Eavesdropping attacks have become one of the most common attacks on networks because of their easy implementation. Eavesdropping attacks not only lead to transmission data leakage but also develop into other more harm...Eavesdropping attacks have become one of the most common attacks on networks because of their easy implementation. Eavesdropping attacks not only lead to transmission data leakage but also develop into other more harmful attacks. Routing randomization is a relevant research direction for moving target defense, which has been proven to be an effective method to resist eavesdropping attacks. To counter eavesdropping attacks, in this study, we analyzed the existing routing randomization methods and found that their security and usability need to be further improved. According to the characteristics of eavesdropping attacks, which are “latent and transferable”, a routing randomization defense method based on deep reinforcement learning is proposed. The proposed method realizes routing randomization on packet-level granularity using programmable switches. To improve the security and quality of service of legitimate services in networks, we use the deep deterministic policy gradient to generate random routing schemes with support from powerful network state awareness. In-band network telemetry provides real-time, accurate, and comprehensive network state awareness for the proposed method. Various experiments show that compared with other typical routing randomization defense methods, the proposed method has obvious advantages in security and usability against eavesdropping attacks.展开更多
Global Navigation Satellite System(GNSS)-based passive radar(GBPR)has been widely used in remote sensing applications.However,for moving target detection(MTD),the quadratic phase error(QPE)introduced by the non-cooper...Global Navigation Satellite System(GNSS)-based passive radar(GBPR)has been widely used in remote sensing applications.However,for moving target detection(MTD),the quadratic phase error(QPE)introduced by the non-cooperative target motion is usually difficult to be compensated,as the low power level of the GBPR echo signal renders the estimation of the Doppler rate less effective.Consequently,the moving target in GBPR image is usually defocused,which aggravates the difficulty of target detection even further.In this paper,a spawning particle filter(SPF)is proposed for defocused MTD.Firstly,the measurement model and the likelihood ratio function(LRF)of the defocused point-like target image are deduced.Then,a spawning particle set is generated for subsequent target detection,with reference to traditional particles in particle filter(PF)as their parent.After that,based on the PF estimator,the SPF algorithm and its sequential Monte Carlo(SMC)implementation are proposed with a novel amplitude estimation method to decrease the target state dimension.Finally,the effectiveness of the proposed SPF is demonstrated by numerical simulations and pre-liminary experimental results,showing that the target range and Doppler can be estimated accurately.展开更多
As a core component of the network,web applications have become one of the preferred targets for attackers because the static configuration of web applications simplifies the exploitation of vulnerabilities by attacke...As a core component of the network,web applications have become one of the preferred targets for attackers because the static configuration of web applications simplifies the exploitation of vulnerabilities by attackers.Although the moving target defense(MTD)has been proposed to increase the attack difficulty for the attackers,there is no solo approach can cope with different attacks;in addition,it is impossible to implement all these approaches simultaneously due to the resource limitation.Thus,the selection of an optimal defense strategy based on MTD has become the focus of research.In general,the confrontation of two players in the security domain is viewed as a stochastic game,and the reward matrices are known to both players.However,in a real security confrontation,this scenario represents an incomplete information game.Each player can only observe the actions performed by the opponent,and the observed actions are not completely accurate.To accurately describe the attacker’s reward function to reach the Nash equilibrium,this work simulated and updated the strategy selection distribution of the attacker by observing and investigating the strategy selection history of the attacker.Next,the possible rewards of the attacker in each confrontation via the observation matrix were corrected.On this basis,the Nash-Q learning algorithm with reward quantification was proposed to select the optimal strategy.Moreover,the performances of the Minimax-Q learning algorithm and Naive-Q learning algorithm were compared and analyzed in the MTD environment.Finally,the experimental results showed that the strategy selection algorithm can enable defenders to select a more reasonable defensive strategy and achieve the maximum possible reward.展开更多
The static and predictable characteristics of cyber systems give attackers an asymmetric advantage in gathering useful information and launching attacks.To reverse this asymmetric advantage,a new defense idea,called M...The static and predictable characteristics of cyber systems give attackers an asymmetric advantage in gathering useful information and launching attacks.To reverse this asymmetric advantage,a new defense idea,called Moving Target Defense(MTD),has been proposed to provide additional selectable measures to complement traditional defense.However,MTD is unable to defeat the sophisticated attacker with fingerprint tracking ability.To overcome this limitation,we go one step beyond and show that the combination of MTD and Deception-based Cyber Defense(DCD)can achieve higher performance than either of them.In particular,we first introduce and formalize a novel attacker model named Scan and Foothold Attack(SFA)based on cyber kill chain.Afterwards,we develop probabilistic models for SFA defenses to provide a deeper analysis of the theoretical effect under different defense strategies.These models quantify attack success probability and the probability that the attacker will be deceived under various conditions,such as the size of address space,and the number of hosts,attack analysis time.Finally,the experimental results show that the actual defense effect of each strategy almost perfectly follows its probabilistic model.Also,the defense strategy of combining address mutation and fingerprint camouflage can achieve a better defense effect than the single address mutation.展开更多
