软件定义的L2/L3地址协同拟态伪装策略研究

doi:10.3969/j.issn.0372-2112.2019.10.003

电子学报 ›› 2019, Vol. 47 ›› Issue (10): 2032-2039.DOI: 10.3969/j.issn.0372-2112.2019.10.003

软件定义的L2/L3地址协同拟态伪装策略研究

王鹏超, 陈福才, 程国振, 陈扬, 谷允捷

国家数字交换系统工程技术研究中心, 河南郑州 450002

收稿日期:2018-12-04 修回日期:2019-05-29 出版日期:2019-10-25
- 作者简介:
- 王鹏超 男,1995年出生,山东烟台人.国家数字交换系统工程技术研究中心硕士研究生,主要研究方向为网络安全和SDN.E-mail:17616247471@163.com;陈福才 男,1974年出生,江西南昌人.国家数字交换系统工程技术研究中心研究员,主要研究方向为电信网关防和网络安全.E-mail:fucai0309@163.com;程国振 男,1986年出生,山东菏泽人.国家数字交换系统工程技术研究中心助理研究员,主要研究方向为云数据中心、SDN、网络安全.E-mail:guozhencheng@hotmail.com;陈扬男,1994年出生,四川南充人.国家数字交换系统工程技术研究中心硕士研究生,主要研究方向为云计算、网络安全、SDN.E-mail:2547756390@qq.com;谷允捷 男,1994年出生,山东济宁人.国家数字交换系统工程技术研究中心硕士研究生,主要研究方向为网络功能虚拟化.E-mail:lizardwhite@163.com
- 基金资助:
- 信息工程大学新兴方向研究项目 (No.2016610708）; 国家自然科学基金 (No.61602509）; 国家自然科学基金创新群体项目 (No.61521003）; 国家重点研发计划项目 (No.2016YFB0800100，No.2016YFB0800101）

L2/L3 Address Cooperative Mimicry Strategy Research Based on SDN

WANG Peng-chao, CHEN Fu-cai, CHENG Guo-zhen, CHEN Yang, GU Yun-jie

National Digital Switching System Engineering and Technological R & D Center, Zhengzhou, Henan 450002, China

Received:2018-12-04 Revised:2019-05-29 Online:2019-10-25 Published:2019-10-25
- Supported by:
- Emerging Research Project of Information Engineering University (No.2016610708); National Natural Science Foundation of China (No.61602509); NSFC Innovation Research Group (No.61521003); National Key Research and Development Program of China (No.2016YFB0800100, No.2016YFB0800101)

摘要/Abstract

摘要： 从网络内部探测目标终端的脆弱性是网络攻击发起的主要途径，当前网络的静态特性利于攻击者目标侦察的实施，网络内部的L2/L3地址是攻击者期望侦察的主要信息.为了改变目标侦察阶段网络攻防的易攻难守态势，基于拟态伪装的思想，提出了一种L2和L3地址协同动态化技术，在不影响正常业务条件下有策略地隐藏真实网络主机.首先，建立网络侦察的博弈模型（CRG），基于NASH均衡解指导L2/L3地址的拟态伪装策略，并给出最优的跳变周期计算公式；其次，基于软件定义网络架构，设计并实现了协同动态化的内网防护系统（CMID），由SDN控制器协同控制L2/L3地址的伪装变换；最后，理论分析与实验结果表明：上述方法能够有效切断L2/L3地址与真实网络身份、上层服务的关联性，最大化地隐藏网络内部主机，延缓侦察速度，阻断网络攻击的连续性.

