基于DPDK的内网动态网关关键技术设计

doi:10.11959/j.issn.1000-436x.2020126

Abstract

Abstract:

Aiming at the problems of high packet processing delay and high overhead caused by IP hopping,active defense gateway system with multi-layer network deployment structure was designed and implemented based on the data plane development kit (DPDK).Firstly,based on the DPDK fast forwarding framework,forwarding and processing performance of the system were optimized.Secondly,for the dynamic random mapping gateway with three different types of IP addresses,an efficient IP address allocation algorithm and an unpredictable IP address conversion algorithm were designed.The experimental results show that the designed system can effectively reduce the rate of information acquisition of sniffing attack,while greatly improving the processing delay caused by dynamic hopping.

Key words: active defense, moving target defense, IP address randomization, data plane development kit, sniffer attack

CLC Number:

TN915.08

Fucai CHEN,Weizhen HE,Guozhen CHENG,Shumin HUO,Dacheng ZHOU. Design of key technologies for intranet dynamic gateway based on DPDK[J]. Journal on Communications, 2020, 41(6): 139-151.

Figures/Tables 17

References 18

[1]	YADAV T , RAO A M . Technical aspects of cyber kill chain[C]// Proceedings of the International Symposium on Security in Computing and Communication. Berlin:Springer, 2015: 438-452.
[2]	BOU-HARB E , DEBBABI M , ASSI C . Cyber scanning:a comprehensive survey[J]. IEEE Communications Surveys ＆ Tutorials, 2013,16(3): 1496-1519.
[3]	WEAVER N , PAXSON V , STANIFORD S ,et al. A taxonomy of computer worms[C]// Proceedings of the 2003 ACM Workshop on Rapid malcode. New York:ACM Press, 2003: 8-11.
[4]	ANTONATOS S , AKRITIDIS P , MARKATOS E P ,et al. Defending against hitlist worms using network address space randomization[J]. Computer Networks, 2007,51(12): 3471-3490.
[5]	AI J , GUO Z , CHEN H . Thwarting worm spread in heterogeneous networks with diverse variant placement[J]. IEEE Communications Letters, 2018,22(7): 1346-1349.
[6]	CHO J-H , SHARMA D P , ALAVIZADEH H ,et al. Toward proactive,adaptive defense:a survey on moving target defense[J]. IEEE Communications Surveys ＆ Tutorials, 2020,22(10): 709-745.
[7]	JAFARIAN J H , AL-SHAER E , DUAN Q . An effective address mutation approach for disrupting reconnaissance attacks[J]. IEEE Transactions on Information Forensics and Security, 2015,10(12): 2562-2577.
[8]	KEWLEY D , FINK R , LOWRY J ,et al. Dynamic approaches to thwart adversary intelligence gathering[C]// Proceedings of the DARPA Information Survivability Conference and Exposition II DISCEX'01. Piscataway:IEEE Press, 2001: 176-185.
[9]	DUNLOP M , GROAT S , URBANSKI W ,et al. Mt6d:a moving target ipv6 defense; proceedings of the 2011-MILCOM[C]// 2011 Military Communications Conference. Piscataway:IEEE Press, 2011: 1321-1326.
[10]	LEI C , ZHANG H Q , MA D H ,et al. Network moving target defense technique based on self-adaptive end-point hopping[J]. Arabian Journal for Science and Engineering, 2017,42(8): 3249-3262.
[11]	REHMANI M H , DAVY A , JENNINGS B ,et al. Software defined networks-based smart grid communication:a comprehensive survey[J]. IEEE Communications Surveys ＆ Tutorials, 2019,21(3): 2637-2670.
[12]	JAFARIAN J H , AL-SHAER E , DUAN Q . Openflow random host mutation:transparent moving target defense using software defined networking[C]// Proceedings of the First Workshop on Hot Topics in Software Defined Networks. New York:ACM Press, 2012: 127-132.
[13]	JAFARIAN J H H , AL-SHAER E , DUAN Q . Spatio-temporal address mutation for proactive cyber agility against sophisticated attackers[C]// Proceedings of the First ACM Workshop on Moving Target Defense MTD '14. New York:ACM Press, 2014: 69-78.
[14]	SHARMA D P , KIM D S , YOON S ,et al. FRVM:flexible random virtual ip multiplexing in software-defined networks[C]// 2018 17th IEEE International Conference On Trust,Security and Privacy in Computing and Communications/ 12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE). Piscataway:IEEE Press, 2018: 579-587.
[15]	CHANG S Y , PARK Y , BABU B B A . Fast IP hopping randomization to secure hop-by-hop access in sdn[J]. IEEE Transactions on Network and Service Management, 2018,16(1): 308-320.
[16]	胡毅勋, 郑康锋, 杨义先 ,等. 基于OpenFlow的网络层移动目标防御方案[J]. 通信学报, 2017,38(10): 103-112.
	HU Y X , ZHENG K F , YANG Y X ,et al. Moving target defense solution on network layer based on OpenFlow[J]. Journal on Communication, 2017,38(10): 103-112.
[17]	王鹏超, 陈福才, 程国振 ,等. 软件定义的 L2/L3 地址协同拟态伪装策略研究[J]. 电子学报, 2019,47(10): 2032-2039.
	WANG P C , CHEN F C , CHENG G Z ,et al. L2/L3 address cooperative mimicry strategy research based on SDN[J]. Acta Electronica Sinica, 2019,47(10): 2032-2039.
[18]	陈扬, 扈红超, 程国振 . 软件定义的内网动态防御系统设计与实现[J]. 电子学报, 2018,46(11): 2604-2611.
	CHEN Y , HU H C , CHENG G Z . The design and implementation of a software-defined intranet dynamic defense system[J]. Acta Electronica Sinica, 2018,46(11): 2604-2611.

