基于系统攻击面的动态目标防御有效性评估方法

doi:10.16511/j.cnki.qhdxxb.2018.26.056

摘要
图/表
参考文献
相关文章
Metrics

全文: PDF(1097 KB)
输出: BibTeX | EndNote (RIS)

摘要动态目标防御技术作为“改变游戏规则”的防御技术，在对抗高级持续威胁中提供了一种主动变换的防御方法。虽然已有部分动态防御技术成功应用，但针对其有效性评估的研究还停留在小范围、单层次的技术上，从而阻碍了多层次融合的动态防御技术应用于实际部署。该文针对以上问题，首先以系统角度扩展了攻击面定义，建立了系统攻击面及其变化的参数模型；在此基础上，提出了基于系统攻击面变化参数序列的评估模型，构建了攻击状态与系统攻击面变化参数之间的联系，解决了在较大规模网络拓扑下对多层次动态防御技术的有效性评估问题；最后以典型信息系统为案例，利用该模型评估了不同防御环境下动态目标防御技术的有效性，得到了直观且准确的结果，可以进一步指导动态目标防御技术效能优化问题和最优部署问题的研究。

	服务

	把本文推荐给朋友
	加入引用管理器
	E-mail Alert
	RSS

	作者相关文章
	熊鑫立
	赵光胜
	徐伟光
	李渤

关键词 ：系统攻击面, 攻击面参数, 动态目标防御, 评估模型

Abstract：Moving target defense (MTD) is a proactive method that protects against advanced persistent threats (APT) in cybersecurity. Although partial MT techniques have been employed in systems, there are no good effectiveness assessments, which hinders the use of multilayer MTD systems world-wide. This paper presents an MTD effectiveness evaluation method based on a system attack surface model with shifting parameters (SASSP) using an enlarged definition of the Attack Surface. The SASSP sequence is used in the MTD effectiveness assessment model to establish a relationship between the attacking states and the SASSP to evaluate the multi-layer MT techniques in larger topologies. A case study is given to illustrate the assessment effectiveness to guide the effectiveness and cost trade-off optimization of MTD systems.

Key words： system attack surface attack surface parameters moving target defense assessment model

收稿日期: 2018-09-25 出版日期: 2019-04-09

通讯作者: 赵光胜,讲师,E-mail:zhaogs84@qq.com E-mail: zhaogs84@qq.com

引用本文:

熊鑫立, 赵光胜, 徐伟光, 李渤. 基于系统攻击面的动态目标防御有效性评估方法[J]. 清华大学学报（自然科学版）, 2019, 59(4): 276-283.
XIONG Xinli, ZHAO Guangsheng, XU Weiguang, LI Bo. System attack surface based MTD effectiveness assessment model. Journal of Tsinghua University(Science and Technology), 2019, 59(4): 276-283.

链接本文:

http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2018.26.056 或 http://jst.tsinghuajournals.com/CN/Y2019/V59/I4/276

图１典型信息系统拓扑图

表１典型信息系统中配置参数表

图２基于 AKAM 的序列生成算法

图３网络杀伤链模型

表２系统攻击面变化参数与攻击状态关系表

表３系统中软件版本

表４系统中 MTD防御参数

表５漏洞和威胁信息表

图４无 MTD下攻击状态序列

图５网络层 MTD下攻击状态序列

图６多层次 MTD下攻击状态序列

[1] GHOSH K A, PENDARAKIS D, SANDERS H. W, et al. National cyber leap year summit 2009 co-chairs' report.[R/OL].[2018-09-30]. https://www.nitrd.gov/nitrdgroups/images/b/bd/National_Cyber_Leap_Year_Summit_2009_CoChairs_Report.pdf.
[2] JAJODIA S, GHOSH K A, SWARUP A, et al. Moving target defense[M]. New York:Springer, 2011.
[3] JAJODIA S, GHOSH K A, SWARUP A, et al. Moving target defense:Creating asymmetric uncertainty for cyber threats[M]. Berlin:Springer, 2011.
[4] JAJODIA S, GHOSH K A, SWARUP A, et al. Moving target defense Ⅱ:Application of game theory and adversarial modeling[M]. New York:Springer, 2013.
[5] 蔡桂林, 王宝生, 王天佐, 等. 移动目标防御技术研究进展[J]. 计算机研究与发展, 2016, 53(5):968-987. CAI G L, WANG B S, WANG T Z, et al. Research and development of moving target defense technology[J]. Journal of Computer Research and Development, 2016, 53(5):968-987. (in Chinese)
[6] AL-SHAER E, DUAN Q, JAFARIAN J H. Random host mutation for moving target defense[M]//KEROMYTIS A D, DI PIETRO R. Security and Privacy in Communication Networks. Berlin, Germany:Springer, 2013:310-327.
[7] PENG W, LI F, HUANG C T, et al. A moving-target defense strategy for cloud-based services with heterogeneous and dynamic attack surfaces[C]//Proceedings of 2014 IEEE International Conference on Communications. Sydney, USA, Australia:IEEE, 2014:804-809.
[8] OKHRAVI H, HOBSON T, BIGELOW D, et al. Finding focus in the blur of moving-target techniques[J]. IEEE Security & Privacy, 2013, 12(2):16-26.
[9] CROUSE M, PROSSER B, FULP E W. Probabilistic performance analysis of moving target and deception reconnaissance defenses[C]//Proceedings of the 2nd ACM Workshop on Moving Target Defense. Denver, USA:ACM, 2015:21-29.
[10] JONES S T, OUTKIN A V, GEARHART J L, et al. Evaluating moving target defense with PLADD[R/OL].[2018-09-30]. https://prod.sandia.gov/techlib-noauth/access-control.cgi/2015/158432r.pdf.
[11] MALEKI H, VALIZADEH S, KOCH W, et al. Markov modeling of moving target defense games[C]//Proceedings of 2016 ACM Workshop on Moving Target Defense. Vienna, Austrialia:ACM, 2016:81-92.
[12] MA D H, WANG L M, LEI C, et al. POSTER:Quantitative security assessment method based on entropy for moving target defense[C]//Proceedings of 2017 ACM on Asia Conference on Computer and Communications Security. Abu Dhabi, United Arab Emirates:ACM, 2017:920-922.
[13] LEI C, MA D H, ZHANG H Q, et al. Moving target network defense effectiveness evaluation based on change-point detection[J]. Mathematical Problems in Engineering, 2016, 2016:6391502.
[14] MANADHATA P K, WING J M. A formal model for a system's attack surface[M]//JAJODIA S, GHOSH A K, SWARUP V, et al. Moving target defense. New York, USA:Springer, 2011:1-28.
[15] MANADHATA P. Game theoretic approaches to attack surface shifting[M]//JAJODIA S, GHOSH A K, SUBRAHMANIAN V S, et al. Moving target defense Ⅱ:Application of game theory and adversarial modeling. New York, USA:Springer, 2013:1-13.
[16] YADAV T, RAO A M. Technical aspects of cyber kill chain[M]//ABAWAJY J H, MUKHERJEA S, THAMPI S M, et al. Security in computing and communications. Cham, Switzerland:Springer, 2015:438-452.
[17] SUN K, JAJODIA S. Protecting enterprise networks through attack surface expansion[C]//Proceedings of 2014 Workshop on Cyber Security Analytics, Intelligence and Automation. Scottsdale, Arizona, USA:ACM, 2014:29-32.
[18] HOUMB S H, FRANQUEIRA V N L, ENGUM E A. Quantifying security risk level from CVSS estimates of frequency and impact[J]. Journal of Systems and Software, 2010, 83(9):1622-1634.

No related articles found!

Viewed

Full text

Abstract

Cited

Shared

Discussed