CN112367289B - Mimicry WAF construction method - Google Patents
Mimicry WAF construction methodDownload PDFInfo
- Publication number
- CN112367289B CN112367289BCN202010953407.1ACN202010953407ACN112367289BCN 112367289 BCN112367289 BCN 112367289BCN 202010953407 ACN202010953407 ACN 202010953407ACN 112367289 BCN112367289 BCN 112367289B
- Authority
- CN
- China
- Prior art keywords
- waf
- isomer
- mimetic
- module
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Translated fromChinese
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a mimicry WAF construction method.
Background
In recent years, the united states has planned to deploy "change game rules" cyber security defense techniques, proposing mobile target defense, aiming to build dynamics, heterogeneity and uncertainty to increase the difficulty of attack of attackers. The mobile target defense can be implemented in a plurality of layers of networks, platform operating environments, software, data and the like, and comprises changeable IP addresses, changeable ports, randomness of executed codes, randomness of address spaces and the like.
Innovative active defense technologies such as mimicry defense, self-reconstruction credibility and mission guarantee are proposed by Cheng Jiangxing academicians and the like, important progress is made in the aspects of theoretical deduction, technical attack, principle verification and the like, code running state randomization is realized, and the active defense capability of an embedded environment is improved. The mimicry defense concept has good defense capability. Different from the traditional network defense means, the mimicry defense changes the operation or execution environment of a network information system by means of dynamic, randomization and active means, breaks through the embarrassment of the traditional network information security passive defense, converts the passive defense of 'sheep death reinforcement' type into the active defense which is difficult to detect, and changes the current situation of easy attack and difficulty in defending.
Waf (web Application firewall) is a product that provides protection specifically for web applications by enforcing a series of security policies against HTTP, HTTPs, called a web Application firewall. The WAF initial stage is based on the protection equipment of rule protection; the protection based on the rules can provide various safety rules of the web application, the WAF manufacturer maintains the rule base and updates the rule base in real time, and a user can comprehensively protect the application according to the rules. However, the method still has the problems that the protection rule base is maliciously bypassed, the self loophole of the WAF platform, the loophole of the operating system or the loophole of the cloud platform are utilized to attack and the like, so that the method faces serious security threats. In order to actively defend malicious attacks aiming at the WAF, the invention designs a dynamic selection module, a mimicry judgment module, an isomer construction module and the like to realize a mimicry WAF structure, and the WAF has active defense capability by carrying out isomerization processing on a cloud server, a virtualization container, an operating system in the container, a WAF platform, an interception rule and the like. When the flow passes through the dynamic selection module, the module can select k isomers from all WAF isomers to carry out flow processing, the abnormal rate of each isomer is modified by the judgment result after the processing result is judged by the mimicry judgment module, when the abnormal rate of a certain isomer is higher than a certain value, offline self-cleaning operation is carried out on the isomer, and finally, when the judgment result is that the flow passes, the flow is released; and when the judging result is that the traffic is not passed, forwarding the traffic to a subsequent processing module.
Disclosure of Invention
The invention aims to provide a mimicry WAF construction method aiming at the defects of the prior art. The invention optimizes the WAF framework and schedules the flow to the heterogeneous WAF container in the heterogeneous server, so that the WAF has heterogeneity, diversity and dynamics, the WAF safety is enhanced while the due function of the WAF is completed, and the attack success probability of an attacker is greatly reduced.
The purpose of the invention is realized by the following technical scheme: a method of mimetic WAF construction, the method comprising the steps of:
(1) building a plurality of WAF isomers, specifically:
(1.1) deploying M cloud servers E ═ Ei1,2, …, M }, where eiCarrying out isomerization processing on the E for the ith cloud server;
(1.2) deploying N micro-containers C ═ C on each cloud serverj1,2, …, N, where cjFor the jth micro-container, for each micro-container cjDeploying a heterogeneous operating system O, a heterogeneous WAF platform W and a heterogeneous rule base G, namely cj={(Oj,Wj,Gj)|j=1,2,…,N};
(2) When a user accesses the WAF, after flow is analyzed through DNS or load balance, a dynamic selection module randomly selects k isomers from M × N different WAF isomers, wherein k is less than or equal to M × N, the flow is distributed to the k WAF isomers to be subjected to rule matching, and the number of times that each WAF isomer is selected is set as AlWherein l is more than or equal to 1 and less than or equal to M x N, AlIs 0, each time the WAF isomer is selected, the corresponding AlAdding 1;
(3) after the k WAF isomers process the flow, sending the result to a mimicry judging module to judge the flow;
(4) when the rule matching result of the WAF isomer is inconsistent with the judgment result, the WAF isomer is considered to be brokenWhen abnormality occurs, the number of abnormality per WAF isomer is defined as Bl,BlIs 0, and B corresponding to the isomer having a difference is compared with the result of each WAF isomer according to the judgment resultlAdding 1;
(5) let the abnormality rate of each WAF isomer be DlThe calculation formula is Dl=Bl/AlWhen a mimicry judgment result is generated, updating the abnormal rate of each WAF isomer, and performing offline self-cleaning operation on a certain WAF isomer when the abnormal rate of the WAF isomer is higher than a set threshold value;
(6) when the mimicry decision result is passed, forwarding the flow to a back-end server S; and if the result is that the traffic flow does not pass, forwarding the traffic flow to a reject traffic flow processing module.
