposes is learnt by dynamic sensing, generate false identities information pool, router is responded and to the node identities in the identity of assailant and ambient network environment, there is higher similitude, thus increase assailant identifies difficulty; Needs carry out identity characteristic hide time; router is according to assailant's identity characteristic (IP address, detection feature content etc.); Hash mapping mode Stochastic choice identity characteristic from false identities information pool is taked to respond; and take consistent strategy to guarantee to reply to the response contents of same assailant unanimously, lure that assailant is deceived into.
2. the present invention is by packet parsing mechanism, resolves, distinguish legal probe messages and illegal probe messages to the probe messages arrived; By the pseudo-identity information scheduling mechanism of randomization, realizing according to the detection demand dispatch of invalid packet is that identity information is to reach hiding object accordingly; Wherein, pseudo-mib information pond, builds by the MIB tree structure of standard, realizes the generation of pseudo-identity information, store and management; The pseudo-identity response generating algorithm of randomization, for generating the pseudo-identity information consistent with the demand that illegally detects, reaching initiatively hide object by carrying out pseudo-identity response to illegal detection.
accompanying drawing illustrates:
Fig. 1 is schematic flow sheet of the present invention;
Fig. 2 is probe messages process of analysis schematic diagram of the present invention;
Fig. 3 is randomization of the present invention pseudo-identity information scheduling mechanism schematic flow sheet.
embodiment:
Below in conjunction with accompanying drawing and technical scheme, the present invention is further detailed explanation, and describe embodiments of the present invention in detail by preferred embodiment, but embodiments of the present invention are not limited to this.
Embodiment one, shown in Fig. 1 ~ 2, a kind of router identification characteristic information is hidden method initiatively, comprises following steps:
Step 1. is resolved the probe messages arrived, and judges that whether probe messages is legal, if legal probe messages, the characteristic information that then router normal response is correct, otherwise, judge that this probe messages is as illegal probe messages, extract illegal probe messages information, enter step 2;
Step 2., for the illegal probe messages information extracted in step 1, is taked the pseudo-identity response generating algorithm of randomization to generate corresponding pseudo-identity information, is selected corresponding pseudo-identity information object group in pseudo-mib information pond;
Step 3., according to the pseudo-identity information generated in step 2, dynamically produce random uncertain pseudo-identity response information, and the pseudo-identity response information of same assailant is consistent to take consistent strategy to guarantee by the pseudo-identity response generating algorithm of randomization;
Step 4. pseudo-mib information pond stores pseudo-identity information, administers and maintains, different pseudo-identity information is stored in different pseudo-identity information object group according to the difference of identity information, stores the pseudo-identity information of same identity information in same pseudo-identity information object group.
Embodiment two, substantially identical with embodiment one, difference is: described pseudo-mib information pond is that the MIB tree structure according to standard in router administration plane produces at random, and according to the corresponding illegal probe messages of pseudo-identity information response.
Embodiment three, substantially identical with embodiment one, difference is: extract illegal probe messages packets of information in described step 1 containing the characteristic information extracting illegal probe messages, and described characteristic information comprises IP address and detection content characteristic.
Embodiment four, shown in Figure 3, substantially identical with embodiment one, difference is: the pseudo-identity response generating algorithm of described randomization adopts the Hash mapping algorithm in the pseudo-identity information scheduling mechanism of randomization.
The present invention is learnt by dynamic sensing, generates false identities information pool, router is responded and has higher similitude to the node identities in the identity of assailant and ambient network environment, thus increase assailant identifies difficulty; Needs carry out identity characteristic hide time; router is according to assailant's identity characteristic (IP address, detection feature content etc.); Hash mapping mode Stochastic choice identity characteristic from false identities information pool is taked to respond; and take consistent strategy to guarantee to reply to the response contents of same assailant unanimously, lure that assailant is deceived into.
The present invention is not limited to above-mentioned embodiment, and those skilled in the art also can make multiple change accordingly, but to be anyly equal to the present invention or similar change all should be encompassed in the scope of the claims in the present invention.
Claims (4)
1. a router identification characteristic information initiatively hidden method, is characterized in that: comprise following steps:
Step 1. is resolved the probe messages arrived, and judges that whether probe messages is legal, if legal probe messages, the characteristic information that then router normal response is correct, otherwise, judge that this probe messages is as illegal probe messages, extract illegal probe messages information, enter step 2;
Step 2., for the illegal probe messages information extracted in step 1, is taked the pseudo-identity response generating algorithm of randomization to generate corresponding pseudo-identity information, is selected corresponding pseudo-identity information object group in pseudo-mib information pond;
Step 3., according to the pseudo-identity information generated in step 2, dynamically produce random uncertain pseudo-identity response information, and the pseudo-identity response information of same assailant is consistent to take consistent strategy to guarantee by the pseudo-identity response generating algorithm of randomization;
Step 4. pseudo-mib information pond stores pseudo-identity information, administers and maintains, different pseudo-identity information is stored in different pseudo-identity information object group according to the difference of identity information, stores the pseudo-identity information of same identity information in same pseudo-identity information object group.
2. router identification characteristic information according to claim 1 initiatively hidden method, it is characterized in that: described pseudo-mib information pond is that the MIB tree structure according to standard in router administration plane produces at random, and according to the corresponding illegal probe messages of pseudo-identity information response.
3. router identification characteristic information according to claim 1 initiatively hidden method, it is characterized in that: extract illegal probe messages packets of information in described step 1 containing the characteristic information extracting illegal probe messages, described characteristic information comprises IP address and detection content characteristic.
