CN103457931A - Active defense method for network trick and counter attack - Google Patents
Active defense method for network trick and counter attack Download PDFInfo
- Publication number
- CN103457931A CN103457931A CN2013103550009A CN201310355000A CN103457931A CN 103457931 A CN103457931 A CN 103457931A CN 2013103550009 A CN2013103550009 A CN 2013103550009A CN 201310355000 A CN201310355000 A CN 201310355000A CN 103457931 A CN103457931 A CN 103457931A
- Authority
- CN
- China
- Prior art keywords
- message
- node
- data
- network
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses an active defense method for a network trick and a counter attack. The method comprises the following steps that two communication sides set a plurality of host computers for data sending and receiving, and one host computer is dynamically and randomly selected as a communication host computer through an address and port hopping server; a sender selects one or more transmission links to send a trick message to detect the safety and the channel quality of the transmission links, wherein if the links are safe, true data with the counter attack are constructed and sent, and meanwhile the sender continues to send the trick message to detect the links; an intermediate node takes in charge of detecting and feeding the safety situation of the transmission links back to a network administrator; the network administrator updates a transmission path according to the safety situation of the node and takes the defensive measure. The active defense method can effectively prevent and detect common safety attack in the network communication and carry out certain counter attack on an attacker.
Description
Technical field
The present invention relates to communications network security defence field, be specifically related to the active defense method of a kind of network deception and counteroffensive.
Background technology
In recent years, along with the development of communication network technology, various types of network applications were arisen at the historic moment, and government and individual are increasing to the degree of dependence of network.Continually for the attack of network simultaneously.Although the safety that people have adopted the whole bag of tricks to come Strengthens network to communicate by letter with instrument, the event number of success attack is still in continuous rising.From initial Port Scan Attacks, buffer overflow attack, distributed denial of service attack till now (Distributed Denial of Service), network monitoring and man-in-the-middle attack, the new attack measure emerges in an endless stream, ever-changing.
Traditional network safety prevention system, as fire compartment wall and intruding detection system, be mainly to adopt static policies, network attack taked to the means of passive defence.But, in the face of the new attack method constantly occurred, it is unable to do what one wishes that the means of traditional Passive Defence more and more seem; Simultaneously, along with the continuous increase of network environment complexity makes network manager's work more and more heavier, carelessness just may stay serious potential safety hazard for the moment.The safety problem existed for traditional network safety prevention system, Active Defending System Against has started to substitute gradually traditional Passive Defence system.By the dynamic of strengthening system safety and the continuation of management, be adjusted into circulation with intrusion detection, leak assessment and self adaptation and improve network security.
Existing active defense method, as honey jar, sweet net, honey and traditional dynamic object defence etc., be mainly the safety of the host computer system in defending against network, do not consider the fail safe of data in transmitting procedure.Honey jar is mainly that trap is set, and attracts hacker's attack, it is lost time on the trap machine and catch its behavior, by the attack method that records the hacker, for formulate defence policies later, provides foundation.The defence of traditional dynamic object, allow each node in network system become dynamic object one by one and resist attack.These active defense methods are all that the protected host system is not attacked, and data are in transmitting procedure, the attack such as also can suffer to intercept and capture, distort.How to guarantee the safety of data in transmitting procedure, how about attack is made to counter, these problems are all urgently to be resolved hurrily.
Summary of the invention
For the deficiencies in the prior art, the object of the present invention is to provide the active defense method of a kind of network deception and counteroffensive, can inveigle the assailant to be attacked false data on the one hand, strengthen the level security of True Data in the time of transmission, reduce the probability that True Data is attacked; Can make corresponding inverse attack to attack source on the other hand.
In order to address the above problem, the invention provides the active defense method of a kind of network deception and counteroffensive.Network communicating system comprises transmit leg, intermediate node, network manager and recipient.Transmit leg and recipient form by multiple host in network, and respectively design an address port saltus step server and controlled; Intermediate node is comprised of agency-manager, the work such as data retransmission, verification, detection between the main responsible node of agent process, and managing process mainly is responsible for safeguarding and adjusting protocol parameter, to the manager alarm; Network manager is responsible for the safe condition of node in monitor network, and the transmission path of Dynamic Selection safety is for communicating pair.