Further, in the step (2), the E is subjected to isomerization processing from the perspective of virtualization technology, an operating system, and micro-container software.
Further, the operating system includes Windows Server, CentOS, and Ubuntu.
Further, the virtualization techniques include kvm and Xen.
Further, the micro-container software includes Docker, Solaris Containers, and Podman.
Further, the reject flow processing module in the step (6) comprises a sandbox and a honeypot.
The invention has the following beneficial effects: the technical scheme of the invention adopts a mimicry defense idea, improves based on the performance and safety requirements of WAF, and provides a WAF construction method of dynamic heterogeneous redundancy, which has the following characteristics:
(1) by adopting the mimicry defense idea, the exploration and the understanding of the attacker on the internal characteristics of the target object can be disturbed, the WAF is prevented from being broken, and the cognition and the attack difficulty of the internal permeator and the external attacker on the WAF are increased.
(2) On the basis of effectively carrying out WAF security defense, the method of mimicry judgment is adopted, the correctness of flow filtration is ensured, and the false alarm rate is greatly reduced.
(3) Indexing in heterogeneous execution body cleaning moduleIncidence of anomaly DiAnd the heterogeneous executors with high abnormal rate are preferentially replaced, so that the system resources are saved, and the system availability is improved.
Drawings
FIG. 1 is a mimetic WAF architecture diagram.
Detailed Description
As shown in fig. 1, the mimicry WAF construction method provided by the invention is used for performing isomerization processing on a cloud server, a virtualization container, an operating system in the container, a WAF platform, an interception rule and the like, and designing a dynamic selection module, a mimicry arbitration module, an isomer construction module and the like to realize the mimicry WAF construction, so that malicious attacks against the WAF can be actively prevented. When the flow passes through the dynamic selection module, the module can select k isomers from all WAF isomers to carry out flow processing, after the processing result is judged by the mimicry judging module, the abnormal rate of each isomer is modified by the judging result, when the abnormal rate of a certain isomer is higher than a certain value, offline self-cleaning operation is carried out on the isomer, and finally, when the judging result is that the flow passes, the flow is released; when the judging result is that the flow is not passed, forwarding the flow to a subsequent processing module; the method comprises the following steps:
1. building a plurality of WAF isomers, specifically:
(1) deploying M cloud servers E ═ { E ═ Ei1,2, …, M }, where eiFor the ith cloud server, carrying out isomerization processing on the cloud server E from the perspectives of virtualization technology, an operating system, micro-container software and the like; the operating system of the Server on the cloud can select Windows Server, CentOS, Ubuntu and the like, the virtualization technology of the cloud selects kvm, Xen and the like, and the micro-container software selects Docker, Solaris contacts, Podman and the like.
(2) Deploying N micro containers C ═ C on each cloud serverj1,2, …, N, where cjFor the jth micro-container, for each micro-container cjDeploying a heterogeneous operating system O, a heterogeneous WAF platform W and a heterogeneous rule base G, namely cj={(Oj,Wj,Gj)|j=1,2,…,N}。
2. When a user accesses, after the flow is analyzed through DNS or load balancing, the module is dynamically selectedSelecting k isomers (k is less than or equal to M) from M N different WAF isomers at equal probability randomly, distributing flow to the k WAF isomers for regular matching, and setting the selected times of each WAF isomer as Al(1≤l≤M*N),AlIs 0, each time the WAF isomer is selected, the corresponding AlAnd adding 1.
3. And after the k WAF isomers process the flow, sending the result to a mimicry judging module, and judging the flow by the module.
