Research On Key Technologies Of Protocol Fingerprint Dynamic Defense System Based On X86 Multi-core

In the information age,Cyberspace Security has become the core component of national security.However,due to technical constraints,external pressures and defects of the Internet itself,the situation of Cyberspace Security faced by China is not optimistic.In the turbulent network environment,traditional static defense methods are difficult to cope with the endless malicious attacks.Therefore,active defense ideas such as moving target defense(MTD)and cyberspace mimic defense(CMD)emerge,which use heterogeneous,dynamic and uncertain methods to defend the system and increase the complexity of network attacks.The aim is to change the unequal "game" status between the offensive and defensive sides.However,active defense technology is still at the stage of development,and there are some deficiencies in theoretical research and system implementation.In order to resist network attacks and protect network information security,this paper proposes the technical concept of fingerprint dynamic defense of network protocol for the purpose of blocking the network identification stage in the first step of the attack chain.Based on the comprehensive consideration of the defense capability and system performance,the concept of fingerprint dynamic defense of network protocol is proposed.This paper studies the dynamic jump and deception strategies of TCP/IP protocol fingerprint in network layer and transport layer,completes the design and implementation of the system based on x86 multi-core,and gives the corresponding dynamic evaluation model.The main contents of this paper are as follows:1.This paper theoretically studies the optimal jump mechanism of IP address and the dynamic deception game strategy of transport layer protocol fingerprint.Firstly,a shared virtual IP address pool is constructed by using hash chain algorithm.Then,the optimal jump time of IP address is determined by optimizing stopping problem modeling.Through signal game model,the most appropriate fingerprint deception strategy is selected with full consideration of the actions of both offenders and defenders.2.In this paper,the implementation and deployment of dynamic protocol fingerprint system are implemented.With the flexibility and expansibility of high-speed data processing software Vector Packet Processing and 6Wind which based on x86 multi-core,a self-defined functional node is introduced into the data plane processing logic,which completes the monitoring,classification and fingerprint field rewriting of protocol messages,and optimizes the system by designing fast-slow forwarding,shared memory and other mechanisms.Effectively reduces the overhead of dynamization.3.In this paper,the efficiency evaluation model of dynamic protocol fingerprint technology is modeled and characterized.The dynamic process of each node attacking surface of the system is described by using the directed graph view method,and the dynamic defense cost and fingerprint information gain in the process are analyzed.The state change of the whole internal network is described by using the Continuous Time Markov Chain model,and the security index of the system is quantified.It makes up for the shortcomings of active defense evaluation technology and provides a reference for the defense's strategy selection.