| As a result of internet technology unceasing development, the opportunity and the network invasion risk also suddenly increase along with it. The design security measure keeps away behavior of visited the systemic resources and data without authorization, that is the extremely important and urgent problem for current network security domain.Now, in network security area of technology, there are the mature technology which widely used to protecting the information, for example firewall, intrusion detection system, encrypt. These are all passive defense. However, there are network security means and tools that are worked theory base on rule and character matching, but some of them keep away well-known invasion. Along with attack technology unceasing development, the existing protection technology often cannot distinguish to the new attack technology method, and always is in the passive position. Because datagram header is transparent in network transfers, the tradition security measure is insufficient protects the datagram network characteristic (datagram header information). Therefore through initiative or passive general analysis network characteristic information, the attacker may obtain the attack goal information for operating system type, IP address distribution, network topology and the network service type and bug and so on. which is very important for successful aggression .Therefore this article proposes a "the dynamic network camouflage security model". The model establish the complex simulation network through the passive IP address camouflage, the passive operating system camouflage and the passive network topology camouflage base on camouflage. The simulation network may hide the true network topology, enlarge IP address room and spend hacker's massive time and energy using giving camouflage network service.The model may delay time of hacker sniff using E-FW policy which is deny and blackhole, track hacker's attack process, discover and research the unknown attack using E-FW policy which is redirect, delay time of worm's spread and hacker's attack using E-FW policy which is stick network.The model may dynamic update E-FW rule,and discover hacker's attack and take measures as soon as possible when hacker is attacking virtual host computer.The model can shunt information and hideaway essential host computer using initiative IP address camouflage and initiative operating system camouflage and initiative network topology camouflage.In dynamic network camouflage security model theory, we successfully developed the dynamic network camouflage safety system, and what its validity is test using the network survey and attack tool is satisfactory. |
PDF Full Text Request