54 results about "Moving target defense" patented technology

The invention discloses a moving target defense system for an SDN (self-defending network). The system consists of a moving target defense module and an SDN controller management module; the moving target defense module comprises a flow analysis module, a mapping information storage module, a target conversion module, an encryption transmission module, a load balance module, a safety authentication module, a business flow recording database and a mapping information recording database; the SDN controller management module comprises a flow table generation module, a flow table distribution/synchronization module, a route selection module, a DNS service module, a load balance module, a distributed management module, a safety communication module, a redundant backup module, a safety authentication module and a flow table database; furthermore, the invention also discloses a moving target defense method for the SDN. Through the moving target defense system and the moving target defense method disclosed by the invention, the difficulty of an attacker to detect a target is increased further, and therefore the safety of an intranet is comprehensively protected.

The invention discloses an active defense method based on path and address hopping in an SDN network, and belongs to the field of mobile target defense. The method comprises the following steps: S1, asource host sending a data packet to a first switch; S2, judging whether the data packet is successfully matched with the flow table item or not, if yes, forwarding the data packet to a next hop switch, and entering a step S5; otherwise, the switch sending the Packet-In message to the controller, and executing the step S3; S3, the controller selecting a data packet transmission path and a virtualIP at the same time; S4, the controller generating a flow table rule according to the selected transmission path and the virtual IP, and issuing a flow table and a reverse flow table to each switch;and S5, judging whether the switch is a final switch or not, if yes, sending the data packet to a target host, and otherwise, entering the step S2. By utilizing the separation characteristic of the SDN network data layer and the control layer and the idea of active operation change in the MTD, the IP and the transmission path of the data packet are changed on the premise of not influencing the normal communication of the network, and the difficulty of an attacker in acquiring information is increased, so that the active defense capability of the system is improved.

The invention relates to the technical field of network security, and in particular relates to an unknown threat-oriented dynamic network change decision method and system. The method comprises the steps of: constructing the type space of a player according to the current network state; judging the type of the opposite side by the player according to the prior belief, and obtaining a selectable offensive and defensive strategy set according to the type; obtaining the system state transition probability according to the network state and the offensive and defensive strategy set; obtaining earnings of both offensive and defensive game sides for the selected offensive and defensive strategy, and, in combination with the system state transition probability, constructing a moving target defencemodel based on an incomplete information Markov game; and equivalently converting the solution of the moving target defence model into a target function, so that the optimal moving target defence strategy is obtained. By means of the unknown threat-oriented dynamic network change decision method and system in the invention, the unknown threat-oriented optimal defence strategy can be selected based on limited network resources; and thus, the technical effect that the network performance overhead and MTD defence earnings are balanced can be realized.

The invention belongs to the technical field of network security, in particular to a Markov signal game-based moving target defense strategy selection method and device. The method comprises the stepsthat a signal game model and a Markov decision process are combined, a multi-stage Markov signal game model is constructed, the multi-stage Markov signal game model comprises a plurality of independent and similar single-stage signal game models, and the signal game of each single-stage signal game model belongs to a limited game; a target function is selected in the defense and confrontation process of the moving target, and a multi-stage game equilibrium solving result is obtained; and an optimal defense strategy is selected according to a multi-stage game equilibrium solving result. The dynamic confrontation process between the attacker and the defender is analyzed, multi-stage game equilibrium is solved, the optimal defense strategy is selected, the defects of passive defense in the field of network space security are overcome, the timeliness, objectivity and accuracy of system defense are improved, and the active defense capacity of network security is enhanced.

The invention provides a WEB dynamic adaptive defense system and defense method based on false response. Based on the concept of moving target defense, a plurality of false WEB servers capable of being dynamically transformed is constructed around a protected WEB server, false sensitive data, false applications, false vulnerabilities and the like are constructed on the false WEB servers, and cheating hackers attack the false WEB servers. When a known attack or a suspicious behavior is identified, the known attack or the suspicious behavior is introduced into the false WEB server, and an attacker enters the false environment and then executes a subsequent attack action in the false environment until the attack is finished, so that multiple attempt attacks of the attacker are effectively defended, and meanwhile, the method has a relatively good defending capability on an unknown WEB attack. Besides, by continuously observing attack behaviors in a false environment, WEB attack features can be automatically extracted, attack detection rules are dynamically and adaptively adjusted, and the dynamic adaptive capacity of a defense system is improved.

