Study on the Application of SPA-based Single Packet Knocking Technology in Network Security Protection and Resistance Efficacy against DDOS and Web Attacks

In response to cybersecurity threats such as security breaches, data leakage, supply chain attacks, and ransomware viruses in digital network environments, more reliable cybersecurity architectures are needed to address these challenges. The article builds a zero-trust firewall applied to network security protection based on zero-trust architecture by integrating SPA single-packet authorisation technology and authentication scheme. Then SPA single packet authorisation technology with SM3 hash algorithm and SM4 algorithm for fully nominal encryption processing is constructed as a network security protection scheme, and the authentication protocol and trust evaluation algorithm are established by using hash and different-or function. In the simulation verification results, the communication volume of SDP client to complete one authentication is 981B, which reduces 27.17% compared to WaverleySDP overhead. The server in the SDP+SPA scenario still retains a certain amount of legitimate data after DDOS attacks and Web attacks, and receives only 53.47% of the traffic of the SDP scenario. The CPU usage of the client deployed with SPA is only 11.47 percentage points higher than that without SPA mechanism. The combination of SPA single-packet knocking technology and zero-trust architecture can achieve network security protection, and can also effectively deal with DDoS and Web attacks, and improve the performance of network security protection.