Journal of Computer Applications ›› 2016, Vol. 36 ›› Issue (3): 661-664.DOI: 10.11772/j.issn.1001-9081.2016.03.661

Previous Articles     Next Articles

Anti-fingerprinting model of operation system based on network deception

CAO Xu, FEI Jinlong, ZHU Yuefei   

  1. State Key Laboratory of Mathematic Engineering and Advanced Computing (Information Engineering University), Zhengzhou Henan 450002, China
  • Received:2015-08-18 Revised:2015-10-31 Online:2016-03-10 Published:2016-03-17

基于网络欺骗的操作系统抗识别模型

曹旭, 费金龙, 祝跃飞   

  1. 数学工程与先进计算国家重点实验室(信息工程大学), 郑州 450002
  • 通讯作者: 曹旭
  • 作者简介:曹旭(1983-),男,江苏扬州人,博士研究生,主要研究方向:云计算、网络信息安全;费金龙(1981-),男,河南开封人,讲师,博士,主要研究方向:网络信息安全;祝跃飞(1964-),男,浙江杭州人,教授,博士生导师,博士,主要研究方向:密码学、网络信息安全。

Abstract: Since traditional host operating system anti-fingerprinting technologies is lack of the ability of integration defense, a Network Deception based operating system Anti-Fingerprinting model (NDAF) was proposed. Firstly, basic working principle was introduced. The deception server made the fingerprint deception template. Each host dynamically changed the protocol stack fingerprint according to the fingerprint deception template, therefore the process of operating system fingerprinting by attacker was misguided. Secondly, a trust management mechanism was proposed to improve the system efficiency. Based on the different degree of threat, different deception strategies were carried out. Experiments show that NDAF makes certain influence on network efficiency, about 11% to 15%. Comparing experiments show that the anti-fingerprinting ability of NDAF is better than typical operating system anti-fingerprinting tools (OSfuscatge and IPmorph). NDAF can effectively increase the security of target network by integration defense and deception defense.

Key words: operating system fingerprinting, network deception, proactive defense, deception defense

摘要: 针对传统主机操作系统抗识别技术整体防御能力不足的问题,提出一种基于网络欺骗的操作系统抗识别模型(NDAF)。首先,介绍模型的基本工作原理,由网络内的欺骗服务器制定欺骗指纹模板,各主机根据欺骗模板动态改变自己的协议栈指纹特征,实现对攻击者操作系统识别过程的欺骗;其次,给出一种信任管理机制,依据威胁大小不同,有选择地对外部主机开展欺骗。实验测试表明,NDAF会给其网络通信带来一定的影响,但所产生的额外开销相对稳定,约为11%~15%,与典型的操作系统抗识别工具OSfuscate和IPmorph相比,NDAF操作系统抗识别能力较强。所提模型通过网络的一体化、欺骗性防御,能够有效提高目标网络防御水平。

关键词: 操作系统识别, 网络欺骗, 主动防御, 欺骗防御

CLC Number: