计算机科学 ›› 2022, Vol. 49 ›› Issue (7): 324-331.doi: 10.11896/jsjkx.210600193
高春刚, 王永杰, 熊鑫立
GAO Chun-gang, WANG Yong-jie, XIONG Xin-li
摘要: 移动目标防御和网络欺骗防御均是通过增加攻击者获取的信息的不确定性来保护己方系统和网络,该方法能够在一定程度上减缓网络入侵。然而,单一的移动目标防御技术无法阻止利用多元信息进行网络入侵的攻击者,同时,部署的诱饵节点可能会被攻击者识别和标记,降低了防御效能。因此,提出了融合移动目标防御和网络欺骗防御的混合防御机制MTDCD,并通过深入分析实际网络对抗,构建了网络入侵威胁模型,最后基于Urn模型建立了防御有效性评估模型,并从虚拟网络拓扑大小、诱饵节点的欺骗概率、IP地址随机化周期、IP地址转移概率等多个方面评估了所提混合防御机制MTDCD的防御效能,为后续防御策略设计提供了一定的参考和指导。
中图分类号:
[1]PING C,DESMET L,HUYGENS C.A Study on Advanced Persistent Threats[C]//IFIP International Conference on Communications and Multimedia Security.Berlin:Springer,2014:63-72. [2]BOWERS K,VAN D M,GRIFFIN R,et al.Defending against the unknown enemy:Applying FlipIt to system security[C]//Proceedings of the 3rd Conference on the Decision and Game Theory for Security(Game Security).2012:248-263. [3]CHONG F,LEE R,ACQUISTI A,et al.National cyber leapyear summit 2009:Co-chairs' report[J/OL].https://www.nitrd.gov/nitrdgroups/index.php?title=Category:National_Cyber_Leap_Year_ Summit_2009. [4]XU J,GUO P,ZHAO M,et al.Comparing different moving target defense techniques[C]//Proceedings of ACM Workshop on Moving Target Defense.2014:97-107. [5]CHANG S Y,PARK Y,BABU B.Fast IP Hopping Randomization to Secure Hop-by-Hop Access in SDN[J].IEEE Transactions on Network and Service Management,2018,16(1):308-320. [6]LUO Y B,WANG B S,WANG X F,et al.RPAH:Random Port and Address Hopping for Thwarting Internal and External Adversaries[C]//IEEE Trustcom/bigdatase/ispa.IEEE,2015. [7]CUNHA V A,CORUJO D,BARRACA J P,et al.TOTP Mo-ving Target Defense for sensitive network services[J].Pervasive and Mobile Computing,2021,74(4):101412. [8]DEBROY S,CALYAM P,NGUYEN M,et al.Frequency-minimal moving target defense using software-defined networking[C]//International Conference on Computing.IEEE,2016:1-6. [9]TORQUATO M,MACIEL P,VIEIRA M.Security and Availability Modeling of VM Migration as Moving Target Defense[C]//25th IEEE Pacific Rim International Symposium on Dependable Computing.IEEE,2020:50-59. [10]MARS J,LAURENZANO M,TANG L.Runtime compiler environment with dynamic co-located code execution U.S.Patent 9921859[P].2018-03-20. [11]JIA Z P,FANG B X,LIU C G,et al.Overview of Network Deception Techniques[J].Journal on Communications,2017,38(12):128-143. [12]SUN J,LIU S,SUN K.A scalable high fidelity decoy framework against sophisticated cyber attacks[C]//Proceedings of the 6th ACM Workshop on Moving Target Defense.ACM,2019:37-46. [13]WANG S,WANG J H,PEI Q Q,et al.Active deception defense method based on dynamic camouflage network[J].Journal on Communications,2020(2):97-111. [14]ALBANESE M,BATTISTA E,JAJODIA S.Deceiving Atta-ckers by Creating a Virtual Attack Surface[M].Berlin:Springer International Publishing,2016:167-199. [15]ZHAO Z,GONG D F,LU B,et al.SDN-Based Double Hopping Communication against Sniffer Attack[J/OL].Mathematical Problems in Engineering.https://doi.org/10.1155/2016/8927169. [16]UITTO J,RAUTI S,LAURÉN S,et al.A Survey on Anti-honeypot and Anti-introspection Methods[C]//World Confe-rence on Information Systems & Technologies.Cham:Springer,2017:125-134. [17]SUN J,SUN K.DESIR:Decoy-enhanced seamless IP randomization[C]//IEEE INFOCOM.IEEE,2016:1-9. [18]XING J,YANG M,ZHOU H,et al.Hiding and Trapping:A Deceptive Approach for Defending against Network Reconnaissance with Software-Defined