4. When the rule matching result of the WAF isomer is inconsistent with the judgment result, the WAF isomer is considered to be abnormal, and the frequency of the abnormality of each WAF isomer is set as Bl(1≤l≤M*N),BlIs 0, and B corresponding to the isomer having a difference is compared with the result of each WAF isomer according to the judgment resultlAnd adding 1.
5. Let the abnormality rate of each WAF isomer be Dl(1 is more than or equal to l is less than or equal to M x N), and the calculation formula is Dl=Bl/AlAnd after the multi-mode judgment result is generated, updating the abnormal rate of each WAF isomer, and performing offline self-cleaning operation on a certain WAF isomer when the abnormal rate of the WAF isomer is higher than a set threshold value.
6. When the multi-mode decision result is passed, forwarding the flow to a back-end server S; if the result is not passed, the flow is forwarded to a flow rejection processing module, and the flow is processed by adopting a mode such as sandbox, honeypot and the like.
The invention optimizes the traditional WAF architecture, performs isomerization processing on a cloud server, a virtualization container, an operating system in the container, a WAF platform, an interception rule and the like, and enables the WAF to form a mimicry defense capability through structural change. Therefore, the method can disturb the search and understanding of the attacker on the internal characteristics of the target object, prevent the WAF from being broken, and increase the cognition and attack difficulty of the internal permeator and the external attacker on the WAF, thereby enhancing the safety of the WAF.
Claims (6)
1. A method of mimetic WAF construction, the method comprising the steps of:
(1) building a plurality of WAF isomers, specifically:
(1.1) deploying M cloud servers E ═ Ei1,2, …, M }, where eiCarrying out isomerization processing on the E for the ith cloud server;
(1.2) deploying N micro-containers C ═ C on each cloud serverj1,2, …, N, where cjFor the jth micro-container, for each micro-container cjDeploying a heterogeneous operating system O, a heterogeneous WAF platform W and a heterogeneous rule base G, namely cj={(Oj,Wj,Gj)|j=1,2,…,N};
(2) When a user accesses the WAF, after flow is analyzed through DNS or load balance, a dynamic selection module randomly selects k isomers from M × N different WAF isomers, wherein k is less than or equal to M × N, the flow is distributed to the k WAF isomers to be subjected to rule matching, and the number of times that each WAF isomer is selected is set as AlWherein l is more than or equal to 1 and less than or equal to M x N, AlIs 0, each time the WAF isomer is selected, the corresponding AlAdding 1;
(3) after the k WAF isomers process the flow, sending the result to a mimicry judging module to judge the flow;
(4) when the rule matching result of the WAF isomer is inconsistent with the judgment result, the WAF isomer is considered to be abnormal, and the frequency of the abnormality of each WAF isomer is set as Bl,BlIs 0, and comparing the result of the arbitration with the result of the rule matching for each WAF isoform, B corresponding to the isoform having the differencelAdding 1;
(5) let the abnormality rate of each WAF isomer be DlThe calculation formula is Dl=Bl/AlWhen a mimicry judgment result is generated, updating the abnormal rate of each WAF isomer, and performing offline self-cleaning operation on a certain WAF isomer when the abnormal rate of the WAF isomer is higher than a set threshold value;
(6) when the mimicry decision result is passed, forwarding the flow to a back-end server S; and if the result is that the traffic flow does not pass, forwarding the traffic flow to a reject traffic flow processing module.
2. The mimetic WAF construction method of claim 1, wherein in step (1.2), E is isomerized from the perspective of virtualization technology, operating system, micro-container software.
3. The mimetic WAF construction method of claim 2, wherein the operating systems comprise Windows Server, CentOS, and Ubuntu.
4. The mimetic WAF construction method of claim 2, wherein the virtualization techniques comprise kvm and Xen.
5. The mimetic WAF construction method of claim 2, wherein the micro-container software comprises Docker, Solaris Containers, and Podman.
