|
|
- 2018
一种软件定义APT攻击移动目标防御网络架构
|
Abstract:
摘要: 针对传统网络架构的确定性、静态性和同构性造成APT攻击难以有效防御的问题,提出了一种软件定义APT攻击移动目标防御网络架构SDMTDA。对APT攻击行为进行了建模,总结了APT攻击依赖网络结构和漏洞信息的特点;结合软件定义安全理念建立了从下到上分别为物理层、控制层、应用层的三层网络架构,并给出了网络结构变化和漏洞信息变化的算法,分析了移动目标防御的三种方法在SDMTDA中的实现;对架构进行了分析、实现并测试。实验结果表明,该架构具有软件定义、变化迅速、扩展性强的优点。
Abstract: Aiming at the problem that the advanced persistent threat(APT)attack was difficult to effectively defend due to the certainty, statics and isomorphism of traditional network architecture, a software defined APT attack moving target defense network architecture SDMTDA was proposed. The behavior and the characteristics of APT attack were modelized. A three-tier network architecture of the physical layer, control layer, application layer was established considered with software definition security. The algorithm of network structure and vulnerability information change were given, and three categories of moving target defense realized in SDMTDA were analyzed. The experimental results show that the architecture has the advantages of software definability, rapid variability and strong expansibility
| [1] | BENCSáTH B, PéK G, BUTTYáN L, et al. The cousins of stuxnet: Duqu, flame, and gauss[J]. Future Internet, 2012, 4(4):971-1003. |
| [2] | CAI Guiling, WANG Baosheng, HU Wei, et al. Moving target defense: state of the art and characteristics[J]. Frontiers of Information Technology & Electronic Engineering: Front Inform Technol Elect Eng, 2016, 17(11):1122-1153. |
| [3] | HUTCHINS E M, CLOPPERT M J, AMIN R M. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains[J]. Leading Issues in Information Warfare & Security Research, 2011, 1(1):80. |
| [4] | MANADHATA P K,WING J M. An attack surface metric[J]. IEEE Transactions on Software Engineering, 2011, 37(3):371-386. |
| [5] | Kaspersky Labs Global Research & Analysis Team. WannaCry ransomware used in widespread attacks all over the world[EB/OL].(2017-5-12)[2017-5-17]. https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/. |
| [6] | FANG Xupeng, ZHAI Lidong, JIA Zhaopeng, et al. A game model for predicting the attack path of APT[C] // 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing. Dalian, China: IEEE, 2014: 491-495. |
| [7] | YANG Haopu. Method for behavior-prediction of APT attack based on dynamic Bayesian game[C] // 2016 IEEE International Conference on Cloud Computing and Big Data Analysis(ICCCBDA). Chengdu, China: IEEE, 2016: 177-182. |
| [8] | CRIU Project. CRIU[EB/OL].(2017-9-21)[2017-9-21]. https://criu.org/Main_Page. |
| [9] | 谭韧, 殷肖川, 廉哲, 等. APT攻击分层表示模型[J]. 计算机应用, 2017, 37(9):2551-2556. TAN Ren, YIN Xiaochuan, LIAN Zhe, et al. Hierarchical representation model of APT attack[J]. Journal of Computer Applications, 2017, 37(9):2551-2556. |
| [10] | LI Meicong, HUANG Wei, WANG Yongbin, et al. The study of APT attack stage model[C] // 2016 IEEE/ACIS 15th International Conference on Computer and Information Science(ICIS). Okayama, Japan: IEEE, 2016: 1-5. |
| [11] | JAFARIAN J H, AL-SHAER E, DUAN Q. Openflow random host mutation: transparent moving target defense using software defined networking[C] // Proceedings of the 1st Workshop on Hot Topics in Software Defined Networks. Helsinki, Finland: ACM, 2012: 127-132. |
| [12] | LIU Yanbing, LU Xingyu, YI Jian, et al. SDSA: a framework of a software-defined security architecture[J]. China Communications, 2016, 13(2):178-188. |
