摘要
网络攻击之前通常有侦查阶段,攻击者通过流量分析和主动扫描等技术获取目标系统的关键信息,从而制定有针对性的网络攻击。基于网络特征混淆的欺骗防御是一种有效的侦查对抗策略,该策略干扰攻击者在侦查阶段获取的信息,从而使攻击者发动无效的攻击。对现有混淆欺骗防御方案的技术原理进行了分析,给出了网络混淆欺骗的形式化定义,并从3个层次对现有的研究成果进行了讨论,最后分析了混淆欺骗防御技术的发展趋势。
There is usually a reconnaissance stage before a network attack,the attacker obtains the key information of the target system through techniques such as traffic analysis and active scanning,to formulate a targeted network attack.Deception defense techniques based on network characteristics obfuscation is an effective strategy to confront network reconnaissance,which makes the attacker launch an ineffective attack by thwarting the attacker's reconnaissance stage.The technical principle of the existing obfuscation defense solutions was analyzed,the formal definition of network obfuscation was given,the existing research works were discussed from three aspects,and finally the development trend of the obfuscation deception defense technique were analyzed.
作者
赵金龙
张国敏
邢长友
ZHAO Jinlong;ZHANG Guomin;XING Changyou(Command&Control Engineering College,Army Engineering University,Nanjing 210001,China)
出处
《网络与信息安全学报》
2021年第4期42-52,共11页
Chinese Journal of Network and Information Security
基金
国家自然科学基金(61572521)
武警工程大学科研创新团队科学基金(KYTD201805)。
关键词
网络侦查防护
拓扑混淆
侦查欺骗
欺骗防御
network reconnaissance protection
topology obfuscation
reconnaissance deception
deception defense
