计算机科学 ›› 2022, Vol. 49 ›› Issue (7): 324-331.doi: 10.11896/jsjkx.210600193

• 信息安全 • 上一篇    下一篇

MTDCD:一种对抗网络入侵的混合防御机制

高春刚, 王永杰, 熊鑫立   

  1. 国防科技大学电子对抗学院 合肥230037
    安徽省网络安全态势感知与评估重点实验室 合肥230037
  • 收稿日期:2021-06-28 修回日期:2021-12-15 出版日期:2022-07-15 发布日期:2022-07-12
  • 通讯作者: 王永杰(wangyongjie17@nudt.edu.cn)
  • 作者简介:(gangchungaog9432@nudt.edu.cn)

MTDCD:A Hybrid Defense Mechanism Against Network Intrusion

GAO Chun-gang, WANG Yong-jie, XIONG Xin-li   

  1. College of Electronic Engineering,National University of Defense Technology,Hefei 230037,China
    Anhui Key Laboratory of Cyberspace Security Situation Awareness and Evaluation,Hefei 230037,China
  • Received:2021-06-28 Revised:2021-12-15 Online:2022-07-15 Published:2022-07-12
  • About author:GAO Chun-gang,born in 1996,postgraduate.His main research interests include network security and active defense.
    WANG Yong-jie,born in 1974,Ph.D,professor.His main research interests include network security and active defense.

摘要: 移动目标防御和网络欺骗防御均是通过增加攻击者获取的信息的不确定性来保护己方系统和网络,该方法能够在一定程度上减缓网络入侵。然而,单一的移动目标防御技术无法阻止利用多元信息进行网络入侵的攻击者,同时,部署的诱饵节点可能会被攻击者识别和标记,降低了防御效能。因此,提出了融合移动目标防御和网络欺骗防御的混合防御机制MTDCD,并通过深入分析实际网络对抗,构建了网络入侵威胁模型,最后基于Urn模型建立了防御有效性评估模型,并从虚拟网络拓扑大小、诱饵节点的欺骗概率、IP地址随机化周期、IP地址转移概率等多个方面评估了所提混合防御机制MTDCD的防御效能,为后续防御策略设计提供了一定的参考和指导。

关键词: 网络欺骗防御, 网络入侵, 移动目标防御, 有效性评估

Abstract: Both moving target defense and cyber deception defense protect their own systems and networks by increasing the uncertainty of information acquired by attackers.They can slow down network reconnaissance attacks to a certain extent.However,a single moving target defense technology cannot prevent attackers who use multiple information to conduct network intrusions.Meanwhile,the deployed decoy node may be identified and marked by the attacker,thereby reducing the defense effectiveness.Therefore,this paper proposes a hybrid defense mechanism combining moving target defense and cyber deception defens.Through in-depth analysis of actual network confrontation,a network intrusion threat model is constructed.Finally,a defense effectiveness evaluation model based on the Urn model is built.In addition,this paper evaluates the defense performance of the proposed hybrid defense method from multiple aspects such as virtual network topology size,deception probability of decoy nodes,IP address randomization period,IP address transfer probability,etc.,and provides reference and guidance for subsequent defense strategy design.

Key words: Cyber deception defense, Effectiveness assessment, Moving target defense, Network intrusion

中图分类号: 

