Computer Science

Computer Science ›› 2024, Vol. 51 ›› Issue (11A): 231100132-13.doi: 10.11896/jsjkx.231100132

• Information Security • Previous Articles     Next Articles

Proactive Defense Technology in Cyber Security:Strategies,Methods and Challenges

HU Hongchao, SUI Jiaqi, ZHANG Shuai, TONG Yu   

  1. Institute of Information Technology,University of Information Engineering,Zhengzhou 450001,China
  • Online:2024-11-16 Published:2024-11-13
  • About author:HU Hongchao,born in 1982,professor,Ph.D supervisor.His main research interests include cloud computing security and cyber security.
    SUI Jiaqi,born in 2000,postgraduate.His main research interests include cyber security and anonymous sommunication.
  • Supported by:
    National Natural Science Foundation of China(62072467,62002383),National Key Research and Development Program of China(2021YFB1006200) and Major Science and Technology Project of Henan Province in China(221100211200).

PDF (PC)

178

Abstract: Emerging technologies like artificial intelligence(AI),cloud computing,big data,and the Internet of Things(IoT) are developing quickly,making cybersecurity a vital issue.There is a clear asymmetry between cyberspace defense and attack,as the more sophisticated cyberattacks are beyond the reach of conventional defense strategies like intrusion detection,vulnerability scanning,virus detection,authentication,access control,etc.To counteract this state of passive vulnerability-which is “easy to attack but hard to defend”-academics have been actively pushing the study and creation of proactive defense technologies.Three such technologies—moving target defense,deception defense,and mimic defense-are maturing and developing quickly.Unfortunately,there is currently a dearth of literature that systematically summarizes the three proactive defensive mainstream technologies;additionally,there is no analysis of the advantages and disadvantages of the three technologies,nor a horizontal comparison.This work fills this vacuum by conducting a thorough and methodical evaluation of the research findings about the three proactive defensive strategies.Initially,the concepts,techniques,and methods of the three proactive defensive technologies are presented in their respective orders,and the current research findings are classified based on the various study topics.Subsequently,a horizontal comparison of the three proactive defense systems is conducted to examine their shared and unique characteristics,benefits and drawbacks,and potential synergies and complementarities that could improve the overall protection efficacy of these technologies.Lastly,the three proactive defensive technologies' difficulties and potential directions are discussed.

Key words: Proactive defense, Dynamic defense, Moving target defense, Deception defense, Mimic defense

CLC Number: 