Quantitative evaluations are of great importance in network security decision-making.In recent years,moving target defense(MTD)has appeared to be a promising defense approach that blocks asymmetrical advantage of atta...Quantitative evaluations are of great importance in network security decision-making.In recent years,moving target defense(MTD)has appeared to be a promising defense approach that blocks asymmetrical advantage of attackers and favors the defender-notwithstanding,it has a limited deployment due to its uncertain efficiency and effectiveness in defense.In that case,quantitative metrics and evaluations of MTD are essential to prove its capability and impulse its further research.This article presents a comprehensive survey on state-of-the-art quantitative evaluations.First,taxonomy of MTD techniques is stated according to the software stack model.Then,a concrete review and comparison on existing quantitative evaluations of MTD is presented.Finally,notice-worthy open issues regarding this topic are proposed along with the conclusions of previous studies.展开更多
As an emerging network paradigm,the software-defined network(SDN)finds extensive application in areas such as smart grids,the Internet of Things(IoT),and edge computing.The forwarding layer in software-defined network...As an emerging network paradigm,the software-defined network(SDN)finds extensive application in areas such as smart grids,the Internet of Things(IoT),and edge computing.The forwarding layer in software-defined networks is susceptible to eavesdropping attacks.Route hopping is amoving target defense(MTD)technology that is frequently employed to resist eavesdropping attacks.In the traditional route hopping technology,both request and reply packets use the same hopping path.If an eavesdropping attacker monitors the nodes along this path,the risk of 100%data leakage becomes substantial.In this paper,we present an effective route hopping approach,called two-day different path(TDP),that turns communication paths into untraceable moving targets.This technology minimizes the probability of data leakage by transmitting request data and reply data through different paths.Firstly,a brief introduction to the network model and attack model involved in this paper is given.Secondly,the algorithm and processingmethod of the TDP are proposed.Thirdly,the paper proposes three differentmetrics tomeasure the effectiveness of the proposed approach.Finally,theoretical analysis and simulation results show that the TDP can effectively reduce the percentage of data exposure,decrease eavesdropping attack success probability,and improve the unpredictability of the path.展开更多
Driven by the rapid development of the Internet of Things,cloud computing and other emerging technologies,the connotation of cyberspace is constantly expanding and becoming the fifth dimension of human activities.Howe...Driven by the rapid development of the Internet of Things,cloud computing and other emerging technologies,the connotation of cyberspace is constantly expanding and becoming the fifth dimension of human activities.However,security problems in cyberspace are becoming serious,and traditional defense measures(e.g.,firewall,intrusion detection systems,and security audits)often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with a higher and higher degree of coordination and intelligence.By constructing and implementing the diverse strategy of dynamic transformation,the configuration characteristics of systems are constantly changing,and the probability of vulnerability exposure is increasing.Therefore,the difficulty and cost of attack are increasing,which provides new ideas for reversing the asymmetric situation of defense and attack in cyberspace.Nonetheless,few related works systematically introduce dynamic defense mechanisms for cyber security.The related concepts and development strategies of dynamic defense are rarely analyzed and summarized.To bridge this gap,we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security.Specifically,we firstly introduce basic concepts and define dynamic defense in cyber security.Next,we review the architectures,enabling techniques and methods for moving target defense and mimic defense.This is followed by taxonomically summarizing the implementation and evaluation of dynamic defense.Finally,we discuss some open challenges and opportunities for dynamic defense in cyber security.展开更多
文摘Eavesdropping attacks have become one of the most common attacks on networks because of their easy implementation. Eavesdropping attacks not only lead to transmission data leakage but also develop into other more harmful attacks. Routing randomization is a relevant research direction for moving target defense, which has been proven to be an effective method to resist eavesdropping attacks. To counter eavesdropping attacks, in this study, we analyzed the existing routing randomization methods and found that their security and usability need to be further improved. According to the characteristics of eavesdropping attacks, which are “latent and transferable”, a routing randomization defense method based on deep reinforcement learning is proposed. The proposed method realizes routing randomization on packet-level granularity using programmable switches. To improve the security and quality of service of legitimate services in networks, we use the deep deterministic policy gradient to generate random routing schemes with support from powerful network state awareness. In-band network telemetry provides real-time, accurate, and comprehensive network state awareness for the proposed method. Various experiments show that compared with other typical routing randomization defense methods, the proposed method has obvious advantages in security and usability against eavesdropping attacks.
