網(wǎng)絡(luò)地址變換對(duì)不同掃描攻擊的防御優(yōu)勢(shì)分析

王凱; 陳欣華; 陳熹; 武澤慧

doi:10.11999/JEIT170105

網(wǎng)絡(luò)地址變換對(duì)不同掃描攻擊的防御優(yōu)勢(shì)分析

doi: 10.11999/JEIT170105 cstr: 32379.14.JEIT170105

2.
(鄭州幼兒師范高等專科學(xué)校計(jì)算機(jī)系鄭州 450000)
3.
(解放軍戰(zhàn)略支援部隊(duì)信息工程大學(xué)網(wǎng)絡(luò)空間安全學(xué)院鄭州 450000)

基金項(xiàng)目:

國(guó)家自然科學(xué)基金(61271252)

計(jì)量
- 文章訪問(wèn)數(shù): 1335
- HTML全文瀏覽量: 216
- PDF下載量: 176
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2017-02-08
- 修回日期: 2018-01-25
- 刊出日期: 2018-04-19

On the Defense Advantages of Network Address Shuffling Against Different Scanning Attacks

2.
(Department of Computer, Zhengzhou Preschool Education College, Zhengzhou 450000, China)
3.
(Institute of Cyberspace Security, PLA Strategic Support Force Information Engineering University, Zhengzhou 450000, China)

Funds:

The National Natural Science Foundation of China (61271252)

摘要

摘要: 網(wǎng)絡(luò)地址變換通過(guò)動(dòng)態(tài)地改變或映射主機(jī)的網(wǎng)絡(luò)地址，使得攻擊者收集到的地址信息變得無(wú)效，然而對(duì)于掃描到主機(jī)即發(fā)起攻擊的掃描攻擊，網(wǎng)絡(luò)地址變換的防御性能有所下降，很少有研究從理論上分析網(wǎng)絡(luò)地址變換對(duì)不同掃描策略的掃描攻擊的防御優(yōu)勢(shì)。該文考慮均勻變換和非重復(fù)變換兩種網(wǎng)絡(luò)地址變換策略，給出不同掃描策略的掃描攻擊在靜態(tài)地址環(huán)境以及網(wǎng)絡(luò)地址變換環(huán)境下的概率模型，概率模型分析了攻擊者命中至少一臺(tái)主機(jī)的概率以及攻擊者命中主機(jī)的數(shù)量；通過(guò)理論計(jì)算兩種網(wǎng)絡(luò)地址變換策略相比于靜態(tài)地址環(huán)境的防御優(yōu)勢(shì)。分析結(jié)果表明對(duì)于可重復(fù)掃描攻擊，兩種網(wǎng)絡(luò)地址變換策略相比于靜態(tài)地址環(huán)境不具有防御優(yōu)勢(shì)；對(duì)于非重復(fù)掃描攻擊，均勻變換僅當(dāng)主機(jī)數(shù)量較少時(shí)才具有概率優(yōu)勢(shì)，非重復(fù)變換僅當(dāng)主機(jī)數(shù)量占地址空間比例較小時(shí)才具有較高的比例優(yōu)勢(shì)。
- 移動(dòng)目標(biāo)防御 /
- 網(wǎng)絡(luò)地址變換 /
- 概率模型 /
- 防御優(yōu)勢(shì)
Abstract: Network address shuffling invalidates the address information collected by the attacker with dynamically changing or remapping the hosts network addresses, however, the defense performance of network address shuffling decreases when against scanning attacks which launch attacks at the same time of discovering targets, and few studies analyze theoretically different defense advantages of network address shuffling against scanning attacks of different scanning strategies. In this paper, two strategies of network address shuffling are considered: uniform shuffling and non-repeat shuffling. It presents probabilistic models of scanning attacks in the static address and network address shuffling environments, which analyzes both the probability of the attacker hitting at least one host and the number of hosts hit by the attacker. Then, the defense advantages of both network address shuffling strategies are theoretically calculated and compared with the static address environment. Analysis results indicate that both shuffling strategies have no defense advantages against repeatable scanning attack compared with the static address environment; uniform shuffling has probability advantage against non-repeat scanning attack only when the hosts number is small, and non-repeat shuffling has significant ratio advantage only when the hosts number accounts for a small proportion in the network space size.
- Moving target defense /
- Network address shuffling /
- Probabilistic model /
- Defense advantages

HTML全文

參考文獻(xiàn)(21)

OKHRAVI H, RABE M A, MAYBERRY T J, et al. Survey of cyber moving target techniques[R]. Technical Report 1166, Lincoln Laboratory, Massachusetts Institute of Technology, 2013.

