网络与信息安全学报 ›› 2021, Vol. 7 ›› Issue (4): 42-52.doi: 10.11959/j.issn.2096-109x.2021045
赵金龙, 张国敏, 邢长友
修回日期:
2021-01-20
出版日期:
2021-08-15
发布日期:
2021-08-01
作者简介:
赵金龙(1994− ),男,甘肃静宁人,陆军工程大学硕士生,主要研究方向为网络安全、欺骗防御、软件定义网络基金资助:
Jinlong ZHAO, Guomin ZHANG, Changyou XING
Revised:
2021-01-20
Online:
2021-08-15
Published:
2021-08-01
Supported by:
摘要:
网络攻击之前通常有侦查阶段,攻击者通过流量分析和主动扫描等技术获取目标系统的关键信息,从而制定有针对性的网络攻击。基于网络特征混淆的欺骗防御是一种有效的侦查对抗策略,该策略干扰攻击者在侦查阶段获取的信息,从而使攻击者发动无效的攻击。对现有混淆欺骗防御方案的技术原理进行了分析,给出了网络混淆欺骗的形式化定义,并从3个层次对现有的研究成果进行了讨论,最后分析了混淆欺骗防御技术的发展趋势。
中图分类号:
赵金龙, 张国敏, 邢长友. 基于网络特征混淆的欺骗防御技术研究[J]. 网络与信息安全学报, 2021, 7(4): 42-52.
Jinlong ZHAO, Guomin ZHANG, Changyou XING. Research on deception defense techniques based on network characteristics obfuscation[J]. Chinese Journal of Network and Information Security, 2021, 7(4): 42-52.
表1
网络混淆欺骗防御的基本方案Table 1 Typical methods of cyber obfuscation deception defense"
混淆方案 | 原理 | 方法 | 典型研究 |
诱饵式混淆 | 设置有诱惑价值的虚假节点,改变网络的节点价值分布 | 蜜罐、蜜饵、蜜标 | DressUp[ |
空间类混淆 | 设置大量轻量级的虚假资源,扩大真实资源的分布空间 | 轻量级虚拟机、大量开放端口、活跃IP地址 | Honeyd[ |
动态变化混淆 | 展示错误的或者动态变化的信息,增加系统的不确定性 | 指纹伪装、拓扑突变、IP地址随机化 | NetShifter[ |
表2
网络混淆欺骗防御方案概述Table 2 Overview of cyber obfuscation deception defense solutions"
层次结构 | 防护目标 | 应对的威胁 | 典型工具 | 防御方案 |
拓扑防护 | 关键链路、网络拓扑 | LFA、拓扑推断 | Traceroute、RIPE atlas | 报文重路由[ |
端节点防护 | 关键资源、端节点的角色和位置 | 主机扫描、网络窃听、端口扫描 | Sniff、ping、Iris、Nmap | Honey-X技术[ |
系统指纹防护 | 节点运行的操作系统和服务及其版本 | 指纹扫描、漏洞探测 | SinFP3、p0f、Nessus | 高交互蜜罐[ |
[1] | PANJWANI S , TAN S , JARRIN K M ,et al. An experimental evaluation to determine if port scans are precursors to an attack[C]// 2005 International Conference on Dependable Systems and Networks (DSN'05). 2005: 602-611. |
[2] | KEWLEY D , FINK R , LOWRY J ,et al. Dynamic approaches to thwart adversary intelligence gathering[C]// Proceedings DARPA Information Survivability Conference and Exposition II DISCEX'01. 2001,1: 176-185. |
[3] | HUTCHINS E M , CLOPPERT M J , AMIN R M . Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains[J]. Leading Issues in Information Warfare Security Research, 2011,1(1): 80. |
[4] | AL-SHAER E , DUAN Q , JAFARIAN J H . Random host mutation for moving target defense[C]// International Conference on Security and Privacy in Communication Systems. 2012: 310-327. |
[5] | JAFARIAN J H , AL-SHAER E ,, DUAN Q . Openflow random host mutation:Transparent moving target defense using software defined networking[C]// Proceedings of the First Workshop on Hot Topics in Software Defined Networks. 2012: 127-132. |
[6] | TRASSARE S T , BEVERLY R , ALDERSON D . A technique for network topology deception[C]// 2013 IEEE Military Communications Conference. 2013: 1795-1800. |
[7] | ACHLEITNER S , LA PORTA T F , MCDANIEL P ,et al. Deceiving network reconnaissance using SDN-based virtual topologies[J]. IEEE Transactions on Network and Service Management, 2017,14(4): 1098-1112. |
[8] | CHIANG C-Y J , VENKATESAN S , SUGRIM S ,et al. On defensive cyber deception:a case study using SDN[C]// 2018 IEEE Military Communications Conference (MILCOM). 2018: 110-115. |
[9] | ERIKSSON B , DASARATHY G , BARFORD P ,et al. Efficient network tomography for internet topology discovery[J]. IEEE/ACM Transactions on Networking (TON), 2012,20(3): 931-943. |
[10] | JAJODIA S , GHOSH A K , SWARUP V ,et al. Moving target defense:creating asymmetric uncertainty for cyber threats[M]// Advances in information security. 2011. |
[11] | 邬江兴 . 网络空间拟态防御研究[J]. 信息安全学报, 2016,1(4): 1-10. |
WU J X . Research on cyber mimic defense[J]. Journal of Cyber Security, 2016,1(4): 1-10 | |
