基于虚假响应的主机指纹隐藏方法

Host Fingerprint Hiding Method Based on False Response

针对智慧城市关键基础设施面临日益严峻的网络攻击形势,传统被动式网络安全防护模式存在易被探测、攻易守难等问题,提出一种主机指纹隐藏的主动欺骗防御方法。通过分析对操作系统、服务软件两种类型的主机指纹探测攻击的过程,以及攻击工具指纹库的含义,设计指纹伪装流程,进行虚假响应,使攻击者获得错误的响应信息,达到主动防御的目的。试验结果表明,特征隐藏设备能够降低被保护主机暴露给攻击者的真实信息,使被保护系统呈现有限、隐蔽或者错误的特征信息,导致攻击复杂度和代价的增长。该技术是一种不依赖于病毒库和漏洞库的新型网络防御技术,能够有效提高关键基础设施的主动安全防护能力。

The critical infrastructure of smart city is facing serious network attacks.Traditional passive network security protection mode is easy to detect and attack but difficult to defend.This paper proposes an active deception defense method based on host finger⁃print hiding.By analyzing the process of two types of host fingerprint detection attacks,i.e.operating system fingerprint detection and service software fingerprint detection,and the meaning of attack tool fingerprint library,a fingerprint camouflage process is designed by making false response.In this approach,attackers obtain the false response information,and active defense is achieved.Experimental re⁃sults show that the feature hiding device can reduce the true information of the protected host exposed to attackers,make the protected system present limited,hidden or wrong feature information,and increase attacking complexity and cost.This technology is a new network defense technology which does not rely on virus and vulnerability databases,and can effectively improve the active security protection ability of key infrastructure.