Network[C]//2019 IEEE 38th International Performance Computing and Communications Conference(IPCCC).IEEE,2020:1-8. [19]ZHAO J L,ZHANG G M,XING C Y,et al.An adaptive spoofing defense mechanism against network reconnaissance [J].Computer Science,2020,47(12):304-310. [20]PRAKASH A,WELLMAN M P.Empirical Game-TheoreticAnalysis for Moving Target Defense[C]//ACM Workshop on Moving Target Defense.ACM,2015:57-65. [21]EEUWEN B V,STOUT W,URIAS V.MTD assessment framework with cyberattack modeling[C]//2016 IEEE International Carnahan Conference on Security Technology(ICCST).IEEE,2016:1-8. [22]CARROLL T E,CROUSE M,FULP E W,et al.Analysis of network address shuffling as a moving target defense[C]//IEEE International Conference on Communications.IEEE,2014:701-706. [23]CROUSE M,PROSSER B,FULP E W.Probabilistic Perfor-mance Analysis of Moving Target and Deception Reconnaissance Defenses[C]//ACM Workshop on Moving Target Defense.ACM,2015:21-29. [24]XIONG X L,XU W G,ZHAO G S.The Effectiveness Assessment for Network Based MTD Strategies[C]//Proceedings of the 8th International Conference on Communication and Network Security.2018:7-11. [25]DALZIEL H.Cyber Kill Chain[J].Securing Social Media in the Enterprise,2015,12(6),7-15. [26]STAFFORD J S.Behavior-based worm detection[D].Eugene:University of Oregon,2012. [27]HAIGH J.Polya Urn Models[J].Journal of the Royal Statistical Society Series A(Statistics in Society),2010,172(4):932-942. |
[1] | 王馨彤, 王璇, 孙知信. 基于多尺度记忆残差网络的网络流量异常检测模型 Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network 计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011 |
[2] | 于天琪, 胡剑凌, 金炯, 羊箭锋. 基于移动边缘计算的车载CAN网络入侵检测方法 Mobile Edge Computing Based In-vehicle CAN Network Intrusion Detection Method 计算机科学, 2021, 48(1): 34-39. https://doi.org/10.11896/jsjkx.200900181 |
[3] | 洪海诚,陈丹伟. 基于RBEC的副本动态存储方法 Replica Dynamic Storage Based on RBEC 计算机科学, 2020, 47(2): 313-319. https://doi.org/10.11896/jsjkx.181102161 |
[4] | 华辉有,陈启买,刘海,张阳,袁沛权. 一种融合Kmeans和KNN的网络入侵检测算法 Hybrid Kmeans with KNN for Network Intrusion Detection Algorithm 计算机科学, 2016, 43(3): 158-162. https://doi.org/10.11896/j.issn.1002-137X.2016.03.030 |
[5] | 章武媚,陈庆章. 引入偏移量递阶控制的网络入侵HHT检测算法 Network Intrusion Detection Algorithm Based on HHT with Shift Hierarchical Control 计算机科学, 2014, 41(12): 107-111. https://doi.org/10.11896/j.issn.1002-137X.2014.12.023 |
[6] | 吴林锦,武东英,刘胜利,刘龙. 基于本体的网络入侵知识库模型研究 Research on Network Intrusion Knowledge Base Model Based on Ontology 计算机科学, 2013, 40(9): 120-124. |
[7] | 李晓燕,苗长云. 一种网络入侵检测系统安全通信协议及其验证 A Kind of Network Security Protocols and Verification 计算机科学, 2011, 38(Z10): 87-88. |
[8] | 方贤进,李龙澎,钱海. 基于人工免疫的网络入侵检测中疫苗算子的作用研究 Investigating the Role of Vaccine Operator in Artificial Immune System for Network Intrusion Detection 计算机科学, 2010, 37(1): 239-242. |
[9] | 唐莞,曹阳,杨喜敏,覃俊. 网络入侵检测的GEP规则提取算法研究 Study on GEP Rule Extraction Algorithm for Network Intrusion Detection 计算机科学, 2009, 36(11): 79-82. |
[10] | 鲁云平 宋军 姚雪梅. 基于免疫原理的网络入侵检测算法改进 计算机科学, 2008, 35(9): 116-118. |
[11] | 张军 王建华 刘禹麟 张冰雪. 基于Windowns环境下的NPF数据捕获技术的研究 计算机科学, 2005, 32(5): 89-90. |
[12] | 李华 张简政. 基于模糊支持向量机的网络入侵检测研究 计算机科学, 2005, 32(11): 77-80. |
[13] | 徐慧 戚涌 张宏 刘凤玉. 模糊入侵识别引擎的研究与设计 计算机科学, 2004, 31(7): 87-90. |
[14] | 王旭仁 许榕生 张为群. 基于Rough Set理论的网络入侵检测系统研究 计算机科学, 2004, 31(11): 80-82. |
[15] | 闫映松 王志坚 等. 规模分布式网络入侵检测方法研究 计算机科学, 2003, 30(2): 108-112. |
|