The static and predictable characteristics of cyber systems give attackers an asymmetric advantage in gathering useful information and launching attacks.To reverse this asymmetric advantage,a new defense idea,called M...The static and predictable characteristics of cyber systems give attackers an asymmetric advantage in gathering useful information and launching attacks.To reverse this asymmetric advantage,a new defense idea,called Moving Target Defense(MTD),has been proposed to provide additional selectable measures to complement traditional defense.However,MTD is unable to defeat the sophisticated attacker with fingerprint tracking ability.To overcome this limitation,we go one step beyond and show that the combination of MTD and Deception-based Cyber Defense(DCD)can achieve higher performance than either of them.In particular,we first introduce and formalize a novel attacker model named Scan and Foothold Attack(SFA)based on cyber kill chain.Afterwards,we develop probabilistic models for SFA defenses to provide a deeper analysis of the theoretical effect under different defense strategies.These models quantify attack success probability and the probability that the attacker will be deceived under various conditions,such as the size of address space,and the number of hosts,attack analysis time.Finally,the experimental results show that the actual defense effect of each strategy almost perfectly follows its probabilistic model.Also,the defense strategy of combining address mutation and fingerprint camouflage can achieve a better defense effect than the single address mutation.展开更多
基金supported by the National Key Research and Development Program of China(No.2016YFB0800601)the Key Program of NSFC-Tongyong Union Foundation(No.U1636209)+1 种基金the National Natural Science Foundation of China(61602358)the Key Research and Development Programs of Shaanxi(No.2019ZDLGY13-04,No.2019ZDLGY13-07)。
文摘The static and predictable characteristics of cyber systems give attackers an asymmetric advantage in gathering useful information and launching attacks.To reverse this asymmetric advantage,a new defense idea,called Moving Target Defense(MTD),has been proposed to provide additional selectable measures to complement traditional defense.However,MTD is unable to defeat the sophisticated attacker with fingerprint tracking ability.To overcome this limitation,we go one step beyond and show that the combination of MTD and Deception-based Cyber Defense(DCD)can achieve higher performance than either of them.In particular,we first introduce and formalize a novel attacker model named Scan and Foothold Attack(SFA)based on cyber kill chain.Afterwards,we develop probabilistic models for SFA defenses to provide a deeper analysis of the theoretical effect under different defense strategies.These models quantify attack success probability and the probability that the attacker will be deceived under various conditions,such as the size of address space,and the number of hosts,attack analysis time.Finally,the experimental results show that the actual defense effect of each strategy almost perfectly follows its probabilistic model.Also,the defense strategy of combining address mutation and fingerprint camouflage can achieve a better defense effect than the single address mutation.