The active defense method of a kind of network deception provided by the invention and counteroffensive comprises the following steps:
(1) transmit leg selects a main frame as current communication host according to address port-hopping server randomly, then select one or more transmission link to send deceptive packets, with fail safe and the channel quality of detected transmission link, testing result comprises that node security state, link transmission postpone and packet loss;
(2) after intermediate node is received the datagram of forwarding, at first carry out the node verification, the state by detection messages has judged whether to attack and has occurred and attack type, and sends corresponding alarm according to concrete attack to the network manager;
(3) network manager monitors the safe condition of whole network, the alarm that in the received communication link, node is sent, if find, certain node has suffered attack, this node of mark is dangerous node and starts the intruding detection system on this node, the situation that comprises flow and network connection service is analyzed, and corresponding inverse attack is also made in the seat offence source;
(4) transmit leg is monitored the decision-making that the network manager sends when sending deceptive packets, if receive the security alarm that the network manager sends, reselects fail safe and channel quality that a new path continuation send the deceptive packets detecting link; If the keeper does not send alarm, start to send the True Data with inverse attack;
(5) recipient selects a main frame as current communication host according to address port-hopping server randomly, after receiving datagram, decide reception or dropping packets according to the type of message, and dynamically monitor network manager's decision-making, if the recipient receives network manager's alarm, the data that receive before illustrating may have been suffered destruction, abandon data during this period of time and wait for re-transmission; If also do not receive network manager's alarm after sign off, store data decryption restoration and go out true useful data.
The present invention has following advantage and beneficial effect:
1, the present invention, according to the security reliability of transmission link, dynamically selects safe, stable transmission link, has guaranteed the dynamic of node on the communication link, makes the assailant have no way of launching a offensive;
2, the present invention can confuse the assailant trick data of transmitting in network are launched a offensive, and reduces the probability that True Data is attacked, and detection attack that can be real-time is also taked defensive measure;
3, the present invention can carry out inverse attack to attack source, from source, the assailant is broken through, and blocking-up is attacked and occurred.
The accompanying drawing explanation
The flow chart of the active defense method embodiment that Fig. 1 is a kind of network deception provided by the invention and counteroffensive.
Fig. 2 is node verification provided by the invention and attack detecting flow chart.
Fig. 3 is counteroffensive design data flow chart provided by the invention.
Embodiment
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in further detail.It should be noted that at this, for the explanation of these execution modes, for helping to understand the present invention, but do not form limitation of the invention.In addition, below in each execution mode of described the present invention involved technical characterictic as long as form each other conflict, just can mutually not combine.
Network communicating system comprises transmit leg, intermediate node, network manager and recipient.Transmit leg and recipient all arrange the sending and receiving that a plurality of nodes carry out data in network, and respectively design an address port saltus step server and dynamically select node to communicate; Intermediate node carries out verification and the forwarding of datagram in communication process; The network manager is the safe condition of the whole network of monitoring in real time.As shown in Figure 1, the active defense method of the present embodiment comprises the following steps:
(1) transmit leg sends deceptive packets, and with fail safe and the channel quality of detected transmission link, the data division of deceptive packets has the statistical property identical with true ciphertext.Specifically comprise following step:
(1.1) key sequence that adopts the chaos stream cipher encrypting system to produce is as the data division of message.The key sequence that this encryption system produces has the characteristics such as string is evenly distributed, good, the adjacent related-key of random statistical characteristic is little, obscuring with diffusion of cryptographic system is good, and the working key space of this cryptographic system is huge, is enough to resist exhaustive key and attacks;
(1.2) in each node of network and communicating pair, the chaos stream cipher encrypting system all is installed, this system can synchronously produce chaos pseudo sequence.By this, (the message data part is unequal with the random sequence of the current generation of node oneself) can be detected by present node very soon once deceptive packets just is tampered in transmitting procedure, and can again repair original deceptive packets and also continue to E-Packet the detecting link fail safe to destination node;
(1.3) to the redesign of original IP datagram form, newly-increased IP routing, the time m-ID, type identification and 4 fields of summary info, and these 4 fields are hidden in the data division of IP message.Deposit in communication process the IP address of node in transmission path in the IP routing; The time m-ID record be message time of being sent by node and the identifier of this message uniqueness of sign, before message sends, all nodes in network are an identical random number random1 of synchronous generation first, suppose that the message data partial-length is N byte, r1=random1%N means r1 byte of message data part, if r1=0, r1=r1+1, r1 byte of the part of fetching data filled ID.In the present embodiment, mainly comprise two kinds of messages: deceptive packets and true message, the use pattern sign is used for distinguishing this two kinds of messages, equally, in network, all nodes produce another identical random number random2, and r2=random2%N means r2 byte of data division in message, if r2=0, r2=r2+1, then fill the type identification field of message by r2 byte of data division, rather than with fixing 0 or 1.The largest benefit of doing like this is can allow the assailant analyze easily effective and invalid data and selectively be attacked, in addition, because all nodes in network can dynamic synchronization produce the trick random number, so node is easy to differentiate the type of message.The summary info territory is 4 control field signatures to newly increasing, and in the detected transmission process, whether control field is tampered destruction.
