Computer Science ›› 2022, Vol. 49 ›› Issue (7): 324-331.doi: 10.11896/jsjkx.210600193

• Information Security • Previous Articles     Next Articles

MTDCD:A Hybrid Defense Mechanism Against Network Intrusion

GAO Chun-gang, WANG Yong-jie, XIONG Xin-li   

  1. College of Electronic Engineering,National University of Defense Technology,Hefei 230037,China
    Anhui Key Laboratory of Cyberspace Security Situation Awareness and Evaluation,Hefei 230037,China
  • Received:2021-06-28 Revised:2021-12-15 Online:2022-07-15 Published:2022-07-12
  • About author:GAO Chun-gang,born in 1996,postgraduate.His main research interests include network security and active defense.
    WANG Yong-jie,born in 1974,Ph.D,professor.His main research interests include network security and active defense.

Abstract: Both moving target defense and cyber deception defense protect their own systems and networks by increasing the uncertainty of information acquired by attackers.They can slow down network reconnaissance attacks to a certain extent.However,a single moving target defense technology cannot prevent attackers who use multiple information to conduct network intrusions.Meanwhile,the deployed decoy node may be identified and marked by the attacker,thereby reducing the defense effectiveness.Therefore,this paper proposes a hybrid defense mechanism combining moving target defense and cyber deception defens.Through in-depth analysis of actual network confrontation,a network intrusion threat model is constructed.Finally,a defense effectiveness evaluation model based on the Urn model is built.In addition,this paper evaluates the defense performance of the proposed hybrid defense method from multiple aspects such as virtual network topology size,deception probability of decoy nodes,IP address randomization period,IP address transfer probability,etc.,and provides reference and guidance for subsequent defense strategy design.

Key words: Cyber deception defense, Effectiveness assessment, Moving target defense, Network intrusion

CLC Number: 

