计算机科学 ›› 2020, Vol. 47 ›› Issue (12): 304-310.doi: 10.11896/jsjkx.200900126
赵金龙1, 张国敏1, 邢长友1, 宋丽华1, 宗祎本2
ZHAO Jin-long1, ZHANG Guo-min1, XING Chang-you1, SONG Li-hua1, ZONG Yi-ben2
摘要: 静态配置的网络主机信息在面对攻击者侦察时易于暴露进而带来了严重的安全隐患.主机地址跳变及部署虚假节点等欺骗方法能够扰乱攻击者对网络的认知增加其网络侦察的难度.但如何高效地利用这些手段来对抗攻击者的侦察行为仍存在诸多困难.为此在对攻防双方行为进行建模描述的基础上提出了一种高效的自适应欺骗防御机制(Self-adaptive Deception MethodSADM)来应对网络侦察.SADM结合网络侦察过程中攻防双方多阶段持续对抗的特点以资源约束下防御方的综合收益最大化为目标进行建模并在此基础上通过启发式方法进行自适应防御决策以快速应对攻击者的多样化扫描行为.仿真实验结果表明SADM能够有效延缓攻击者的探测速度在保证防护效果的同时降低部署欺骗场景的代价.
中图分类号:
[1] PANJWANI S,TAN S,JARRIN K M,et al.An experimentalevaluation to determine if port scans are precursors to an attack[C]//2005 International Conference on Dependable Systems and Networks (DSN'05).IEEE,2005:602-611. [2] WANG L,WU D.Moving target defense against network reconnaissance with software defined networking[C]//International Conference on Information Security.Springer,2016:203-217. [3] SOOD A K,ENBODY R J.Targeted cyberattacks:A superset of advanced persistent threats[J].IEEE Security &Privacy,2013,11(1):54-61. [4] CHIANG C-Y J,GOTTLIEB Y M,SUGRIM S J,et al.Acyds:An adaptive cyber deception system[C]//2016 IEEE Military Communications Conference.IEEE,2016:800-805. [5] XU M,GAO Y,FENG C.Dds:A distributed deception defense system based on sdn[C]//2018 14th International Conference on Computational Intelligence and Security (CIS).IEEE,2018:430-433. [6] KELLY J,DELAUS M,HEMBERG E,et al.Adversariallyadapting deceptive views and reconnaissance scans on a software defined network[C]//2019 IFIP/IEEE Symposium on Integra-ted Network and Service Management (IM).IEEE,2019:49-54. [7] ACHLEITNER S,LA PORTA T F,MCDANIEL P,et al.Deceiving network reconnaissance using sdn-based virtual topologies[J].Ieee Transactions on Network and Service Management,2017,14(4):1098-1112. [8] ROBERTSON S,ALEXANDER S,MICALLEF J,et al.Cin-dam:Customized information networks for deception and attack mitigation[C]//IEEE International Conference on Self-adaptive &Self-organizing Systems Workshops.IEEE,2015:114-119. [9] Cyberchaff[EB/OL].(2020-8-14)[2020-8-14].https://formal.tech/cyberchaff/. [10] JAFARIAN J H,AL-SHAER E,DUAN Q.Openflow random host mutation:Transparent moving target defense using software defined networking[C]//Proceedings of the First Workshop on Hot Topics in Software Defined Networks.ACM,2012:127-132. [11] DU J,GUAN H S,JIANG B C.Defending against hitlist worms using network address space randomization[J].Microcomputer Information,2009(6):85-87. [12] JAFARIAN J H,AL-SHAER E,DUAN Q.An effective address mutation approach for disrupting reconnaissance attacks[J].IEEE Trans Information Forensics and Security,2015,10(12):2562-2577. [13] JAFARIAN J H,AL-SHAER E,DUAN Q.Adversary-aware ip address randomization for proactive agility against sophisticated attackers[C]//2015 IEEE Conference on Computer Communications (INFOCOM).IEEE,2015:738-746. [14] CLARK A,SUN K,POOVENDRAN R.Effectiveness of ip address randomization in decoy-based moving target defense[C]//Decision &Control.IEEE,2013:678-685. [15] MACFARLAND D C,SHUE C A.The sdn shuffle:Creating a moving-target defense using host-based software-defined networking[C]//Proceedings of the Second ACM Workshop on Moving Target Defense.ACM,2015:37-41. [16] ANTONATOS S,AKRITIDIS P,MARKATOS E P,et al.Defending against hitlist worms using network address space randomization[J].Computer Networks,2007,51(12):3471-3490. [17] YACKOSKI J,XIE P,BULLEN H,et al.A self-shielding dy-namic network architecture[C]//Military Communications Conference.IEEE,2011:1381-1386. [18] XING J,YANG M,ZHOU H,et al.Hiding and trapping:A deceptive approach for defending against