  • TP309
[1]PING C,DESMET L,HUYGENS C.A Study on Advanced Persistent Threats[C]//IFIP International Conference on Communications and Multimedia Security.Berlin:Springer,2014:63-72.
[2]BOWERS K,VAN D M,GRIFFIN R,et al.Defending against the unknown enemy:Applying FlipIt to system security[C]//Proceedings of the 3rd Conference on the Decision and Game Theory for Security(Game Security).2012:248-263.
[3]CHONG F,LEE R,ACQUISTI A,et al.National cyber leapyear summit 2009:Co-chairs' report[J/OL].https://www.nitrd.gov/nitrdgroups/index.php?title=Category:National_Cyber_Leap_Year_ Summit_2009.
[4]XU J,GUO P,ZHAO M,et al.Comparing different moving target defense techniques[C]//Proceedings of ACM Workshop on Moving Target Defense.2014:97-107.
[5]CHANG S Y,PARK Y,BABU B.Fast IP Hopping Randomization to Secure Hop-by-Hop Access in SDN[J].IEEE Transactions on Network and Service Management,2018,16(1):308-320.
[6]LUO Y B,WANG B S,WANG X F,et al.RPAH:Random Port and Address Hopping for Thwarting Internal and External Adversaries[C]//IEEE Trustcom/bigdatase/ispa.IEEE,2015.
[7]CUNHA V A,CORUJO D,BARRACA J P,et al.TOTP Mo-ving Target Defense for sensitive network services[J].Pervasive and Mobile Computing,2021,74(4):101412.
[8]DEBROY S,CALYAM P,NGUYEN M,et al.Frequency-minimal moving target defense using software-defined networking[C]//International Conference on Computing.IEEE,2016:1-6.
[9]TORQUATO M,MACIEL P,VIEIRA M.Security and Availability Modeling of VM Migration as Moving Target Defense[C]//25th IEEE Pacific Rim International Symposium on Dependable Computing.IEEE,2020:50-59.
[10]MARS J,LAURENZANO M,TANG L.Runtime compiler environment with dynamic co-located code execution U.S.Patent 9921859[P].2018-03-20.
[11]JIA Z P,FANG B X,LIU C G,et al.Overview of Network Deception Techniques[J].Journal on Communications,2017,38(12):128-143.
[12]SUN J,LIU S,SUN K.A scalable high fidelity decoy framework against sophisticated cyber attacks[C]//Proceedings of the 6th ACM Workshop on Moving Target Defense.ACM,2019:37-46.
[13]WANG S,WANG J H,PEI Q Q,et al.Active deception defense method based on dynamic camouflage network[J].Journal on Communications,2020(2):97-111.
[14]ALBANESE M,BATTISTA E,JAJODIA S.Deceiving Atta-ckers by Creating a Virtual Attack Surface[M].Berlin:Springer International Publishing,2016:167-199.
[15]ZHAO Z,GONG D F,LU B,et al.SDN-Based Double Hopping Communication against Sniffer Attack[J/OL].Mathematical Problems in Engineering.https://doi.org/10.1155/2016/8927169.
[16]UITTO J,RAUTI S,LAURÉN S,et al.A Survey on Anti-honeypot and Anti-introspection Methods[C]//World Confe-rence on Information Systems & Technologies.Cham:Springer,2017:125-134.
[17]SUN J,SUN K.DESIR:Decoy-enhanced seamless IP randomization[C]//IEEE INFOCOM.IEEE,2016:1-9.
[18]XING J,YANG M,ZHOU H,et al.Hiding and Trapping:A Deceptive Approach for Defending against Network Reconnaissance with Software-Defined Network[C]//2019 IEEE 38th International Performance Computing and Communications Conference(IPCCC).IEEE,2020:1-8.
[19]ZHAO J L,ZHANG G M,XING C Y,et al.An adaptive spoofing defense mechanism against network reconnaissance [J].Computer Science,2020,47(12):304-310.