ATIGHETCHI M, PAL P, WEBBER F, et al. Adaptive use of networkcentric mechanisms in cyber-defense[C]. Proceedings of the 6th IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, Hokkaido, Japan, 2003: 183-192. doi: 10.1109/ISORC.2003. 1199253.

KEWLEY D, FINK R, LOWRY J, et al. Dynamic approaches to thwart adversary intelligence gathering[C]. Proceedings of the DARPA Information Survivability Conference Exposition II, Los Alamitos, California, 2001: 176-185. doi: 10.1109/DISCEX.2001.932214.

ANTONATOS S, AKRITIDIS P, MARKATOS E P, et al. Defending against hitlist worms using network address space randomization[J]. Computer Networks, 2007, 51(12): 3471-3490. doi: 10.1016/j.comnet.2007.02.006.

JAFARIAN J H, AL-SHAER E, and DUAN Q. Openflow random host mutation: Transparent moving target defense using software defined networking[C]. Proceedings of the First Workshop on Hot Topics in Software Defined Networking, Helsinki, Finland, 2012: 127-132. doi: 10.1145 /2342441.2342467.

AL-SHAER E, DUAN Q, and JAFARIAN J H. Random host mutation for moving target defense[C]. Proceedings of the 8th International Conference on Security and Privacy in Communication Networks, Padua, Italy, 2012: 310-327. doi: 10.1007/978-3-642-36883-7_19.

JAFARIAN J H, AL-SHAER E, and DUAN Q. An effective address mutation approach for disrupting reconnaissance attacks[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(12): 2562-2577. doi: 10.1109/TIFS.2015. 2467358.

DUNLOP M, GROAT S, URNANSKI W, et al. MT6D: A moving target IPv6 defense[C]. Military Communications Conference on Cyber Security and Network Operations, Baltimore, Maryland, 2011: 1321-1326. doi: 10.1109/ MILCOM.2011.6127486.

MACFARLAND D C and SHUE C A. The SDN shuffle: Creating a moving-target defense using host-based software-defined networking[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 37-41. doi: 10.1145/2808475.2808485.

YEGNESWARAN V, ALFELD C, NARFORD B, et al. Camouflaging honeynets[C]. Proceedings of IEEE Global Internet Symposium, Anchorage, Alaska, 2007: 49-54. doi: 10.1109/GI.2007.4301430.

URIAS V E, STOUT W, and LOVERRO C. Computer network deception as a moving target defense[C]. IEEE International Carnahan Conference on Security Technology, Taipei, 2015: 1-6. doi: 10.1109/CCST.2015.7389665.

ZHUANG R, DELOADCH S A, and OU X. Towards a theory of moving target defense[C]. Proceedings of First ACM Workshop on Moving Target Defense, Scottsdale, USA, 2014: 31-40. doi: 10.1145/2663474.2663479.

ZHUANG R, BARDAS A G, DELOACH Scott A, et al. A theory of cyber attacks: a step towards analyzing MTD systems[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 11-20. doi: 10.1145/2808475. 2808478.

GREEN M, MACFARLAND D C, SMESTAD D R, et al. Characterizing network-based moving target defenses[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 31-35. doi: 10.1145/2808475.2808484.

XU J, GUO P, ZHAO M, et al. Comparing different moving target defense techniques[C]. Proceedings of 1st ACM Workshop on Moving Target Defense, Scottsdale, USA, 2014: 97-107. doi: 10.1145/2663474.2663486.

CAI G, WANG B, WANG X, et al. An introduction to network address shuffling[C]. 18th International Conference on Advanced Communication Technology (ICACT), Pyeongchang, Korea, 2016: 185-190. doi: 10.1109/ICACT. 2016.7423322.

CARROLL T E, CROUSE M, FULP E W, et al. Analysis of network address shuffling as a moving target defense[C]. IEEE International Conference on Communications (ICC), Sydney, Australia, 2014: 701-706. doi: 10.1109/ICC.2014. 6883401.

CROUSE M, PROSSER B, and FULP E W. Probabilistic performance analysis of moving target and deception reconnaissance defenses[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 21-29. doi: 10.1145/808475.2808480.

MAHMOUD H M. Plya Urn Models[M]. London, British, Chapman and Hall, 2008: 124312.

LANTZ B, HELLER B, and MCKEOWN N. A network in a laptop: Rapid prototyping for software-defined networks[C]. Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, Monterey, USA, 2010: 1-6. doi: 10.1145 /1868447.1868466.

OpenFlow Group at Stanford University. POX Wiki[OL]. https://OpenFlow.stanford.edu/display/ONL/POX+Wiki, 2016.

相關(guān)文章

施引文獻(xiàn)

資源附件(0)

訪問(wèn)統(tǒng)計(jì)