基于端信息自适应跳变的主动网络防御模型

端信息跳变是目前主动网络防御领域的研究热点之一。该文构建了固定策略下的定时隙端信息跳变模型,分析了固定跳变周期引起的防御收益下降和跳变边界数据包丢失造成的服务损失问题。提出了基于非广延熵和Sibson熵融合的实时网络异常度量算法,在此基础上设计了端信息跳变周期和跳变空间自调整策略,构建了主动网络防御模型,提高了防御收益。给出了基于网络时延预测的跳变周期拉伸策略,保证了跳变边界的服务质量。理论分析与仿真实验结果表明了所提模型在网络防御中的有效性和良好的服务性。     

基于消息篡改的端信息跳变技术

研究了端信息跳变技术在应用中存在的理论和技术问题,提出了基于消息篡改的跳变技术,并在此基础上建立了跳变栈模型,分别给出了跳变栈模型3种实现方案的工作原理及其优缺点分析。通过实验验证了基于消息篡改的端信息跳变技术的应用价值。     

软件定义的内网动态防御系统设计与实现

当前,自带设备（BYOD）的兴起对传统基于边界的内网防护观念提出了新的挑战——内部不设防导致堡垒易从内部攻破.从扰乱攻击链的角度,本文提出了"隔离+动态"的防护方法,设计并实现了一种基于软件定义的内网动态防御系统.通过为内网终端分配虚拟IP地址空间,以隐藏各自的真实信息;并且将IP跳变和路径跳变结合起来,实现了更全方面的防护.结果表明,在正常网络应用不受影响的情况下,该系统能大幅降低网络侦察扫描的可用性,阻断网络窃听,提高攻击者实时攻击难度.     

分布式时间戳同步技术的改进

分布式时间戳同步(DTS,distributed timestamp synchronization)技术能够较好地满足端信息跳变的同步需求,但仍存在一定程度的同步失败。对DTS技术进行了改进(IDTS,improved DTS):额外开启一个前置和一个后置端信息用于接收同步失败的数据分组。首先构建了端信息跳变系统的服务模型并给出了IDTS技术的通信协议,在此基础上分析说明了IDTS技术的有效性和安全性,最后通过实验验证了IDTS技术的实践价值。     

研究分析计算机网络信息的安全技术

网络系统较为复杂,服务功能广泛、信息高度共享,且网络攻击手段在逐步演变的过程中不断增强了反查杀、攻击能力,破坏攻击、欺骗攻击、木马攻击、过载攻击、溢出攻击等频繁发生,用户之间、用户与主机、网络结构各个节点均可能发生安全问题,网络高效运行、快速反应能力受到影响,容易引起数据破坏、密码盗用、数据窃取及防护功能瘫痪、系统失灵.为避免网络信息被泄露及恶意损坏,应运用网络安全技术科学防护网络信息.本文分析了计算机网络信息的安全技术,旨在从信息技术层面减少网络内部与外部安全隐患.     

服务跳变抗DoS机制的博弈理论分析

该文对DoS攻防进行不完全信息博弈分析,讨论了DoS防范的困境,指出信息的不对称性和未能形成服务方-用户联盟是防范困境的根本原因。通过引入服务跳变策略,增加服务类型并建立服务方-用户联盟,即可构造新的DoS攻防博弈均衡,理论上证明了服务跳变策略具有主动的抗DoS特性,对于服务跳变与DoS主动防范策略研究具有理论意义。     

DDOS攻击实测与业务系统主机安全防护

随着计算机网络发展,网络安全已经上升到国家安全战略高度,尤其电信企业业务系统主机更需要进行安全防护,以保障日常生产的安全。从对业务主机进行分布式拒绝服务(DDOS)攻击中,深入剖析DDOS攻击概念和原理。同时,根据DDOS攻击与主机攻防实测,总结出业务系统主机安全的有效防护措施。     

网络实时防护体系设计方案

在分析当前网络安全防护系统缺陷的基础上,提出了一种网络安全实时防护体系。该体系把一种新型防火墙和网络监测系统结合起来,做到了对黑客入侵及病毒攻击的实时监测、捕获和主动防护,克服了传统网络防护的不足。     

针对网络信息审计系统的DoS攻击检测

提出了一种针对网络信息审计系统的拒绝服务攻击(DoS)的检测算法。该算法通过分析系统告警的频率与分散度提取能够标示系统状态变化的两维特征向量，然后使用经过样本训练的K最近邻分类器检测DoS攻击。实验结果表明，该算法能够及时发现、防御DoS攻击，有效地阻止DoS攻击对网络信息审计系统的破坏。     

弹性网络节点技术研究

针对未来弹性网络对网络节点"资源可管可控、环境可感可配、核心功能可重构、关键属性可跳变"的要求,对弹性通信网络的"三层四面"的整体架构和工作原理进行了介绍,结合软件定义网络(Software Defined Network,SDN)、网络功能虚拟化(Network Function Virtualization,NFV)、内容中心网络(Content-centric Network,CCN)等网络新技术的技术思想和发展趋势,提出了弹性网络节点体系结构,阐述了功能重构、属性跳变等技术内涵及实现思路,最后对相关技术进行了对比,并对弹性网络节点技术的应用前景进行了展望。     

Research on end hopping and spreading for active cyber defense

Inspired by the spread spectrum technology for communications,the concept of end spreading was proposed to represent a piece of information of the data transmission with a sequence of multiple end information,of which each piece of end information was irrelevant to the information it conveys.Thus the covert data transmission can be performed.Further,an active cyber defense model of end information hopping and spreading was presented,in which the hopping strategy was separated from the synchronization strategy.The synchronization was accomplished by means of end information spreading for synchronous authentication of both parties,which can solve the high-speed hopping synchronization problem with high concealment requirements.The mode of generation,transmission and authentication of the spreading sequence,and the data migration strategy in the end hopping and spreading model were described in detail,and the security performance and synchronization performance were analyzed and verified experimentally.Theoretical analysis and experimental results show that the cyber defense model of end information hopping and spreading has improved the availability and confidentiality of network services under high-speed hopping and has good anti-attack performance,which is of great significance for the proactive defense application of high intensity confrontation.     

