基于IPv6网络的移动目标防御与访问控制融合防护方法

An Integrated Protection Method of Moving Target Defense and Access Control Based on IPv6 Network

随着5G技术的兴起,当前已有许多工业互联网设备部署在5G网络中.然而,互联网充满着各种网络攻击,需要使用更新的安全防护技术对工业互联网的设备进行防护.因此,针对当前5G网络已大量使用互联网协议第6版(Internet Protocol version 6,IPv6)的现状,提出基于IPv6的移动目标防御与访问控制方法.首先,提出兼容IPv6互联网传输的随机地址生成机制、支持两端时差冗余的随机地址机制以及支持多线程的无锁随机IP地址选取机制,以辅助移动目标防御所需的随机IP地址生成,并致力于提升基于软件定义网络技术的移动目标处理器性能和稳定性.其次,提出通过移动目标处理器对原始数据包进行随机地址替换的方法,以实现随机地址在标准互联网中传输,随后结合访问控制技术,进而保护工业互联网设备不受外部设备干扰和攻击.最后,通过一系列实验证明提出的移动目标防御与访问控制技术对原始网络影响较小,并且安全性极高,具备实际落地应用的前提条件.

With the rising 5G technology,many industrial Internet devices are deployed in 5G networks.However,there are many network attacks on the current Internet,which causes a large number of industrial Internet devices to face huge security threats.Therefore,industrial Internet devices urgently need newer security technologies to secure them.In this paper,an access-control-supported moving target defense method based on the IP version 6(IPv6)network is proposed.First,we propose three mechanisms to assist random IP address generation,including random address generation mechanism,time difference redundancy mechanism,and the multithread supported lockless random IP address selection mechanism.The combined use of the above three mechanisms can effectively improve the performance and stability of the moving target processor.Then,we propose a method of replacing the original packet with a random address by a moving target processor,which can realize the transmission of random addresses on the Internet.Here,we use access control technology in moving target processors,which can enhance protection for industrial Internet devices.Finally,experiments show that the moving target defense with the access control technology has little impact on the original network and is extremely secure.Hence,the method proposed in this paper can satisfy the prerequisites for practical application.