Random Address Mutation Method Based on Service Awareness

doi:10.19678/j.issn.1000-3428.0051042

Abstract

Abstract:

In order to solve the problem of high delay,low efficiency and indistinguishes communication service types in the existing address mutation technology,a service awareness based address mutation method is proposed in the SDN environment.With the feature of subsection IP continuous segmentation,an efficient random address generation algorithm is adopted to make the address mutation technology more efficient.At the same time,a communication authentication algorithm is used to provide different mutation modes according to the architecture and reliability requirements of both sides.Experimental results show that,compared with the OF-RHM and PPAH-SPD method,this method can effectively guarantee the communication parties from the sniffer attack,provide more efficient and flexible address random mutation effect and address mutation mode,reduce the time delay of 30%~60% and reduce the jitter.

Key words: network security, random address mutation, service awareness, reliability requirements, time delay

摘要：

为解决已有地址跳变技术时延高、效率低、不能区分通信业务类型的问题,在软件定义网络环境下提出一种基于业务感知的地址跳变方法。针对子网IP分段连续的特点,采用高效的随机地址生成算法使地址跳变技术更高效。同时使用通信认证算法,根据通信双方的架构和业务可靠性要求来提供不同的跳变模式。实验结果表明,相比OF-RHM、PPAH-SPD方法,该方法能够有效保证通信双方免受嗅探攻击,取得更高效灵活的随机地址跳变效果和地址跳变模式,降低30%~60%的时延并减少抖动。

关键词: 网络安全, 随机地址跳变, 业务感知, 可靠性要求, 时延

CLC Number:

TP393

GU Yunjie,HU Yuxiang,DING Yuehang,XIE Jichao. Random Address Mutation Method Based on Service Awareness[J]. Computer Engineering, 2018, 44(10): 28-33,41.

谷允捷,胡宇翔,丁悦航,谢记超. 基于业务感知的随机地址跳变方法[J]. 计算机工程, 2018, 44(10): 28-33,41.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0051042

http://www.ecice06.com/EN/Y2018/V44/I10/28

References

［1］JAJODIA S,GHOSH A K,SWARUP V,et al.Moving target defense:creating asymmetric uncertainty for cyber threats［M］.Berlin,Germany:Springer,2011.
［2］ANTONATOS S,AKRITIDIS P,MARKATOS E P,et al.Defending against hitlist worms using network address space randomization［C］//Proceedings of ACM Workshop on Rapid Malcode.New York,USA:ACM Press,2005:30-40.
［3］AZODOLMOLKY S.Software defined networking with OpenFlow［M］.Birmingham,UK:Packt Publishing,2013.
［4］ATIGHETCHI M,PAL P,WEBBER F,et al.Adaptive use of network-centric mechanisms in cyber-defense［C］//Proceedings of IEEE International Symposium on Object-oriented Real-time Distributed Computing.Washington D.C.,USA:IEEE Press,2003:183-192.
［5］KEWLEY D,FINK R,LOWRY J,et al.Dynamic approaches to thwart adversary intelligence gathering［C］//Proceedings of DISCEX’01.Washington D.C.,USA:IEEE Press,2001:176-185.
［6］ANTONATOS S,AKRITIDIS P,MARKATOS E P,et al.Defending against hitlist worms using network address space randomization［J］.Microcomputer Information,2009,51(12):3471-3490.
［7］JAFARIAN J H,AL-SHAER E,DUAN Q.An effective address mutation approach for disrupting reconnaissance attacks［J］.IEEE Transactions on Information Forensics and Security,2015,10(12):2562-2577.
［8］JAFARIAN J H,AL-SHAER E,DUAN Q.Openflow random host mutation:transparent moving target defense using software defined networking［C］//Proceedings of Workshop on Hot Topics in Software Defined Networks.New York,USA:ACM Press,2012:127-132.
［9］ZHENG K,ZHAO X,LI X,et al.A SDN-based IP address hopping method design［C］//Proceedings of International Conference on Measurement,Instrumentation and Automation.Washington D.C.,USA:IEEE Press,2016:509-512.
［10］张连成,魏强,唐秀存,等.基于路径与端址跳变的SDN网络主动防御技术［J］.计算机研究与发展,2017,54(12):2748-2758.
［11］WU J.An effective architecture and algorithm for detecting worms with various scan techniques［C］//Proceedings of ISOC Symposium on Network and Distributed System Security.Washington D.C.,USA:IEEE Press,2004:143-156.
［12］JAFARIAN J H,AL-SHAER E,DUAN Q.Adversary-aware IP address randomization for proactive agility against sophisticated attackers［C］//Proceedings of 2015 IEEE Conference on Computer Communications.Washington D.C.,USA:IEEE Press,2015:738-746.
［13］王宇航.一种基于SDN的地址跳变主动防御技术的研究与实现［D］.杭州:浙江大学,2017.
［14］ABDULLAH T.Testing of Floodlight controller with Mininet in SDN topology［J］.Sciencerise,2014,5(2):158.
［15］OLIVEIRA R L S D,SHINODA A A,SCHWEITZER C M,et al.Using Mininet for emulation and prototyping software-defined networks［C］//Proceedings of 2014 IEEE Colombian Conference on Communications and Com-puting.Washington D.C.,USA:IEEE Press,2014:1-6.
［16］OREBAUGH A,SARAMIREZ G,BURKE J,et al.Wireshark and Ethereal network protocol analyzer toolkit［M］.［S.l.］:Syngress Publishing,2007:523-540.
［17］MCKEOWN N,ANDERSON T,BALAKRISHNAN H,et al.OpenFlow:enabling innovation in campus networks［J］.ACM SIGCOMM Computer Communication Review,2008,38(2):69-74.
［18］林森杰,刘勤让,王孝龙.面向拟态防御系统的竞赛式仲裁模型［J］.计算机工程,2018,44(4):193-198.

