基于动态伪装网络的主动欺骗防御方法

doi:10.11959/j.issn.1000-436x.2020026

Abstract

Abstract:

In view of the problem that the existing honeypots often fail to resist the penetration attack due to the lack of confidentiality,an active deception defense method based on dynamic camouflage network (DCN) was presented.The definition of DCN was given firstly,and then the attacker-defender scenario of active deception based on DCN was described.Next,the interaction process of the attacker-defender scenario was modeled by using a signaling game,whose equilibrium can guide the selection of optimal deception strategy.Furthermore,to quantify the payoffs accurately,the two-layer threat penetration graph (TLTPG) was introduced.Finally,the solution for game equilibrium was designed,through which pure strategy and mixed strategy could be calculated simultaneously.The experimental results show that,based on the dynamic camouflage network,the perfect Bayesian equilibrium can provide effective guidance for the defender to implement the optimal defense strategy and maximize the benefits of the defender.In addition,the characteristics and rules of active deception defense DCN-based are summarized.

Key words: honeypot,network deception defense, dynamic camouflage network, signaling game, game equilibrium

CLC Number:

TP393.8

Shuo WANG,Jianhua WANG,Qingqi PEI,Guangming TANG,Yang WANG,Xiaohu LIU. Active deception defense method based on dynamic camouflage network[J]. Journal on Communications, 2020, 41(2): 97-111.

Figures/Tables 14

编号	纳什均衡	条件	类型
EQ₁	((d₁,d₂),(a₂,a₂))	g<c	纯策略
EQ₂	((d₁,d₂),(a₁,a₂))	g>c; f>g	纯策略
EQ₃	((d₂,d₂),(a₁,a₂))	g>c; k<f<g; $p < \frac{c + k}{g + k}$ ; $p (N \| d_{1}) > \frac{c + k}{g + k}$	纯策略
EQ₄	$(((〈 \begin{matrix} d_{1} \\ e_{1} \end{matrix} 〉, 〈 \begin{matrix} d_{2} \\ 1 - e_{1} \end{matrix} 〉), d_{2}), (a_{1}, (〈 \begin{matrix} a_{1} \\ τ_{2} \end{matrix} 〉, 〈 \begin{matrix} a_{2} \\ 1 - τ_{2} \end{matrix} 〉)))$	g>c; f<g; $p > \frac{c + k}{g + k}$	混策略
EQ₅	$((d_{2}, d_{2}), (〈 \begin{matrix} a_{1} \\ τ_{1} \end{matrix} 〉, 〈 \begin{matrix} a_{2} \\ 1 - τ_{1} \end{matrix} 〉, a_{2}))$	g>c; f<g; $p < \frac{c + k}{g + k}$ ; $p (N \| d_{1}) = \frac{c + k}{g + k}$	混策略
EQ₆	$((d_{2}, d_{2}), (a_{1}, (〈 \begin{matrix} a_{1} \\ τ_{2} \end{matrix} 〉, 〈 \begin{matrix} a_{2} \\ 1 - τ_{2} \end{matrix} 〉)))$	g>c; f<g; $p = \frac{c + k}{g + k}$ ; $p (N \| d_{1}) > \frac{c + k}{g + k}$	混策略
EQ₇	$(((〈 \begin{matrix} d_{1} \\ e_{1} \end{matrix} 〉, 〈 \begin{matrix} d_{2} \\ 1 - e_{1} \end{matrix} 〉), d_{2}), (a_{1}, a_{2}))$	g>c; f=g	混策略
EQ₈	$((d_{2}, d_{2}), (〈 \begin{matrix} a_{1} \\ τ_{1} \end{matrix} 〉, 〈 \begin{matrix} a_{2} \\ 1 - τ_{1} \end{matrix} 〉, 〈 \begin{matrix} a_{1} \\ τ_{2} \end{matrix} 〉, 〈 \begin{matrix} a_{2} \\ 1 - τ_{2} \end{matrix} 〉))$	g>c; $p = \frac{c + k}{g + k}$ ; $p (N \| d_{1}) = \frac{c + k}{g + k}$	混策略
EQ₉	$((d_{1}, d_{2}), (〈 \begin{matrix} a_{1} \\ τ_{1} \end{matrix} 〉, 〈 \begin{matrix} a_{2} \\ 1 - τ_{1} \end{matrix} 〉, a_{2}))$	g=c	混策略
EQ₁₀	$(((〈 \begin{matrix} d_{1} \\ e_{1} \end{matrix} 〉, 〈 \begin{matrix} d_{2} \\ 1 - e_{1} \end{matrix} 〉), d_{2}), ((〈 \begin{matrix} a_{1} \\ τ_{1} \end{matrix} 〉, 〈 \begin{matrix} a_{2} \\ 1 - τ_{1} \end{matrix} 〉), a_{2}))$	g=c; f<g	混策略