(1.4) transmit leg also determines that by address and main frame of port-hopping server Dynamic Selection one or more transmission link sends deceptive packets and carries out link security and channel quality detection.
(2) after intermediate node is received the data message of forwarding, at first carry out the node verification, the state by detection messages has judged whether to attack and has occurred, and sends corresponding alarm according to concrete attack to the keeper;
As shown in Figure 2, after node is received data message, be processed according to the following steps:
(2.1) judge that whether the summary info of message is correct.If incorrect, mean that message has suffered Tampering attack, this node of mark to network manager's alarm; Otherwise execution step (2.2);
(2.2) judge that whether packet route is legal.If be not present in the IP routing by way of the IP address of node, mean that message has suffered intercept and capture to attack, this node of mark to network manager's alarm; Otherwise execution step (2.3);
(2.3) judge that whether the message time is effective.If the transmitting time of message, local current time, time of delay the three difference, " local current time-transmitting time-time of delay " not in threshold threshold, show to have suffered Replay Attack, this node of mark to network manager's alarm.For example the transmitting time of datagram is T0, the time that arrives node is T1, mean value time of delay that the message that the upper hop node sends detected is that t(is in the situation that network is comparatively safe, the t value that each node is preserved can be averaged and obtain according to the T1-T0 repeatedly recorded, in the network operation, the value of t self adaptation at set intervals recalculates and upgrades), get now certain threshold values △ T Ruo ∣ T1-T0-t ∣ > △ T, think that this message is the invalid packet of a playback, abandon alarm management person after this message; Otherwise search the ID item that whether has this message in the cache table of node, if exist, illustrate that this message is a fast speed playback message, abandons the backward network manager's alarm of this message; If do not exist, the IP source of this message, destination address, IP transmitting time and unique ID are deposited with cache table in, then the execution step (2.4);
(2.4) type of judgement message: if type of message is true message, upgrade the transmitting time of message, then forward to next node; If deceptive packets, the dynamic random sequence PS1 that relatively this node produces and the value PS2 of message data part random sequence.If PS1 is not identical with the PS2 value, show that these data are tampered, mean that message has suffered Tampering attack, this node of mark to network manager's alarm, carry out the data division (PS1 replaces PS2) of padding data message simultaneously with PS1, then upgrade the transmitting time of message and forward to next node; If PS1 is identical with the PS2 value, upgrades the transmitting time of message and forward to next node;
(3) network manager monitors the safe condition of whole network in real time, comprises following step:
(3.1) if receive the alarm that node is sent, by this vertex ticks, be the intruding detection system on dangerous node starter node, analyze abnormal flow and the network connection service of this node, inverse attack is also initiated in the seat offence source;
(3.2) notify a sender-selected new transmission path and retransmit before data, the data of notifying the recipient to receive before deleting waiting for retransmit;
(4) transmit leg is monitored the decision-making that the network manager sends when sending deceptive packets, if receive the security alarm that the keeper sends, reselects fail safe and channel quality that a new path continuation send the deceptive packets detecting link; If the keeper does not send alarm, can start to send True Data;
True Data in the present embodiment is to have the data of inverse attack after following processing, so, even the True Data victim been has successfully has been intercepted and captured, also can effectively break through it, and specifically implementation step is as shown in Figure 3:
(4.1) the clear data Plaintext that will transmit by 1 pair of key K is encrypted, obtain encrypt data Ciphertext, be encrypted with 1 couple of password Password of key K equally, obtain ciphertext password CipherPd, and the ciphertext password is hidden in encrypt data;
(4.2) digest value of calculating K 1 obtains key K 2, by key K 2, encrypts one section Virus Virus, obtains the Virus Mvrius after encrypted;
(4.3) ciphertext password CipherPd, encrypt data Ciphertext and the Virus Mvrius that encrypted are bundled, be combined into a new application program New=Mvrius+CipherPd+Ciphertext, program New now is exactly the True Data that will send.It mainly judges according to user's deciphering situation whether the value of CipherPd after deciphering equates with Password before, thereby determine it is to trigger this Virus of Virus Virus(to destroy current computer and make it can't normal operation by carrying out malicious code on the one hand, Ciphertext can be carried out on the other hand to scramble or directly delete, assailant's IP address and port numbers being mail to the keeper simultaneously and allow its processing) still extract encrypt data Ciphertext;
