| 软件定义的内网动态防御系统设计与实现 |
| |
| 引用本文: | 陈扬,扈红超,程国振.软件定义的内网动态防御系统设计与实现[J].电子学报,2018,46(11):2604-2611. |
| |
| 作者姓名: | 陈扬 扈红超 程国振 |
| |
| 作者单位: | 国家数字交换系统工程技术研究中心, 河南郑州 450002 |
| |
| 摘 要: | 当前,自带设备(BYOD)的兴起对传统基于边界的内网防护观念提出了新的挑战——内部不设防导致堡垒易从内部攻破.从扰乱攻击链的角度,本文提出了"隔离+动态"的防护方法,设计并实现了一种基于软件定义的内网动态防御系统.通过为内网终端分配虚拟IP地址空间,以隐藏各自的真实信息;并且将IP跳变和路径跳变结合起来,实现了更全方面的防护.结果表明,在正常网络应用不受影响的情况下,该系统能大幅降低网络侦察扫描的可用性,阻断网络窃听,提高攻击者实时攻击难度.
|
| 关 键 词: | 内网防御 软件定义 IP跳变 路径跳变 |
| 收稿时间: | 2018-05-23 |
The Design and Implementation of a Software-Defined Intranet Dynamic Defense System |
| |
| CHEN Yang,HU Hong-chao,CHENG Guo-zhen.The Design and Implementation of a Software-Defined Intranet Dynamic Defense System[J].Acta Electronica Sinica,2018,46(11):2604-2611. |
| |
| Authors: | CHEN Yang HU Hong-chao CHENG Guo-zhen |
| |
| Affiliation: | National Digital Switching System Engineering R & D Center, Zhengzhou, Henan 450002, China |
| |
| Abstract: | The rise of Bring Your Own Device (BYOD) now poses new challenges (the internal undefended causes the citadel to break through from within) to the concept of traditional boundary-based intranet protection.Based on the idea of isolation and dynamic,this paper designs and implements a Software-defined Intranet Dynamic Defense system (SIDD) to harass cyber kill chain.We allocate virtual IP address space for intranet terminals to hide the real IP address,meanwhile,combine the maneuvering of IP and path to achieve more comprehensive protection.Our experiments indicate that this method can significantly reduce the availability of network reconnaissance,block the network eavesdropping,and increase the difficulties of attacker's real-time attack without affecting network applications. |
| |
| Keywords: | intranet defense software-defined network IP maneuvering path maneuvering |
|
| 点击此处可从《电子学报》浏览原始摘要信息 |
|
点击此处可从《电子学报》下载全文 |
|