References 32

[1]	国家计算机网络应急技术处理协调中心.2018 年中国互联网络网络安全报告[M]. 北京: 人民邮电出版社, 2019.
	National Internet Emergency Center. 2018 Annual report of Chinese Internet security[M]. Beijing: Posts and Telecom PressPress, 2019.
[2]	贾召鹏, 方滨兴, 刘潮歌 ,等. 网络欺骗技术综述[J]. 通信学报, 2017,38(12): 128-143.
	JIA Z P , FANG B X , LIU C G ,et al. Survey on cyber deception[J]. Journal on Communications, 2017,38(12): 128-143.
[3]	胡永进, 马骏, 郭渊博 . 基于博弈论的网络欺骗研究[J]. 通信学报, 2018,39(Z2): 13-22.
	HU Y J , MA J , GUO Y B . Research on cyber deception based on game theory[J]. Journal on Communications, 2018,39(Z2): 13-22.
[4]	WANG C , LU Z . Cyber deception:overview and the road ahead[J]. IEEE Security ＆ Privacy, 2018,16(2): 80-85.
[5]	JAJODIA S , GHOSH A K , SWARUP V ,et al. Moving target defense:creating asymmetric uncertainty for cyber threats[M]. Berlin: SpringerPress, 2011.
[6]	ZHUANG R , DELOACH S A , OU X . Toward a theory of moving target defense[C]// The 2014 ACM Workshop on Moving Target Defense (MTD). ACM, 2014: 31-44.
[7]	JAJODIA S , SUBRAHMANLAN V S , WANG C . Cyber deception:building the scientific foundation[M]. Berlin: SpringerPress, 2016.
[8]	PROVOS N , . A virtual honeypot framework[C]// The 13th USENIX Security Symp. USENIX Association, 2004: 1-14.
[9]	PA Y M P , SUZUKI S , YOSHIOKA K ,et al. IoTPOT:analysing the rise of IoT compromises[C]// The 9th USENIX Conference on Offensive Technologies. USENIX Association, 2015: 9-17.
[10]	FRUNHOLZ D , SCHOTTEN H D . Defending web servers with feints,distraction and obfuscation[C]// The International Conference on Computer Network and Communications(ICNC). IEEE, 2018: 21-25.
[11]	AHMED H M , HASSAN N F , FAHAD A A . Designing a smartphone honeypot system using performance counters[J]. Karbala International Journal of Modern Science, 2017,3(1): 46-52.
[12]	YEHUDA R B , KEVORKIAN D , ZAMIR G L ,et al. Virtual USB honeypot[C]// 12th ACM International Conference on Systems and Storage. ACM, 2019:181.
[13]	JICHA A , PATTON M , CHEN H . SCADA honeypots:an in-depth analysis of Conpot[C]// IEEE International Conference on Intelligence＆ Security Informatics. IEEE, 2016: 196-198.
[14]	JUELS A , RIVEST R L . Honeywords:making password-cracking detectable[C]// ACM Sigsac Conference on Computer ＆ Communications Security. ACM, 2013: 145-160.
[15]	ARAUJO F , HAMLEN K W , BIEDERMANN S ,et al. From patches to honey-patches:lightweight attacker misdirection,deception,and disinformation[C]// ACM Sigsac Conference on Computer ＆ Communications Security. ACM, 2014: 942-953.
[16]	CONROY N J , RUBIN V L , CHEN Y . Automatic deception detection:methods for finding fake news[C]// ASIST. Wiley Online Library, 2015: 1-4.