[12] | XIAO H , KHEIR N , BALZAROTTI D . Deception techniques in computer security:a research perspective[J]. ACM Computing Surveys, 2018,51(4): 1-36. |
[13] | BAO N , MUSACCHIO J . Optimizing the decision to expel attackers from an information system[C]// 2009 47th Annual Allerton Conference on Communication Control and Computing (Allerton). 2009: 644-651. |
[14] | HORáK K , ZHU Q , BO?ANSKY B , . Manipulating adversary’s belief:a dynamic game approach to deception by design for proactive network security[C]// International Conference on Decision and Game Theory for Security. 2017: 273-294. |
[15] | JAFARIAN J H , AL-SHAER E ,, DUAN Q . Adversary-aware ip address randomization for proactive agility against sophisticated attackers[C]// 2015 IEEE Conference on Computer Communications (INFOCOM). 2015: 738-746. |
[16] | SPRING N , MAHAJAN R , WETHERALL D . Measuring ISP topologies with rocketfuel[J]. ACM Sigcomm Computer Communication Review, 2002,32(4): 133-145. |
[17] | TROWBRIDGE C . An overview of remote operating system fingerprinting[EB]. |
[18] | YUILL J J . Defensive computer-security deception operations:Processes,principles and techniques[D]. Raleigh:North Carolina State University, 2006. |
[19] | KELLY J , DELAUS M , HEMBERG E ,et al. Adversarially adapting deceptive views and reconnaissance scans on a software defined network[C]// 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). 2019: 49-54. |
[20] | 贾召鹏, 方滨兴, 刘潮歌 ,等. 网络欺骗技术综述[J]. 通信学报, 2017,38(12): 128-143. |
JIA Z P , FANG B X , LIU C G ,et al. Survey on cyber deception[J]. Journal on Communications, 2017,38(12): 128-143. | |
[21] | 石乐义, 李阳, 马猛飞 . 蜜罐技术研究新进展[J]. 电子与信息学报, 2019,41(2): 249-259. |
SHI L Y , LI Y , MA M F . Latest research progress of honeypot technology[J]. Journal of Electronics & Information Technology, 2019,41(2): 249-259. | |
[22] | STOECKLIN M P , ZHANG J , ARAUJO F ,et al. Dressed up:baiting attackers through endpoint service projection[C]// Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. 2018: 23-28. |
[23] | ALBANESE M , BATTISTA E , JAJODIA S . Deceiving attackers by creating a virtual attack surface[M]// Cyber Deception. 2016: 167-199. |
[24] | PROVOS N , . Honeyd-a virtual honeypot daemon[C]// 10th DFN-CERT Workshop,Hamburg,Germany. 2003:4. |
[25] | Cyberchaff[EB]. |
[26] | KIM J , SHIN S . Software-defined honeynet:towards mitigating link flooding attacks[C]// 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). 2017: 99-100. |
[27] | AL-SHAER E , WEI J , HAMLEN K W ,et al. Netshifter:a comprehensive multi-dimensional network obfuscation and deception solution[M]// Autonomous Cyber Deception, 2019: 125-146. |
[28] | JAJODIA S , PARK N , PIERAZZI F ,et al. A probabilistic logic of cyber deception[J]. IEEE Transactions on Information Forensics and Security, 2017,12(11): 2532-2544. |
[29] | ROWE N C , DUONG B T , CUSTY E J . Fake honeypots:a defensive tactic for cyberspace[C]// IEEE Workshop on Information Assurance. 2006: 223-230. |
[30] | COHEN F . A note on the role of deception in information protection[J]. Computers & Security, 1998,17(6): 483-506. |
[31] | COHEN F . The use of deception techniques:honeypots and decoys[J]. Handbook of Information Security, 2006,3(1): 646-655. |
[32] | PINGREE L . Emerging technology analysis:Deception techniques and technologies create security technology business opportunities[R]. Gartner Inc, 2015. |
[33] | WANG Q , XIAO F , ZHOU M ,et al. Linkbait:active link obfuscation to thwart link-flooding attacks[J]. arXiv:Networking and Internet Architecture, 2017. |