4. router identification characteristic information according to claim 1 initiatively hidden method, is characterized in that: the pseudo-identity response generating algorithm of described randomization adopts the Hash mapping algorithm in the pseudo-identity information scheduling mechanism of randomization.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510264761.2A CN104869120B (en) | 2015-05-22 | 2015-05-22 | Router identification characteristic information active hidden method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510264761.2A CN104869120B (en) | 2015-05-22 | 2015-05-22 | Router identification characteristic information active hidden method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104869120A true CN104869120A (en) | 2015-08-26 |
| CN104869120B CN104869120B (en) | 2018-06-22 |
Family
ID=53914643
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510264761.2A Active CN104869120B (en) | 2015-05-22 | 2015-05-22 | Router identification characteristic information active hidden method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104869120B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105721442A (en) * | 2016-01-22 | 2016-06-29 | 耿童童 | Spurious response system and method based on dynamic variation and network security system and method |
| CN108512852A (en) * | 2018-04-04 | 2018-09-07 | 中山大学 | Terminal identity information protects system and method under a kind of wireless network environment |
| CN108924131A (en) * | 2018-07-02 | 2018-11-30 | 杭州安恒信息技术股份有限公司 | A kind of camera Internet of Things mimicry means of defence and device |
| CN109257445A (en) * | 2018-11-12 | 2019-01-22 | 郑州昂视信息科技有限公司 | A kind of Web service dynamic dispatching method and dynamic scheduling system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6415321B1 (en) * | 1998-12-29 | 2002-07-02 | Cisco Technology, Inc. | Domain mapping method and system |
| CN101340322A (en) * | 2008-08-29 | 2009-01-07 | 陈玲玲 | Error prompt method for WEB access |
| CN102752303A (en) * | 2012-07-05 | 2012-10-24 | 北京锐安科技有限公司 | Bypass-based data acquisition method and system |
| CN104348789A (en) * | 2013-07-30 | 2015-02-11 | 中国银联股份有限公司 | Web server and method for preventing cross-site scripting attack |
-
2015
- 2015-05-22 CN CN201510264761.2A patent/CN104869120B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6415321B1 (en) * | 1998-12-29 | 2002-07-02 | Cisco Technology, Inc. | Domain mapping method and system |
| CN101340322A (en) * | 2008-08-29 | 2009-01-07 | 陈玲玲 | Error prompt method for WEB access |
| CN102752303A (en) * | 2012-07-05 | 2012-10-24 | 北京锐安科技有限公司 | Bypass-based data acquisition method and system |
| CN104348789A (en) * | 2013-07-30 | 2015-02-11 | 中国银联股份有限公司 | Web server and method for preventing cross-site scripting attack |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105721442A (en) * | 2016-01-22 | 2016-06-29 | 耿童童 | Spurious response system and method based on dynamic variation and network security system and method |
| CN105721442B (en) * | 2016-01-22 | 2019-03-22 | 北京卫达信息技术有限公司 | Based on dynamic mapping false response system, method and network safety system and method |
| CN108512852A (en) * | 2018-04-04 | 2018-09-07 | 中山大学 | Terminal identity information protects system and method under a kind of wireless network environment |
| CN108924131A (en) * | 2018-07-02 | 2018-11-30 | 杭州安恒信息技术股份有限公司 | A kind of camera Internet of Things mimicry means of defence and device |
| CN109257445A (en) * | 2018-11-12 | 2019-01-22 | 郑州昂视信息科技有限公司 | A kind of Web service dynamic dispatching method and dynamic scheduling system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104869120B (en) | 2018-06-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109246108B (en) | Simulated honeypot fingerprint obfuscation system and SDN network architecture thereof | |
| CN104869120A (en) | Active hiding method of router identity characteristic information | |
| CN105721457B (en) | Network security protection system and network security defence method based on dynamic mapping | |
| JP6690644B2 (en) | Security system, security method, and recording medium storing program | |
| JP6693516B2 (en) | Security system, security method, and recording medium storing program | |
| CN104219338B (en) | The generation method and device of the safe list item of authorized address analysis protocol | |
| Tripathi et al. | Analysis of various ARP poisoning mitigation techniques: A comparison | |
| CN109495583B (en) | Data security interaction method based on host characteristic confusion | |
| JP6460112B2 (en) | Security system, security method and program | |
| 引用本篇文獻時 et al. | Improvement on a smart card based password authentication scheme | |
| CN105516073B (en) | Network intrusion prevention method | |
| WO2022028513A1 (en) | Data sending method and apparatus and data receiving method and apparatus for resisting network communication monitoring | |
| US20150295950A1 (en) | Method, apparatus and system for defending against network attack | |
| CN103685181A (en) | Key negotiation method based on SRTP | |
| CN106130903B (en) | SDN switch flow table encryption method based on FPGA | |
| CN101399814B (en) | Method, system and device for verifying relation between data link layer address and sending side | |
| CN105790932B (en) | A kind of encryption method by using based on machine code | |
| CN104410642A (en) | Equipment access sensing method based on ARP protocol | |
| Salim et al. | Preventing ARP spoofing attacks through gratuitous decision packet | |
| Peng et al. | Security technology analysis of IoT | |
| Wang et al. | A DoS-resilient enhanced two-factor user authentication scheme in wireless sensor networks | |
| CN105471839B (en) | A kind of method for judging router data and whether being tampered | |
| KR101188308B1 (en) | Pseudo packet monitoring system for address resolution protocol spoofing monitoring of malicious code and pseudo packet monitoring method therefor | |
| Yang et al. | Design of DHCP protocol based on access control and SAKA encryption algorithm | |
| Hjelm et al. | Situation-aware adaptive cryptography |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |