Open AccessAnti-reconnaissance Model of Host Fingerprint Based on Virtual Node
Author(s) -
Tao Zhang,
Bin Lu,
Li Ding,
Kang He,
Yuefei Zhu
Publication year - 2020
Publication title -
journal of physics. conference series
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.21
H-Index - 85
eISSN - 1742-6596
pISSN - 1742-6588
DOI - 10.1088/1742-6596/1584/1/012033
Subject(s) - honeypot , node (physics) , host (biology) , fingerprint (computing) , computer science , computer security , probabilistic logic , virtual machine , software , network security , computer network , artificial intelligence , engineering , operating system , ecology , structural engineering , biology
Aiming at the problem of insufficient defense ability of fingerprint detection, the anti-reconnaissance model of host fingerprint based on virtual node is proposed. The model constructs periodically reconfigurable virtual nodes, dynamically camouflages the fingerprint information of the host to deceive the detector, and redirect attack traffic targeting virtual nodes to honeypots that can capture and analyze attack behavior. Honeypot, as an active defense technology, can effectively improve the model’s defense capabilities. This paper introduces probabilistic models for the defense model to provide a deeper understanding of the theoretical effect their parameters have for cybersecurity, which quantifies the impact of different parameters on the probability of attack success, such as the number of probes, number of honeypot mapping rules, the virtual node deception rate, the honeypot detection rate and allowable losses. Furthermore, our prototype system using Software Defined Network (SDN) and Data Plane Development Kit (DPDK) verifies the effectiveness of the model against reconnaissance.