基金supported by the National Natural Science Foundation of China(62101014)the National Key Laboratory of Science and Technology on Space Microwave(6142411203307).
文摘Global Navigation Satellite System(GNSS)-based passive radar(GBPR)has been widely used in remote sensing applications.However,for moving target detection(MTD),the quadratic phase error(QPE)introduced by the non-cooperative target motion is usually difficult to be compensated,as the low power level of the GBPR echo signal renders the estimation of the Doppler rate less effective.Consequently,the moving target in GBPR image is usually defocused,which aggravates the difficulty of target detection even further.In this paper,a spawning particle filter(SPF)is proposed for defocused MTD.Firstly,the measurement model and the likelihood ratio function(LRF)of the defocused point-like target image are deduced.Then,a spawning particle set is generated for subsequent target detection,with reference to traditional particles in particle filter(PF)as their parent.After that,based on the PF estimator,the SPF algorithm and its sequential Monte Carlo(SMC)implementation are proposed with a novel amplitude estimation method to decrease the target state dimension.Finally,the effectiveness of the proposed SPF is demonstrated by numerical simulations and pre-liminary experimental results,showing that the target range and Doppler can be estimated accurately.
基金This paper is supported by the National Key R&D Program of China(2017YFB0802703)the National Nature Science Foundation of China(61602052).
文摘As a core component of the network,web applications have become one of the preferred targets for attackers because the static configuration of web applications simplifies the exploitation of vulnerabilities by attackers.Although the moving target defense(MTD)has been proposed to increase the attack difficulty for the attackers,there is no solo approach can cope with different attacks;in addition,it is impossible to implement all these approaches simultaneously due to the resource limitation.Thus,the selection of an optimal defense strategy based on MTD has become the focus of research.In general,the confrontation of two players in the security domain is viewed as a stochastic game,and the reward matrices are known to both players.However,in a real security confrontation,this scenario represents an incomplete information game.Each player can only observe the actions performed by the opponent,and the observed actions are not completely accurate.To accurately describe the attacker’s reward function to reach the Nash equilibrium,this work simulated and updated the strategy selection distribution of the attacker by observing and investigating the strategy selection history of the attacker.Next,the possible rewards of the attacker in each confrontation via the observation matrix were corrected.On this basis,the Nash-Q learning algorithm with reward quantification was proposed to select the optimal strategy.Moreover,the performances of the Minimax-Q learning algorithm and Naive-Q learning algorithm were compared and analyzed in the MTD environment.Finally,the experimental results showed that the strategy selection algorithm can enable defenders to select a more reasonable defensive strategy and achieve the maximum possible reward.
基金supported by the National Key Research and Development Program of China(No.2016YFB0800601)the Key Program of NSFC-Tongyong Union Foundation(No.U1636209)+1 种基金the National Natural Science Foundation of China(61602358)the Key Research and Development Programs of Shaanxi(No.2019ZDLGY13-04,No.2019ZDLGY13-07)。
文摘The static and predictable characteristics of cyber systems give attackers an asymmetric advantage in gathering useful information and launching attacks.To reverse this asymmetric advantage,a new defense idea,called Moving Target Defense(MTD),has been proposed to provide additional selectable measures to complement traditional defense.However,MTD is unable to defeat the sophisticated attacker with fingerprint tracking ability.To overcome this limitation,we go one step beyond and show that the combination of MTD and Deception-based Cyber Defense(DCD)can achieve higher performance than either of them.In particular,we first introduce and formalize a novel attacker model named Scan and Foothold Attack(SFA)based on cyber kill chain.Afterwards,we develop probabilistic models for SFA defenses to provide a deeper analysis of the theoretical effect under different defense strategies.These models quantify attack success probability and the probability that the attacker will be deceived under various conditions,such as the size of address space,and the number of hosts,attack analysis time.Finally,the experimental results show that the actual defense effect of each strategy almost perfectly follows its probabilistic model.Also,the defense strategy of combining address mutation and fingerprint camouflage can achieve a better defense effect than the single address mutation.
