摘要
静态配置的网络主机信息在面对攻击者侦察时易于暴露,进而带来了严重的安全隐患。主机地址跳变及部署虚假节点等欺骗方法能够扰乱攻击者对网络的认知,增加其网络侦察的难度。但如何高效地利用这些手段来对抗攻击者的侦察行为仍存在诸多困难。为此,在对攻防双方行为进行建模描述的基础上,提出了一种高效的自适应欺骗防御机制(Self-adaptive Deception Method,SADM)来应对网络侦察。SADM结合网络侦察过程中攻防双方多阶段持续对抗的特点,以资源约束下防御方的综合收益最大化为目标进行建模,并在此基础上通过启发式方法进行自适应防御决策,以快速应对攻击者的多样化扫描行为。仿真实验结果表明,SADM能够有效延缓攻击者的探测速度,在保证防护效果的同时降低部署欺骗场景的代价。
The statically configured network host information is easy to be exposed in the face of network reconnaissance,which brings serious security risks.Deception methods such as host address mutation and deployment of fake nodes can disrupt attac-ker’s awareness of the network and increase the difficulty of reconnaissance.However,there are still many challenges in using these methods to counter attacker’s reconnaissance behavior effectively.For this reason,by modeling the behaviors of both attaker and defender,an efficient self-adaptive deception defense mechanism SADM(Self-adaptive Deception Method)is proposed.SADM considers the characteristics of the multi-stage continuous confrontation between attacker and defender in the network reconnaissance process,modeling with the goal of maximizing the defender’s accumulative payoffs under cost constraints,and then makes adaptive defense decisions through heuristic methods,to respond quickly to attacker's diverse scanning behavior.The simulation experiment results show that SADM can effectively delay the attacker's detection speed and reduce the cost of deploying deception scenarios while ensuring the defense effect.
作者
赵金龙
张国敏
邢长友
宋丽华
宗祎本
ZHAO Jin-long;ZHANG Guo-min;XING Chang-you;SONG Li-hua;ZONG Yi-ben(Command&Control Engineering College,Army Engineering University of PLA,Nanjing 210007,China;Unit 61789 of PLA,Shanghai 200000,China)
出处
《计算机科学》
CSCD
北大核心
2020年第12期304-310,共7页
Computer Science
基金
国家自然科学基金(61379149,61772271)
国家博士后科学基金项目(2017M610286)。
关键词
网络侦察
欺骗防御
扫描攻击
软件定义网络
Network reconnaissance
Deception defense
Scanning attack
Software-defined network
