摘要
网络指纹探测是实施网络攻击之前的重要情报获取工作。但作为一种主动对抗指纹探测行为的典型方法,现有的网络指纹混淆技术仍存在部署复杂性高、对端系统不透明,以及对网络性能影响大等问题。为此,基于可编程数据平面技术,提出了一种抗网络指纹探测的分组在线混淆机制P4FO。P4FO利用可编程交换机的灵活分组处理能力,以端系统透明的方式在线混淆网络指纹信息。在分析探测流响应速率特征的基础上,实现了“识别—重构”相结合的网络指纹两阶段混淆方案,支持融主动探测流识别、虚假指纹定制,以及在线指纹混淆等能力为一体,并能够缓解高速网络环境中可编程交换机的资源约束。基于真实网络流量数据集的实验表明,P4FO在对抗网络指纹探测能力方面优于当前主流方法,为网络设备指纹保护提供了一种更为高效的解决途径。
Network fingerprinting detection is a crucial intelligence-gathering step prior to conducting network attacks.However,existing network fingerprint obfuscation techniques,which are typical countermeasures against fingerprint detection activities,still face issues like high deployment complexity,non-transparency to end systems,and significant impact on network performance.Addressing these concerns,we propose a packet-based online obfuscation mechanism for resisting network fingerprint detection,named P4FO(P4-based fingerprint obfuscation mechanism),leveraging programmable data plane technology.P4FO utilizes the flexible packet processing capabilities of programmable switches to obfuscate network fingerprint information online in a manner transparent to end systems.Building upon analyzing response rate characteristics of probing flows,the mechanism implements a two-phase fingerprint obfuscation scheme combining“recognition-reconstruction”,which integrates capabilities of active probing flow recognition,false fingerprint customization,and online fingerprint obfuscation,and it can alleviate resource constraints of programmable switches in high-speed network environments.Experiments based on real network traffic datasets show that P4FO outperforms current mainstream methods in combating network fingerprint detection,offering a more effective solution for the protection of network device fingerprints.
作者
王彬沣
邢长友
丁科
许博
WANG Binfeng;XING Changyou;DING Ke;XU Bo(Command and Control Engineering College,Army Engineering University of PLA,Nanjing 210007,China)
出处
《软件导刊》
2024年第5期137-145,共9页
Software Guide
基金
国家自然科学基金面上项目(62172432)。
关键词
网络侦察
网络指纹混淆
网络欺骗防御
可编程协议无关报文处理(P4)
network reconnaissance
network fingerprint obfuscation
network deception defense
programmable protocol-independent packet processing(P4)
