| With the rapid development of Internet technology, people are increasingly usingthe Internet to transmit information. Although people use a variety of methods and tools toenhance the security of network of communication,attacks still occur frequently, thenumber of successful attack is also increasing.The existing network defense technologies,such as firewall,IDS,IPS and intrusion deception system is to ensure the host system fromexternal attacks, data encryption can prevent from leaking sensitive information when datais transmitted on the communication link,but it is damaged inevitably and maliciously.How to guarantee the information security has become one of the most concern today.This paper presents a new defense approach—The Deception and anti-attack methodsin the dynamic target defense system.This method can guarantee the safety and reliabilityof the data during transmission, and prevent and detect some attack behavior during datatransmission.Firstly,this paper introduces the background and significance of research,Analysis theresearch status of network information security,and then study the attack method hackercommonly used,as well as the principle of traditional passive defense and active defensetechnology,point out the advantages and disadvantages of these technologies, propose anetwork deception and anti-attack methods in the dynamic target defense system.Secondly, this paper introduces the function and working process of the defensemodel and a detailed design of the defense method is been carried,mainly to redefine theIP packet and design a decoy packet which can confuse attackers and to detect the qualityof communication links or detect and prevent attacks.In addition a anti-attack data havebeen designed,which can be used safely by legitimate users and also can block attackshappen from the source.At last, the result of simulation on NS2prove the correctness and effective of thescheme. |
PDF Full Text Request