6. The mimetic WAF construction method of claim 1, wherein the reject traffic handling module of step (6) comprises sandboxes and honeypots.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010953407.1ACN112367289B (en) | 2020-09-11 | 2020-09-11 | Mimicry WAF construction method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010953407.1ACN112367289B (en) | 2020-09-11 | 2020-09-11 | Mimicry WAF construction method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112367289A CN112367289A (en) | 2021-02-12 |
| CN112367289Btrue CN112367289B (en) | 2021-08-06 |
Family
ID=74516789
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010953407.1AExpired - Fee RelatedCN112367289B (en) | 2020-09-11 | 2020-09-11 | Mimicry WAF construction method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112367289B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114124519B (en)* | 2021-11-22 | 2022-08-30 | 浙江大学 | Multi-mode asynchronous arbitration method for mimicry WAF executor |
| CN114301650B (en)* | 2021-12-21 | 2022-08-30 | 浙江大学 | Mimicry WAF (wide area filter) judging method based on credibility |
| CN114500114B (en)* | 2022-04-14 | 2022-07-12 | 之江实验室 | Mimicry database interaction method and device applied in network operating system |
| CN114513372B (en)* | 2022-04-20 | 2022-06-28 | 中科星启(北京)科技有限公司 | Host-based mimicry threat perception early warning method and system |
| CN115549985B (en)* | 2022-09-15 | 2025-01-07 | 中国人民解放军网络空间部队信息工程大学 | Honey pot service system based on mimicry architecture and processing method thereof |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108076072A (en)* | 2018-01-16 | 2018-05-25 | 杭州电子科技大学 | A kind of dynamic switching method for Web isomery redundant systems |
| CN108989097A (en)* | 2018-06-29 | 2018-12-11 | 中国人民解放军战略支援部队信息工程大学 | Method and device for visualizing threat warning of mimic defense system |
| CN109587168A (en)* | 2018-12-29 | 2019-04-05 | 河南信大网御科技有限公司 | Network function dispositions method based on mimicry defence in software defined network |
| EP3528459A1 (en)* | 2018-02-20 | 2019-08-21 | Darktrace Limited | A cyber security appliance for an operational technology network |
| CN110247932A (en)* | 2019-07-04 | 2019-09-17 | 北京润通丰华科技有限公司 | A kind of detection system and method for realizing DNS service defence |
| US10440048B1 (en)* | 2018-11-05 | 2019-10-08 | Peking University Shenzhen Graduate School | Anti-attacking modelling for CMD systems based on GSPN and Martingale theory |
| CN110445787A (en)* | 2019-08-09 | 2019-11-12 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Heterogeneity testing device and method based on DHR architecture mimic defense platform |
| WO2019222401A2 (en)* | 2018-05-17 | 2019-11-21 | Magic Leap, Inc. | Gradient adversarial training of neural networks |
| CN110740077A (en)* | 2019-09-24 | 2020-01-31 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Simulation system heterogeneity testing system, method and device based on network packet capturing |
| CN111083113A (en)* | 2019-11-15 | 2020-04-28 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Mimicry distribution system, method and medium |
| CN111585952A (en)* | 2020-03-23 | 2020-08-25 | 浙江大学 | A solution for web applications on the cloud to deal with virtual host layer attacks |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150156170A1 (en)* | 2013-12-03 | 2015-06-04 | Alcatel-Lucent Usa Inc. | Security Event Routing In a Distributed Hash Table |
| CN107454082A (en)* | 2017-08-07 | 2017-12-08 | 中国人民解放军信息工程大学 | Secure cloud service construction method and device based on mimicry defence |
| CN110290100B (en)* | 2019-03-06 | 2021-11-09 | 广东电网有限责任公司信息中心 | Simulation Web server based on SDN and user request processing method |
| CN110750802B (en)* | 2019-10-14 | 2023-01-10 | 创元网络技术股份有限公司 | Framework for protecting key data based on mimicry defense |
- 2020
- 2020-09-11CNCN202010953407.1Apatent/CN112367289B/ennot_activeExpired - Fee Related
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108076072A (en)* | 2018-01-16 | 2018-05-25 | 杭州电子科技大学 | A kind of dynamic switching method for Web isomery redundant systems |
| EP3528459A1 (en)* | 2018-02-20 | 2019-08-21 | Darktrace Limited | A cyber security appliance for an operational technology network |
| WO2019222401A2 (en)* | 2018-05-17 | 2019-11-21 | Magic Leap, Inc. | Gradient adversarial training of neural networks |
| CN108989097A (en)* | 2018-06-29 | 2018-12-11 | 中国人民解放军战略支援部队信息工程大学 | Method and device for visualizing threat warning of mimic defense system |
