基于网络欺骗的操作系统抗识别模型

doi:10.11772/j.issn.1001-9081.2016.03.661

计算机应用 ›› 2016, Vol. 36 ›› Issue (3): 661-664.DOI: 10.11772/j.issn.1001-9081.2016.03.661

基于网络欺骗的操作系统抗识别模型

曹旭, 费金龙, 祝跃飞

数学工程与先进计算国家重点实验室(信息工程大学), 郑州 450002

收稿日期:2015-08-18 修回日期:2015-10-31 发布日期:2016-03-17 出版日期:2016-03-10
通讯作者: 曹旭
作者简介:曹旭(1983-),男,江苏扬州人,博士研究生,主要研究方向:云计算、网络信息安全;费金龙(1981-),男,河南开封人,讲师,博士,主要研究方向:网络信息安全;祝跃飞(1964-),男,浙江杭州人,教授,博士生导师,博士,主要研究方向:密码学、网络信息安全。

Anti-fingerprinting model of operation system based on network deception

CAO Xu, FEI Jinlong, ZHU Yuefei

State Key Laboratory of Mathematic Engineering and Advanced Computing (Information Engineering University), Zhengzhou Henan 450002, China

Received:2015-08-18 Revised:2015-10-31 Online:2016-03-17 Published:2016-03-10

摘要/Abstract

摘要： 针对传统主机操作系统抗识别技术整体防御能力不足的问题,提出一种基于网络欺骗的操作系统抗识别模型(NDAF)。首先,介绍模型的基本工作原理,由网络内的欺骗服务器制定欺骗指纹模板,各主机根据欺骗模板动态改变自己的协议栈指纹特征,实现对攻击者操作系统识别过程的欺骗;其次,给出一种信任管理机制,依据威胁大小不同,有选择地对外部主机开展欺骗。实验测试表明,NDAF会给其网络通信带来一定的影响,但所产生的额外开销相对稳定,约为11%~15%,与典型的操作系统抗识别工具OSfuscate和IPmorph相比,NDAF操作系统抗识别能力较强。所提模型通过网络的一体化、欺骗性防御,能够有效提高目标网络防御水平。

关键词: 操作系统识别, 网络欺骗, 主动防御, 欺骗防御

Abstract: Since traditional host operating system anti-fingerprinting technologies is lack of the ability of integration defense, a Network Deception based operating system Anti-Fingerprinting model (NDAF) was proposed. Firstly, basic working principle was introduced. The deception server made the fingerprint deception template. Each host dynamically changed the protocol stack fingerprint according to the fingerprint deception template, therefore the process of operating system fingerprinting by attacker was misguided. Secondly, a trust management mechanism was proposed to improve the system efficiency. Based on the different degree of threat, different deception strategies were carried out. Experiments show that NDAF makes certain influence on network efficiency, about 11% to 15%. Comparing experiments show that the anti-fingerprinting ability of NDAF is better than typical operating system anti-fingerprinting tools (OSfuscatge and IPmorph). NDAF can effectively increase the security of target network by integration defense and deception defense.

Key words: operating system fingerprinting, network deception, proactive defense, deception defense

中图分类号:

TP393

曹旭, 费金龙, 祝跃飞. 基于网络欺骗的操作系统抗识别模型[J]. 计算机应用, 2016, 36(3): 661-664.

CAO Xu, FEI Jinlong, ZHU Yuefei. Anti-fingerprinting model of operation system based on network deception[J]. Journal of Computer Applications, 2016, 36(3): 661-664.

参考文献

[1] ZHOU H F, WU C M, JIANG M, et al. Evolving defense mechanism for future network security [J]. IEEE Communications Magazine, 2015, 53(4): 45-51.
[2] ATIGHETCHI M, PAL P, WEBBER F, et al. Adaptive use of network-centric mechanisms in cyber defense [C]//Proceedings of the 2003 6th IEEE International Symposium on Object-oriented Real-time Distributed Computing. Washington, DC: IEEE Computer Society, 2003:183-192.
[3] KIM Y-H, PARK W H. A study on cyber threat prediction based on intrusion detection event for APT attack detection [J]. Multimedia Tools and Applications, 2014, 71(2):685-698.
[4] TRIFERO S, CALLAWAY D. Linux stealth patch [EB/OL]. [2013-10-29]. https://packetstormsecurity.com/files/download/29706/linux-2.2.22-stealth.diff.gz.
[5] REHMET G. FreeBSD blackhole [EB/OL]. [2013-10-29]. http://www.gsp.com/cgi-bin/man.cgi?section=4&topic=blackhole.
[6] HARTMEIER D. OpenBSD packet filter[EB/OL]. [2013-10-06]. http://www.openbsd.org/faq/pf/index.html.
[7] ROUALLAND G, SAFFROY J M. IP personality [EB/OL]. [2013-10-06].http://ippersonality.sourceforge.net.
[8] DARREN REED. Fingerprint Fucker [EB/OL].[2013-10- 06]. http://packetstormsecurity.org/UNIX/misc/bsdfpf.tar.gz.
[9] CRENSHAW A. OSfuscate: change your Windows OS TCP/IP fingerprint to confuse P0f, Network Miner, Ettercap, Nmap and other OS detection tools [EB/OL].[2013-11-01]. http://www.irongeek.com/i.php?page=security/osfuscate-change-your-windows-os-tcp-ip-fingerprint-to-confuse-p0f-networkm iner-ettercap-nmap-and-other-os-detection-tools.http://www.irongeek.com/i.php?page=security/osfuscate-change-your-windows-os-tcp-ip-fingerprint-to-confuse-p0f-networkminer-ettercap-nmap-and-other-os-detection-tools
[10] 马君亮,汪西莉,何聚厚,等.增强型 Anti-Xprobe2 的研究与设计[J]. 计算机工程与应用, 2012, 48(32): 1-4.(MA J L, WANG X L, HE J H, et al. Research and design of enhanced Anti-Xprobe2 [J]. Computer Engineering and Applications, 2012, 48(32): 1-4.)
[11] PRIGENT G, VICHOT F, HARROUET F. IpMorph: fingerprinting spoofing unification [J]. Journal in Computer Virology, 2010, 6(4): 329-342.

基于网络欺骗的操作系统抗识别模型

Anti-fingerprinting model of operation system based on network deception

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 5

编辑推荐

Metrics

[1]	孔亚洲, 张连成, 王振兴. 基于滑动时间窗口的IPv6地址跳变主动防御模型[J]. 计算机应用, 2018, 38(7): 1936-1940.
[2]	顾泽宇, 张兴明, 林森杰. 基于安全策略的负载感知动态调度机制[J]. 计算机应用, 2017, 37(11): 3304-3310.
[3]	钟明全, 范宇, 李焕洲, 唐彰国, 张健. 基于运动轨迹分析的启发式木马检测系统[J]. 计算机应用, 2015, 35(3): 756-760.
[4]	陈永强付钰吴晓平. 基于非零和攻防博弈模型的主动防御策略选取方法[J]. 计算机应用, 2013, 33(05): 1347-1352.
[5]	冯庆煜. 防火墙与入侵检测系统的联动[J]. 计算机应用, 2005, 25(12): 2763-2764.