摘要
IP伪装学有助于转移视线,迷惑攻击者并防止攻击者从IP地址标识和IP包中获取有价值的信息。本文提出了一个动态伪装模型,它可扩大网络会话通过共享和竞争这些IP来选择的伪装IP数。本文的主要贡献是:(1)通过伪装IP数划分网络会话数定义了计算机伪装度;(2)提出了维护伪装IP队列的算法,通过发送APR消息.改变其状态和竞争伪装IP;使用监测数据包的DiverSocket,Netfilter和IPTables,我们设计了一个基于此模型的实验IPDM,获得了满意结果。
The discipline of IP masquerading can help to puzzle the attacker's attention and prevent the attacker from getting the valuable information from the IP packets which are identified by IP address. This paper presents an IP dynamic masquerading model to extend the masqueraded IP number that the network session can chose by sharing and competing these IPs. Our main contribution is in presenting; (1 )the definition of masqueraded degree for a computer in sometime by the number of masqueraded IP divide the number of the network session; (2) the algorithm for maintaining the queue of masqueraded IP, changing their states and competing the masqueraded IP by sending ARP messages; Using DivertSocket to monitor the packets, and basing Netfilter and IPTables, we design an experimental system IPDM based on this model, and satisfactory results are obtained.
出处
《计算机科学》
CSCD
北大核心
2004年第4期64-66,共3页
Computer Science
基金
国家863高科技研究发展计划资助项目(2001AA142100)
国家教育部博士学科点基金(20010699018)