[20]PRAKASH A,WELLMAN M P.Empirical Game-TheoreticAnalysis for Moving Target Defense[C]//ACM Workshop on Moving Target Defense.ACM,2015:57-65.
[21]EEUWEN B V,STOUT W,URIAS V.MTD assessment framework with cyberattack modeling[C]//2016 IEEE International Carnahan Conference on Security Technology(ICCST).IEEE,2016:1-8.
[22]CARROLL T E,CROUSE M,FULP E W,et al.Analysis of network address shuffling as a moving target defense[C]//IEEE International Conference on Communications.IEEE,2014:701-706.
[23]CROUSE M,PROSSER B,FULP E W.Probabilistic Perfor-mance Analysis of Moving Target and Deception Reconnaissance Defenses[C]//ACM Workshop on Moving Target Defense.ACM,2015:21-29.
[24]XIONG X L,XU W G,ZHAO G S.The Effectiveness Assessment for Network Based MTD Strategies[C]//Proceedings of the 8th International Conference on Communication and Network Security.2018:7-11.
[25]DALZIEL H.Cyber Kill Chain[J].Securing Social Media in the Enterprise,2015,12(6),7-15.
[26]STAFFORD J S.Behavior-based worm detection[D].Eugene:University of Oregon,2012.
[27]HAIGH J.Polya Urn Models[J].Journal of the Royal Statistical Society Series A(Statistics in Society),2010,172(4):932-942.
[1] 王馨彤, 王璇, 孙知信.
基于多尺度记忆残差网络的网络流量异常检测模型
Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network
计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011
[2] 于天琪, 胡剑凌, 金炯, 羊箭锋.
基于移动边缘计算的车载CAN网络入侵检测方法
Mobile Edge Computing Based In-vehicle CAN Network Intrusion Detection Method
计算机科学, 2021, 48(1): 34-39. https://doi.org/10.11896/jsjkx.200900181
[3] 洪海诚,陈丹伟.
基于RBEC的副本动态存储方法
Replica Dynamic Storage Based on RBEC
计算机科学, 2020, 47(2): 313-319. https://doi.org/10.11896/jsjkx.181102161
[4] 华辉有,陈启买,刘海,张阳,袁沛权.
一种融合Kmeans和KNN的网络入侵检测算法
Hybrid Kmeans with KNN for Network Intrusion Detection Algorithm
计算机科学, 2016, 43(3): 158-162. https://doi.org/10.11896/j.issn.1002-137X.2016.03.030
[5] 章武媚,陈庆章.
引入偏移量递阶控制的网络入侵HHT检测算法
Network Intrusion Detection Algorithm Based on HHT with Shift Hierarchical Control
计算机科学, 2014, 41(12): 107-111. https://doi.org/10.11896/j.issn.1002-137X.2014.12.023
[6] 吴林锦,武东英,刘胜利,刘龙.
基于本体的网络入侵知识库模型研究
Research on Network Intrusion Knowledge Base Model Based on Ontology
计算机科学, 2013, 40(9): 120-124.
[7] 李晓燕,苗长云.
一种网络入侵检测系统安全通信协议及其验证
A Kind of Network Security Protocols and Verification
计算机科学, 2011, 38(Z10): 87-88.
[8] 方贤进,李龙澎,钱海.
基于人工免疫的网络入侵检测中疫苗算子的作用研究
Investigating the Role of Vaccine Operator in Artificial Immune System for Network Intrusion Detection
计算机科学, 2010, 37(1): 239-242.
[9] 唐莞,曹阳,杨喜敏,覃俊.
网络入侵检测的GEP规则提取算法研究
Study on GEP Rule Extraction Algorithm for Network Intrusion Detection
计算机科学, 2009, 36(11): 79-82.
[10] 鲁云平 宋军 姚雪梅.
基于免疫原理的网络入侵检测算法改进

计算机科学, 2008, 35(9): 116-118.
[11] 张军 王建华 刘禹麟 张冰雪.
基于Windowns环境下的NPF数据捕获技术的研究

计算机科学, 2005, 32(5): 89-90.
[12] 李华 张简政.
基于模糊支持向量机的网络入侵检测研究

计算机科学, 2005, 32(11): 77-80.
[13] 徐慧 戚涌 张宏 刘凤玉.
模糊入侵识别引擎的研究与设计

计算机科学, 2004, 31(7): 87-90.
[14] 王旭仁 许榕生 张为群.
基于Rough Set理论的网络入侵检测系统研究

计算机科学, 2004, 31(11): 80-82.
[15] 闫映松 王志坚 等.
规模分布式网络入侵检测方法研究

计算机科学, 2003, 30(2): 108-112.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!