关键词: 目标侦察, 软件定义网络, 拟态伪装, 纳什均衡, 网络防御, 地址跳变

Abstract: The detection of the vulnerability of the target host from the intranet is the main way to initiate the network attack. The static characteristics of the current network are beneficial to the implementation of attacker reconnaissance, and the L2/L3 address inside the network is the main information that the attacker expects to scout. In order to change the network attack and defense situation in the reconnaissance stage, based on the idea of mimicry camouflage, a collaborative dynamic technology of L2 and L3 addresses is proposed to strategically hide the real network host without affecting normal business conditions. Firstly, the cyber reconnaissance game (CRG) is established.Based on the NASH equilibrium solution,the mimetic camouflage strategy of L2/L3 address is solved,and the optimal mutation period calculation formula is given. Secondly, based on the software-defined network architecture, the cooperative mutation intranet defense system (CMID) is designed and implemented, and the SDN controller cooperatively controls the camouflage transformation of the L2/L3 address. Finally, the theoretical analysis and experimental results show that the above method can effectively cut off the correlation between L2/L3 address and real network identity and upper-layer services, maximally hide the internal hosts of the network, delay the reconnaissance speed, and block the continuity of network attacks.

Key words: reconnaissance, software defined network, mimicry, NASH equilibrium, cyber defense, address mutation

中图分类号:

TP393.0

王鹏超, 陈福才, 程国振, 等. 软件定义的L2/L3地址协同拟态伪装策略研究[J]. 电子学报, 2019, 47(10): 2032-2039.

WANG Peng-chao, CHEN Fu-cai, CHENG Guo-zhen, et al. L2/L3 Address Cooperative Mimicry Strategy Research Based on SDN[J]. Acta Electronica Sinica, 2019, 47(10): 2032-2039.

参考文献

[1] Yadav,Tarun,and R A Mallari.Technical aspects of cyber kill chain[A].Third International Symposium on Security in Computing and Communications[C].London:Springer International Publishing,2015.438-452.
[2] Cai G,Wang B,Wei H U,et al.Moving target defense:state of the art and characteristics[J].Journal of Zhejiang University Science C,2016,17(11):1122-1153.
[3] Célestin Matte,Cunche M,Rousseau F,et al.Defeating MAC address randomization through timing attacks[A].Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks[C].Darmstadt:ACM,2016.15-20.
[4] Achleitner S,et al.Cyber deception:virtual networks to defend insider reconnaissance[A].Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats[C].Vienna:ACM,2016.57-68.
[5] Stafford S,Li J.Behavior-based worm detectors compared[A].International Workshop on Recent Advances in Intrusion Detection[C].Berlin:Springer,2010.38-57.
[6] Kai W,Xi C,Zhu Y.Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks[J].Plos One,2017,12(5):e0177111.
[7] 陈扬,扈红超,等.软件定义的内网动态防御系统设计与实现[J].电子学报,2018,46(11):2604-2611. CHEN Y,HU H,et al.The design and implementation of a software-defined intranet dynamic defense system[J].Acta Electronica Sinica,2018,46(11):2604-2611.(in Chinese)
[8] Badishi G,Herzberg A,Keidar I.Keeping denial-of-service attackers in the dark[J].IEEE Transactions on Dependable & Secure Computing,2007,4(3):191-204.
[9] Duan Q,Al-Shaer E,Jafarian H. Efficient random route mutation considering flow and network constraints[A].IEEE Conference on Communications and Network Security[C].Washington:IEEE,2013.260-268..
[10] Kewley D,Fink R,Lowry J,et al.Dynamic approaches to thwart adversary intelligence gathering[A].DARPA Information Survivability Conference & Exposition Ⅱ[C].Piscataway:IEEE,2001.176-185.
[11] Antonatos S,Akritidis P,Markatos E P,et al.Defending against hitlist worms using network address space randomization[J].Computer Networks,2007,51(12):3471-3490.
[12] Dunlop M,Groat S,Urbanski W,et al.MT6D:A moving target IPv6 defense[A].Military Communications Conference[C].Baltimore:IEEE,2011.1321-1326.
[13] Jafarian J H,Al-Shaer E,Duan Q.An effective address mutation approach for disrupting reconnaissance attacks[J].IEEE Transactions on Information Forensics and Security,2015,10(12):2562-2577.
[14] Kreutz D,Ramos F M V,Esteves Verissimo P,et al.Software-defined networking:a comprehensive survey[J].Proceedings of the IEEE,2015,103(1):14-76.
[15] Jafarian J H,Al-Shaer E,Duan Q.Openflow random host mutation:transparent moving target defense using software defined networking[A].Workshop on Hot Topics in Software Defined Networks[C].Helsinki:ACM,2012.127-132.
[16] Carter K M,Riordan J F,Okhravi H.Agame theoretic approach to strategy determination for dynamic platform defenses[A].Proceedings of the First ACM Workshop on Moving Target Defense[C].Scottsdale:ACM,2014.21-30.
[17] Schlenker A,Thakoor O,Xu H,et al.Deceiving cyber adversaries:a game theoretic approach[A].Proceedings of the 17th International Conference on Autonomous Agents and Multi-agent Systems (AAMAS)[C].Stockholm:Springer,2018.892-900.
[18] Clark A,Sun K,Bushnell L,et al.A game-theoretic approach to IP address randomization in decoy-cased cyber defense[A].International Conference on Decision and Game Theory for Security[C].London:Springer International Publishing,2015.3-21.