Metrics

Recommended 0

No Suggested Reading articles found!

Design of key technologies for intranet dynamic gateway based on DPDK

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 17

References 18

Related Articles 14

Metrics

Recommended 0

[1]	Zhibin FENG, Yuhua XU, Zhiyong DU, Xin LIU, Wen LI, Hao HAN, Xiaobo ZHANG. Active defense technology against intelligent jammer [J]. Journal on Communications, 2022, 43(10): 42-54.
[2]	Qing TONG, Yunfei GUO, Shumin HUO, Yawen WANG, Yujia MAN, Kai ZHANG. Design of self-adaptive spatio-temporal diversity joint scheduling strategy [J]. Journal on Communications, 2021, 42(7): 12-24.
[3]	Xiaoyu XU, Hao HU, Hongqi ZHANG, Yuling LIU. Random routing defense method based on deep deterministic policy gradient [J]. Journal on Communications, 2021, 42(6): 41-51.
[4]	Zhengbin ZHU, Qinrang LIU, Dongpei LIU, Chong WANG. Research progress of mimic multi-execution scheduling algorithm [J]. Journal on Communications, 2021, 42(5): 179-190.
[5]	Yongjin HU,Jun MA,Yuanbo GUO,Han ZHANG. Research on active defense based on multi-stage cyber deception game [J]. Journal on Communications, 2020, 41(8): 32-42.
[6]	Jinglei TAN,Hengwei ZHANG,Hongqi ZHANG,Hui JIN,Cheng LEI. Optimal strategy selection approach of moving target defense based on Markov time game [J]. Journal on Communications, 2020, 41(1): 42-52.
[7]	JIANG Lyu,ZHANG Hengwei,WANG Jindong. Optimal strategy selection method for moving target defense based on signaling game [J]. Journal on Communications, 2019, 40(6): 128-137.
[8]	Duohe MA,Qiong LI,Dongdai LIN. Moving target defense against network eavesdropping attack using POF [J]. Journal on Communications, 2018, 39(2): 73-87.
[9]	Xingming ZHANG,Zeyu GU,Shuai WEI,Jianliang SHEN. Markov game modeling of mimic defense and defense strategy determination [J]. Journal on Communications, 2018, 39(10): 143-154.
[10]	Le-yi SHI,Hui SUN,Yu-wen CUI,Hong-bin GUO,Jian-lan LI. Web plug-in paradigm for anti-DoS attack based on end hopping [J]. Journal on Communications, 2017, 38(Z1): 19-24.
[11]	Cheng LEI,Duo-he MA,Hong-qi ZHANG,Qi HAN,Ying-jie YANG. Network moving target defense technique based on optimal forwarding path migration [J]. Journal on Communications, 2017, 38(3): 133-143.
[12]	Yi-xun HU,Kang-feng ZHENG,Yi-xian YANG,Xin-xin NIU. Moving target defense solution on network layer based on OpenFlow [J]. Journal on Communications, 2017, 38(10): 102-112.
[13]	Cheng LEI,Duo-he MA,Hong-qi ZHANG,Ying-jie YANG,Miao WANG. Performance assessment approach based on change-point detection for network moving target defense [J]. Journal on Communications, 2017, 38(1): 126-140.
[14]	Chun-lei ZHAO,Chun-fu JIA,Chen WENG,Kai LIN. Research on adaptive strategy for end-hopping system [J]. Journal on Communications, 2011, 32(11A): 51-57.