通信学报 ›› 2018, Vol. 39 ›› Issue (2): 73-87.doi: 10.11959/j.issn.1000-436x.2018025

• 学术论文 • 上一篇    下一篇

基于POF的网络窃听攻击移动目标防御方法

马多贺1,李琼2(),林东岱1   

  1. 1 中国科学院信息工程研究所信息安全国家重点实验室,北京 100093
    2 哈尔滨工业大学计算机学院信息对抗技术研究所,黑龙江 哈尔滨 150001
  • 修回日期:2017-12-10 出版日期:2018-02-01 发布日期:2018-03-28
  • 作者简介:马多贺(1982-),男,安徽霍邱人,博士,中国科学院信息工程研究所助理研究员,主要研究方向为移动目标防御、应用安全、云安全、网络与系统安全等。|李琼(1976-),女,湖南吉首人,博士,哈尔滨工业大学教授、博士生导师,主要研究方向为量子密码、多媒体安全、生物识别等。|林东岱(1964-),男,山东聊城人,中国科学院信息工程研究所研究员、博士生导师,主要研究方向为密码理论、安全协议、网络空间安全等。
  • 基金资助:
    国家重点研发计划课题基金资助项目(2017YFB1010000);国家高技术研究发展计划(“863”计划)基金资助项目(2015AA016106);中国科学院信息工程研究所“青年之星”计划基金资助项目(Y7Z0201105);国家自然科学基金资助项目(61471141);深圳市技术攻关基金资助项目(JSGG20160427185010977)

Moving target defense against network eavesdropping attack using POF

Duohe MA1,Qiong LI2(),Dongdai LIN1   

  1. 1 State Key Laboratory of Information Security,Institute of Information Engineering,CAS,Beijing 100093,China
    2 Institute of Information Countermeasure Techniques,School of Computer Science and Technology,Harbin Institute of Technology,Harbin 150001,China
  • Revised:2017-12-10 Online:2018-02-01 Published:2018-03-28
  • Supported by:
    The National Key Research and Development Program of China(2017YFB1010000);The National High Technology Research and Development Program of China (863 Program)(2015AA016106);“Young Scientist Program” of Institute of Information Engineering CAS(Y7Z0201105);The National Natural Science Foundation of China(61471141);The Key Technology Program of Shenzhen(JSGG20160427185010977)

摘要:

网络窃听攻击是网络通信安全的重大威胁,它具有隐蔽性和无干扰性的特点,很难通过传统的流量特征识别的被动防御方法检测到。而现有的路径加密和动态地址等方法只能混淆网络协议的部分字段,不能形成全面的防护。提出一种基于协议无感知转发(POF,protocol-oblivious forwarding)技术的移动目标防御(MTD,moving target defense)方法,通过私有协议分组随机化策略和动态路径欺骗分组随机丢弃策略,大大提高攻击者实施网络窃听的难度,保障网络通信过程的隐私性。通过实验验证和理论分析证明了该方法的有效性。

关键词: 移动目标防御, 窃听攻击, 协议栈随机化, 网络空间欺骗, 协议无感知转发

Abstract:

Eavesdropping attack hereby was the major attack for traditional network communication.As this kind of attacks was stealthy and untraceable,it was barely detectable for those feature detection or static configuration based passive defense approaches.Since existing encryption or dynamic address methods could only confuse part of fields of network protocols,they couldn’t form a comprehensive protection.Therefore a moving target defense method by utilizing the protocol customization ability of protocol-oblivious forwarding (POF) was proposed,through private protocol packet randomization strategy and randomly drop deception-packets on dynamic paths strategy.It could greatly increase the difficulty of implementing network eavesdropping attack and protect the privacy of the network communication process.Experiments and compare studies show its efficiency.

Key words: moving target defense, eavesdropping attack, protocol randomization, cyber space deception

中图分类号: 

  • TP393