Computer Science

Computer Science ›› 2020, Vol. 47 ›› Issue (12): 304-310.doi: 10.11896/jsjkx.200900126

Previous Articles     Next Articles

Self-adaptive Deception Defense Mechanism Against Network Reconnaissance

ZHAO Jin-long1, ZHANG Guo-min1, XING Chang-you1, SONG Li-hua1, ZONG Yi-ben2   

  1. 1 Command & Control Engineering CollegeArmy Engineering University of PLA Nanjing 210007,China
    2 Unit 61789 of PLA Shanghai 200000,China
  • Received:2020-09-16 Revised:2020-12-01 Published:2020-12-17
  • About author:ZHAO Jin-long,born in 1994postgra-duate.His main research interests include network securitydeception defense and software defined networking.
    ZHANG Guo-min,born in 1979Ph.Dassociate professor.His main research interests include software defined networkingnetwork securitynetwork measurement and distributed system.
  • Supported by:
    Natural Science Foundation of China(61379149,61772271) and China Postdoctoral Science Foundation(2017M610286).

PDF (PC)

771

Abstract: The statically configured network host information is easy to be exposed in the face of network reconnaissancewhich brings serious security risks.Deception methods such as host address mutation and deployment of fake nodes can disruptattac-ker's awareness of the network and increase the difficulty of reconnaissance.Howeverthere are still many challenges in using these methods to counter attacker's reconnaissance behavior effectively.For this reasonby modeling the behaviors of bothattaker and defenderan efficient self-adaptive deception defense mechanism SADM (Self-adaptive Deception Method) is proposed.SADM considers the characteristics of the multi-stage continuous confrontation between attacker and defender in the network reconnaissance processmodeling with the goal of maximizing the defender's accumulative payoffs under cost constraintsand then makes adaptive defense decisions through heuristic methodsto respond quickly to attacker's diverse scanning behavior.The simulation experiment results show that SADM can effectively delay the attacker's detection speed and reduce the cost of deploying deception scenarios while ensuring the defense effect.

Key words: Deception defense, Network reconnaissance, Scanning attack, Software-defined network

CLC Number: 