软件定义的L2/L3地址协同拟态伪装策略研究

L2/L3 Address Cooperative Mimicry Strategy Research Based on SDN

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	张清华, 黄志康, 高满, 艾志华. 基于不确定性与错误分类率博弈的序贯三支决策模型[J]. 电子学报, 2022, 50(5): 1033-1041.
[2]	柴蓉, 谢德胜, 陈前斌. 基于成本及功耗联合优化的SDN虚拟网络映射算法[J]. 电子学报, 2021, 49(8): 1615-1624.
[3]	徐川, 胡渝, 韩珍珍, 熊郑英, 赵国锋. 基于链路效用的3D-VANET可靠路由算法[J]. 电子学报, 2021, 49(5): 872-878.
[4]	王莅晟, 伊鹏, 胡涛, 江逸茗, 胡静萍, 胡宗魁. SDN中基于全局拓扑感知的自适应流量均衡算法[J]. 电子学报, 2021, 49(5): 964-974.
[5]	陈亮, 李峰, 任保全, 杨建喜. 软件定义物联网研究综述[J]. 电子学报, 2021, 49(5): 1019-1032.
[6]	车向北, 康文倩, 邓彬, 杨柯涵, 李剑. 一种基于图神经网络的SDN路由性能预测模型[J]. 电子学报, 2021, 49(3): 484-491.
[7]	孙鹏浩, 兰巨龙, 申涓, 胡宇翔. 一种基于深度增强学习的智能路由技术[J]. 电子学报, 2020, 48(11): 2170-2177.
[8]	黄美根, 郁滨. 软件定义WSN规则一致更新研究[J]. 电子学报, 2019, 47(9): 1965-1971.
[9]	姚蓝, 胡涛, 伊鹏, 胡宇翔, 兰巨龙, 李子勇. SDN中基于效能优化的交换机动态迁移策略[J]. 电子学报, 2019, 47(7): 1482-1489.
[10]	张云, 江勇, 郑靖, 庞春辉, 李琦. SDN跨层回环攻击的检测与防御[J]. 电子学报, 2019, 47(5): 1146-1151.
[11]	张恒巍, 黄世锐. Markov微分博弈模型及其在网络安全中的应用[J]. 电子学报, 2019, 47(3): 606-612.
[12]	韩珍珍, 徐川, 王倩云, 王新恒, 赵国锋. 基于贝叶斯博弈的WLAN节能机制研究[J]. 电子学报, 2019, 47(10): 2083-2088.
[13]	黄健明, 张恒巍. 基于随机演化博弈模型的网络防御策略选取方法[J]. 电子学报, 2018, 46(9): 2222-2228.
[14]	张恒巍, 李涛, 黄世锐. 基于攻防微分博弈的网络安全防御决策方法[J]. 电子学报, 2018, 46(6): 1428-1435.
[15]	黄建洋, 兰巨龙, 胡宇翔, 马腾. 一种基于分段路由的多路径流传输机制[J]. 电子学报, 2018, 46(6): 1488-1495.