| 发明名称 | Systems and methods for implementing moving target technology in legacy hardware | ||
| 摘要 | Systems (1900) and methods (2300, 2400) for use in a network node (1901-1903). The methods involve: receiving a Data Communication (“DC”) from Data Link Layer Software (“DLLS”); identifying an IDentity Parameter (“IDP”) contained in DC which comprises a False Value (“FV”) specifying false information about the node or DC; obtaining a True Value (“TV”) specifying true information about the node or DC; replacing the FV with the TV to generate a modified DC; and forwarding the modified DC to Network Layer Software (“NLS”). The methods also involve: receiving a Data Unit (“DU”) from NLS comprising a Transport Layer Header (“TLH”) and a Network Layer Header (“NLH”) including TVs specifying true information about the node or FDU; obtaining a FV which specifies false information about the node or FDU; replacing a TV of DU with the FV so as to form a Modified Data Unit (“MDU”); and forwarding MDU to DLLS. | ||
| 申请公布号 | US9154458(B2) | 申请公布日期 | 2015.10.06 |
| 申请号 | US201213461099 | 申请日期 | 2012.05.01 |
| 申请人 | Harris Corporation | 发明人 | Smith Wayne B.;Powers Charles;Lin Ellen K.;Dowin Christopher T.;Sharpe Ryan E. |
| 分类号 | G06F21/00;H04L29/12;H04L29/06;H04L12/24 | 主分类号 | G06F21/00 |
| 代理机构 | Fox Rothschild LLP | 代理人 | Sacco, Esq. Robert J.;Fox Rothschild LLP |
| 主权项 | 1. A computer implemented method for use in a node of a dynamic computer network, comprising the acts of: changing a set of false values for at least one identity parameter which is contained in data communications of the dynamic computer network in response to at least one trigger event, each said false value specifying false information about a respective node or data communication; receiving a first data communication from a data link layer software component of said node; identifying at least one first identity parameter contained in said first data communication which comprises a first false value included in the set of false values; obtaining a first true value for said first identity parameter specifying true information about said node or said data communication; replacing said first false value with said first true value so as to generate a modified data communication; and forwarding said modified data communication to a network layer software component of said node for further processing; wherein said trigger event comprises (a) an inclusion of a particular code word in a second data communication, (b) a change in a protocol or entropy pattern of the dynamic computer network, or (c) a change in a level or a type of a malicious attack on the dynamic computer network; and wherein said identity parameter comprises a port number, a transmission control protocol (TCP) sequence number, an internet protocol (IP) address, a media access control (MAC) address, a network prefix, a subnet number, or a host number. | ||
| 地址 | Melbourne FL US | ||