Li Zhenyu, Ding Yong, Yuan Fang, Zhang Kun. An Integrated Protection Method of Moving Target Defense and Access Control Based on IPv6 Network[J]. Journal of Computer Research and Development, 2022, 59(5): 1105-1119. DOI: 10.7544/issn1000-1239.20211118
Citation:
Li Zhenyu, Ding Yong, Yuan Fang, Zhang Kun. An Integrated Protection Method of Moving Target Defense and Access Control Based on IPv6 Network[J]. Journal of Computer Research and Development, 2022, 59(5): 1105-1119. DOI: 10.7544/issn1000-1239.20211118
Li Zhenyu, Ding Yong, Yuan Fang, Zhang Kun. An Integrated Protection Method of Moving Target Defense and Access Control Based on IPv6 Network[J]. Journal of Computer Research and Development, 2022, 59(5): 1105-1119. DOI: 10.7544/issn1000-1239.20211118
Citation:
Li Zhenyu, Ding Yong, Yuan Fang, Zhang Kun. An Integrated Protection Method of Moving Target Defense and Access Control Based on IPv6 Network[J]. Journal of Computer Research and Development, 2022, 59(5): 1105-1119. DOI: 10.7544/issn1000-1239.20211118
1(School of Computer Science and Information Security, Guilin University of Electronic Technology, Guilin, Guangxi 541004)
2(Guangxi Key Laboratory of Cryptography and Information Security (Guilin University of Electronic Technology), Guilin, Guangxi 541004)
3(Department of New Networks, Peng Cheng Laboratory, Shenzhen, Guangdong 518000)
4(Communication Center of the Ministry of Foreign Affairs, Beijing 100045)
5(National Information Center, Beijing 100045)
Funds: This work was supported by the National Key Research and Development Program of China (2020YFB1006003), the National Natural Science Foundation of China (62172119), the Guangxi Natural Science Foundation (2019GXNSFGA245004), and the Major Key Project of PCL (PCL2022A03, PCL2021A02, PCL2021A09).
With the rising 5G technology, many industrial Internet devices are deployed in 5G networks. However, there are many network attacks on the current Internet, which causes a large number of industrial Internet devices to face huge security threats. Therefore, industrial Internet devices urgently need newer security technologies to secure them. In this paper, an access-control-supported moving target defense method based on the IP version 6 (IPv6) network is proposed. First, we propose three mechanisms to assist random IP address generation, including random address generation mechanism, time difference redundancy mechanism, and the multithread supported lockless random IP address selection mechanism. The combined use of the above three mechanisms can effectively improve the performance and stability of the moving target processor. Then, we propose a method of replacing the original packet with a random address by a moving target processor, which can realize the transmission of random addresses on the Internet. Here, we use access control technology in moving target processors, which can enhance protection for industrial Internet devices. Finally, experiments show that the moving target defense with the access control technology has little impact on the original network and is extremely secure. Hence, the method proposed in this paper can satisfy the prerequisites for practical application.
DownLoad: