基于变点检测的网络移动目标防御效能评估方法

雷程; 马多贺; 张红旗; 杨英杰; 王淼

doi:10.11959/j.issn.1000-436x.2017015

您当前的位置：

首页 >

文章列表页 >

基于变点检测的网络移动目标防御效能评估方法

学术论文 | 更新时间：2024-06-05

- 基于变点检测的网络移动目标防御效能评估方法
- Performance assessment approach based on change-point detection for network moving target defense
- 通信学报 2017年38卷第1期页码：126-140
- 作者机构：
  
  1. 信息工程大学密码工程学院，河南郑州 450001
  2. 中国科学院信息工程研究所信息安全国家重点实验室，北京 100093
  3. 河南省信息安全重点实验室，河南郑州 450001
- 作者简介：
  
  [ "雷程（1989-），男，北京人，信息工程大学博士生，主要研究方向为网络信息安全、数据安全交换、移动目标防御。" ]
  [ "马多贺（1982-），男，安徽六安人，博士，中国科学院信息工程研究所助理研究员，主要研究方向为应用安全、移动目标防御、云安全、网络与系统安全等。" ]
  [ "张红旗（1962-），男，河北遵化人，博士，信息工程大学教授、博士生导师，主要研究方向为网络安全、等级保护和信息安全管理。" ]
  [ "杨英杰（1971-），男，河南郑州人，信息工程大学教授、硕士生导师，主要研究方向为数据挖掘、态势感知和信息安全管理。" ]
  [ "王淼（1991-），女，河北廊坊人，中国科学院信息工程研究所硕士生，主要研究方向为移动目标防御、网络与系统安全和云安全。" ]
- 基金信息：
  
  国家重点基础研究发展计划（“973计划）基金资助项目(2011CB311801);国家高技术研究发展计划（“863计划）基金资助项目(2012AA012704);国家高技术研究发展计划（“863”计划）基金资助项目(2015AA016106);郑州市科技领军人才基金资助项目(131PLKRC644);中国科学院先导专项基金资助项目(XDA06010701)
- DOI：10.11959/j.issn.1000-436x.2017015
  中图分类号： TP393
- 网络出版日期：2017-01，
  
  纸质出版日期：2017-01-25
- 稿件说明：
移动端阅览
雷程, 马多贺, 张红旗, 等. 基于变点检测的网络移动目标防御效能评估方法[J]. 通信学报, 2017,38(1):126-140.

Cheng LEI, Duo-he MA, Hong-qi ZHANG, et al. Performance assessment approach based on change-point detection for network moving target defense[J]. Journal on communications, 2017, 38(1): 126-140.
雷程, 马多贺, 张红旗, 等. 基于变点检测的网络移动目标防御效能评估方法[J]. 通信学报, 2017,38(1):126-140. DOI： 10.11959/j.issn.1000-436x.2017015.

Cheng LEI, Duo-he MA, Hong-qi ZHANG, et al. Performance assessment approach based on change-point detection for network moving target defense[J]. Journal on communications, 2017, 38(1): 126-140. DOI： 10.11959/j.issn.1000-436x.2017015.

摘要

提出一种基于变点检测的网络移动目标防御效能评估方法。针对网络资源图无法表示资源脆弱性对节点安全状态影响的问题，定义分层网络资源图，在建立资源脆弱性改变和节点安全状态转换关联关系的同时，提高构建和更新网络资源图的效率。针对静态检测度量无法准确度量网络移动目标防御动态改变的问题，设计变点检测和标准化度量算法，在保证度量标准统一的基础上实现对网络移动目标防御的安全成本和安全收益的实时检测和动态度量，提高评估的准确性和结果的可比性。典型实例分析证明了所提出的网络移动目标防御效能评估方法的可行性和有效性。

Abstract

A performance assessment approach based on change-point detection for network moving target defence was proposed.Directed to the problem of network resource graph not being able to present the effect of network resource vulnerabilities to network nodes

a conversion relationship between resource vulnerability changes and node security states was established by defining the concept of a hierarchical network resource graph and the efficiency of resource graph construction and updating were improved.Furthermore

directed to the problem of static detection algorithm not being able to precisely measure the dynamic change of network moving target defense

a change-point detection algorithm and standard degree measurement algorithm was designed.The security cost and benefit of network moving target defense in real-time and dynamically on the basis of unified metrics were defected and measured

which improved the evaluation accuracy.The analysis result of typical examples has proved the feasibility and the effectiveness of the proposed approach.

关键词

Keywords

references

Cybersecurity game-change research ＆ development recommendations [EB/OL ] . http://www.nitrd.gov/ pubs/CSIA_IWG_Cybersecurity_GameChange_RD_Recommendations_20100513.pdf http://www.nitrd.gov/ pubs/CSIA_IWG_Cybersecurity_GameChange_RD_Recommendations_20100513.pdf .

ZHANG M , WANG L , JAJODIA S , et al . Network diversity:a security metric for evaluating the resilience of networks against zero-day attacks [J ] . IEEE Transactions on Information Forensics and Security , 2016 , 11 ( 5 ): 1071 - 1086 .

ZHUANG R , BARDAS A G , DELOACH S A , et al . A theory of cyber attacks:a step towards analyzing MTD systems [C ] // The Second ACM Workshop on Moving Target Defense . ACM , 2015 : 11 - 20 .

SUN K , JAJODIA S . Protecting enterprise networks through attack surface expansion [C ] // The 2014 Workshop on Cyber Security Analytics,Intelligence and Automation . ACM , 2014 : 29 - 32 .

石乐义 , 贾春福 , 吕述望 . 基于端信息跳变的主动网络防护研究 [J ] . 通信学报 , 2008 , 29 ( 2 ): 106 - 110 .

SHI L Y , JIA C F , LYU S W . Research on end hopping for active network confrontation [J ] . Journal on Communications , 2008 , 29 ( 2 ): 106 - 110 .

EVANS D , NGUYEN-TUONG A , KNIGHT J . Effectiveness of moving target defenses [M ] . Moving Target Defense I : Creating Asymmetric Uncertainty for Cyber Threats.New York,SpringerPress , 2011 : 29 - 48 .

GREEN M , MACFARLAND D C , SMESTAD D R , et al . Characterizing network-based moving target defenses [C ] // ACM CCS Workshop on Moving Target Defense (MTD) . 2015 .

CLARK A , SUN K , BUSHNELL L , et al . A game-theoretic approach to IP address randomization in decoy-based cyber defense [C ] // International Conference on Decision and Game Theory for Security . Springer International Publishing , 2015 : 3 - 21 .

ZHUANG R , ZHANG S , DELOACH S A , et al . Simulation-based approaches to studying effectiveness of moving target network defense [C ] // In National Symposium on Moving Target Research,Annapolis , 2012 : 21 - 26 .

ZHUANG R , DELOACH S A , OU X . A model for analyzing the effect of moving target defenses on enterprise networks [C ] // The 9th Annual Cyber and Information Security Research Conference . ACM , 2014 : 73 - 76 .

CARROLL T E , CROUSE M , FULP E W , et al . Analysis of network address shuffling as a moving target defense [C ] // Communications (ICC),2014 IEEE International Conference on,Sydney , 2014 : 701 - 706 .

MANADHATA P K . Game theoretic approaches to attack surface shifting [M ] . Moving Target Defense II : Application of Game Theory and Adversarial Modeling.New York,SpringerPress , 2013 : 1 - 13 .

OKHRAVI H , RIORDAN J , CARTER K . Quantitative evaluation of dynamic platform techniques as a defensive mechanism [M ] . Research in Attacks,Intrusions and Defenses . New York,Springer , 2014 : 405 - 425 .

HAN Y , LU W , XU S . Characterizing the power of moving target defense via cyber epidemic dynamics [C ] // The 2014 Symposium and Bootcamp on the Science of Security,Raleigh , 2014 : 23 - 33 .

ZAFFARANO K , TAYLOR J , HAMILTON S . A quantitative framework for moving target defense effectiveness evaluation [C ] // The Second ACM Workshop on Moving Target Defense . ACM , 2015 : 3 - 10 .

SHEYNER O , HAINES J , JHA S , et al . Automated generation and analysis of attack graphs [C ] // Security and Privacy,2002.Proceedings.2002 IEEE Symposium on . IEEE , 2002 : 273 - 284 .

WANG L , NOEL S , JAJODIA S . Minimum-cost network hardening using attack graphs [J ] . Computer Communications , 2006 , 29 ( 18 ): 3812 - 3824 .

AMMANN P , WIJESEKERA D , KAUSHIK S . Scalable,graph-based network vulnerability analysis [C ] // The 9th ACM Conference on Computer and Communications Security . ACM , 2002 : 217 - 224 .

LARSEN P , BRUNTHALER S , FRANZ M . Security through diversity:are we there yet? [J ] . IEEE Security ＆ Privacy , 2014 , 12 ( 2 ): 28 - 35 .

MELL P , SCARFONE K , ROMANOSKY S . Common vulnerability scoring system [J ] . Security ＆ Privacy,IEEE , 2006 , 4 ( 6 ): 85 - 89 .

FINK G A , HAACK J N , Mckinnon A D , et al . Defense on the move:ant-based cyber defense [J ] . Security ＆ Privacy,IEEE , 2014 , 12 ( 2 ): 36 - 43 .

HONG J B , KIM D S . Performance analysis of scalable attack representation models [M ] // Security and Privacy Protection in Information Processing Systems . Springer Berlin Heidelberg , 2013 : 330 - 343 .

王元卓 , 林闯 , 程学旗 , 等 . 基于随机博弈模型的网络攻防量化分析方法 [J ] . 计算机学报 , 2010 , 33 ( 9 ): 1748 - 1762 .

WANG Y Z , LIN C , CHENG X Q , et al . Analysis for network attack-defense based on stochastic game model [J ] . Chinses Journal of Computers , 2010 , 33 ( 9 ): 1748 - 1762 .

HUTCHINS E M , CLOPPERT M J , AMIN R M . Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains [J ] . Leading Issues in Information Warfare ＆ Security Research , 2011 , 1 : 80 .

付钰 , 李洪成 , 吴晓平 , 等 . 基于大数据分析的APT攻击检测研究综述 [J ] . 通信学报 , 2015 , 36 ( 11 ): 1 - 14 .

FU Y , LI H C , WU X P , et al . Detecting APT attacks:a survey from the perspective of big data analysis [J ] . Journal of Communications , 2015 , 36 ( 11 ): 1 - 14 .

赵春蕾 , 贾春福 , 翁臣 , 等 . 端信息跳变系统自适应策略研究 [J ] . 通信学报 , 2011 ( 11A ): 47 - 57 .

ZHAO C L , JIA C F , WENG C , et al . Research on adaptive strategies for end-hopping system [J ] . Journal on Communications , 2011 ( 11A ): 47 - 57 .

SHUE C A , KALAFUT A J , ALLMAN M , et al . On building inexpensive network capabilities [J ] . ACM SIGCOMM Computer Communication Review , 2012 , 42 ( 2 ): 72 - 79 .

YACKOSKI J , BULLEN H , YU X , et al . Applying self-shielding dynamics to the network architecture [M ] // Moving Target Defense II : Application of Game Theory and Adversarial Modeling.New York,SpringerPress , 2013 : 978 - 115 .

浏览量

1416

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据