The invention discloses a WEB dynamic security defense method and system. The method is based on a moving target defense technical thought. The invention provides an active dynamic defense mechanism for a WEB service system. When the protected WEB application service system is not attacked, the service entry or the resource address is actively transformed, so that the information of the backgroundof the server is effectively hidden and protected, the dynamics and uncertainty of the attacked surface of the system are realized in a randomized dynamic coding technical mode, the difficulty of network attack implementation is improved, and the anti-attack capability of the WEB application service system is effectively enhanced.

Systems and methods for actively securing data storage devices utilize the technique of storage virtualization. In embodiments, would-be cyberattackers are presented with many possible “ports” or “channels” by which to communicate over a network with a data storage device. Unknown to the attacker, at any given time, only one of these ports or channels is the “correct,” or “active,” port; all of the other ports are dummies that do not permit communication with the storage device. The active port is dynamically, randomly, and/or continually reconfigured, seriously impeding the ability of the attacker to access the data storage device through the active port.

The invention provides a network security vulnerability defense system based on dynamic camouflage. According to basic technical idea of the system, a network dynamic environment is constructed basedon the concept of moving target defense, a large number of dynamic false hosts is constructed around a protected host by using a network spoofing technology, and a dynamic false vulnerability libraryis constructed to trap attackers; in addition, for a real host, a plurality of false vulnerability libraries can be randomly and dynamically generated for the real host. No matter a hacker performs vulnerability scanning on the target host by using a known or unknown vulnerability scanning tool, a false vulnerability in the virtual or real host is touched inescapably, an alarm of a defense systemcan be triggered when the false vulnerability is detected and utilized, and the defense system can automatically position an attacker in real time and cut off a first loop of a network attack chain, so that beforehand defense is realized and the threat of an unknown vulnerability is effectively reduced.

The invention provides a mobile target defense method based on an internet of things DDoS attack, and the method comprises the following steps: 1), deploying agent nodes which comprise an identity authentication node and a relay forwarding node; 2) deploying and operating a DDoS detection function at the proxy node; 3) under the condition of no DDoS attack, when a user client sends an access request, verifying the legality of the user, if the verification is passed, executing a jump protocol, jumping network connection to a relay forwarding node, and completing the access of the user to the server; 4) if the DDoS attack is detected, encrypting and switching the IPv6 addresses of all proxy nodes, and writing the encrypted IPv6 address of the identity authentication node into a domain name resolution system; 5) the identity authentication node executes a specific identity authentication method to exclude Internet of Things equipment, and 6) the real identity of an attacker is determined through the intersection of multiple times of login information. The Internet of Things DDoS attack can be resisted, and the real identity of the attacker can be determined.

The invention discloses an autonomous elastic cloud system management method. The method comprises four modules, namely an application program elastic editor, a cloud elastic intermediate component, asupervised virtual machine and a main virtual machine. By continuously and randomly changing the cloud execution environment and the platform type, especially an internal attacker, the current execution environment and vulnerabilities existing in the current execution environment are difficult to find, so that the system can escape from attacks. According to the cloud service behavior fuzzy algorithm, the space-time behavior confusion and moving target defense are utilized, so that the active computing nodes and the internal resources thereof of the system are continuously changed, and therefore, attackers are avoided. In addition, diversity is achieved by using different execution of each software component, and the ARCM method is adopted, so that the normal operation of the cloud application program is difficult to interrupt by attacks. The dynamic changes in the execution environment can effectively hide potential vulnerabilities of the system, and an automatic management algorithmis adopted to provide a dynamically changing configuration capability and hide a cloud execution environment.

The invention belongs to the technical field of network security, and relates to a network security dynamic defense decision-making method based on space-time game. The network security dynamic defense decision-making method comprises the steps of: constructing a multi-dimensional transformation moving target defense model according to network attack and defense dynamic space-time confrontation characteristics, wherein an attack party and a defense party in the multi-dimensional transformation moving target defense model are jointly determined by a detection surface, an attack surface and a detection surface through a network surface for implementing attack and defense strategy control; according to the multi-dimensional transformation moving target defense model, analyzing an attack and defense game process and describing a moving target defense security state evolution process; analyzing a continuous network attack and defense process by utilizing differential game, and constructinga moving target defense space-time decision-making model; and for the moving target defense space-time decision-making model, determining an optimal space-time defense strategy by quantifying attack and defense benefits and solving a saddle point equalization strategy. Based on the game model, the defense decision considering a space strategy and a time strategy is realized, the pertinence and timeliness of the network security defense decision are enhanced, and the network security defense efficiency is improved.