Research And Implementation Of Reconnaissance Attacks Moving Target Defense Method Based On SDN

Nowadays,the Internet has become an indispensable part of people's daily life,and network security has been attracting more and more attention.Research shows that network reconnaissance is the precondition of a successful attack.The static characteristics of current network system provide a great convenience for network reconnaissance.Attackers have enough time to collect and analyze all kinds of information of target systems so as to find vulnerabilities in target systems and launch successful network attacks.Although traditional firewall,intrusion detection,and other defense technologies can defend most of the attacks,they can not change the asymmetric advantages of launching and spreading attacks.Moving target defense tries to change the passive situation of network security,through the continuous,stochastic and dynamic change of network,increasing the complexity of the system,extending the attack time,reducing the attack effect,and enhancing the security of the network ultimately.Based on the analysis of various network protocols,this thesis studied the attack surfaces of typical network reconnaissance attacks and analyzed the possibility of attack surface transformation.With the help of statistical characteristics of flow tables in SDN network,a moving target defense method is proposed based on port traffic intensity to defense network reconnaissance attacks.And detailed moving target defense strategies are designed for typical network reconnaissance attacks.Then the moving target defense prototype system is implemented in SDN network.The prototype system is divided into three main modules:network information processing,moving target defense strategy and network control.The network information processing module is responsible for processing the communication information between hosts in SDN,and calculate port traffic intensity;the moving target defense strategy module is responsible for moving network effectively according to port traffic intensity data,the network control module is responsible for receiving moving strategy,and sending to the SDN network.In this thesis,the effectiveness of the strategy is verified,and network degradation caused by the implementation strategy is tested and analyzed in detail.These results show that the moving strategy based on port traffic intensity has good defense effects on typical network reconnaissance attacks.