一种抗网络侦察的网络指纹在线混淆机制  

作　　者：王彬沣 邢长友 丁科 许博 WANG Binfeng;XING Changyou;DING Ke;XU Bo(Command and Control Engineering College,Army Engineering University of PLA,Nanjing 210007,China)

机构地区：[1]中国人民解放军陆军工程大学指挥控制工程学院,江苏南京210007

出　　处：《软件导刊》2024年第5期137-145,共9页Software Guide

基　　金：国家自然科学基金面上项目(62172432)。

摘　　要：网络指纹探测是实施网络攻击之前的重要情报获取工作。但作为一种主动对抗指纹探测行为的典型方法,现有的网络指纹混淆技术仍存在部署复杂性高、对端系统不透明,以及对网络性能影响大等问题。为此,基于可编程数据平面技术,提出了一种抗网络指纹探测的分组在线混淆机制P4FO。P4FO利用可编程交换机的灵活分组处理能力,以端系统透明的方式在线混淆网络指纹信息。在分析探测流响应速率特征的基础上,实现了“识别—重构”相结合的网络指纹两阶段混淆方案,支持融主动探测流识别、虚假指纹定制,以及在线指纹混淆等能力为一体,并能够缓解高速网络环境中可编程交换机的资源约束。基于真实网络流量数据集的实验表明,P4FO在对抗网络指纹探测能力方面优于当前主流方法,为网络设备指纹保护提供了一种更为高效的解决途径。Network fingerprinting detection is a crucial intelligence-gathering step prior to conducting network attacks.However,existing network fingerprint obfuscation techniques,which are typical countermeasures against fingerprint detection activities,still face issues like high deployment complexity,non-transparency to end systems,and significant impact on network performance.Addressing these concerns,we propose a packet-based online obfuscation mechanism for resisting network fingerprint detection,named P4FO(P4-based fingerprint obfuscation mechanism),leveraging programmable data plane technology.P4FO utilizes the flexible packet processing capabilities of programmable switches to obfuscate network fingerprint information online in a manner transparent to end systems.Building upon analyzing response rate characteristics of probing flows,the mechanism implements a two-phase fingerprint obfuscation scheme combining“recognition-reconstruction”,which integrates capabilities of active probing flow recognition,false fingerprint customization,and online fingerprint obfuscation,and it can alleviate resource constraints of programmable switches in high-speed network environments.Experiments based on real network traffic datasets show that P4FO outperforms current mainstream methods in combating network fingerprint detection,offering a more effective solution for the protection of network device fingerprints.

关 键 词：网络侦察 网络指纹混淆 网络欺骗防御 可编程协议无关报文处理(P4) 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]