[34] | MEIER R , TSANKOV P , LENDERS V ,et al. Nethide:secure and practical network topology obfuscation[C]// 27th USENIX Security Symposium (USENIX Security 18). 2018: 693-709. |
[35] | MAXIMOV R V , IVANOV I I , SHARIFULLIN S R . Network topology masking in distributed information systems[C]// Selected Papers of the VIII All-Russian Conference with International Participation" Secure Information Technologies". 2017:83. |
[36] | GILLANI F , AL-SHAER E , LO S ,et al. Agile virtualized infrastructure to proactively defend against cyber attacks[C]// IEEE Conference on Computer Communications. 2015: 729-737. |
[37] | DUAN Q , AL-SHAER E ,, JAFARIAN H . Efficient random route mutation considering flow and network constraints[C]// 2013 IEEE Conference on Communications and Network Security (CNS). 2013: 260-268. |
[38] | KAMPANAKIS P , PERROS H , BEYENE T . SDN-based solutions for moving target defense network protection[C]// Proceeding of IEEE International Symposium on a World of Wireless,Mobile and Multimedia Networks 2014. 2014: 1-6. |
[39] | LIASKOS C , KOTRONIS V , DIMITROPOULOS X . A novel framework for modeling and mitigating distributed link flooding attacks[C]// IEEE INFOCOM 2016-The 35th Annual IEEE International Conference on Computer Communications. 2016: 1-9. |
[40] | SHAKARIAN P , KULKARNI N , ALBANESE M ,et al. Keeping intruders at bay:a graph-theoretic approach to reducing the probability of successful network intrusions[C]// International Conference on E-Business and Telecommunications,Cham. 2014: 191-211. |
[41] | BORDERS K , FALK L , PRAKASH A . Openfire:Using deception to reduce network attacks[C]// International Conference on Security& Privacy in Communications Networks & the Workshops. 2007: 224-233. |
[42] | WANG L , WU D . Moving target defense against network reconnaissance with software defined networking[C]// International Conference on Information Security. 2016: 203-217. |
[43] | SHIMANAKA T , MASUOKA R , HAY B . Cyber deception architecture:covert attack reconnaissance using a safe SDN approach[C]// Proceedings of the 52nd Hawaii International Conference on System Sciences. 2019: 1-10. |
[44] | XU M , GAO Y , FENG C . DDS:a distributed deception defense system based on SDN[C]// 2018 14th International Conference on Computational Intelligence and Security (CIS). 2018: 430-433. |
[45] | ROBERTSON S , ALEXANDER S , MICALLEF J ,et al. Cindam:customized information networks for deception and attack mitigation[C]// IEEE International Conference on Self-adaptive &Self-organizing Systems Workshops. 2015: 114-119. |
[46] | CHIANG C-Y J , GOTTLIEB Y M , SUGRIM S J ,et al. Acyds:an adaptive cyber deception system[C]// 2016 IEEE Military Communications Conference. 2016: 800-805. |
[47] | ANTONATOS S , AKRITIDIS P , MARKATOS E P ,et al. Defending against hitlist worms using network address space randomization[J]. Computer Networks, 2007,51(12): 3471-3490. |
[48] | YACKOSKI J , XIE P , BULLEN H ,et al. A self-shielding dynamic network architecture[C]// Military Communications Conference. 2011: 1381-1386. |
[49] | MACFARLAND D C , SHUE C A . The SDN shuffle:Creating a moving-target defense using host-based software-defined networking[C]// Proceedings of the Second ACM Workshop on Moving Target Defense. 2015: 37-41. |
[50] | DATTA T , FEAMSTER N , REXFORD J ,et al. {spine}:Surveillance protection in the network elements[C]// 9th USENIX Workshop on Free and Open Communications on the Internet (FOCI 19). 2019. |
