Chinese Journal of Network and Information Security ›› 2021, Vol. 7 ›› Issue (4): 42-52.doi: 10.11959/j.issn.2096-109x.2021045
• TopicⅠ: Network Security: Attack and Defense • Previous Articles Next Articles
Jinlong ZHAO, Guomin ZHANG, Changyou XING
Revised:
2021-01-20
Online:
2021-08-15
Published:
2021-08-01
Supported by:
CLC Number:
Jinlong ZHAO, Guomin ZHANG, Changyou XING. Research on deception defense techniques based on network characteristics obfuscation[J]. Chinese Journal of Network and Information Security, 2021, 7(4): 42-52.
[1] | PANJWANI S , TAN S , JARRIN K M ,et al. An experimental evaluation to determine if port scans are precursors to an attack[C]// 2005 International Conference on Dependable Systems and Networks (DSN'05). 2005: 602-611. |
[2] | KEWLEY D , FINK R , LOWRY J ,et al. Dynamic approaches to thwart adversary intelligence gathering[C]// Proceedings DARPA Information Survivability Conference and Exposition II DISCEX'01. 2001,1: 176-185. |
[3] | HUTCHINS E M , CLOPPERT M J , AMIN R M . Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains[J]. Leading Issues in Information Warfare Security Research, 2011,1(1): 80. |
[4] | AL-SHAER E , DUAN Q , JAFARIAN J H . Random host mutation for moving target defense[C]// International Conference on Security and Privacy in Communication Systems. 2012: 310-327. |
[5] | JAFARIAN J H , AL-SHAER E ,, DUAN Q . Openflow random host mutation:Transparent moving target defense using software defined networking[C]// Proceedings of the First Workshop on Hot Topics in Software Defined Networks. 2012: 127-132. |
[6] | TRASSARE S T , BEVERLY R , ALDERSON D . A technique for network topology deception[C]// 2013 IEEE Military Communications Conference. 2013: 1795-1800. |
[7] | ACHLEITNER S , LA PORTA T F , MCDANIEL P ,et al. Deceiving network reconnaissance using SDN-based virtual topologies[J]. IEEE Transactions on Network and Service Management, 2017,14(4): 1098-1112. |
[8] | CHIANG C-Y J , VENKATESAN S , SUGRIM S ,et al. On defensive cyber deception:a case study using SDN[C]// 2018 IEEE Military Communications Conference (MILCOM). 2018: 110-115. |
[9] | ERIKSSON B , DASARATHY G , BARFORD P ,et al. Efficient network tomography for internet topology discovery[J]. IEEE/ACM Transactions on Networking (TON), 2012,20(3): 931-943. |
[10] | JAJODIA S , GHOSH A K , SWARUP V ,et al. Moving target defense:creating asymmetric uncertainty for cyber threats[M]// Advances in information security. 2011. |
[11] | 邬江兴 . 网络空间拟态防御研究[J]. 信息安全学报, 2016,1(4): 1-10. |
WU J X . Research on cyber mimic defense[J]. Journal of Cyber Security, 2016,1(4): 1-10 | |
[12] | XIAO H , KHEIR N , BALZAROTTI D . Deception techniques in computer security:a research perspective[J]. ACM Computing Surveys, 2018,51(4): 1-36. |
[13] | BAO N , MUSACCHIO J . Optimizing the decision to expel attackers from an information system[C]// 2009 47th Annual Allerton Conference on Communication Control and Computing (Allerton). 2009: 644-651. |
[14] | HORáK K , ZHU Q , BO?ANSKY B , . Manipulating adversary’s belief:a dynamic game approach to deception by design for proactive network security[C]// International Conference on Decision and Game Theory for Security. 2017: 273-294. |
[15] | JAFARIAN J H , AL-SHAER E ,, DUAN Q . Adversary-aware ip address randomization for proactive agility against sophisticated attackers[C]// 2015 IEEE Conference on Computer Communications (INFOCOM). 2015: 738-746. |
[16] | SPRING N , MAHAJAN R , WETHERALL D . Measuring ISP topologies with rocketfuel[J]. ACM Sigcomm Computer Communication Review, 2002,32(4): 133-145. |
[17] | TROWBRIDGE C . An overview of remote operating system fingerprinting[EB]. |
[18] | YUILL J J . Defensive computer-security deception operations:Processes,principles and techniques[D]. Raleigh:North Carolina State University, 2006. |
[19] | KELLY J , DELAUS M , HEMBERG E ,et al. Adversarially adapting deceptive views and reconnaissance scans on a software defined network[C]// 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). 2019: 49-54. |
[20] | 贾召鹏, 方滨兴, 刘潮歌 ,等. 网络欺骗技术综述[J]. 通信学报, 2017,38(12): 128-143. |
JIA Z P , FANG B X , LIU C G ,et al. Survey on cyber deception[J]. Journal on Communications, 2017,38(12): 128-143. | |
[21] | 石乐义, 李阳, 马猛飞 . 蜜罐技术研究新进展[J]. 电子与信息学报, 2019,41(2): 249-259. |
SHI L Y , LI Y , MA M F . Latest research progress of honeypot technology[J]. Journal of Electronics & Information Technology, 2019,41(2): 249-259. | |
[22] | STOECKLIN M P , ZHANG J , ARAUJO F ,et al. Dressed up:baiting attackers through endpoint service projection[C]// Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. 2018: 23-28. |
[23] | ALBANESE M , BATTISTA E , JAJODIA S . Deceiving attackers by creating a virtual attack surface[M]// Cyber Deception. 2016: 167-199. |
[24] | PROVOS N , . Honeyd-a virtual honeypot daemon[C]// 10th DFN-CERT Workshop,Hamburg,Germany. 2003:4. |
[25] | Cyberchaff[EB]. |
[26] | KIM J , SHIN S . Software-defined honeynet:towards mitigating link flooding attacks[C]// 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). 2017: 99-100. |
[27] | AL-SHAER E , WEI J , HAMLEN K W ,et al. Netshifter:a comprehensive multi-dimensional network obfuscation and deception solution[M]// Autonomous Cyber Deception, 2019: 125-146. |
[28] | JAJODIA S , PARK N , PIERAZZI F ,et al. A probabilistic logic of cyber deception[J]. IEEE Transactions on Information Forensics and Security, 2017,12(11): 2532-2544. |
[29] | ROWE N C , DUONG B T , CUSTY E J . Fake honeypots:a defensive tactic for cyberspace[C]// IEEE Workshop on Information Assurance. 2006: 223-230. |
[30] | COHEN F . A note on the role of deception in information protection[J]. Computers & Security, 1998,17(6): 483-506. |
[31] | COHEN F . The use of deception techniques:honeypots and decoys[J]. Handbook of Information Security, 2006,3(1): 646-655. |
[32] | PINGREE L . Emerging technology analysis:Deception techniques and technologies create security technology business opportunities[R]. Gartner Inc, 2015. |
[33] | WANG Q , XIAO F , ZHOU M ,et al. Linkbait:active link obfuscation to thwart link-flooding attacks[J]. arXiv:Networking and Internet Architecture, 2017. |
[34] | MEIER R , TSANKOV P , LENDERS V ,et al. Nethide:secure and practical network topology obfuscation[C]// 27th USENIX Security Symposium (USENIX Security 18). 2018: 693-709. |
[35] | MAXIMOV R V , IVANOV I I , SHARIFULLIN S R . Network topology masking in distributed information systems[C]// Selected Papers of the VIII All-Russian Conference with International Participation" Secure Information Technologies". 2017:83. |
[36] | GILLANI F , AL-SHAER E , LO S ,et al. Agile virtualized infrastructure to proactively defend against cyber attacks[C]// IEEE Conference on Computer Communications. 2015: 729-737. |
[37] | DUAN Q , AL-SHAER E ,, JAFARIAN H . Efficient random route mutation considering flow and network constraints[C]// 2013 IEEE Conference on Communications and Network Security (CNS). 2013: 260-268. |
[38] | KAMPANAKIS P , PERROS H , BEYENE T . SDN-based solutions for moving target defense network protection[C]// Proceeding of IEEE International Symposium on a World of Wireless,Mobile and Multimedia Networks 2014. 2014: 1-6. |
[39] | LIASKOS C , KOTRONIS V , DIMITROPOULOS X . A novel framework for modeling and mitigating distributed link flooding attacks[C]// IEEE INFOCOM 2016-The 35th Annual IEEE International Conference on Computer Communications. 2016: 1-9. |
[40] | SHAKARIAN P , KULKARNI N , ALBANESE M ,et al. Keeping intruders at bay:a graph-theoretic approach to reducing the probability of successful network intrusions[C]// International Conference on E-Business and Telecommunications,Cham. 2014: 191-211. |
[41] | BORDERS K , FALK L , PRAKASH A . Openfire:Using deception to reduce network attacks[C]// International Conference on Security& Privacy in Communications Networks & the Workshops. 2007: 224-233. |
[42] | WANG L , WU D . Moving target defense against network reconnaissance with software defined networking[C]// International Conference on Information Security. 2016: 203-217. |
[43] | SHIMANAKA T , MASUOKA R , HAY B . Cyber deception architecture:covert attack reconnaissance using a safe SDN approach[C]// Proceedings of the 52nd Hawaii International Conference on System Sciences. 2019: 1-10. |
[44] | XU M , GAO Y , FENG C . DDS:a distributed deception defense system based on SDN[C]// 2018 14th International Conference on Computational Intelligence and Security (CIS). 2018: 430-433. |
[45] | ROBERTSON S , ALEXANDER S , MICALLEF J ,et al. Cindam:customized information networks for deception and attack mitigation[C]// IEEE International Conference on Self-adaptive &Self-organizing Systems Workshops. 2015: 114-119. |
[46] | CHIANG C-Y J , GOTTLIEB Y M , SUGRIM S J ,et al. Acyds:an adaptive cyber deception system[C]// 2016 IEEE Military Communications Conference. 2016: 800-805. |
[47] | ANTONATOS S , AKRITIDIS P , MARKATOS E P ,et al. Defending against hitlist worms using network address space randomization[J]. Computer Networks, 2007,51(12): 3471-3490. |
[48] | YACKOSKI J , XIE P , BULLEN H ,et al. A self-shielding dynamic network architecture[C]// Military Communications Conference. 2011: 1381-1386. |
[49] | MACFARLAND D C , SHUE C A . The SDN shuffle:Creating a moving-target defense using host-based software-defined networking[C]// Proceedings of the Second ACM Workshop on Moving Target Defense. 2015: 37-41. |
[50] | DATTA T , FEAMSTER N , REXFORD J ,et al. {spine}:Surveillance protection in the network elements[C]// 9th USENIX Workshop on Free and Open Communications on the Internet (FOCI 19). 2019. |
[51] | MEIER R , GUGELMANN D , VANBEVER L . ITAP:In-network traffic analysis prevention using software-defined networks[C]// Proceedings of the Symposium on SDN Research. 2017: 102-114. |
[52] | ZHU T W , FENG D , WANG F ,et al. Efficient anonymous communication in SDN-based data center networks[J]. IEEE-ACM Transactions on Networking, 2017,25(6): 3767-3780. |
[53] | LU Z , WANG C , WEI M . A proactive and deceptive perspective for role detection and concealment in wireless networks[M]// Cyber Deception, 2016: 97-114. |
[54] | FRAUNHOLZ D , RETI D , DUQUE ANTON S ,et al. Cloxy:a context-aware deception-as-a-service reverse proxy for web services[C]// Proceedings of the 5th ACM Workshop on Moving Target Defense. 2018: 40-47. |
[55] | HAN X , KHEIR N , BALZAROTTI D . Evaluation of deception-based web attacks detection[C]// Proceedings of the 2017 Workshop on Moving Target Defense. 2017: 65-73. |
[56] | WATSON D , SMART M , MALAN G R ,et al. Protocol scrubbing:network security through transparent flow modification[J]. IEEE/ACM Transactions on Networking, 2004,12(2): 261-273. |
[57] | SMART M , MALAN G R , JAHANIAN F . Defeating TCP/IP stack fingerprinting[C]// Usenix Security Symposium. 2000:17. |
[58] | MALéCOT E L , . Mitibox:Camouflage and deception for network scan mitigation[C]// Usenix Conference on Hot Topics in Security. 2009:4. |
[59] | SHI Y , ZHANG H , WANG J ,et al. Chaos:an SDN-based moving target defense system[J]. Security and Communication Networks, 2017. |
[60] | STUDER A , PERRIG A . The coremelt attack[C]// European Symposium on Research in Computer Security, 2009: 37-52. |
[61] | KANG M S , LEE S B , GLIGOR V D . The crossfire attack[C]// 2013 IEEE Symposium on Security and Privacy. IEEE, 2013: 127-141. |
[62] | AYDEGER A , SAPUTRO N , AKKAYA K . Utilizing NFV for effective moving target defense against link flooding reconnaissance attacks[C]// 2018 IEEE Military Communications Conference(MILCOM). 2018: 946-951. |
[63] | GADGE J , PATIL A A . Port scan detection[C]// 2008 16th IEEE International Conference on Networks. 2008: 1-6. |
[64] | LISTON T . Labrea:“Sticky” honeypot and ids[EB]. |
[1] | Jianming FU, Chang LIU, Mengfei XIE, Chenke LUO. Survey of software anomaly detection based on deception [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 15-29. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|