网络拓扑混淆技术综述

摘要/Abstract

摘要： 链路洪泛攻击是一种利用网络拓扑发现的新型分布式拒绝服务攻击.网络拓扑混淆是一种有效对抗该攻击的防御措施，旨在攻击发生前提供主动保护.相关研究在近10年来不断取得进展，针对不同场景提出了各种拓扑混淆解决方案.全面回顾了这些技术.首先，概述了网络拓扑发现中的基本原理和拓扑泄露风险；其次，定义了网络拓扑混淆并提出了一个主动防御模型，然后将技术分为数据包修改、诱饵陷阱、路由变异和度量伪造方案；最后，对当前主流的混淆技术进行了综合比较.

关键词: 链路洪泛攻击, 网络拓扑混淆, 主动防御, 欺骗防御, 拓扑泄露风险

Abstract: LinkFlooding Attack (LFA) is a novel distributed denialofservice (DDoS) attack that exploits network topology detection. Network Topology Obfuscation serves as an effective deceptive defense mechanism against this attack, aiming to provide proactive protection before an attack occurs. Over the past decade, relevant research has continuously made progress, proposing corresponding obfuscation solutions for different scenarios and objectives. This paper comprehensively reviews the network topology obfuscation techniques. First, it combines the basic principles and classifications of network topology discovery to point out the risks of topology leakage in current network topology discovery. Next, it formally defines network topology obfuscation design and presents a proactive defense model. Then, based on the obfuscation concept, the technologies are divided into packet modification, decoy traps, routing mutation, and metric forgery schemes, and proposes a set of metrics to comprehensively compare the current mainstream network topology obfuscation techniques.

Key words: linkflooding attack, network topology obfuscation, active defense, deceptive defense, topology leakage risks

中图分类号:

黄春娇, 张宇, 史建焘, 朱国普, . 网络拓扑混淆技术综述[J]. 信息安全研究, 2025, 11(4): 296-.

参考文献

［1］Studer A, Perrig A. The coremelt attack［C］ Proc of European Symp on Research in Computer Security. Berlin: Springer, 2009: 3752［2］Kang M S, Lee S B, Gligor V D. The crossfire attack［C］ Proc of the 2013 IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2013: 127141［3］Zhang Xian, Phillips C. A survey on selective routing topology inference through active probing［J］. IEEE Communications Surveys & Tutorials, 2012, 14(4): 113［4］Jacobson V. Traceroute［JOL］. 1989 ［20240509］. ftp:ftp.ee.lbl.govtraceroute.tar.gz［5］Farrel A. The Internet and Its Protocols: A Comparative Approach［M］. San Francisco, CA: Morgan Kaufmann, 2004［6］Castro R, Coates M, Liang G, et al. Network tomography: Recent developments［J］. Institute of Mathematical Statistics, 2004 (3): 499517［7］Mansur A A, Zaman T. User behavior analytics in advanced persistent threats: A comprehensive review of detection and mitigation strategies［C］ Proc of the 7th Int Symp on Innovative Approaches in Smart Technologies (ISAS). Piscataway, NJ: IEEE, 2023: 16［8］殷树刚, 李祉岐, 刘晓蕾, 等. 基于APT组织攻击行为的网络安全主动防御方法研究［J］. 信息安全研究, 2023, 9(5): 423432［9］Zhao Shangqing, Zhuo Lu, Wang C .When seeing isn’t believing: On feasibility and detectability of scapegoating in network tomography［C］ Proc of IEEE Int Conf on Distributed Computing Systems(ICDCS). Piscataway, NJ: IEEE, 2017: 172182［10］刘宇涵, 陈红, 刘艺璇, 等. 图数据上的隐私攻击与防御技术［J］. 计算机学报, 2022, 45(4): 702734［11］Kompella R R, Yates J, Greenberg A, et al. Detection and localization of network black holes［C］ Proc of the 26th IEEE Int Conf on Computer Communications. Piscataway, NJ: IEEE, 2007: 21802188［12］Almeshekah M H, Spafford E H. Cyber security deception［M］ Cyber Deception: Building the Scientific Foundation, Cham: Springer, 2016: 2350［13］贾召鹏, 方滨兴, 刘潮歌, 等. 网络欺骗技术综述［J］. 通信学报, 2017, 38(12): 128143［14］赵金龙, 张国敏, 邢长友. 基于网络特征混淆的欺骗防御技术研究［J］. 网络与信息安全学报, 2021, 7(4): 4252［15］国家市场监督管理总局, 中国国家标准化管理委员会. GBT 20984—2022 信息安全技术信息安全风险评估方法［S］. 北京: 中国标准出版社, 2022［16］Trassare S T, Beverly R, Alderson D. A technique for network topology deception［C］ Proc of the 2013 IEEE Military Communications Conference. Piscataway, NJ: IEEE, 2013: 17951800［17］Gillani F, AlShaer E, Lo S, et al. Agile virtualized infrastructure to proactively defend against cyber attacks［C］ Proc of the 2015 IEEE Conf on Computer Communications (INFOCOM). Piscataway, NJ: IEEE, 2015: 729737［18］Achleitner S, Porta T F L, Mcdaniel P, et al. Deceiving network reconnaissance using SDNbased virtual topologies［J］. IEEE Trans on Network and Service Management, 2017, 14(4): 10981112［19］Kim J, Shin S. Softwaredefined HoneyNet: Towards mitigating link flooding attacks［C］ Proc of the 47th Annual IEEEIFIP Int Conf on Dependable Systems and Networks Workshops (DSNW). Piscataway, NJ: IEEE, 2017: 99100［20］Meier R, Tsankov P, Lenders V, et al. NetHide: Secure and practical network topology obfuscation［C］ Proc of the 27th USENIX Security Symposium (USENIX Security 18). Berkeley, CA: USENIX Association, 2018: 693709［21］Aydeger A, Saputro N, Akkaya K. Utilizing NFV for effective moving target defense against link flooding reconnaissance attacks［C］ Proc of the 2018 IEEE Military Communications Conference (MILCOM). Piscataway, NJ: IEEE, 2018: 946951［22］Zhang Tao, Kuang Xiaohui, Zhou Zan, et al. An intelligent route mutation mechanism against mixed attack based on security awareness［C］ Proc of the 2019 IEEE Global Communications Conference(GLOBECOM). Piscataway, NJ: IEEE, 2019: 16［23］Ding Xuyang, Xiao Feng, Zhou Man, et al. Active link obfuscation to thwart linkflooding attacks for Internet of things［C］ Proc of the 19th Int Conf on Trust, Security and Privacy in Computing and Communications (TrustCom). Piscataway, NJ: IEEE, 2020: 217224［24］Liu Yaqun, Zhao Jinlong, Zhang Guomin, et al. NetObfu: A lightweight and efficient network topology obfuscation defense scheme［J］. Computers & Security, 2021, 110: 102447［25］Kim J, Nam J, Lee S, et al. BottleNet: Hiding network bottlenecks using SDNbased topology deception［J］. IEEE Trans on Information Forensics and Security, 2021, 16: 31383153［26］Hou Tao, Wang Tao, Zhuo Lu, et al. Combating adversarial network topology inference by proactive topology obfuscation［J］. IEEEACM Trans on Networking, 2021, 29(6): 27792792［27］Kim J, Marin E, Conti M, et al. EqualNet: A secure and practical defense for longterm network topology obfuscation［COL］ Proc of the Network and Distributed Systems Security (NDSS) Symposium. 2022 ［20240509］. https:www.ndsssymposium.orgwpcontentuploads2022154paper.pdf［28］Liu Yaqun, Xing Changyou, Zhang Guomin, et al. AntiTomo: Network topology obfuscation against adversarial tomographybased topology inference［J］. Computers & Security, 2022, 113: 102570［29］林洪秀, 邢长友, 刘亚群, 等. AntiMNT:一种对抗多源网络层析成像的拓扑混淆机制［J］. 计算机应用研究, 2023, 40(1): 257262［30］Barabási A L, Albert R. Emergence of scaling in random networks［J］. Science, 1999, 286(5439): 509512［31］Rasool R U, Wang H, Ashraf U, et al. A survey of link flooding attacks in software defined network ecosystems［J］. Journal of Network and Computer Applications, 2020, 172: 102803［32］王瀚洲, 周洺宇, 刘建伟, 等. 5G网络安全威胁发现及解决方法综述［J］. 信息安全研究, 2024, 10(4): 340346