| US10440048B1 (en)* | 2018-11-05 | 2019-10-08 | Peking University Shenzhen Graduate School | Anti-attacking modelling for CMD systems based on GSPN and Martingale theory |
| CN109587168A (en)* | 2018-12-29 | 2019-04-05 | 河南信大网御科技有限公司 | Network function dispositions method based on mimicry defence in software defined network |
| CN110247932A (en)* | 2019-07-04 | 2019-09-17 | 北京润通丰华科技有限公司 | A kind of detection system and method for realizing DNS service defence |
| CN110445787A (en)* | 2019-08-09 | 2019-11-12 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Heterogeneity testing device and method based on DHR architecture mimic defense platform |
| CN110740077A (en)* | 2019-09-24 | 2020-01-31 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Simulation system heterogeneity testing system, method and device based on network packet capturing |
| CN111083113A (en)* | 2019-11-15 | 2020-04-28 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Mimicry distribution system, method and medium |
| CN111585952A (en)* | 2020-03-23 | 2020-08-25 | 浙江大学 | A solution for web applications on the cloud to deal with virtual host layer attacks |
Non-Patent Citations (4)
| Title |
|---|
| Evolving Defense Mechanism for Future Network Security;Haifeng Zhou, Chunming Wu, Ming Jiang, Boyang Zhou, Wen Gao, Tin;《IEEE Communications Magazine》;20150430;45-54* |
| Mimic Defense Techniques of Edge-Computing Terminal;Xiaonan Sang,Qianmu Li;《2019 IEEE Fifth International Conference on Big Data Computing Service and Applications》;20190926;247-251* |
| 基于拟态防御架构的多余度裁决建模与风险分析;李卫超,张铮,王立群,邬江兴;《信息安全学报》;20180930;64-74* |
| 基于攻击转移的拟态安全网关技术的研究;陈双喜,姜鑫悦,蔡晶晶,刘江宜,吴春明;《通信学报》;20181130;72-78* |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112367289A (en) | 2021-02-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112367289B (en) | Mimicry WAF construction method | |
| Zhou et al. | An SDN-enabled proactive defense framework for DDoS mitigation in IoT networks | |
| Çeker et al. | Deception-based game theoretical approach to mitigate DoS attacks | |
| Ja’fari et al. | An intelligent botnet blocking approach in software defined networks using honeypots | |
| CN112491803A (en) | Method for judging executive in mimicry WAF | |
| Priyadarshini et al. | Fog‐SDN: A light mitigation scheme for DdoS attack in fog computing framework | |
| Pool | War of the cyber world: The law of cyber warfare | |
| CN111324889A (en) | Security event prediction method, device, equipment and computer readable storage medium | |
| CN111343139B (en) | Multi-mode judgment method for industrial control mimicry security gateway | |
| Cengiz et al. | Reinforcement learning applications in cyber security: A review | |
| Ravichandran et al. | Comprehensive Review Analysis and Countermeasures for Cybersecurity Threats: DDoS, Ransomware, and Trojan Horse Attacks | |
| KR20180115488A (en) | Active control method for reinforcing capability of cyber ranger's attack and defense in cyber battle training simulation | |
| Rass et al. | Cut-the-rope: a game of stealthy intrusion | |
| Jamali et al. | PSO-SFDD: Defense against SYN flooding DoS attacks by employing PSO algorithm | |
| Lin et al. | Effective proactive and reactive defense strategies against malicious attacks in a virtualized honeynet | |
| Jeyanthi et al. | A virtual firewall mechanism using army nodes to protect cloud infrastructure from ddos attacks | |
| Yeasmin et al. | Collaborative ddos attack defense for ota updates in cavs using hyperledger fabric blockchain | |
| Taylor et al. | Analysis of apt actors targeting IoT and big data systems: Shell_crew, nettraveler, projectsauron, copykittens, volatile cedar and transparent tribe as a case study | |
| Verma et al. | Uncovering collateral damages and advanced defense strategies in cloud environments against DDoS attacks: A comprehensive review | |
| Booth et al. | Elimination of dos UDP reflection amplification bandwidth attacks, protecting TCP services | |
| Dahiya et al. | MiraiBotGuard: Federated Learning for Intelligent Defense Against Mirai Threats | |
| Eke et al. | Framework for Detecting APTs Based on Steps Analysis and Correlation | |
| Kandoussi et al. | Modeling virtual machine migration as a security mechanism by using continuous-time markov chain model | |
| Prabhakar et al. | Securing virtual machines on cloud through game theory approach | |
| Vishnevsky et al. | A survey of game-theoretic approaches to modeling honeypots |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | Granted publication date:20210806 | |
| CF01 | Termination of patent right due to non-payment of annual fee |