(5) when the recipient receives message, dynamically monitor network manager's decision-making, receive or dropping packets according to the type of message, and final data is decrypted to the extraction useful data.Specifically comprise the following steps:
(5.1) type of judgement message, if true message receives message, if deceptive packets, dropping packets;
(5.2) if receive keeper's alarm, the message received before illustrating may suffer destruction, abandons message during this period of time and waits for re-transmission; If also do not receive keeper's alarm after sign off, message is recombinated and recovered data;
(5.3) data decryption, validated user can utilize the summary info K2 of shared key K 1 and K1 to carry out complete deciphering to data, finally obtains the useful data needed; For rogue attacks person, if only the forward part of data decoded successfully or utilized wrong key to decipher password, will trigger the Virus be hidden in wherein so, thereby the assailant is broken through.
Wherein in said method, step (1) and step (4) are carried out simultaneously, when sending the True Data message, node also sends the safety and stability of deceptive packets with the detected transmission link, so can feed back dynamically and change transmission link according to the safe condition of node, guarantee the safety in communication process.
Those skilled in the art will readily understand; the foregoing is only preferred embodiment of the present invention; not in order to limit the present invention, all any modifications of doing within the spirit and principles in the present invention, be equal to and replace and improvement etc., within all should being included in protection scope of the present invention.
Claims (6)
1. the active defense method of a network deception and counteroffensive, is characterized in that, comprises the following steps:
(1) transmit leg selects a main frame as current communication host according to address port-hopping server randomly, then select one or more transmission link to send deceptive packets, with fail safe and the channel quality of detected transmission link, testing result comprises that node security state, link transmission postpone and packet loss;
(2) after intermediate node is received the datagram of forwarding, at first carry out the node verification, the state by detection messages has judged whether to attack and has occurred and attack type, and sends corresponding alarm according to concrete attack to the network manager;
(3) network manager monitors the safe condition of whole network, the alarm that in the received communication link, node is sent, if find, certain node has suffered attack, this node of mark is dangerous node and starts the intruding detection system on this node, the situation that comprises flow and network connection service is analyzed, and corresponding inverse attack is also made in the seat offence source;
(4) transmit leg is monitored the decision-making that the network manager sends when sending deceptive packets, if receive the security alarm that the network manager sends, reselects fail safe and channel quality that a new path continuation send the deceptive packets detecting link; If the keeper does not send alarm, start to send the True Data with inverse attack;
(5) recipient selects a main frame as current communication host according to address port-hopping server randomly, after receiving datagram, decide reception or dropping packets according to the type of message, and dynamically monitor network manager's decision-making, if the recipient receives network manager's alarm, the data that receive before illustrating may have been suffered destruction, abandon data during this period of time and wait for re-transmission; If also do not receive network manager's alarm after sign off, store data decryption restoration and go out true useful data.
2. the Initiative Defense step of network deception according to claim 1 and counteroffensive, is characterized in that, step (1) comprises the steps:
(1.1) sequence that adopts the stream cipher encrypting system to produce is as the data division of message;
(1.2) at each node of network, the stream cipher encrypting system all is installed, synchronously produces random sequence;
(1.3) to the redesign of original IP datagram form, newly-increased IP routing, the time m-ID, type identification and 4 fields of summary info, and these 4 fields are hidden in the data portion of IP message;
(1.4) transmit leg sends fail safe and the channel quality of deceptive packets detected transmission link by main frame of address port saltus step server Dynamic Selection.
