网络地址变换对不同扫描攻击的防御优势分析

网络地址变换通过动态地改变或映射主机的网络地址，使得攻击者收集到的地址信息变得无效，然而对于扫描到主机即发起攻击的扫描攻击，网络地址变换的防御性能有所下降，很少有研究从理论上分析网络地址变换对不同扫描策略的扫描攻击的防御优势。该文考虑均匀变换和非重复变换两种网络地址变换策略，给出不同扫描策略的扫描攻击在静态地址环境以及网络地址变换环境下的概率模型，概率模型分析了攻击者命中至少一台主机的概率以及攻击者命中主机的数量；通过理论计算两种网络地址变换策略相比于静态地址环境的防御优势。分析结果表明对于可重复扫描攻击，两种网络地址变换策略相比于静态地址环境不具有防御优势；对于非重复扫描攻击，均匀变换仅当主机数量较少时才具有概率优势，非重复变换仅当主机数量占地址空间比例较小时才具有较高的比例优势。

On the Defense Advantages of Network Address Shuffling Against Different Scanning Attacks

Network address shuffling invalidates the address information collected by the attacker with dynamically changing or remapping the hosts network addresses, however, the defense performance of network address shuffling decreases when against scanning attacks which launch attacks at the same time of discovering targets, and few studies analyze theoretically different defense advantages of network address shuffling against scanning attacks of different scanning strategies. In this paper, two strategies of network address shuffling are considered: uniform shuffling and non-repeat shuffling. It presents probabilistic models of scanning attacks in the static address and network address shuffling environments, which analyzes both the probability of the attacker hitting at least one host and the number of hosts hit by the attacker. Then, the defense advantages of both network address shuffling strategies are theoretically calculated and compared with the static address environment. Analysis results indicate that both shuffling strategies have no defense advantages against repeatable scanning attack compared with the static address environment; uniform shuffling has probability advantage against non-repeat scanning attack only when the hosts number is small, and non-repeat shuffling has significant ratio advantage only when the hosts number accounts for a small proportion in the network space size.