电子学报 ›› 2019, Vol. 47 ›› Issue (10): 2032-2039.DOI: 10.3969/j.issn.0372-2112.2019.10.003

• 学术论文 • 上一篇    下一篇

软件定义的L2/L3地址协同拟态伪装策略研究

王鹏超, 陈福才, 程国振, 陈扬, 谷允捷   

  1. 国家数字交换系统工程技术研究中心, 河南郑州 450002
  • 收稿日期:2018-12-04 修回日期:2019-05-29 出版日期:2019-10-25
    • 作者简介:
    • 王鹏超 男,1995年出生,山东烟台人.国家数字交换系统工程技术研究中心硕士研究生,主要研究方向为网络安全和SDN.E-mail:17616247471@163.com;陈福才 男,1974年出生,江西南昌人.国家数字交换系统工程技术研究中心研究员,主要研究方向为电信网关防和网络安全.E-mail:fucai0309@163.com;程国振 男,1986年出生,山东菏泽人.国家数字交换系统工程技术研究中心助理研究员,主要研究方向为云数据中心、SDN、网络安全.E-mail:guozhencheng@hotmail.com;陈扬 男,1994年出生,四川南充人.国家数字交换系统工程技术研究中心硕士研究生,主要研究方向为云计算、网络安全、SDN.E-mail:2547756390@qq.com;谷允捷 男,1994年出生,山东济宁人.国家数字交换系统工程技术研究中心硕士研究生,主要研究方向为网络功能虚拟化.E-mail:lizardwhite@163.com
    • 基金资助:
    • 信息工程大学新兴方向研究项目 (No.2016610708); 国家自然科学基金 (No.61602509); 国家自然科学基金创新群体项目 (No.61521003); 国家重点研发计划项目 (No.2016YFB0800100,No.2016YFB0800101)

L2/L3 Address Cooperative Mimicry Strategy Research Based on SDN

WANG Peng-chao, CHEN Fu-cai, CHENG Guo-zhen, CHEN Yang, GU Yun-jie   

  1. National Digital Switching System Engineering and Technological R & D Center, Zhengzhou, Henan 450002, China
  • Received:2018-12-04 Revised:2019-05-29 Online:2019-10-25 Published:2019-10-25
    • Supported by:
    • Emerging Research Project of Information Engineering University (No.2016610708); National Natural Science Foundation of China (No.61602509); NSFC Innovation Research Group (No.61521003); National Key Research and Development Program of China (No.2016YFB0800100, No.2016YFB0800101)

摘要: 从网络内部探测目标终端的脆弱性是网络攻击发起的主要途径,当前网络的静态特性利于攻击者目标侦察的实施,网络内部的L2/L3地址是攻击者期望侦察的主要信息.为了改变目标侦察阶段网络攻防的易攻难守态势,基于拟态伪装的思想,提出了一种L2和L3地址协同动态化技术,在不影响正常业务条件下有策略地隐藏真实网络主机.首先,建立网络侦察的博弈模型(CRG),基于NASH均衡解指导L2/L3地址的拟态伪装策略,并给出最优的跳变周期计算公式;其次,基于软件定义网络架构,设计并实现了协同动态化的内网防护系统(CMID),由SDN控制器协同控制L2/L3地址的伪装变换;最后,理论分析与实验结果表明:上述方法能够有效切断L2/L3地址与真实网络身份、上层服务的关联性,最大化地隐藏网络内部主机,延缓侦察速度,阻断网络攻击的连续性.

关键词: 目标侦察, 软件定义网络, 拟态伪装, 纳什均衡, 网络防御, 地址跳变

Abstract: The detection of the vulnerability of the target host from the intranet is the main way to initiate the network attack. The static characteristics of the current network are beneficial to the implementation of attacker reconnaissance, and the L2/L3 address inside the network is the main information that the attacker expects to scout. In order to change the network attack and defense situation in the reconnaissance stage, based on the idea of mimicry camouflage, a collaborative dynamic technology of L2 and L3 addresses is proposed to strategically hide the real network host without affecting normal business conditions. Firstly, the cyber reconnaissance game (CRG) is established.Based on the NASH equilibrium solution,the mimetic camouflage strategy of L2/L3 address is solved,and the optimal mutation period calculation formula is given. Secondly, based on the software-defined network architecture, the cooperative mutation intranet defense system (CMID) is designed and implemented, and the SDN controller cooperatively controls the camouflage transformation of the L2/L3 address. Finally, the theoretical analysis and experimental results show that the above method can effectively cut off the correlation between L2/L3 address and real network identity and upper-layer services, maximally hide the internal hosts of the network, delay the reconnaissance speed, and block the continuity of network attacks.

Key words: reconnaissance, software defined network, mimicry, NASH equilibrium, cyber defense, address mutation

中图分类号: