网络地址变换对不同扫描攻击的防御优势分析

王凯; 陈欣华; 陈熹; 武泽慧

doi:10.11999/JEIT170105

网络地址变换对不同扫描攻击的防御优势分析

doi: 10.11999/JEIT170105

2.
(郑州幼儿师范高等专科学校计算机系郑州 450000)
3.
(解放军战略支援部队信息工程大学网络空间安全学院郑州 450000)

基金项目:

国家自然科学基金(61271252)

计量
- 文章访问数: 1230
- HTML全文浏览量: 195
- PDF下载量: 175
- 被引次数: 0
出版历程
- 收稿日期: 2017-02-08
- 修回日期: 2018-01-25
- 刊出日期: 2018-04-19

On the Defense Advantages of Network Address Shuffling Against Different Scanning Attacks

2.
(Department of Computer, Zhengzhou Preschool Education College, Zhengzhou 450000, China)
3.
(Institute of Cyberspace Security, PLA Strategic Support Force Information Engineering University, Zhengzhou 450000, China)

Funds:

The National Natural Science Foundation of China (61271252)

摘要

摘要: 网络地址变换通过动态地改变或映射主机的网络地址，使得攻击者收集到的地址信息变得无效，然而对于扫描到主机即发起攻击的扫描攻击，网络地址变换的防御性能有所下降，很少有研究从理论上分析网络地址变换对不同扫描策略的扫描攻击的防御优势。该文考虑均匀变换和非重复变换两种网络地址变换策略，给出不同扫描策略的扫描攻击在静态地址环境以及网络地址变换环境下的概率模型，概率模型分析了攻击者命中至少一台主机的概率以及攻击者命中主机的数量；通过理论计算两种网络地址变换策略相比于静态地址环境的防御优势。分析结果表明对于可重复扫描攻击，两种网络地址变换策略相比于静态地址环境不具有防御优势；对于非重复扫描攻击，均匀变换仅当主机数量较少时才具有概率优势，非重复变换仅当主机数量占地址空间比例较小时才具有较高的比例优势。
- 移动目标防御 /
- 网络地址变换 /
- 概率模型 /
- 防御优势
Abstract: Network address shuffling invalidates the address information collected by the attacker with dynamically changing or remapping the hosts network addresses, however, the defense performance of network address shuffling decreases when against scanning attacks which launch attacks at the same time of discovering targets, and few studies analyze theoretically different defense advantages of network address shuffling against scanning attacks of different scanning strategies. In this paper, two strategies of network address shuffling are considered: uniform shuffling and non-repeat shuffling. It presents probabilistic models of scanning attacks in the static address and network address shuffling environments, which analyzes both the probability of the attacker hitting at least one host and the number of hosts hit by the attacker. Then, the defense advantages of both network address shuffling strategies are theoretically calculated and compared with the static address environment. Analysis results indicate that both shuffling strategies have no defense advantages against repeatable scanning attack compared with the static address environment; uniform shuffling has probability advantage against non-repeat scanning attack only when the hosts number is small, and non-repeat shuffling has significant ratio advantage only when the hosts number accounts for a small proportion in the network space size.
- Moving target defense /
- Network address shuffling /
- Probabilistic model /
- Defense advantages

HTML全文

参考文献(21)

OKHRAVI H, RABE M A, MAYBERRY T J, et al. Survey of cyber moving target techniques[R]. Technical Report 1166, Lincoln Laboratory, Massachusetts Institute of Technology, 2013.

ATIGHETCHI M, PAL P, WEBBER F, et al. Adaptive use of networkcentric mechanisms in cyber-defense[C]. Proceedings of the 6th IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, Hokkaido, Japan, 2003: 183-192. doi: 10.1109/ISORC.2003. 1199253.

KEWLEY D, FINK R, LOWRY J, et al. Dynamic approaches to thwart adversary intelligence gathering[C]. Proceedings of the DARPA Information Survivability Conference Exposition II, Los Alamitos, California, 2001: 176-185. doi: 10.1109/DISCEX.2001.932214.