3. the active defense method of network deception according to claim 1 and counteroffensive, is characterized in that, step (2) comprises the steps:
(2.1) judge that whether the summary info of message is correct, if incorrect, mean that message has suffered Tampering attack, this node of mark to network manager's alarm; Otherwise execution step (2.2);
(2.2) judge that whether packet route is legal, if be not present in the IP routing by way of the IP address of node, mean that network has suffered to intercept and capture attack, this node of mark alarm network manager; Otherwise execution step (2.3);
(2.3) judge that whether the message time is effective, if the transmitting time of message, this locality current time, time of delay three's difference (i.e. local current time-transmitting time-time of delay) is not in threshold threshold, show to have suffered Replay Attack, this node of mark early warning net keeper; Otherwise in cache table, searching is the ID item that has this message, illustrate that if comprise this message is a fast playback message, abandon alarm network manager after this message, if do not exist, the IP source of this message, destination address, IP transmitting time and unique ID are deposited in cache table, then execution step (2.4);
(2.4) type of judgement message: if type of message is true message, upgrade the transmitting time of message, then message is forwarded to next node; If this message is deceptive packets, the value of the dynamic random sequence that relatively this node produces and the message data part random sequence of receiving, if be worth not identical, show that these data are tampered, this node of mark alarm network manager, the data division that the random sequence simultaneously produced with node is carried out the padding data message, then upgrade the transmitting time of message and forward this data to next node; If be worth identically, upgrade the transmitting time of message and forward to next node.
4. the active defense method of network deception according to claim 1 and counteroffensive, is characterized in that, step (3) comprises the steps:
(3.1) according to the testing result of step (2), the warning information that analysis node is sent, alarming node is labeled as to the intruding detection system on dangerous node starter node, analyze flow and the network connection service of this node, the attack of obstruction, scanning, denial of service is initiated to comprise in Bing Dui attack source, seat offence source;
(3.2) the notice transmit leg select a transmission paths else and retransmit before data, the data of notifying the recipient to receive before deleting waiting for retransmit.
5. the active defense method of network deception according to claim 1 and counteroffensive, is characterized in that, step (4) comprises the steps:
(4.1) with communicating pair, shared key is encrypted the clear data that will transmit, and obtains encrypt data, with this key, hiding plaintext password is encrypted equally, obtains the ciphertext password;
(4.2) digest value of key in calculation procedure (4.1), encrypt one section Virus with this digest value as key, obtains the Virus of encrypted mistake;
(4.3) Virus of ciphertext password, encrypt data and encryption is bundled, be combined into a new application program, application program now is exactly the True Data that will send, this application program judges whether the user is correct plaintext password by the deciphering of ciphertext password, if deciphering is correct, extract encrypt data; If decipher incorrect or obtain the plaintext password of a mistake for deciphering, trigger the malicious code program, and this application program self is deleted or data and password are carried out to scramble, thereby can't obtain real useful data, assailant's IP address and port numbers be mail to the network manager simultaneously and allow its processing.
6. the Initiative Defense step of network deception according to claim 4 and counteroffensive, is characterized in that, step (5) comprises the steps:
(5.1) type of judgement message, if true message receives message, if deceptive packets, dropping packets;
(5.2) analyze network manager's alarm according to the result of step (3.2), if alarm occurs, abandon message during this period of time and wait for re-transmission; If also do not receive keeper's alarm after sign off, message is recombinated and recovered data.
(5.3) data decryption, validated user utilizes known shared key to carry out complete deciphering to data, finally obtains the useful data needed; For the disabled user, if only the partial information of data decoded successfully or utilized wrong key to decipher, trigger and be hidden in Virus wherein, thereby it is broken through.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310355000.9A CN103457931B (en) | 2013-08-15 | 2013-08-15 | A kind of network deception and the active defense method of counteroffensive |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310355000.9A CN103457931B (en) | 2013-08-15 | 2013-08-15 | A kind of network deception and the active defense method of counteroffensive |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103457931A true CN103457931A (en) | 2013-12-18 |
| CN103457931B CN103457931B (en) | 2016-08-10 |
Family
ID=49739885
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310355000.9A Expired - Fee Related CN103457931B (en) | 2013-08-15 | 2013-08-15 | A kind of network deception and the active defense method of counteroffensive |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103457931B (en) |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104853003A (en) * | 2015-04-30 | 2015-08-19 | 中国人民解放军国防科学技术大学 | Netfilter-based address and port hopping communication implementation method |
| CN105978875A (en) * | 2016-05-11 | 2016-09-28 | 中国人民解放军国防信息学院 | Dynamic service realization method and system base on service hopping and intelligent cleaning |
| CN106060184A (en) * | 2016-05-11 | 2016-10-26 | 中国人民解放军国防信息学院 | Three dimensional-based IP address hop pattern generation method and hop controllers |
| CN106302525A (en) * | 2016-09-27 | 2017-01-04 | 黄小勇 | A kind of cyberspace security defend method and system based on camouflage |
| CN106982200A (en) * | 2016-10-25 | 2017-07-25 | 浙江华数广电网络股份有限公司 | A kind of public security prevention and control platform and corresponding safety defense method depending on broadcasting combination |
| CN107070927A (en) * | 2017-04-19 | 2017-08-18 | 中国石油大学(华东) | A kind of saltus step concealed communication method encrypted based on DNA |
| CN107065750A (en) * | 2017-05-15 | 2017-08-18 | 中国工程物理研究院计算机应用研究所 | The industrial control network dynamic security method of interior raw safety |
| CN107786554A (en) * | 2017-10-24 | 2018-03-09 | 哈尔滨工业大学(威海) | A kind of method and apparatus of automatic detection IPsec agreement man-in-the-middle attacks |
| CN109246124A (en) * | 2018-09-30 | 2019-01-18 | 华中科技大学 | A kind of active defense method of encryption information |
| CN109327465A (en) * | 2018-11-15 | 2019-02-12 | 珠海莲鸿科技有限公司 | A kind of method that safety resists network abduction |
| CN109413046A (en) * | 2018-09-29 | 2019-03-01 | 深圳开源互联网安全技术有限公司 | A kind of network protection method, system and terminal device |
| CN111212063A (en) * | 2019-12-31 | 2020-05-29 | 北京安码科技有限公司 | Attack countering method based on gateway remote control |
| CN111314358A (en) * | 2020-02-21 | 2020-06-19 | 深圳市腾讯计算机系统有限公司 | Attack protection method, device, system, computer storage medium and electronic equipment |
| CN111324909A (en) * | 2020-03-17 | 2020-06-23 | 中科天御(苏州)科技有限公司 | Active defense method and device for mobile network |
| CN111343176A (en) * | 2020-01-16 | 2020-06-26 | 郑州昂视信息科技有限公司 | Network attack countering device, method, storage medium and computer equipment |
| CN111428283A (en) * | 2020-02-27 | 2020-07-17 | 威锋电子股份有限公司 | Hardware Trojan horse inhibition device and operation method thereof |
| CN111510418A (en) * | 2019-01-31 | 2020-08-07 | 上海旺链信息科技有限公司 | Block chain link point structure safety guarantee method, guarantee system and storage medium |
| CN111818058A (en) * | 2020-07-09 | 2020-10-23 | 武汉量子风暴信息科技有限公司 | Network hopping controller-oriented safety protection method, system and related equipment |
| CN112532961A (en) * | 2020-12-04 | 2021-03-19 | 上海影创信息科技有限公司 | Delay detection safety prompting method and system of VR glasses and VR glasses |
| CN112751864A (en) * | 2020-12-30 | 2021-05-04 | 招联消费金融有限公司 | Network attack countercheck system, method, device and computer equipment |
| CN112804204A (en) * | 2020-12-30 | 2021-05-14 | 上海磐御网络科技有限公司 | Intelligent network safety system based on big data analysis |
