检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:白松浩 张震[1] 刘少勋 BAI Songhao;ZHANG Zhen;LIU Shaoxun(Information Engineering University,Zhengzhou 450001,China;Purple Mountain Laboratories,Nanjing 211111,China)
机构地区:[1]信息工程大学,河南郑州450001 [2]网络通信与安全紫金山实验室,江苏南京211111
出 处:《信息工程大学学报》2022年第3期337-343,358,共8页Journal of Information Engineering University
基 金:国家自然科学基金资助项目(61802429,61872382,61521003);国家重点研发计划资助项目(2018YFB0804002)。
摘 要:利用网络和主机的静态配置是攻击者长久以来发起决定性攻击的一大优势,绝大多数攻击的前置步骤是通过扫描来收集潜在目标的信息,以识别网络环境中的0-day或N-day漏洞。提出了一种虚假网络拓扑跳变的主动防御方法,在软件定义网络中使用CVSS漏洞评分机制对随机生成的虚假网络拓扑进行评估,选取合适的拓扑进行跳变;对虚假网络拓扑的差异性进行量化分析,确定网络拓扑的存活时间;增加虚假主机节点,主动捕获恶意扫描主机并实施精准隔离。实验结果表明,所提技术能使扫描攻击命中活动IP的概率降低50%,恶意主机扫描出一半真实主机之前被识别并隔离的概率为95%。Leveraging the static configuration of the network and host has long been an advantage for attackers to launch decisive attacks.Most of the pre-attack steps are to collect information about potential targets through scanning to identify 0-day or N-day vulnerabilities in the network environment.In this paper,we propose an active defense method for fake network topology jump.CVSS vulnerability scoring mechanism is used to evaluate randomly generated fake network topology in software-defined networks,and appropriate topologies are selected for jump.Then,the difference of fake network topology is quantitatively analyzed to determine the survival time of network topology.Further,false host nodes are added,and malicious scanning hosts are proactively captured to implement accurate isolation.Experimental results show that the proposed technology can reduce the probability of scanning attack hitting active IP by 50%,and the probability of malicious hosts being identified and isolated before half of real hosts are scanned is 95%.
分 类 号:TP393.1[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15