摘要
移动目标防御和网络欺骗防御均是通过增加攻击者获取的信息的不确定性来保护己方系统和网络,该方法能够在一定程度上减缓网络入侵。然而,单一的移动目标防御技术无法阻止利用多元信息进行网络入侵的攻击者,同时,部署的诱饵节点可能会被攻击者识别和标记,降低了防御效能。因此,提出了融合移动目标防御和网络欺骗防御的混合防御机制MTDCD,并通过深入分析实际网络对抗,构建了网络入侵威胁模型,最后基于Urn模型建立了防御有效性评估模型,并从虚拟网络拓扑大小、诱饵节点的欺骗概率、IP地址随机化周期、IP地址转移概率等多个方面评估了所提混合防御机制MTDCD的防御效能,为后续防御策略设计提供了一定的参考和指导。
Both moving target defense and cyber deception defense protect their own systems and networks by increasing the uncertainty of information acquired by attackers.They can slow down network reconnaissance attacks to a certain extent.However,a single moving target defense technology cannot prevent attackers who use multiple information to conduct network intrusions.Meanwhile,the deployed decoy node may be identified and marked by the attacker,thereby reducing the defense effectiveness.Therefore,this paper proposes a hybrid defense mechanism combining moving target defense and cyber deception defens.Through in-depth analysis of actual network confrontation,a network intrusion threat model is constructed.Finally,a defense effectiveness evaluation model based on the Urn model is built.In addition,this paper evaluates the defense performance of the proposed hybrid defense method from multiple aspects such as virtual network topology size,deception probability of decoy nodes,IP address randomization period,IP address transfer probability,etc.,and provides reference and guidance for subsequent defense strategy design.
作者
高春刚
王永杰
熊鑫立
GAO Chun-gang;WANG Yong-jie;XIONG Xin-li(College of Electronic Engineering,National University of Defense Technology,Hefei 230037,China;Anhui Key Laboratory of Cyberspace Security Situation Awareness and Evaluation,Hefei 230037,China)
出处
《计算机科学》
CSCD
北大核心
2022年第7期324-331,共8页
Computer Science
关键词
移动目标防御
网络欺骗防御
网络入侵
有效性评估
Moving target defense
Cyber deception defense
Network intrusion
Effectiveness assessment