  • TP393
[1]ZHENG Y,LI Z,XU X,et al.Dynamic defenses in cyber Securi-ty:Techniques,methods and challenges[J].Digital Communications and Networks,2022,8:422-435.
[2]CHO J H,SHARMA D P,ALAVIZADEH H,et al.TowardProactive,Adaptive Defense:A Survey on Moving Target Defense[J].IEEE Communications Surveys & Tutorials,2020,22(1):709-745.
[3]FRAUNHOLZ D,ANTON S D,LIPPS C,et al.Demystifying deception technology:A survey[J].arXiv:1804.06196,2018.
[4]SI M X,WANG W,ZENG J J,et al.A Review of the Basic Theory of Mimic Defense[J].Strategic Study of CAE,2016,18(6):62-68.
[5]YAO D,ZHANG Z,ZHANG G F,et al.A Survey on Multi-Variant Execution Security Defense Technology[J].Journal of Cyber Security,2020,5(5):77-94.
[6]ZHOU Y Y,CHENG G,GUO C S,et al.Survey onAttack Surface Dynamic Transfer Technology Based on Moving Target Defense[J].Journal of Software,2018,29(9):2799-2820.
[7]CAI G L,WANG B S,WANG T Z,et al.Research and Development of Moving Target Defense Technology[J].Journal of Computer Research and Development,2016,53(5):968-987.
[8]FAN L N,MA Y F,HUANG H,et al.The Research Summaryof Moving Target Defense Technology[J].Journal of CAEIT,2017,12(2):209-214.
[9]JALOWSKIL,ZMUDA M,RAWSKI M.A Survey on Moving Target Defense for Networks:A Practical View[J].Electronics,2022,11.
[10]SENGUPTA S,CHOWDHARY A,SABUR A,et al.A Surveyof Moving Target Defenses for Network Security[J].IEEE Communications Surveys & Tutorials,2020,22(3):1909-1941.
[11]TAN J L,JIN H,ZHANG H Q,et al.A survey:When moving target defense meets game theory[J].Computer Science Review,2023,48.
[12]LU Z,WANG C,ZHAO S Q.Cyber deception for computer and network security:Survey and challenges[J].arXiv:2007.14497,2020.
[13]URIAS V E,STOUT W M S,LUC-WATSON J,et al.Technolo-gies to enable cyber deception[C]//2017 International Carnahan Conference on Security Technology(ICCST).IEEE,2017:1-6.
[14]LIEBOWITZ D,NEPAL S,MOORE K,et al.Deception for cyber defence:challenges and opportunities[C]//2021 Third IEEE International Conference on Trust,Privacy and Security in Intelligent Systems and Applications(TPS-ISA).IEEE,2021:173-182.
[15]WANG C,LU Z.Cyber deception:Overview and the road ahead[J].IEEE Security & Privacy,2018,16(2):80-85.
[16]RAUTI S,LEPPÄNEN V.A survey on fake entities as a methodto detect and monitor malicious activity[C]//2017 25th Euromicro international conference on Parallel,Distributed and Network-based Processing(PDP).IEEE,2017:386-390.
[17]ZHANG L,THING V L L.Three decades of deception tech-niques in active cyber defense-retrospect and outlook[J].Computers & Security,2021,106:102288.
[18]JIA Z P,FANG B X,LIU C G,et al.Survey on cyber deception[J].Journal on Communications,2017,38(12):128-143.
[19]GAO Y Z,LIU Y Q,XING C Y,et al.Research on Network Deception Defense Oriented Attack Trapping Technology[J].Computer Technology and Development,2022,32(3):114-119.
[20]ZHU M,ANWAR A H,WAN Z,et al.Game-theoretic and machine learning-based approaches for defensive deception:A survey[J].arXiv:2101.10121,2021.
[21]ZHU M,ANWAR A H,WAN Z,et al.A survey of defensive deception:Approaches using game theory and machine learning[J].IEEE Communications Surveys & Tutorials,2021,23(4):2460-2493.
[22]LI G S,WANG W,GAI K,et al.A framework for mimic defense system in cyberspace[J].Journal of Signal Processing Systems,2021,93:169-185.
[23]MA B,ZHANG Z.Security research of redundancy in mimic defense system[C]//2017 3rd IEEE International Conference on Computer and Communications(ICCC).IEEE,2017:2910-2914.
[24]WU J X.Research on Cyber Mimic Defense[J].Journal of Cyber Security,2016,1(4):1-10.