Web plug-in paradigm for anti-DoS attack based on end hopping

The end hopping technology is a proactive network defense technology proposed to mitigate the network attack.By changing the IP address,port and other information in the communication pseudo-randomly to achieve the purpose of confusing the attacker.The plug-in mechanism based on the end hopping technology was introduced,and it was applied to the field of Web protection.This plug-in was designed to confuse and interfere with attackers.The plug-in model was divided into two working modes,which are non-end-hopping mode and end hopping mode.The plug-in according to the instructions of the UDP spokesman to switch its own work mode and when the communication link is safe and reliable,it choose the fist mode which can reduce the cost of services.Another,when the network is attacked,the plug-in switches to the end hopping mode to ensure the safety of communications.The experimental results show that the plug-in mechanism based on end hopping has high service and security performance under SYN Flood attack and UDP Flood attack.     

端信息跳变中的分布式时间戳同步技术

End hopping is an active and effective technology for defending against adversaries in the network warfare. Synchronization is a key technology of end hopping. However, the common synchronization methods are insufficient for end hopping. Based on timestamp synchronization, this paper proposes a novel method of Distributed Timestamp Synchronization (DTS) to improve the capacity of synchronization. DTS uses a list of timestamp servers which are located all over the Internet to synchronize timestamp, and a list of clock offsets to adjust the synchronized timestamp. DTS can overcome the main deficiencies (request overwhelming and boundary failure) of timestamp synchronization. Experiments show that DTS is a feasible synchronization technology for end hopping.     

几种跳频通信技术性能分析

跳频技术具有很强的抗干扰能力和组网灵活等优点,在军事无线通信、民用移动通信、卫星通信、现代雷达和声纳等电子系统中有重要应用。随着集成电路技术和数字信号处理技术的飞速发展,跳频技术也逐渐得到更为广泛的应用。本文对自适应跳频技术、动态跳频技术、差分跳频技术的性能进行了分析和比较,提出了今后跳频技术的研究发展方向。     

用于认知无线电的自适应双模跳频OFDM系统

认知无线电感知的空闲频谱具有非连续、非均匀特性,对认知无线电物理层实现提出挑战。跳频正交频分复用技术(Orthogonal Frequency Division Multiplexing,OFDM)兼具跳频与OFDM二者优势,适用于宽带无线传输。提出一种自适应双模跳频OFDM系统,即把射频跳频OFDM与基带跳频OFDM相结合,根据频谱感知信息和基带处理能力自适应地在2种模式间切换,给出系统的设计规则和实现流程。分析表明该系统可提高非连续、非均匀空闲频谱的利用率,是一种可行的认知无线电物理层实现机制。     

Endpoint-agnostic address hopping communication — a network-based design by fully exploiting IPv6 huge space superiority

Network address hopping (NAH) proposed a mechanism to enhance data protection in communications across untrusted networks. It spread the data stream of a communication session across multiple channels, which tried to obstruct information interception in the first place by obscuring the fact that communication takes place between certain end-points. However, the time-stamped packets between two peers would provide a hint for correlating the intercepted packets in case the encryption of the counter got compromised. Furthermore, due to synchronization, the Internet Protocol version 6 (IPv6) addresses pair of the channel ends would appear and disappear strictly, which would perform time-relevance character. A Network-based hopping communication mechanism (NetHop) is proposed in this paper. The address hopping function is deployed on the network side instead of endpoint, which can support secure hopping communication function for universal endpoints without any restriction of Operating System or hardware. By using IPv6 to IPv6 network address translation (NAT), NetHop fully exploits the superiority of IPv6 huge address space. The hopping addresses are generated by hash function and the hopping addresses pair can be chosen randomly. Consequently, NetHop performs better on randomness and concealment than channel-rule NAH.     

对短波跳频通信中跳速的思考

基于人们对短波跳频通信系统跳频速率的一些传统认识,深入分析和探讨了跳频速率的选择问题,详细阐述了中低速短波跳频电台的实用价值,得出了短波跳频通信系统跳频速率并非越高越好的有益结论,为短波跳频通信的发展和应用提供了参考依据。     

一种基于多穴跳变的IPv6主动防御模型

该文利用IPv6多穴技术,借鉴跳频通信的跳变思想,提出多穴跳变的概念,将主机的地址在网络提供的多个地址域内动态变化,增大攻击者地址搜索范围,增大攻击者流量监听难度。在此基础上,建立了IPv6主动防御模型。给出了双重随机地址生成算法,保证了地址的随机性,给出了快速切换和过保留两个地址切换策略,保证了地址切换过程中通信持续有效。从地址和流量两方面对模型的安全性进行了理论分析,从功能和性能两方面对模型进行了实验测试。理论分析与实验测试结果表明所提出的模型可有效提高攻击者开销,保护网络安全。