  • TP393
[1] PANJWANI S,TAN S,JARRIN K M,et al.An experimentalevaluation to determine if port scans are precursors to an attack[C]//2005 International Conference on Dependable Systems and Networks (DSN'05).IEEE,2005:602-611.
[2] WANG L,WU D.Moving target defense against network reconnaissance with software defined networking[C]//International Conference on Information Security.Springer,2016:203-217.
[3] SOOD A K,ENBODY R J.Targeted cyberattacks:A superset of advanced persistent threats[J].IEEE Security &Privacy,2013,11(1):54-61.
[4] CHIANG C-Y J,GOTTLIEB Y M,SUGRIM S J,et al.Acyds:An adaptive cyber deception system[C]//2016 IEEE Military Communications Conference.IEEE,2016:800-805.
[5] XU M,GAO Y,FENG C.Dds:A distributed deception defense system based on sdn[C]//2018 14th International Conference on Computational Intelligence and Security (CIS).IEEE,2018:430-433.
[6] KELLY J,DELAUS M,HEMBERG E,et al.Adversariallyadapting deceptive views and reconnaissance scans on a software defined network[C]//2019 IFIP/IEEE Symposium on Integra-ted Network and Service Management (IM).IEEE,2019:49-54.
[7] ACHLEITNER S,LA PORTA T F,MCDANIEL P,et al.Deceiving network reconnaissance using sdn-based virtual topologies[J].Ieee Transactions on Network and Service Management,2017,14(4):1098-1112.
[8] ROBERTSON S,ALEXANDER S,MICALLEF J,et al.Cin-dam:Customized information networks for deception and attack mitigation[C]//IEEE International Conference on Self-adaptive &Self-organizing Systems Workshops.IEEE,2015:114-119.
[9] Cyberchaff[EB/OL].(2020-8-14)[2020-8-14].https://formal.tech/cyberchaff/.
[10] JAFARIAN J H,AL-SHAER E,DUAN Q.Openflow random host mutation:Transparent moving target defense using software defined networking[C]//Proceedings of the First Workshop on Hot Topics in Software Defined Networks.ACM,2012:127-132.
[11] DU J,GUAN H S,JIANG B C.Defending against hitlist worms using network address space randomization[J].Microcomputer Information,2009(6):85-87.
[12] JAFARIAN J H,AL-SHAER E,DUAN Q.An effective address mutation approach for disrupting reconnaissance attacks[J].IEEE Trans Information Forensics and Security,2015,10(12):2562-2577.
[13] JAFARIAN J H,AL-SHAER E,DUAN Q.Adversary-aware ip address randomization for proactive agility against sophisticated attackers[C]//2015 IEEE Conference on Computer Communications (INFOCOM).IEEE,2015:738-746.
[14] CLARK A,SUN K,POOVENDRAN R.Effectiveness of ip address randomization in decoy-based moving target defense[C]//Decision &Control.IEEE,2013:678-685.
[15] MACFARLAND D C,SHUE C A.The sdn shuffle:Creating a moving-target defense using host-based software-defined networking[C]//Proceedings of the Second ACM Workshop on Moving Target Defense.ACM,2015:37-41.
[16] ANTONATOS S,AKRITIDIS P,MARKATOS E P,et al.Defending against hitlist worms using network address space randomization[J].Computer Networks,2007,51(12):3471-3490.
[17] YACKOSKI J,XIE P,BULLEN H,et al.A self-shielding dy-namic network architecture[C]//Military Communications Conference.IEEE,2011:1381-1386.
[18] XING J,YANG M,ZHOU H,et al.Hiding and trapping:A deceptive approach for defending against network reconnaissance with software-defined network[C]//2019 IEEE 38th International Performance Computing and Communications Conference (IPCCC),London,United Kingdom.IEEE,2019:1-8.
[19] ZOU C C,TOWSLEY D,GONG W B.On the performance of internet worm scanning strategies[J].Performance Evaluation,2006,63(7):700-723.
[20] WANG S,ZHOU Y,LI Y,et al.Quantitative analysis of network address randomization's security effectiveness[C]//2018 IEEE 18th International Conference on Communication Technology (ICCT).IEEE,2018.
[21] STAFFORD S,LI J.Behavior-based worm detectors compared[C]//Recent Advances in Intrusion Detection.International Symposium,Raid,Ottawa,Ontario,Canada.DBLP,2013.
[22] LI Y,CHEN Z,CHEN C.Understanding divide-conquer-scanning worms[C]//2008 IEEE International Performance,Computing and Communications Conference.IEEE,2008:51-58.
[1] JIANG Yang-yang, SONG Li-hua, XING Chang-you, ZHANG Guo-min, ZENG Qing-wei. Belief Driven Attack and Defense Policy Optimization Mechanism in Honeypot Game [J]. Computer Science, 2022, 49(9): 333-339.
[2] GAO Chun-gang, WANG Yong-jie, XIONG Xin-li. MTDCD:A Hybrid Defense Mechanism Against Network Intrusion [J]. Computer Science, 2022, 49(7): 324-331.
[3] LI Shao-hui, ZHANG Guo-min, SONG Li-hua, WANG Xiu-lei. Incomplete Information Game Theoretic Analysis to Defend Fingerprinting [J]. Computer Science, 2021, 48(8): 291-299.
[4] LIU Ya-qun, XING Chang-you, GAO Ya-zhuo, ZHANG Guo-min. TopoObfu:A Network Topology Obfuscation Mechanism to Defense Network Reconnaissance [J]. Computer Science, 2021, 48(10): 278-285.
[5] ZHOU Jian-xin, ZHANG Zhi-peng, ZHOU Ning. Load Balancing Technology of Segment Routing Based on CKSP [J]. Computer Science, 2020, 47(4): 256-261.
[6] ZHANG Zhao, LI Hai-long, HU Lei, DONG Si-qi. Service Function Load Balancing Based on SDN-SFC [J]. Computer Science, 2019, 46(9): 130-136.
[7] ZHANG Fang, DENG Chang-lin, WANG Zhi and GUO Wei. Link Failure Detection and Fast Recovery in Software-defined Satellite Network [J]. Computer Science, 2017, 44(6): 63-67.
[8] LIU Lin and ZHOU Jian-tao. Review for Research of Control Plane in Software-defined Network [J]. Computer Science, 2017, 44(2): 75-81.
[9] SHEN Pu-bing, ZHAO Zhan-dong and GONG Qiang-bing. Research on Evaluation of Computer Network Operation Based on Capacity Factor [J]. Computer Science, 2016, 43(Z6): 505-507.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.