[1]	Changhong YU, Ya LU, Haixin WANG, Ming GAO. Traffic Classification Algorithm for IoT Device Based on Sliding Time Window [J]. Computer Engineering, 2023, 49(7): 259-268.
[2]	CUI Jingyang, CHEN Zhenguo, TIAN Liqin, ZHANG Guanghua. Overview of User and Entity Behavior Analytics Technology Based on Machine Learning [J]. Computer Engineering, 2022, 48(2): 10-24.
[3]	SUN Pengyu, ZHANG Hengwei, TAN Jinglei, LI Chenwei, MA Junqiang, WANG Jindong. Network Security Defense Decision Method Based on Time Game [J]. Computer Engineering, 2022, 48(11): 145-151.
[4]	NI Siyuan, HU Hongchao, LIU Wenyan, LIANG Hao. Heterogeneous Cloud Resource Allocation Algorithm Based on Rotation Strategy [J]. Computer Engineering, 2021, 47(6): 44-51,67.
[5]	YANG Yanli, SONG Lipeng. Attack Graph Generation Method Integrating Social Network Threats [J]. Computer Engineering, 2021, 47(5): 104-116.
[6]	WANG Zi, WANG Zhihua, HAN Yong, JIN Jianlong, HUANG Tianming, ZHU Jiang. Research on Mulit-Layer Cooperative Defense Model Oriented to Network Security of Power System [J]. Computer Engineering, 2021, 47(12): 131-140.
[7]	ZHAO Xingbing, ZHAO Yifan, LI Bo, CHEN Chun, DING Hongwei. Edge Server Placement Method Based on Time Delay and Energy Awareness [J]. Computer Engineering, 2021, 47(11): 37-43.
[8]	YANG Lin, WANG Yongjie. Network Defense Strategy Selection Method Based on Single-Point Multi-Step Game [J]. Computer Engineering, 2021, 47(1): 154-164.
[9]	ZHU Lanting, SUN Lijun, YAN Yang. Parking Assistance Scheme Based on Reverse Auction in Vehicle Fog Computing [J]. Computer Engineering, 2020, 46(7): 14-20,29.
[10]	WANG Guilin, XU Yong. Stabilization of Time Delay Evolutionary Congestion Game Based on Semi-tensor Product Method [J]. Computer Engineering, 2020, 46(7): 300-305.
[11]	DING Huadong, XU Huahu, DUAN Ran, CHEN Fan. Network Security Situation Awareness Model Based on Bayesian Method [J]. Computer Engineering, 2020, 46(6): 130-135.
[12]	ZHANG Tingfang, HUANG Hailin, GUO Jinlin, CAO Ming. Delay Analysis of CAN Control System and Hybrid Algorithm [J]. Computer Engineering, 2020, 46(5): 305-311.
[13]	LI Li, SONG Song, LI Bingke. Weight Search and Alarm Selection Method Based on User Preference [J]. Computer Engineering, 2020, 46(4): 107-114.
[14]	SONG He, WANG Xiaofeng. LDDoS Emulation Method Based on Lightweight Virtualization [J]. Computer Engineering, 2020, 46(3): 105-113.
[15]	HU Qingshuang, LI Chenghai, LU Yanli, SONG Yafei. Network Security Situation Prediction Method Based on Hierarchically Optimized Belief Rule Base [J]. Computer Engineering, 2020, 46(12): 127-133.

Please choose a citation manager

Content to export