[51] | MEIER R , GUGELMANN D , VANBEVER L . ITAP:In-network traffic analysis prevention using software-defined networks[C]// Proceedings of the Symposium on SDN Research. 2017: 102-114. |
[52] | ZHU T W , FENG D , WANG F ,et al. Efficient anonymous communication in SDN-based data center networks[J]. IEEE-ACM Transactions on Networking, 2017,25(6): 3767-3780. |
[53] | LU Z , WANG C , WEI M . A proactive and deceptive perspective for role detection and concealment in wireless networks[M]// Cyber Deception, 2016: 97-114. |
[54] | FRAUNHOLZ D , RETI D , DUQUE ANTON S ,et al. Cloxy:a context-aware deception-as-a-service reverse proxy for web services[C]// Proceedings of the 5th ACM Workshop on Moving Target Defense. 2018: 40-47. |
[55] | HAN X , KHEIR N , BALZAROTTI D . Evaluation of deception-based web attacks detection[C]// Proceedings of the 2017 Workshop on Moving Target Defense. 2017: 65-73. |
[56] | WATSON D , SMART M , MALAN G R ,et al. Protocol scrubbing:network security through transparent flow modification[J]. IEEE/ACM Transactions on Networking, 2004,12(2): 261-273. |
[57] | SMART M , MALAN G R , JAHANIAN F . Defeating TCP/IP stack fingerprinting[C]// Usenix Security Symposium. 2000:17. |
[58] | MALéCOT E L , . Mitibox:Camouflage and deception for network scan mitigation[C]// Usenix Conference on Hot Topics in Security. 2009:4. |
[59] | SHI Y , ZHANG H , WANG J ,et al. Chaos:an SDN-based moving target defense system[J]. Security and Communication Networks, 2017. |
[60] | STUDER A , PERRIG A . The coremelt attack[C]// European Symposium on Research in Computer Security, 2009: 37-52. |
[61] | KANG M S , LEE S B , GLIGOR V D . The crossfire attack[C]// 2013 IEEE Symposium on Security and Privacy. IEEE, 2013: 127-141. |
[62] | AYDEGER A , SAPUTRO N , AKKAYA K . Utilizing NFV for effective moving target defense against link flooding reconnaissance attacks[C]// 2018 IEEE Military Communications Conference(MILCOM). 2018: 946-951. |
[63] | GADGE J , PATIL A A . Port scan detection[C]// 2008 16th IEEE International Conference on Networks. 2008: 1-6. |
[64] | LISTON T . Labrea:“Sticky” honeypot and ids[EB]. |
[1] | 陈先意, 顾军, 颜凯, 江栋, 许林峰, 付章杰. 针对车牌识别系统的双重对抗攻击[J]. 网络与信息安全学报, 2023, 9(3): 16-27. |
[2] | 叶天鹏, 林祥, 李建华, 张轩凯, 许力文. 面向雾计算的个性化轻量级分布式网络入侵检测系统[J]. 网络与信息安全学报, 2023, 9(3): 28-37. |
[3] | 祖立军, 曹雅琳, 门小骅, 吕智慧, 叶家炜, 李泓一, 张亮. 基于隐私风险评估的脱敏算法自适应方法[J]. 网络与信息安全学报, 2023, 9(3): 49-59. |
[4] | 夏锐琪, 李曼曼, 陈少真. 基于机器学习的分组密码结构识别[J]. 网络与信息安全学报, 2023, 9(3): 79-89. |
[5] | 袁静怡, 李子川, 彭国军. EN-Bypass:针对邮件代发提醒机制的安全评估方法[J]. 网络与信息安全学报, 2023, 9(3): 90-101. |
[6] | 余锋, 林庆新, 林晖, 汪晓丁. 基于生成对抗网络的隐私增强联邦学习方案[J]. 网络与信息安全学报, 2023, 9(3): 113-122. |
[7] | 朱春陶, 尹承禧, 张博林, 殷琪林, 卢伟. 基于多域时序特征挖掘的伪造人脸检测方法[J]. 网络与信息安全学报, 2023, 9(3): 123-134. |
[8] | 李晓萌, 郭玳豆, 卓训方, 姚恒, 秦川. 载体独立的抗屏摄信息膜叠加水印算法[J]. 网络与信息安全学报, 2023, 9(3): 135-149. |
[9] | 蔡召, 荆涛, 任爽. 以太坊钓鱼诈骗检测技术综述[J]. 网络与信息安全学报, 2023, 9(2): 21-32. |
[10] | 潘雁, 林伟, 祝跃飞. 渐进式的协议状态机主动推断方法[J]. 网络与信息安全学报, 2023, 9(2): 81-93. |
[11] | 杨盼, 康绯, 舒辉, 黄宇垚, 吕小少. 基于函数摘要的二进制程序污点分析优化方法[J]. 网络与信息安全学报, 2023, 9(2): 115-131. |
[12] | 肖天, 江智昊, 唐鹏, 黄征, 郭捷, 邱卫东. 基于深度强化学习的高性能导向性模糊测试方案[J]. 网络与信息安全学报, 2023, 9(2): 132-142. |
[13] | 袁承昊, 李勇, 任爽. 多关键词动态可搜索加密方案[J]. 网络与信息安全学报, 2023, 9(2): 143-153. |
[14] | 侯泽洲, 任炯炯, 陈少真. 基于神经网络区分器的SIMON-like算法参数安全性评估[J]. 网络与信息安全学报, 2023, 9(2): 154-163. |
[15] | 郭学镜, 方毅翔, 赵怡, 张天助, 曾文超, 王俊祥. 基于传统引导机制的深度鲁棒水印算法[J]. 网络与信息安全学报, 2023, 9(2): 175-183. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|