| CN113489694A (en) * | 2021-06-24 | 2021-10-08 | 浙江德迅网络安全技术有限公司 | Dynamic defense system for resisting large-flow attack in honey farm system |
| CN114024623A (en) * | 2021-11-03 | 2022-02-08 | 中南大学 | Wavelength attack method, active defense method and continuous variable quantum communication system using same |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030154399A1 (en) * | 2002-02-08 | 2003-08-14 | Nir Zuk | Multi-method gateway-based network security systems and methods |
| CN101118577A (en) * | 2006-08-04 | 2008-02-06 | 大唐移动通信设备有限公司 | Process and device for preventing fraudulent use of terminal software |
| CN102111394A (en) * | 2009-12-28 | 2011-06-29 | 成都市华为赛门铁克科技有限公司 | Network attack protection method, equipment and system |
-
2013
- 2013-08-15 CN CN201310355000.9A patent/CN103457931B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030154399A1 (en) * | 2002-02-08 | 2003-08-14 | Nir Zuk | Multi-method gateway-based network security systems and methods |
| CN101118577A (en) * | 2006-08-04 | 2008-02-06 | 大唐移动通信设备有限公司 | Process and device for preventing fraudulent use of terminal software |
| CN102111394A (en) * | 2009-12-28 | 2011-06-29 | 成都市华为赛门铁克科技有限公司 | Network attack protection method, equipment and system |
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104853003B (en) * | 2015-04-30 | 2018-05-15 | 中国人民解放军国防科学技术大学 | A kind of address based on Netfilter, port-hopping Realization Method of Communication |
| CN104853003A (en) * | 2015-04-30 | 2015-08-19 | 中国人民解放军国防科学技术大学 | Netfilter-based address and port hopping communication implementation method |
| CN105978875A (en) * | 2016-05-11 | 2016-09-28 | 中国人民解放军国防信息学院 | Dynamic service realization method and system base on service hopping and intelligent cleaning |
| CN106060184A (en) * | 2016-05-11 | 2016-10-26 | 中国人民解放军国防信息学院 | Three dimensional-based IP address hop pattern generation method and hop controllers |
| CN106060184B (en) * | 2016-05-11 | 2019-04-05 | 中国人民解放军国防信息学院 | A kind of IP address hopping patterns generation method and jump controller based on three-dimensional |
| CN106302525B (en) * | 2016-09-27 | 2021-02-02 | 黄小勇 | Network space security defense method and system based on camouflage |
| CN106302525A (en) * | 2016-09-27 | 2017-01-04 | 黄小勇 | A kind of cyberspace security defend method and system based on camouflage |
| CN106982200A (en) * | 2016-10-25 | 2017-07-25 | 浙江华数广电网络股份有限公司 | A kind of public security prevention and control platform and corresponding safety defense method depending on broadcasting combination |
| CN106982200B (en) * | 2016-10-25 | 2020-12-08 | 浙江华数广电网络股份有限公司 | Video-broadcast combined security prevention and control platform and corresponding security defense method |
| CN107070927A (en) * | 2017-04-19 | 2017-08-18 | 中国石油大学(华东) | A kind of saltus step concealed communication method encrypted based on DNA |
| CN107070927B (en) * | 2017-04-19 | 2020-12-04 | 中国石油大学(华东) | Jump covert communication method based on DNA encryption |
| CN107065750A (en) * | 2017-05-15 | 2017-08-18 | 中国工程物理研究院计算机应用研究所 | The industrial control network dynamic security method of interior raw safety |
| CN107786554A (en) * | 2017-10-24 | 2018-03-09 | 哈尔滨工业大学(威海) | A kind of method and apparatus of automatic detection IPsec agreement man-in-the-middle attacks |
| CN107786554B (en) * | 2017-10-24 | 2019-08-02 | 哈尔滨工业大学(威海) | A kind of method of automatic detection IPsec agreement man-in-the-middle attack |
| CN109413046A (en) * | 2018-09-29 | 2019-03-01 | 深圳开源互联网安全技术有限公司 | A kind of network protection method, system and terminal device |
| CN109246124A (en) * | 2018-09-30 | 2019-01-18 | 华中科技大学 | A kind of active defense method of encryption information |
| CN109246124B (en) * | 2018-09-30 | 2020-05-19 | 华中科技大学 | Active defense method for encrypted information |
| CN109327465A (en) * | 2018-11-15 | 2019-02-12 | 珠海莲鸿科技有限公司 | A kind of method that safety resists network abduction |
| CN111510418A (en) * | 2019-01-31 | 2020-08-07 | 上海旺链信息科技有限公司 | Block chain link point structure safety guarantee method, guarantee system and storage medium |
| CN111212063A (en) * | 2019-12-31 | 2020-05-29 | 北京安码科技有限公司 | Attack countering method based on gateway remote control |
| CN111343176A (en) * | 2020-01-16 | 2020-06-26 | 郑州昂视信息科技有限公司 | Network attack countering device, method, storage medium and computer equipment |