| [13] | DARABSEH A, AL-AYYOUB M, JARARWEH Y, et al. SDSecurity: a software defined security experimental framework[C] // 2015 IEEE International Conference on Communication Workshop(ICCW).[S.l.] : IEEE, 2015: 1871-1876. |
| [14] | CHOI J, CHOI C, LYNN H M, et al. Ontology based APT attack behavior analysis in cloud computing[C] // 2015 10th International Conference on Broadband and Wireless Computing, Communication and Applications(BWCCA). Krakow, Poland: IEEE, 2015: 375-379. |
| [15] | BEN-ASHER N, MORRIS-KING J, THOMPSON B, et al. Attacker skill defender strategies and the effectiveness of migration-based moving target defense in cyber systems[C] // 11th International Conference on Cyber Warfare and Security: ICCWS2016. Boston, US: Academic Conferences and Publishing Limited, 2016: 21. |
| [16] | WETTE P, DR?XLER M, SCHWABE A. MaxiNet: distributed emulation of software-defined networks[C] // 2014 IFIP Networking Conference. Trondheim, Norway: IEEE, 2014: 1-9. |
| [17] | HONG J B, KIM D S. Assessing the effectiveness of moving target defenses using security models[J]. IEEE Transactions on Dependable and Secure Computing, 2016, 13(2):163-177. |
| [18] | KREUTZ D, RAMOS F M V, VERISSIMO P E, et al. Software-defined networking: a comprehensive survey[J]. Proceedings of the IEEE, 2015, 103(1):14-76. |
| [19] | BERNSTEIN D. Containers and cloud: from LXC to docker to kubernetes[J]. IEEE Cloud Computing, 2014, 1(3):81-84. |
| [20] | WANG Li, WU Dinghao. Moving target defense against network reconnaissance with software defined networking[M] // BISHOP M, NASCIMENTO A C A. Information Security: Lecture Notes in Computer Science.Cham:Springer Int Publishing Ag, 2016: 203-217. |
| [21] | CHIN T, XIONG Kaiqi. Dynamic generation containment systems(DGCS): a moving target defense approach[C] // 2016 3rd International Workshop on Emerging Ideas and Trends in Engineering of Cyber-Physical Systems(EITEC). Vienna, Austria: IEEE, 2016: 11-16. |
| [22] | AZAB M, ELTOWEISSY M. MIGRATE: Towards a Lightweight Moving-Target Defense Against Cloud Side-Channels[C] // 2016 IEEE Security and Privacy Workshops(SPW)San Jose. California, USA: IEEE, 2016: 96-103. |
| [23] | PICKARTZ S, EILING N, LANKES S, et al. Migrating linux containers using CRIU[M] // TAUFER M, MOHR B, KUNKEL J M. High Performance Computing: ISC High Performance 2016 International Workshops. Cham: Springer International Publishing, 2016: 674-684. |
| [24] | Linux Fundation. The OpenDaylight Platform | OpenDaylight[EB/OL].(2017-5-12)[2017-10-1]. https://www.opendaylight.org/. |
| [25] | LANGNER R. Stuxnet: dissecting a cyberwarfare weapon[J]. IEEE Security & Privacy: IEEE Secur Priv, 2011, 9(3):49-51. |
| [26] | JAJODIA S, GHOSH A K, SWARUP V, et al. Moving target defense: creating asymmetric uncertainty for cyber threats[M]. New York: Springer Science & Business Media, 2011. |
| [27] | IOANNOU G, LOUVIERIS P, CLEWLEY N, et al. A Markov multi-phase transferable belief model: an application for predicting data exfiltration APTs[C] // Proceedings of the 16th International Conference on Information Fusion. Turkey: IEEE, 2013: 842-849. |
| [28] | KIM Y H, PARK W H. A study on cyber threat prediction based on intrusion detection event for APT attack detection[J]. Multimedia Tools and Applications: Multimed Tools Appl, 2014, 71(2):685-698. |
