高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

网络地址变换对不同扫描攻击的防御优势分析

王凯 陈欣华 陈熹 武泽慧

王凯, 陈欣华, 陈熹, 武泽慧. 网络地址变换对不同扫描攻击的防御优势分析[J]. 电子与信息学报, 2018, 40(4): 794-801. doi: 10.11999/JEIT170105
引用本文: 王凯, 陈欣华, 陈熹, 武泽慧. 网络地址变换对不同扫描攻击的防御优势分析[J]. 电子与信息学报, 2018, 40(4): 794-801. doi: 10.11999/JEIT170105
WANG Kai, CHEN Xinhua, CHEN Xi, Wu Zehui. On the Defense Advantages of Network Address Shuffling Against Different Scanning Attacks[J]. Journal of Electronics & Information Technology, 2018, 40(4): 794-801. doi: 10.11999/JEIT170105
Citation: WANG Kai, CHEN Xinhua, CHEN Xi, Wu Zehui. On the Defense Advantages of Network Address Shuffling Against Different Scanning Attacks[J]. Journal of Electronics & Information Technology, 2018, 40(4): 794-801. doi: 10.11999/JEIT170105

网络地址变换对不同扫描攻击的防御优势分析

doi: 10.11999/JEIT170105
基金项目: 

国家自然科学基金(61271252)

On the Defense Advantages of Network Address Shuffling Against Different Scanning Attacks

Funds: 

The National Natural Science Foundation of China (61271252)

  • 摘要: 网络地址变换通过动态地改变或映射主机的网络地址,使得攻击者收集到的地址信息变得无效,然而对于扫描到主机即发起攻击的扫描攻击,网络地址变换的防御性能有所下降,很少有研究从理论上分析网络地址变换对不同扫描策略的扫描攻击的防御优势。该文考虑均匀变换和非重复变换两种网络地址变换策略,给出不同扫描策略的扫描攻击在静态地址环境以及网络地址变换环境下的概率模型,概率模型分析了攻击者命中至少一台主机的概率以及攻击者命中主机的数量;通过理论计算两种网络地址变换策略相比于静态地址环境的防御优势。分析结果表明对于可重复扫描攻击,两种网络地址变换策略相比于静态地址环境不具有防御优势;对于非重复扫描攻击,均匀变换仅当主机数量较少时才具有概率优势,非重复变换仅当主机数量占地址空间比例较小时才具有较高的比例优势。
  • OKHRAVI H, RABE M A, MAYBERRY T J, et al. Survey of cyber moving target techniques[R]. Technical Report 1166, Lincoln Laboratory, Massachusetts Institute of Technology, 2013.
    ATIGHETCHI M, PAL P, WEBBER F, et al. Adaptive use of networkcentric mechanisms in cyber-defense[C]. Proceedings of the 6th IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, Hokkaido, Japan, 2003: 183-192. doi: 10.1109/ISORC.2003. 1199253.
    KEWLEY D, FINK R, LOWRY J, et al. Dynamic approaches to thwart adversary intelligence gathering[C]. Proceedings of the DARPA Information Survivability Conference Exposition II, Los Alamitos, California, 2001: 176-185. doi: 10.1109/DISCEX.2001.932214.
    ANTONATOS S, AKRITIDIS P, MARKATOS E P, et al. Defending against hitlist worms using network address space randomization[J]. Computer Networks, 2007, 51(12): 3471-3490. doi: 10.1016/j.comnet.2007.02.006.
    JAFARIAN J H, AL-SHAER E, and DUAN Q. Openflow random host mutation: Transparent moving target defense using software defined networking[C]. Proceedings of the First Workshop on Hot Topics in Software Defined Networking, Helsinki, Finland, 2012: 127-132. doi: 10.1145 /2342441.2342467.
    AL-SHAER E, DUAN Q, and JAFARIAN J H. Random host mutation for moving target defense[C]. Proceedings of the 8th International Conference on Security and Privacy in Communication Networks, Padua, Italy, 2012: 310-327. doi: 10.1007/978-3-642-36883-7_19.
    JAFARIAN J H, AL-SHAER E, and DUAN Q. An effective address mutation approach for disrupting reconnaissance attacks[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(12): 2562-2577. doi: 10.1109/TIFS.2015. 2467358.
    DUNLOP M, GROAT S, URNANSKI W, et al. MT6D: A moving target IPv6 defense[C]. Military Communications Conference on Cyber Security and Network Operations, Baltimore, Maryland, 2011: 1321-1326. doi: 10.1109/ MILCOM.2011.6127486.
    MACFARLAND D C and SHUE C A. The SDN shuffle: Creating a moving-target defense using host-based software-defined networking[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 37-41. doi: 10.1145/2808475.2808485.
    YEGNESWARAN V, ALFELD C, NARFORD B, et al. Camouflaging honeynets[C]. Proceedings of IEEE Global Internet Symposium, Anchorage, Alaska, 2007: 49-54. doi: 10.1109/GI.2007.4301430.
    URIAS V E, STOUT W, and LOVERRO C. Computer network deception as a moving target defense[C]. IEEE International Carnahan Conference on Security Technology, Taipei, 2015: 1-6. doi: 10.1109/CCST.2015.7389665.
    ZHUANG R, DELOADCH S A, and OU X. Towards a theory of moving target defense[C]. Proceedings of First ACM Workshop on Moving Target Defense, Scottsdale, USA, 2014: 31-40. doi: 10.1145/2663474.2663479.
    ZHUANG R, BARDAS A G, DELOACH Scott A, et al. A theory of cyber attacks: a step towards analyzing MTD systems[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 11-20. doi: 10.1145/2808475. 2808478.
    GREEN M, MACFARLAND D C, SMESTAD D R, et al. Characterizing network-based moving target defenses[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 31-35. doi: 10.1145/2808475.2808484.
    XU J, GUO P, ZHAO M, et al. Comparing different moving target defense techniques[C]. Proceedings of 1st ACM Workshop on Moving Target Defense, Scottsdale, USA, 2014: 97-107. doi: 10.1145/2663474.2663486.
    CAI G, WANG B, WANG X, et al. An introduction to network address shuffling[C]. 18th International Conference on Advanced Communication Technology (ICACT), Pyeongchang, Korea, 2016: 185-190. doi: 10.1109/ICACT. 2016.7423322.
    CARROLL T E, CROUSE M, FULP E W, et al. Analysis of network address shuffling as a moving target defense[C]. IEEE International Conference on Communications (ICC), Sydney, Australia, 2014: 701-706. doi: 10.1109/ICC.2014. 6883401.
    CROUSE M, PROSSER B, and FULP E W. Probabilistic performance analysis of moving target and deception reconnaissance defenses[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 21-29. doi: 10.1145/808475.2808480.
    MAHMOUD H M. Plya Urn Models[M]. London, British, Chapman and Hall, 2008: 124312.
    LANTZ B, HELLER B, and MCKEOWN N. A network in a laptop: Rapid prototyping for software-defined networks[C]. Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, Monterey, USA, 2010: 1-6. doi: 10.1145 /1868447.1868466.
    OpenFlow Group at Stanford University. POX Wiki[OL]. https://OpenFlow.stanford.edu/display/ONL/POX+Wiki, 2016.
  • 加载中
计量
  • 文章访问数:  1295
  • HTML全文浏览量:  211
  • PDF下载量:  175
  • 被引次数: 0
出版历程
  • 收稿日期:  2017-02-08
  • 修回日期:  2018-01-25
  • 刊出日期:  2018-04-19

目录

    /

    返回文章
    返回