| CN111314358A (en) * | 2020-02-21 | 2020-06-19 | 深圳市腾讯计算机系统有限公司 | Attack protection method, device, system, computer storage medium and electronic equipment |
| CN111428283A (en) * | 2020-02-27 | 2020-07-17 | 威锋电子股份有限公司 | Hardware Trojan horse inhibition device and operation method thereof |
| CN111428283B (en) * | 2020-02-27 | 2023-05-09 | 威锋电子股份有限公司 | Hardware Trojan horse suppression device and operation method thereof |
| CN111324909A (en) * | 2020-03-17 | 2020-06-23 | 中科天御(苏州)科技有限公司 | Active defense method and device for mobile network |
| CN111818058B (en) * | 2020-07-09 | 2022-06-21 | 武汉量子风暴信息科技有限公司 | Network hopping controller-oriented safety protection method, system and related equipment |
| CN111818058A (en) * | 2020-07-09 | 2020-10-23 | 武汉量子风暴信息科技有限公司 | Network hopping controller-oriented safety protection method, system and related equipment |
| CN112532961A (en) * | 2020-12-04 | 2021-03-19 | 上海影创信息科技有限公司 | Delay detection safety prompting method and system of VR glasses and VR glasses |
| CN112751864A (en) * | 2020-12-30 | 2021-05-04 | 招联消费金融有限公司 | Network attack countercheck system, method, device and computer equipment |
| CN112804204A (en) * | 2020-12-30 | 2021-05-14 | 上海磐御网络科技有限公司 | Intelligent network safety system based on big data analysis |
| CN113489694A (en) * | 2021-06-24 | 2021-10-08 | 浙江德迅网络安全技术有限公司 | Dynamic defense system for resisting large-flow attack in honey farm system |
| CN114024623A (en) * | 2021-11-03 | 2022-02-08 | 中南大学 | Wavelength attack method, active defense method and continuous variable quantum communication system using same |
| CN114024623B (en) * | 2021-11-03 | 2023-06-30 | 中南大学 | Active defense method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103457931B (en) | 2016-08-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103457931A (en) | Active defense method for network trick and counter attack | |
| US8695089B2 (en) | Method and system for resilient packet traceback in wireless mesh and sensor networks | |
| Bhargava et al. | Security enhancements in AODV protocol for wireless ad hoc networks | |
| Erdin et al. | How to find hidden users: A survey of attacks on anonymity networks | |
| CN109246108B (en) | Simulated honeypot fingerprint obfuscation system and SDN network architecture thereof | |
| CN111464503B (en) | Network dynamic defense method, device and system based on random multidimensional transformation | |
| Danezis et al. | Introducing traffic analysis | |
| US11095440B2 (en) | Systems and methods for utilizing quantum entropy in single packet authorization for secure network connections | |
| Calhoun Jr et al. | An 802.11 MAC layer covert channel | |
| Adomnicai et al. | Hardware security threats against Bluetooth mesh networks | |
| Dinker et al. | Attacks and challenges in wireless sensor networks | |
| Mathews et al. | Detecting compromised nodes in wireless sensor networks | |
| Sowmya et al. | A survey of jamming attack prevention techniques in wireless networks | |
| Katiyar et al. | Detection and discrimination of DDoS attacks from flash crowd using entropy variations | |
| Prasad et al. | IP traceback for flooding attacks on Internet threat monitors (ITM) using Honeypots | |
| CN102355375B (en) | Distributed abnormal flow detection method with privacy protection function and system | |
| CN115150076A (en) | Encryption system and method based on quantum random number | |
| León et al. | Using of an anonymous communication in e-government services: in the prevention of passive attacks on a network | |
| Zheng et al. | Application-based TCP hijacking | |
| Woungang et al. | A timed and secured monitoring implementation against wormhole attacks in AODV-based Mobile Ad Hoc Networks | |
| Nanda et al. | Secure and efficient key management scheme for wireless sensor networks | |
| CN109861993A (en) | A kind of traffic security acquisition method and system based on SDN | |
| Abraham et al. | Design of Transport layer based Hybrid covert channel detection engine | |
| Naresh et al. | Prevention of Selective Jamming Attacks Using Packet Hiding Methods in Wireless Networks | |
| Perrey | On secure routing in low-power and lossy networks: the case of RPL |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160810 Termination date: 20170815 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |