{"title":"基于地址突变和指纹伪装的主动欺骗防御模型","authors":"Wang Shuo, Chu Jiang, Qingqi Pei, Shao Feng, Yuan Shuai, Xiaoge Zhong","doi":"10.23919/JCC.ea.2020-0384.202401","DOIUrl":null,"url":null,"abstract":"The static and predictable characteristics of cyber systems give attackers an asymmetric advantage in gathering useful information and launching attacks. To reverse this asymmetric advantage, a new defense idea, called Moving Target Defense (MTD), has been proposed to provide additional selectable measures to complement traditional defense. However, MTD is unable to defeat the sophisticated attacker with fingerprint tracking ability. To overcome this limitation, we go one step beyond and show that the combination of MTD and Deception-based Cyber Defense (DCD) can achieve higher performance than either of them. In particular, we first introduce and formalize a novel attacker model named Scan and Foothold Attack (SFA) based on cyber kill chain. Afterwards, we develop probabilistic models for SFA defenses to provide a deeper analysis of the theoretical effect under different defense strategies. These models quantify attack success probability and the probability that the attacker will be deceived under various conditions, such as the size of address space, and the number of hosts, attack analysis time. Finally, the experimental results show that the actual defense effect of each strategy almost perfectly follows its probabilistic model. Also, the defense strategy of combining address mutation and fingerprint camouflage can achieve a better defense effect than the single address mutation.","PeriodicalId":504777,"journal":{"name":"China Communications","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An active deception defense model based on address mutation and fingerprint camouflage\",\"authors\":\"Wang Shuo, Chu Jiang, Qingqi Pei, Shao Feng, Yuan Shuai, Xiaoge Zhong\",\"doi\":\"10.23919/JCC.ea.2020-0384.202401\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The static and predictable characteristics of cyber systems give attackers an asymmetric advantage in gathering useful information and launching attacks. To reverse this asymmetric advantage, a new defense idea, called Moving Target Defense (MTD), has been proposed to provide additional selectable measures to complement traditional defense. However, MTD is unable to defeat the sophisticated attacker with fingerprint tracking ability. To overcome this limitation, we go one step beyond and show that the combination of MTD and Deception-based Cyber Defense (DCD) can achieve higher performance than either of them. In particular, we first introduce and formalize a novel attacker model named Scan and Foothold Attack (SFA) based on cyber kill chain. Afterwards, we develop probabilistic models for SFA defenses to provide a deeper analysis of the theoretical effect under different defense strategies. These models quantify attack success probability and the probability that the attacker will be deceived under various conditions, such as the size of address space, and the number of hosts, attack analysis time. Finally, the experimental results show that the actual defense effect of each strategy almost perfectly follows its probabilistic model. Also, the defense strategy of combining address mutation and fingerprint camouflage can achieve a better defense effect than the single address mutation.\",\"PeriodicalId\":504777,\"journal\":{\"name\":\"China Communications\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"China Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/JCC.ea.2020-0384.202401\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"China Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/JCC.ea.2020-0384.202401","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An active deception defense model based on address mutation and fingerprint camouflage
The static and predictable characteristics of cyber systems give attackers an asymmetric advantage in gathering useful information and launching attacks. To reverse this asymmetric advantage, a new defense idea, called Moving Target Defense (MTD), has been proposed to provide additional selectable measures to complement traditional defense. However, MTD is unable to defeat the sophisticated attacker with fingerprint tracking ability. To overcome this limitation, we go one step beyond and show that the combination of MTD and Deception-based Cyber Defense (DCD) can achieve higher performance than either of them. In particular, we first introduce and formalize a novel attacker model named Scan and Foothold Attack (SFA) based on cyber kill chain. Afterwards, we develop probabilistic models for SFA defenses to provide a deeper analysis of the theoretical effect under different defense strategies. These models quantify attack success probability and the probability that the attacker will be deceived under various conditions, such as the size of address space, and the number of hosts, attack analysis time. Finally, the experimental results show that the actual defense effect of each strategy almost perfectly follows its probabilistic model. Also, the defense strategy of combining address mutation and fingerprint camouflage can achieve a better defense effect than the single address mutation.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