[25]WU J X.Meaning and Vision of Mimic Computing and Mimic Security Defense[J].Telecommunications Science,2014,30(7):2-7.
[26]MA H L,YI P,JIANG Y M,et al.Dynamic Heterogeneous Re-dundancy based Router Architecture with Mimic Defenses[J].Journal of Cyber Security,2017,2(1):29-42.
[27]HU H C,CHEN F C,WANG Z P.Performance Evaluations on DHR for Cyberspace Mimic Defense[J].Journal of Cyber Securi-ty,2016,1(4):40-51.
[28]GUDLA C,SUNG A H.Moving Target Defense Discrete Host Address Mutation and Analysis in SDN[C]//International Conference on Computational Science and Computational Intelligence.2020:16-18.
[29]DUNLOP M,GROAT S,URBANSKI W,et al.MT6D:A Moving Target IPv6 Defense[C]//MILCOM 2011 Military Communications Conference.2011.
[30]NAVAS R E,SANDAKE H,FREDERIC C,et al.IANVS:A Moving Target Defense Framework for a Resilient Internet of Things[C]//2020 IEEE Symposium on Computers and Communications(ISCC).2020.
[31]MACFARLAND D,SHUE C.The SDN Shuffle:Creating aMoving-Target Defense using Host-based Software-Defined Networking[C]//ACM Workshop on Moving Target Defense.2015:37-41.
[32]LUO Y B,WANG B S,WANG X F,et al.RPAH:Random Port and Address Hopping for Thwarting Internal and External Adversaries[C]//2015 IEEE Trustcom/BigDataSE/ISPA.2015:20-22.
[33]AYDEGER A,SAPUTRO N,AKKAYA K,et al.MitigatingCrossfire Attacks Using SDN-Based Moving Target Defense[C]//2016 IEEE 41st Conference on Local Computer Networks(LCN).2016.
[34]ZHANG B F.Research on Moving Target Defense Based onNetwork Layer in SDN [D].Tianjin:Tianjin University of Technology,2022.
[35]RAWSKI M.Network Topology Mutation as Moving TargetDefense for Corporate Networks[J].INTL Journal of Electroni-cs and Telecommunications,2019:571-577.
[36]BAI S H,ZHANG Z,LIU S X.Proactive Defense Method Based on False Network Topology Hopping[J].Journal of Information Engineering University,2022,23(3):337-343.
[37]AZAB M,MOKHTAR B,ABED A,et al.Toward Smart Moving Target Defense for Linux Container Resiliency[C]//2016 IEEE 41st Conference on Local Computer Networks(LCN).2016.
[38]HUANG R,ZHANG H Q,LIU Y.RELOCATE:A ContainerBased Moving Target Defense Approach[C]//CENet 2017-the 7th International Conference on Computer Engineering and Networks.2017.
[39]PENNER T,GUIRGUIS M.Combating the Bandits in theCloud:A Moving Target Defense Approach[C]//ACM International Symposium on Cluster,Cloud and Grid Computing.2017.
[40]DEBROY S,CALYAM P,NGUYEN M,et al.Frequency-minimal moving target defense using software-defined networking[C]//International Conference on Computing.2016.
[41]ZHANG Y P,CHANG X L,MIŠIĆ J J,et al.Cost-effective migration-based dynamic platform defense technique:a CTMDP approach[J].Networking and Applications,2021,14:1207-1217.
[42]SOUROUR D,CHEN T R,FENG Y,et al.Platform MovingTarget Defense Strategy Based on Trusted Dynamic Logical Heterogeneity System[C]//International Conference on Artificial Intelligence and Computer Science.2019.
[43]KONG T,WANG L M,MA D H,et al.ConfigRand:A Moving Target Defense Framework against the Shared Kernel Information Leakages for Container-based Cloud[C]//International Conference on High Performance Computing and Communications;International Conference on Smart City.IEEE International Conference on Data Science and Systems,2020.
[44]LUCAS B,FULP E W,JOHN D J,et al.An Initial Frameworkfor Evolving Computer Configurations as a Moving Target Defense[C]//Cyber and Information Security Research Confe-rence.2014.