  • TP309
[1]PING C,DESMET L,HUYGENS C.A Study on Advanced Persistent Threats[C]//IFIP International Conference on Communications and Multimedia Security.Berlin:Springer,2014:63-72.
[2]BOWERS K,VAN D M,GRIFFIN R,et al.Defending against the unknown enemy:Applying FlipIt to system security[C]//Proceedings of the 3rd Conference on the Decision and Game Theory for Security(Game Security).2012:248-263.
[3]CHONG F,LEE R,ACQUISTI A,et al.National cyber leapyear summit 2009:Co-chairs' report[J/OL]. Summit_2009.
[4]XU J,GUO P,ZHAO M,et al.Comparing different moving target defense techniques[C]//Proceedings of ACM Workshop on Moving Target Defense.2014:97-107.
[5]CHANG S Y,PARK Y,BABU B.Fast IP Hopping Randomization to Secure Hop-by-Hop Access in SDN[J].IEEE Transactions on Network and Service Management,2018,16(1):308-320.
[6]LUO Y B,WANG B S,WANG X F,et al.RPAH:Random Port and Address Hopping for Thwarting Internal and External Adversaries[C]//IEEE Trustcom/bigdatase/ispa.IEEE,2015.
[7]CUNHA V A,CORUJO D,BARRACA J P,et al.TOTP Mo-ving Target Defense for sensitive network services[J].Pervasive and Mobile Computing,2021,74(4):101412.
[8]DEBROY S,CALYAM P,NGUYEN M,et al.Frequency-minimal moving target defense using software-defined networking[C]//International Conference on Computing.IEEE,2016:1-6.
[9]TORQUATO M,MACIEL P,VIEIRA M.Security and Availability Modeling of VM Migration as Moving Target Defense[C]//25th IEEE Pacific Rim International Symposium on Dependable Computing.IEEE,2020:50-59.
[10]MARS J,LAURENZANO M,TANG L.Runtime compiler environment with dynamic co-located code execution U.S.Patent 9921859[P].2018-03-20.
[11]JIA Z P,FANG B X,LIU C G,et al.Overview of Network Deception Techniques[J].Journal on Communications,2017,38(12):128-143.
[12]SUN J,LIU S,SUN K.A scalable high fidelity decoy framework against sophisticated cyber attacks[C]//Proceedings of the 6th ACM Workshop on Moving Target Defense.ACM,2019:37-46.
[13]WANG S,WANG J H,PEI Q Q,et al.Active deception defense method based on dynamic camouflage network[J].Journal on Communications,2020(2):97-111.
[14]ALBANESE M,BATTISTA E,JAJODIA S.Deceiving Atta-ckers by Creating a Virtual Attack Surface[M].Berlin:Springer International Publishing,2016:167-199.
[15]ZHAO Z,GONG D F,LU B,et al.SDN-Based Double Hopping Communication against Sniffer Attack[J/OL].Mathematical Problems in Engineering.
[16]UITTO J,RAUTI S,LAURÉN S,et al.A Survey on Anti-honeypot and Anti-introspection Methods[C]//World Confe-rence on Information Systems & Technologies.Cham:Springer,2017:125-134.
[17]SUN J,SUN K.DESIR:Decoy-enhanced seamless IP randomization[C]//IEEE INFOCOM.IEEE,2016:1-9.
[18]XING J,YANG M,ZHOU H,et al.Hiding and Trapping:A Deceptive Approach for Defending against Network Reconnaissance with Software-Defined Network[C]//2019 IEEE 38th International Performance Computing and Communications Conference(IPCCC).IEEE,2020:1-8.
[19]ZHAO J L,ZHANG G M,XING C Y,et al.An adaptive spoofing defense mechanism against network reconnaissance [J].Computer Science,2020,47(12):304-310.
[20]PRAKASH A,WELLMAN M P.Empirical Game-TheoreticAnalysis for Moving Target Defense[C]//ACM Workshop on Moving Target Defense.ACM,2015:57-65.
[21]EEUWEN B V,STOUT W,URIAS V.MTD assessment framework with cyberattack modeling[C]//2016 IEEE International Carnahan Conference on Security Technology(ICCST).IEEE,2016:1-8.
[22]CARROLL T E,CROUSE M,FULP E W,et al.Analysis of network address shuffling as a moving target defense[C]//IEEE International Conference on Communications.IEEE,2014:701-706.
[23]CROUSE M,PROSSER B,FULP E W.Probabilistic Perfor-mance Analysis of Moving Target and Deception Reconnaissance Defenses[C]//ACM Workshop on Moving Target Defense.ACM,2015:21-29.
[24]XIONG X L,XU W G,ZHAO G S.The Effectiveness Assessment for Network Based MTD Strategies[C]//Proceedings of the 8th International Conference on Communication and Network Security.2018:7-11.
[25]DALZIEL H.Cyber Kill Chain[J].Securing Social Media in the Enterprise,2015,12(6),7-15.
[26]STAFFORD J S.Behavior-based worm detection[D].Eugene:University of Oregon,2012.
[27]HAIGH J.Polya Urn Models[J].Journal of the Royal Statistical Society Series A(Statistics in Society),2010,172(4):932-942.
[1] WANG Xin-tong, WANG Xuan, SUN Zhi-xin. Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network [J]. Computer Science, 2022, 49(8): 314-322.
[2] YU Tian-qi, HU Jian-ling, JIN Jiong, YANG Jian-feng. Mobile Edge Computing Based In-vehicle CAN Network Intrusion Detection Method [J]. Computer Science, 2021, 48(1): 34-39.
[3] HONG Hai-cheng,CHEN Dan-wei. Replica Dynamic Storage Based on RBEC [J]. Computer Science, 2020, 47(2): 313-319.
[4] HUA Hui-you, CHEN Qi-mai, LIU Hai, ZHANG Yang and YUAN Pei-quan. Hybrid Kmeans with KNN for Network Intrusion Detection Algorithm [J]. Computer Science, 2016, 43(3): 158-162.
[5] ZHANG Wu-mei and CHEN Qing-zhang. Network Intrusion Detection Algorithm Based on HHT with Shift Hierarchical Control [J]. Computer Science, 2014, 41(12): 107-111.
[6] WU Lin-jin,WU Dong-ying,LIU Sheng-li and LIU Long. Research on Network Intrusion Knowledge Base Model Based on Ontology [J]. Computer Science, 2013, 40(9): 120-124.
[7] LI Xiao-yan,MIAO Chang-yun. A Kind of Network Security Protocols and Verification [J]. Computer Science, 2011, 38(Z10): 87-88.
[8] FANG Xian-jin,LI Long-shu,QIAN Hai. Investigating the Role of Vaccine Operator in Artificial Immune System for Network Intrusion Detection [J]. Computer Science, 2010, 37(1): 239-242.
[9] TANG Wan,CAO Yang,YANG Xi-min,QIN Jun. Study on GEP Rule Extraction Algorithm for Network Intrusion Detection [J]. Computer Science, 2009, 36(11): 79-82.
[10] LU Yun-ping ,SONG Jun ,YAO Xue-mei (Institute of Computer & Information, Chongqing Jiaotong University, Chongqing 400074, China). [J]. Computer Science, 2008, 35(9): 116-118.
[11] LI Hua, ZHANG Jian-Zheng (School of Colmaputer,Chongqing University, Chongqing 400044). [J]. Computer Science, 2005, 32(11): 77-80.
Full text



No Suggested Reading articles found!