Anti-reconnaissance Model of Host Fingerprint Based on Virtual Node

Abstract

Aiming at the problem of insufficient defense ability of fingerprint detection, the anti-reconnaissance model of host fingerprint based on virtual node is proposed. The model constructs periodically reconfigurable virtual nodes, dynamically camouflages the fingerprint information of the host to deceive the detector, and redirect attack traffic targeting virtual nodes to honeypots that can capture and analyze attack behavior. Honeypot, as an active defense technology, can effectively improve the model's defense capabilities. This paper introduces probabilistic models for the defense model to provide a deeper understanding of the theoretical effect their parameters have for cybersecurity, which quantifies the impact of different parameters on the probability of attack success, such as the number of probes, number of honeypot mapping rules, the virtual node deception rate, the honeypot detection rate and allowable losses. Furthermore, our prototype system using Software Defined Network (SDN) and Data Plane Development Kit (DPDK) verifies the effectiveness of the model against reconnaissance.