network reconnaissance with software-defined network[C]//2019 IEEE 38th International Performance Computing and Communications Conference (IPCCC),London,United Kingdom.IEEE,2019:1-8. [19] ZOU C C,TOWSLEY D,GONG W B.On the performance of internet worm scanning strategies[J].Performance Evaluation,2006,63(7):700-723. [20] WANG S,ZHOU Y,LI Y,et al.Quantitative analysis of network address randomization's security effectiveness[C]//2018 IEEE 18th International Conference on Communication Technology (ICCT).IEEE,2018. [21] STAFFORD S,LI J.Behavior-based worm detectors compared[C]//Recent Advances in Intrusion Detection.International Symposium,Raid,Ottawa,Ontario,Canada.DBLP,2013. [22] LI Y,CHEN Z,CHEN C.Understanding divide-conquer-scanning worms[C]//2008 IEEE International Performance,Computing and Communications Conference.IEEE,2008:51-58. |
[1] | 姜洋洋, 宋丽华, 邢长友, 张国敏, 曾庆伟. 蜜罐博弈中信念驱动的攻防策略优化机制 Belief Driven Attack and Defense Policy Optimization Mechanism in Honeypot Game 计算机科学, 2022, 49(9): 333-339. https://doi.org/10.11896/jsjkx.220400011 |
[2] | 高春刚, 王永杰, 熊鑫立. MTDCD:一种对抗网络入侵的混合防御机制 MTDCD:A Hybrid Defense Mechanism Against Network Intrusion 计算机科学, 2022, 49(7): 324-331. https://doi.org/10.11896/jsjkx.210600193 |
[3] | 耿海军, 王威, 尹霞. 基于混合软件定义网络的单节点故障保护方法 Single Node Failure Routing Protection Algorithm Based on Hybrid Software Defined Networks 计算机科学, 2022, 49(2): 329-335. https://doi.org/10.11896/jsjkx.210100051 |
[4] | 李少辉, 张国敏, 宋丽华, 王秀磊. 基于不完全信息博弈的反指纹识别分析 Incomplete Information Game Theoretic Analysis to Defend Fingerprinting 计算机科学, 2021, 48(8): 291-299. https://doi.org/10.11896/jsjkx.210100148 |
[5] | 董仕. 软件定义网络安全问题研究综述 Survey on Software Defined Networks Security 计算机科学, 2021, 48(3): 295-306. https://doi.org/10.11896/jsjkx.200300119 |
[6] | 高明, 周慧颖, 焦海, 应丽莉. 基于加权图的链路映射算法 Link Mapping Algorithm Based on Weighted Graph 计算机科学, 2021, 48(11A): 476-480. https://doi.org/10.11896/jsjkx.201200216 |
[7] | 刘亚群, 邢长友, 高雅卓, 张国敏. TopoObfu:一种对抗网络侦察的网络拓扑混淆机制 TopoObfu:A Network Topology Obfuscation Mechanism to Defense Network Reconnaissance 计算机科学, 2021, 48(10): 278-285. https://doi.org/10.11896/jsjkx.210400296 |
[8] | 高雅卓, 刘亚群, 张国敏, 邢长友, 王秀磊. 基于多阶段博弈的虚拟化蜜罐动态部署机制 Multi-stage Game Based Dynamic Deployment Mechanism of Virtualized Honeypots 计算机科学, 2021, 48(10): 294-300. https://doi.org/10.11896/jsjkx.210500071 |
[9] | 贾吾财, 吕光宏, 王桂芝, 宋元隆. SDN多控制器放置问题研究综述 Review on Placement of Multiple Controllers in SDN 计算机科学, 2020, 47(7): 206-212. https://doi.org/10.11896/jsjkx.200200075 |
[10] | 黄梅根, 汪涛, 刘亮, 庞瑞琴, 杜欢. 基于软件定义网络资源优化的虚拟网络功能部署策略 Virtual Network Function Deployment Strategy Based on Software Defined Network Resource Optimization 计算机科学, 2020, 47(6A): 404-408. https://doi.org/10.11896/JsJkx.191000116 |
[11] | 张举, 王浩, 罗舒婷, 耿海军, 尹霞. 基于遗传算法的混合软件定义网络路由节能算法 Hybrid Software Defined Network Energy Efficient Routing Algorithm Based on Genetic Algorithm 计算机科学, 2020, 47(6): 236-241. https://doi.org/10.11896/jsjkx.191000139 |
[12] | 谢英英, 石涧, 黄硕康, 雷凯. 面向5G的命名数据网络物联网研究综述 Survey on Internet of Things Based on Named Data Networking Facing 5G 计算机科学, 2020, 47(4): 217-225. https://doi.org/10.11896/jsjkx.191000157 |
[13] | 周建新, 张志鹏, 周宁. 基于CKSP的分段路由负载均衡技术 Load Balancing Technology of Segment Routing Based on CKSP 计算机科学, 2020, 47(4): 256-261. https://doi.org/10.11896/jsjkx.190500122 |
[14] | 高航航,赵尚弘,王翔,张晓燕. 基于系统最优的航空信息网络流量均衡方案 Traffic Balance Scheme of Aeronautical Information Network Based on System Optimal Strategy 计算机科学, 2020, 47(3): 261-266. https://doi.org/10.11896/jsjkx.190200296 |
[15] | 谷晓会,章国安. SDN在车载网中的应用综述 Survey of SDN Applications in Vehicular Networks 计算机科学, 2020, 47(1): 237-244. https://doi.org/10.11896/jsjkx.190100178 |
|