[45]SENGUPTA S,VADLAMUDI S G,KAMBHAMPATI S,et al.A Game Theoretic Approach to Strategy Generation for Moving Target Defense in Web Applications[C]//16th Conference on Autonomous Agents and MultiAgent Systems.2017:178-186.
[46]NIAKANLAHIJI A,JAFARIAN J.WebMTD:Defeating WebCode Injection Attacks using Web Element Attribute Mutation[C]//4th ACM Workshop on Moving Target Defense.2017:17-26.
[47]CADAR C,AKRITIDIS P,COSTA M,et al.Data Randomiz-ation:Technical Report:TR-2008-120[R].Microsoft Research,2008.
[48]MAN Y J,YIN Q,ZHU X D.Fine-grained data randomization technique based on field-sensitive pointer analysis[J].Journal of Computer Applications,2016,36(6):1567-1572.
[49]CRANE S,LIEBCHEN C,HOMESCU A,et al.Readactor:Practical Code Randomization Resilient to Memory Disclosure[C]//IEEE Symposium on Security and Privacy.2015.
[50]PAPPAS V,POLYCHRONAKIS M,KEROMYTIS A D.Smashing the Gadgets:Hindering Return-Oriented Programming Using In-Place Code Randomization[C]//IEEE Sympo-sium on Security and Privacy.2012.
[51]KC G S,KEROMYTIS A D,PREVELAKIS V.CounteringCode-InjectionAttacks With Instruction-Set Randomization[C]//ACM Conference on Computer and Communications Security.2003:272-280.
[52]FU J M,ZHANG X,LIN Y.An Instruction-Set Randomization Using Length-Preserving Permutation[C]//IEEE Trustcom/BigDataSE/ISPA.2015.
[53]SEO J,LEE B,KIM S M,et al.SGX-Shield:Enabling Address Space Layout Randomization for SGX Programs[C]//Network and Distributed System Security Symposium.2017.
[54]VANO-GARCIA F,MARCO-GISBERT H.KASLR-MT:Ker-nel Address Space Layout Randomization for Multi-Tenant Cloud Systems[J].Journal of Parallel and Distributed Computing,2019,137:77-90.
[55]JIANG L.Research on Moving Target Defense Decision-makingMethod Based on Dynamic Attack-defense Game Model [D].Zhengzhou:PLA Strategic Support Force Information Engineering University,2019.
[56]CHEN Y,WANG G C.Research on Defense Decision Optimization of Moving Target Markov Signaling Game[J].Journal of Chinese Computer Systems,2023,44(2):392-400.
[57]LEI C,MA D H,ZHANG H Q.Optimal Strategy Selection for Moving Target Defense Based on Markov Game[J].IEEE Access,2017,5:156-169.
[58]HUANG S R,ZHANG H W,WANG J D,et al.Network securi-ty threat warning method based on qualitative differential game[J].Journal on Communications,2018,39(8):29-36.
[59]MANADHATAP K.Game Theoretic Approaches to AttackSurface Shifting[M]//Moving Target Defense II:Appication of Game Theory and Adversarial Modeling.New York:Springer,2012:1-13
[60]LIU D Q,HU H C,HUO S M.Container migration strategy based on moving target defense signaling game[J].Application Research of Computers,2023,40(3):890-897.
[61]SUN Y,JI W F,WENG J,et al.Optimal Strategy of MovingTarget Defense Based on Differential Game[J].Journal of Computer Research and Development,2021,58(8):1789-1800.
[62]GAOC G,WANG Y J.Reinforcement learning based self-adaptive moving target defense against DDoS attacks[C]//International Conference on Electronics,Communications and Information Technology(CECIT).2020:26-28.
[63]CHAI X Z,WANG Y S,YAN C X,et al.DQ-MOTAG:DeepReinforcement Learning-based Moving Target Defense Against DDoS Attacks[C]//2020 IEEE Fifth International Conference on Data Science in Cyberspace(DSC),2020.
[64]ZHANG W,XU Z G,CHEN Y F,et al.Design and Implementation of a SDN Honeynet Based on Dynamic Docker[J].Netinfo Security,2022,22(4):40-48.
[65]ACHLEITNER S,PORTA T F L,MCDANIEL P,et al.Deceiving Network Reconnaissance Using SDN-Based Virtual Topo-logies[J].IEEE Transactions on Network and Service Management,2017:1098-1112.
[66]AVERY J,SPAFFORD E H.Ghost Patches:Fake Patches forFake Vulnerabilities[C]//IFIP Advances in Information and Communication Technology.2017.
[67]JUELS A,RIVEST R L.Honeywords:making password-cracking detectable[C]//ACM Sigsac Conference on Computer & Communications Security.2022.
[68]ZHOU Y,WU Z,YANG Z T,et al.Research on Dynamic Adaptive Network Security Defense Based on Deception Defense[J].Technology Research,2022,3:54-60.
[69]KYUNG S,HAN W,TIWARI N,et al.HoneyProxy:Designand implementation of next-generation honeynet via SDN[C]//IEEE Conference on Communications and Network Security(CNS).2017.
[70]ALBANESE M,BATTISTA E,JAJODIA S.A deception based approach for defeating OS and service fingerprinting[C]//2015 IEEE Conference on Communications and Network Security(CNS).IEEE,2015:317-325.
[71]ROBERTSON S,ALEXANDER S,MICALLEF J,et al.CIN-DAM:Customized Information Networks for Deception and Attack Mitigation[C]//IEEE International Conference on Self-adaptive & Self-organizing Systems Workshops.2015.
[72]LU X Y,YI P,BU Y J,et al.SDN Honeynet Based on Network Deception Mechanism[J].Journal of Information Engineering University,2022,23(4):471-477.
[73]YANG T S,DIAO P J,LIANG L L,et al.Active ForensicsTechnology of Honeypot Based on OpenFlow[J].Transactions of Beijing Institute of Technology,2019,39(5):545-550.
[74]JIA Z P,FANG B X,CUI X,et al.ArkHoney:A Web Honeypot Based on COllaborative Mechanisms[J].Chinese Journal of Computers,2018,41(2):413-425.
[75]GAO Y Z,LIU Y Q,ZHANG G M,et al.Multi-stage Game Based Dynamic Deployment Mechanism of Virtualized Honeypots[J].Computer Science,2021,48(10):294-300.
[76]SARR A B,ANWARA H,KAMHOUA C,et al.Software Diversity for Cyber Deception[C]//GLOBECOM 2020-2020 IEEE Global Communications Conference.2020.
[77]ABAY N C,AKCORA C G,ZHOU Y,et al.Using Deep Lear-ning to Generate Relational HoneyData[J].Autonomous Cyber Deception,2019:3-19.
[78]EDDABBAH M,LMOUMEN Y,TOUAHNI R.A Smart Agent Design for Cyber Security Based on Honeypot and Machine Learning[J].Hindawi,Security and Communication Networks,2020,2020(1):8865474.
[79]SONG L H,JIANG Y Y,XING C Y,et al.Optimization mechanism of attack and defense strategy in honeypot game with evidence for deception[J].Journal on Communications,2022,41(11):104-116.
[80]LI C H,TANG J J,CHEN Y T,et al.Dynamic scheduling method of service function chain executors based on the mimic defense architecture[J].Telecommunications Science,2022,38(4):101-112.
[81]SONG K,LIU Q R,WEI S,et al.Endogenous security architec-ture of Ethernet switch based on mimic defense[J].Journal on Communications,2020,41(5):18-26.
[82]PU L M,WEI H Q,LI X,et al.Mimic cloud service architecture for cloud applications[J].Chinese Journal of Network and Information Security,2021,7(1):101-112.
[83]WEI S,YU H,GU Z Y,et al.Architecture of Mimic Security Processor for Industry Control System[J].Journal of Cyber Security,2017,2(1):54-73.
[84]MA H L,WANG L,HU T,et al.Survey on the development of mimic defense in cyberspace:from mimic concept to “mimic+” ecology[J].Chinese Journal of Network and Information Security,2022,8(2):15-38.
[85]SANG X N.Research on dynamic scheduling algorithm for mimicdefense architecture[D].Nanjing:Nanjing University of Science and Technology.
[86]SHEN C Q,CHEN S X,WU C M,et al.Adaptive mimic defensive controller framework based on reputation and dissimilarity[J].Journal on Communications,2018,39(s2):173-180.
[87]YU F,LIU K,GENG Y Y,et al.Multi executor decision algo-rithm and scheduling algorithm based on differential distance feedback[J].Application Research of Computers,2022,39(5):1437-1443.
