基于软件定义网络的反嗅探攻击方法

doi:10.11772/j.issn.1001-9081.2018040836

计算机应用 ›› 2018, Vol. 38 ›› Issue (11): 3258-3262.DOI: 10.11772/j.issn.1001-9081.2018040836

基于软件定义网络的反嗅探攻击方法

张传浩, 谷学汇, 孟彩霞

铁道警察学院图像与网络侦查系, 郑州 450053

收稿日期:2018-04-23 修回日期:2018-07-17 出版日期:2018-11-10 发布日期:2018-11-10
通讯作者: 张传浩
作者简介:张传浩(1979-),男,河南郑州人,讲师,博士,CCF会员,主要研究方向:网络信息安全、网络功能虚拟化;谷学汇(1984-),男,吉林长春人,讲师,博士,CCF会员,主要研究方向:计算机网络取证;孟彩霞(1982-),女,河南濮阳人,副教授,硕士,CCF会员,主要研究方向:网络安全与执法。
基金资助:
公安部技术研究计划项目（2017JSYJC08，2016JSYJB38）；河南省科技厅基金资助项目（172102210441）；铁道警察学院跨学科研究机构"公安视听技术应用研究中心"资助项目。

Anti-sniffering attack method based on software defined network

ZHANG Chuanhao, GU Xuehui, MENG Caixia

Department of Image and Network Investigation, Railway Police College, Zhengzhou Henan 450053, China

Received:2018-04-23 Revised:2018-07-17 Online:2018-11-10 Published:2018-11-10
Supported by:
This work is partially supported by the Ministry of Public Security Technical Research Plan (2017JSYJC08, 2016JSYJB38), the Scientific and Technological Department Foundation of Henan Province (172102210441), the Interdisciplinary Research Institute of Railway Police College "Public Security Audio-Visual Technology Application Research Center".

摘要/Abstract

摘要： 网络嗅探攻击中，攻击者从网络节点或链路捕获和分析网络通信数据、监视网络状态、窃取用户名和密码等敏感信息。在攻击发生时，攻击者通常处于静默状态，传统的网络防护手段如防火墙、入侵检测系统（IDS）或入侵防御系统（IPS）很难发现并有效抵御攻击。从网络结构入手，提出基于软件定义网络（SDN）的动态路径跳变（DPH）通信机制，依据空间和时间约束条件，动态改变通信节点之间的路径，宏观上将通信流量相对均匀地分布在多条传输链路中，增加网络嗅探攻击中获取完整数据的难度。实验仿真结果说明，在一定的网络规模下，动态路径跳变能够在不明显降低网络传输性能的条件下有效防御嗅探攻击。

关键词: 网络安全, 网络嗅探, 软件定义网络, 移动目标防御, 动态路径跳变

Abstract: In network sniffing attacks, attackers capture and analyze network communication data from network nodes or links, monitor network status and steal sensitive data such as usernames and passwords. In an ongoing attack, the attacker is usually in a silent state, traditional network protection methods such as firewalls, Intrusion Detection System (IDS), or Intrusion Prevention System (IPS) are difficult to detect and defend against it. A Dynamic Path Hopping (DPH) mechanism based on Software Defined Network (SDN) was proposed to solve this problem. In DPH, the paths of communication nodes were dynamically changed according to constraints of space and time, and the communication traffic was evenly distributed in multiple transmission paths, which increased the difficulty of obtaining complete data in the network sniffing attack. The experimental and performance simulation results show that under a certain network scale, DPH can effectively defend sniffer attacks without significantly reducing network transmission performance.

Key words: cyber security, network sniffing, Software Defined Network (SDN), Moving Target Defense (MTD), dynamic path hopping

中图分类号:

TP393.02

张传浩, 谷学汇, 孟彩霞. 基于软件定义网络的反嗅探攻击方法[J]. 计算机应用, 2018, 38(11): 3258-3262.

ZHANG Chuanhao, GU Xuehui, MENG Caixia. Anti-sniffering attack method based on software defined network[J]. Journal of Computer Applications, 2018, 38(11): 3258-3262.

参考文献

[1] JAJODIA S, GHOSH A K, SWARUP V, et al. Moving Target Defense:Creating Asymmetric Uncertainty for Cyber Threats[M]. Berlin:Springer, 2011:54.
[2] CARVALHO M, FORD R. Moving-target defenses for computer networks[J]. IEEE Security & Privacy, 2014, 12(2):73-76.
[3] MCKEOWN N. Software-defined networking[J]. INFOCOM Keynote Talk, 2009, 17(2):30-32.
[4] ATIGHETCHI M, PAL P, WEBBER F, et al. Adaptive use of network-centric mechanisms in cyber-defense[C]//Proceedings of the Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing. Washington, DC:IEEE Computer Society, 2003:183-192.
[5] SIFALAKIS M, SCHMID S, HUTCHISON D. Network address hopping:a mechanism to enhance data protection for packet communications[C]//ICC 2005:IEEE International Conference on Communications. Piscataway, NJ:IEEE, 2005:1518-1523.
[6] DUNLOP M, GROAT S, URBANSKI W, et al. MT6D:a moving target IPv6 defense[C]//MILCOM 2011:Military Communications Conference. Piscataway, NJ:IEEE, 2011:1321-1326.
[7] GILLANI F, AL-SHAER E, LO S, et al. Agile virtualized infrastructure to proactively defend against cyber attacks[C]//Proceedings of the 2015 IEEE Conference on Computer Communications. Piscataway, NJ:IEEE, 2015:729-737.
[8] DUAN Q, AL-SHAER E, JAFARIAN H. Efficient random route mutation considering flow and network constraints[C]//Proceedings of the 2013 IEEE Conference on Communications and Network Security. Piscataway, NJ:IEEE, 2013:260-268.
[9] JAFARIAN J H, AL-SHAER E, DUAN Q. OpenFlow random host mutation: transparent moving target defense using software defined networking[C]// Proceedings of the 1st Workshop on Hot Topics in Software Defined Networks. New York: ACM, 2012:127-132.
[10] ZHAO Z, GONG D, LU B, et al. SDN-based double hopping communication against sniffer attack[J]. Mathematical Problems in Engineering, 2016, 2016(2):1-13.
[11] MCKEOWN N, ANDERSON T, BALAKRISHNAN H, et al. OpenFlow: enabling innovation in campus networks[J]. ACM SIGCOMM Computer Communication Review, 2008, 38(2):69-74.
[12] GHORBANI S, SCHLESINGER C, MONACO M, et al. Transparent, live migration of a software-defined network[C]// Proceedings of the 2014 ACM Symposium on Cloud Computing. New York: ACM, 2014: 1-14.
[13] JAIN R,PAUL S. Network virtualization and software defined networking for cloud computing: a survey[J]. IEEE Communications Magazine, 2013, 51(11): 24-31.
[14] LANTZ B, HELLER B, MCKEOWN N. A network in a laptop: rapid prototyping for software-defined networks[C]// Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks. New York: ACM, 2010: Article No. 19.
[15] MCCAULEY M. POX Controller tutorial[EB/OL].[2018-03-20]. https://noxrepo.github.io/pox-doc/html/.
[16] MAESSCHALCK S D, COLLE D, LIEVENS I, et al. Pan-European optical transport networks: an availability-based comparison[J]. Photonic Network Communications, 2003, 5(3):203-225.

基于软件定义网络的反嗅探攻击方法

Anti-sniffering attack method based on software defined network

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	王月, 江逸茗, 兰巨龙. 基于改进三元组网络和K近邻算法的入侵检测[J]. 计算机应用, 2021, 41(7): 1996-2002.
[2]	张全龙, 王怀彬. 基于膨胀卷积和门控循环单元组合的入侵检测模型[J]. 计算机应用, 2021, 41(5): 1372-1377.
[3]	许红亮, 杨桂芹, 蒋占军. 基于软件定义网络的数据中心自适应多路径负载均衡算法[J]. 计算机应用, 2021, 41(4): 1160-1164.
[4]	唐延强, 李成海, 宋亚飞. 基于改进粒子群优化和极限学习机的网络安全态势预测[J]. 计算机应用, 2021, 41(3): 768-773.
[5]	杭梦鑫, 陈伟, 张仁杰. 基于改进的一维卷积神经网络的异常流量检测[J]. 计算机应用, 2021, 41(2): 433-440.
[6]	陈港, 孟相如, 康巧燕, 阳勇. 基于拓扑分割与聚类分析的虚拟软件定义网络映射算法[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3309-3318.
[7]	朱梦迪, 束永安. 软件定义网络中控制数据平面一致性的验证[J]. 计算机应用, 2020, 40(6): 1751-1754.
[8]	向雄, 田检. 基于软件定义网络的对等网传输调度优化[J]. 计算机应用, 2020, 40(3): 777-782.
[9]	赵季红, 吴豆豆, 曲桦, 殷振宇. 基于软件定义网络的可靠性虚拟网络映射保障机制[J]. 计算机应用, 2020, 40(3): 770-776.
[10]	池亚平, 莫崇维, 杨垠坦, 陈纯霞. 面向软件定义网络架构的入侵检测模型设计与实现[J]. 计算机应用, 2020, 40(1): 116-122.
[11]	贾梦瑶, 王兴伟, 张爽, 易波, 黄敏. 基于软件定义网络的卫星网络容错路由机制[J]. 计算机应用, 2019, 39(6): 1772-1779.
[12]	王佳欣, 冯毅, 由睿. 基于依赖关系图和通用漏洞评分系统的网络安全度量[J]. 计算机应用, 2019, 39(6): 1719-1727.
[13]	李兆斌, 刘泽一, 魏占祯, 韩禹. 基于哈希链的软件定义网络路径安全[J]. 计算机应用, 2019, 39(5): 1368-1373.
[14]	邹承明, 刘攀文, 唐星. 动态主机配置协议泛洪攻击在软件定义网络中的实时防御[J]. 计算机应用, 2019, 39(4): 1066-1072.
[15]	杜俊雄, 陈伟, 李雪妍. 基于物联网设备指纹的情境认证方法[J]. 计算机应用, 2019, 39(2): 464-469.