{"title":"An active deception defense model based on address mutation and fingerprint camouflage","authors":"Wang Shuo, Chu Jiang, Qingqi Pei, Shao Feng, Yuan Shuai, Xiaoge Zhong","doi":"10.23919/JCC.ea.2020-0384.202401","DOIUrl":null,"url":null,"abstract":"The static and predictable characteristics of cyber systems give attackers an asymmetric advantage in gathering useful information and launching attacks. To reverse this asymmetric advantage, a new defense idea, called Moving Target Defense (MTD), has been proposed to provide additional selectable measures to complement traditional defense. However, MTD is unable to defeat the sophisticated attacker with fingerprint tracking ability. To overcome this limitation, we go one step beyond and show that the combination of MTD and Deception-based Cyber Defense (DCD) can achieve higher performance than either of them. In particular, we first introduce and formalize a novel attacker model named Scan and Foothold Attack (SFA) based on cyber kill chain. Afterwards, we develop probabilistic models for SFA defenses to provide a deeper analysis of the theoretical effect under different defense strategies. These models quantify attack success probability and the probability that the attacker will be deceived under various conditions, such as the size of address space, and the number of hosts, attack analysis time. Finally, the experimental results show that the actual defense effect of each strategy almost perfectly follows its probabilistic model. Also, the defense strategy of combining address mutation and fingerprint camouflage can achieve a better defense effect than the single address mutation.","PeriodicalId":504777,"journal":{"name":"China Communications","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"China Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/JCC.ea.2020-0384.202401","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The static and predictable characteristics of cyber systems give attackers an asymmetric advantage in gathering useful information and launching attacks. To reverse this asymmetric advantage, a new defense idea, called Moving Target Defense (MTD), has been proposed to provide additional selectable measures to complement traditional defense. However, MTD is unable to defeat the sophisticated attacker with fingerprint tracking ability. To overcome this limitation, we go one step beyond and show that the combination of MTD and Deception-based Cyber Defense (DCD) can achieve higher performance than either of them. In particular, we first introduce and formalize a novel attacker model named Scan and Foothold Attack (SFA) based on cyber kill chain. Afterwards, we develop probabilistic models for SFA defenses to provide a deeper analysis of the theoretical effect under different defense strategies. These models quantify attack success probability and the probability that the attacker will be deceived under various conditions, such as the size of address space, and the number of hosts, attack analysis time. Finally, the experimental results show that the actual defense effect of each strategy almost perfectly follows its probabilistic model. Also, the defense strategy of combining address mutation and fingerprint camouflage can achieve a better defense effect than the single address mutation.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