ANTONATOS S, AKRITIDIS P, MARKATOS E P, et al. Defending against hitlist worms using network address space randomization[J]. Computer Networks, 2007, 51(12): 3471-3490. doi: 10.1016/j.comnet.2007.02.006.

JAFARIAN J H, AL-SHAER E, and DUAN Q. Openflow random host mutation: Transparent moving target defense using software defined networking[C]. Proceedings of the First Workshop on Hot Topics in Software Defined Networking, Helsinki, Finland, 2012: 127-132. doi: 10.1145 /2342441.2342467.

AL-SHAER E, DUAN Q, and JAFARIAN J H. Random host mutation for moving target defense[C]. Proceedings of the 8th International Conference on Security and Privacy in Communication Networks, Padua, Italy, 2012: 310-327. doi: 10.1007/978-3-642-36883-7_19.

JAFARIAN J H, AL-SHAER E, and DUAN Q. An effective address mutation approach for disrupting reconnaissance attacks[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(12): 2562-2577. doi: 10.1109/TIFS.2015. 2467358.

DUNLOP M, GROAT S, URNANSKI W, et al. MT6D: A moving target IPv6 defense[C]. Military Communications Conference on Cyber Security and Network Operations, Baltimore, Maryland, 2011: 1321-1326. doi: 10.1109/ MILCOM.2011.6127486.

MACFARLAND D C and SHUE C A. The SDN shuffle: Creating a moving-target defense using host-based software-defined networking[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 37-41. doi: 10.1145/2808475.2808485.

YEGNESWARAN V, ALFELD C, NARFORD B, et al. Camouflaging honeynets[C]. Proceedings of IEEE Global Internet Symposium, Anchorage, Alaska, 2007: 49-54. doi: 10.1109/GI.2007.4301430.

URIAS V E, STOUT W, and LOVERRO C. Computer network deception as a moving target defense[C]. IEEE International Carnahan Conference on Security Technology, Taipei, 2015: 1-6. doi: 10.1109/CCST.2015.7389665.

ZHUANG R, DELOADCH S A, and OU X. Towards a theory of moving target defense[C]. Proceedings of First ACM Workshop on Moving Target Defense, Scottsdale, USA, 2014: 31-40. doi: 10.1145/2663474.2663479.

ZHUANG R, BARDAS A G, DELOACH Scott A, et al. A theory of cyber attacks: a step towards analyzing MTD systems[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 11-20. doi: 10.1145/2808475. 2808478.

GREEN M, MACFARLAND D C, SMESTAD D R, et al. Characterizing network-based moving target defenses[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 31-35. doi: 10.1145/2808475.2808484.

XU J, GUO P, ZHAO M, et al. Comparing different moving target defense techniques[C]. Proceedings of 1st ACM Workshop on Moving Target Defense, Scottsdale, USA, 2014: 97-107. doi: 10.1145/2663474.2663486.

CAI G, WANG B, WANG X, et al. An introduction to network address shuffling[C]. 18th International Conference on Advanced Communication Technology (ICACT), Pyeongchang, Korea, 2016: 185-190. doi: 10.1109/ICACT. 2016.7423322.

CARROLL T E, CROUSE M, FULP E W, et al. Analysis of network address shuffling as a moving target defense[C]. IEEE International Conference on Communications (ICC), Sydney, Australia, 2014: 701-706. doi: 10.1109/ICC.2014. 6883401.

CROUSE M, PROSSER B, and FULP E W. Probabilistic performance analysis of moving target and deception reconnaissance defenses[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 21-29. doi: 10.1145/808475.2808480.

MAHMOUD H M. Plya Urn Models[M]. London, British, Chapman and Hall, 2008: 124312.

LANTZ B, HELLER B, and MCKEOWN N. A network in a laptop: Rapid prototyping for software-defined networks[C]. Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, Monterey, USA, 2010: 1-6. doi: 10.1145 /1868447.1868466.

OpenFlow Group at Stanford University. POX Wiki[OL]. https://OpenFlow.stanford.edu/display/ONL/POX+Wiki, 2016.

施引文献

资源附件(0)

访问统计