[1]	胡震, 曹航, 刘鹏, 邱文元, . 基于蜜罐技术的网络安全主动防御体系建设实践[J]. 信息安全研究, 2024, 10(E2): 249-.
[2]	周威, . 网络欺骗技术赋能等保2.0安全合规建设[J]. 信息安全研究, 2024, 10(E2): 272-.
[3]	齐景锋, 刘厚荣, 马朝远, 王鹏飞, . 煤矿行业OTIT一体化网络安全建设方案研究[J]. 信息安全研究, 2024, 10(E1): 120-.
[4]	姜玮, 李月, 吴猷, . 一种数字基础设施主动防御工作方案[J]. 信息安全研究, 2023, 9(E1): 141-.
[5]	孔维一, 李昕, 宋永立, 况博裕, 付安民, . 一种基于远程证明的智能制造设备群的主动防御方案[J]. 信息安全研究, 2023, 9(6): 580-.
[6]	殷树刚, 李祉岐, 刘晓蕾, 李宁, 林寅伟, . 基于APT组织攻击行为的网络安全主动防御方法研究[J]. 信息安全研究, 2023, 9(5): 423-.
[7]	李祥乾, 凌惜沫, . 云原生 DevSecOps 落地实践[J]. 信息安全研究, 2022, 8(E1): 27-.
[8]	贾悦霖, 赵凡, 王瑜, . 5G+ 基于云化蜜罐网络安全感知解决方案[J]. 信息安全研究, 2022, 8(E1): 31-.
[9]	孙瑞勇, 李峰, 孙晓鹏, 王绍密. 一款基于主动防御机制的伪装诱捕与威胁感知产品[J]. 信息安全研究, 2021, 7(E1): 112-.
[10]	刘建兵王振欣. 主动安全网络架构——基于社会控制原理的网络安全技术[J]. 信息安全研究, 2021, 7(7): 590-597.
[11]	何意刘兴伟马宏亮. 车联网拟态防御系统研究[J]. 信息安全研究, 2020, 6(3): 244-251.
[12]	王斯梁冯暄蔡友保陈翼. 等保2.0下的网络安全态势感知方案研究[J]. 信息安全研究, 2019, 5(9): 828-833.
[13]	陈卫平. 可信计算3.0在等级保护2.0标准体系中的作用[J]. 信息安全研究, 2018, 4(7): 633-638.
[14]	安宁钰. 可信计算技术在电力系统中的研究与应用[J]. 信息安全研究, 2017, 3(4): 353-358.
[15]	姚尧. 可信计算在保险行业核心系统中的应用研究[J]. 信息安全研究, 2017, 3(4): 364-369.