基金The National Natural Science Foundation of China(No.61521003)The National Key R&D Program of China(No.2016YFB0800100,No.2016YFB0800101)+1 种基金The National Natural Science Foundation of China(No.61602509)The Key Technologies Research and Development Program of Henan Province(172102210615)
文摘Quantitative evaluations are of great importance in network security decision-making.In recent years,moving target defense(MTD)has appeared to be a promising defense approach that blocks asymmetrical advantage of attackers and favors the defender-notwithstanding,it has a limited deployment due to its uncertain efficiency and effectiveness in defense.In that case,quantitative metrics and evaluations of MTD are essential to prove its capability and impulse its further research.This article presents a comprehensive survey on state-of-the-art quantitative evaluations.First,taxonomy of MTD techniques is stated according to the software stack model.Then,a concrete review and comparison on existing quantitative evaluations of MTD is presented.Finally,notice-worthy open issues regarding this topic are proposed along with the conclusions of previous studies.
基金the Natural Science Foundation of Guangdong Province under Grant Number 2021A1515011910by the Shenzhen Science and Technology Program under Grant No.KQTD20190929172704911。
文摘As an emerging network paradigm,the software-defined network(SDN)finds extensive application in areas such as smart grids,the Internet of Things(IoT),and edge computing.The forwarding layer in software-defined networks is susceptible to eavesdropping attacks.Route hopping is amoving target defense(MTD)technology that is frequently employed to resist eavesdropping attacks.In the traditional route hopping technology,both request and reply packets use the same hopping path.If an eavesdropping attacker monitors the nodes along this path,the risk of 100%data leakage becomes substantial.In this paper,we present an effective route hopping approach,called two-day different path(TDP),that turns communication paths into untraceable moving targets.This technology minimizes the probability of data leakage by transmitting request data and reply data through different paths.Firstly,a brief introduction to the network model and attack model involved in this paper is given.Secondly,the algorithm and processingmethod of the TDP are proposed.Thirdly,the paper proposes three differentmetrics tomeasure the effectiveness of the proposed approach.Finally,theoretical analysis and simulation results show that the TDP can effectively reduce the percentage of data exposure,decrease eavesdropping attack success probability,and improve the unpredictability of the path.
基金supported by the Financial and Science Technology Plan Project of Xinjiang Production and Construction Corps,under grants No.2020DB005 and No.2017DB005supported by the Priority Academic Program Development of Jiangsu Higher Education Institutions fund.
文摘Driven by the rapid development of the Internet of Things,cloud computing and other emerging technologies,the connotation of cyberspace is constantly expanding and becoming the fifth dimension of human activities.However,security problems in cyberspace are becoming serious,and traditional defense measures(e.g.,firewall,intrusion detection systems,and security audits)often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with a higher and higher degree of coordination and intelligence.By constructing and implementing the diverse strategy of dynamic transformation,the configuration characteristics of systems are constantly changing,and the probability of vulnerability exposure is increasing.Therefore,the difficulty and cost of attack are increasing,which provides new ideas for reversing the asymmetric situation of defense and attack in cyberspace.Nonetheless,few related works systematically introduce dynamic defense mechanisms for cyber security.The related concepts and development strategies of dynamic defense are rarely analyzed and summarized.To bridge this gap,we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security.Specifically,we firstly introduce basic concepts and define dynamic defense in cyber security.Next,we review the architectures,enabling techniques and methods for moving target defense and mimic defense.This is followed by taxonomically summarizing the implementation and evaluation of dynamic defense.Finally,we discuss some open challenges and opportunities for dynamic defense in cyber security.
