| In recent years, network and information security have taken much more attentions, cyber-defense has been upgraded into information war. However, most of the traditional countermeasures against threats such as firewall and intrusion detection system are passive in nature, can not meet the basic needs of cyber-defense, which greatly handicaps the defender. So, the active defense technology is in urgent need of research. The end hopping is an active defense technology that can meet such demands, whose main purpose is to provide a comprehensive, full and multi-level defending method.Based on the previous research works on end hopping, the paper performs further study on end hopping, clarifies the key theoretical methods and practical mechanisms, mainly including synchronization technique, implementation scheme, NAT traversal, and self-adaption strategy.Firstly, the distributed timestamp synchronization technology (DTS) and its improved scheme (IDTS) are proposed. The paper discusses the working principles of existing synchronization methods and points out their advantages and weaknesses, especially for the timestamp synchronization that suffers from the boundary failure and security bottlenecks of single timestamp speaker. The main solutions in DTS include distributed timestamp speakers and recent time adjusting. The experiments perform good validation on the effectiveness of DTS. With further researching, it is found that the DTS also has some weaknesses and some compensation should be made by adding a previous and after endpoints, and both of the theoretical and empirical results show that the IDTS takes better performance than DTS.Secondly, the hopping stack based on message tampering for end hopping is proposed. The paper gives the idea of message tampering, establishes the model of hopping stack (includes user-level, kernel-level and network-level hopping), and provides the detail principles and implementations for each hopping level. The security experiments results show that the end hopping based on hopping stack is much more secure than firewall; the service experiments results show that the model of hopping stack consumes little system resources, and keeps high performance (includes throughput, service time, transmission time, and success rate).Then, the punching scheme for end hopping crossing NAT is proposed. The paper points out the reason why NAT would limit the capacity of end hopping, discusses the main flaws in several popular methods for NAT traversal, analyzes the characteristics of end hopping when crossing NAT, and proposes our own NAT traversal scheme for end hopping. This scheme can force the NAT to create new mapping records by sending out a punching packet at the beginning of each hopping slot, whose destination endpoint is the same with the endpoint to be used in next slot. The experiments perform good validation of the effectiveness of NAT traversal.Finally, the paper researches on the self-adaption strategy for end hopping. The paper points out that the space self-adaption strategy proposed in Ref.[45,64] has its limitations as a defense method:it has a premise, namely information asymmetry. If the process of attack is divided into parts:space squeezing and focus attacking, the performance of end hopping would be greatly degraded. What’s more, discusses the important role of time self-adaption taken in end hopping, analyzes the relationship between service rate and attack preparation time, also synchronization drift, and provides the conception of secure slot area. The simulation results show that space self-adaption is not applicable to long term strategy, and the time self-adaption should be deployed so as to improve the defenses of end hopping.In a word, the paper greatly enhances the performance and effectiveness of end hopping by researching on several key technologies in it, which is of great significance for information and network security. |
PDF Full Text Request