[88]WANG R M,XING Y X,SONG W,et al.Secure Scheduling Al-gorithm for Heterogeneous Executors for Mimic Clouds[J].Netinfo Security,2023,23(3):45-55.
[89]LI W C,ZHANG Z,WANG L Q,et al.The Modeling and Risk Assessment on Redundancy Adjudication of Mimic Defense[J].Journal of Cyber Security,2018,3(5):64-74.
[90]WU Z Q,ZHANG F,GUO W,et al.A Mimic Arbitration Optimization Method Based on Heterogeneous Degree of Executors[J].Computer Engineering,2020,46(5):12-18.
[91]GAO Z B,JIANG G R,ZHANG W J,et al.Mimic ruling optimization method based on executive outliers[J].Application Research of Computers,2021,38(7):2066-2071.
[92]YAO Q,XIONGX L,WANG Y J,et al.Review of moving target defense:an analysis of vulnerability and applications in new scenarios[J].Control and Decision,2023,38(11):3025-3038.
[93]Deception Defense System[J].Computer Engineering and Applications,2022,58(15):124-132
[1] LIU Xuanyu, ZHANG Shuai, HUO Shumin, SHANG Ke. Microservice Moving Target Defense Strategy Based on Adaptive Genetic Algorithm [J]. Computer Science, 2023, 50(9): 82-89.
[2] YANG Xin, LI Hui, QUE Jianming, MA Zhentai, LI Gengxin, YAO Yao, WANG Bin, JIANG Fuli. Efficiently Secure Architecture for Future Network [J]. Computer Science, 2023, 50(3): 360-370.
[3] GAO Zhen, CHEN Fucai, WANG Yawen, HE Weizhen. VPN Traffic Hijacking Defense Technology Based on Mimic Defense [J]. Computer Science, 2023, 50(11): 340-347.
[4] JIANG Yang-yang, SONG Li-hua, XING Chang-you, ZHANG Guo-min, ZENG Qing-wei. Belief Driven Attack and Defense Policy Optimization Mechanism in Honeypot Game [J]. Computer Science, 2022, 49(9): 333-339.
[5] GAO Chun-gang, WANG Yong-jie, XIONG Xin-li. MTDCD:A Hybrid Defense Mechanism Against Network Intrusion [J]. Computer Science, 2022, 49(7): 324-331.
[6] LIU Wen-he, JIA Hong-yong, PAN Yun-fei. Mimic Firewall Executor Scheduling Algorithm Based on Executor Defense Ability [J]. Computer Science, 2022, 49(11A): 211200296-6.
[7] HE Yuan, XING Chang-you, ZHANG Guo-min, SONG Li-hua, YU Hang. Differential Privacy Based Fingerprinting Obfuscation Mechanism Towards NetworkReconnaissance Deception [J]. Computer Science, 2022, 49(11): 351-359.
[8] YANG Lin, WANG Yong-jie, ZHANG Jun. FAWA:A Negative Feedback Dynamic Scheduling Algorithm for Heterogeneous Executor [J]. Computer Science, 2021, 48(8): 284-290.
[9] LI Shao-hui, ZHANG Guo-min, SONG Li-hua, WANG Xiu-lei. Incomplete Information Game Theoretic Analysis to Defend Fingerprinting [J]. Computer Science, 2021, 48(8): 291-299.
[10] HONG Hai-cheng,CHEN Dan-wei. Replica Dynamic Storage Based on RBEC [J]. Computer Science, 2020, 47(2): 313-319.
[11] ZHAO Jin-long, ZHANG Guo-min, XING Chang-you, SONG Li-hua, ZONG Yi-ben. Self-adaptive Deception Defense Mechanism Against Network Reconnaissance [J]. Computer Science, 2020, 47(12): 304-310.
[12] CHANG Xiao-lin, FAN Yong-wen, ZHU Wei-jun, LIU Yang. Management Information System Based on Mimic Defense [J]. Computer Science, 2019, 46(11A): 438-441.
[13] ZHANG Jie-xin, PANG Jian-min, ZHANG Zheng, TAI Ming, LIU Hao. QoS Quantification Method for Web Server with Mimic Construction [J]. Computer Science, 2019, 46(11): 109-118.
[14] WANG Wei, YANG Ben-chao, LI Guang-song, SI Xue-ming. Security Analysis of Heterogeneous Redundant Systems [J]. Computer Science, 2018, 45(9): 183-186.
[15] WU Ze-hui, WEI Qiang and WANG Qing-xian. Survey for Attack and Defense Approaches of OpenFlow-enabled Software Defined Network [J]. Computer Science, 2017, 44(6): 121-132.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.