[17]	LEE K , CAVERLEE J , WEBB S . The social honeypot project:protecting online communities from spammers[C]// The 19th International Conference on World Wide Web. ACM, 2010: 1139-1140.
[18]	LAZAROV M , ONAOLAPO J , STRINGHINI G . Honey sheets:what happens to leaked google spreadsheets?[C]// 9th USENIX Workshop on Cyber Security Experimentation and Test. USENIX Association, 2016: 1-8.
[19]	YOON J W , KIM H , JO H J ,et al. Visual honey encryption:application to steganography[C]// 3rd ACM Workshop on Information Hiding and Multimedia Security. ACM, 2015: 65-74.
[20]	OMOLARA A E , JANTAN A , ABIODUN O S ,et al. A deception model robust to eavesdropping over communication for social network systems[J]. IEEE Access, 2019,7(8): 100881-10898.
[21]	CLARK A , SUN K , POOVENDRAN R . Effectiveness of IP address randomization in decoy-based moving target defense[C]// 52nd IEEE Conference on Decision and Control. IEEE, 2013: 678-685.
[22]	SUN J , SUN K . DESIR:decoy-enhanced seamless IP randomization[C]// IEEE International Conference on Computer Communications(INFOCOM). IEEE, 2016: 1-9.
[23]	SUN J , SUN K , LI Q . CyberMoat:camouflaging critical server infrastructures with large scale decoy farms[C]// IEEE Conference on Communincations and Network Security (CNS). IEEE, 2017: 1-9.
[24]	VENKATESAN S , ALBANESE M , SHAH A ,et al. Detecting stealthy botnets in a resource-constrained environment using reinforcement learning[C]// 4th ACM Workshop on Moving Target Defense(MTD). ACM, 2017: 75-85.
[25]	石乐义, 李婕, 刘昕 ,等. 基于动态阵列蜜罐的协同网络防御策略研究[J]. 通信学报, 2012,33(11): 159-164.
	SHI L Y , LI J , LIU X ,et al. Research on dynamic array honeypot for collaborative network defense strategy[J]. Journal on Comunications, 2012,33(11): 159-164.
[26]	CHEN X Y , LIU X T , ZHANG L ,et al. Optimal defense strategy selection for spear-phishing attack based on a multistate signaling game[J]. IEEE Access, 2019,7(2): 19907-19921.
[27]	CARROLL T E , GROSU D . A game theoretic investigation of deception in network security[J]. Security ＆ Communication Networks, 2011,4(10): 1162-1172.
[28]	FENG X T , ZHENG Z Z , CANSEVER D ,et al. A signaling game model for moving target defense[C]// IEEE International Conference on Computer Communications(INFOCOM). IEEE, 2017: 1-9.
[29]	蒋侣, 张恒巍, 王晋东 . 基于信号博弈的移动目标防御最优策略选取方法[J]. 通信学报, 2019,40(6): 128-137.
	JIANG L , ZHANG H W , WANG J D . Optimal strategy selection method for moving target defense based on signaling game[J]. Journal on Communications, 2019,40(6): 128-137.
[30]	JAJODIA S , PARK N,SERRA ,et al. SHARE:a stackelberg honey-based adversarial reasoning engine[J]. ACM Transactions on Internet Technology, 2018,18(3): 1-41.
[31]	王硕, 王建华, 汤光明 ,等. 一种智能高效的最优渗透路径生成方法[J]. 计算机研究与发展, 2019,56(5): 929-941.
	WANG S , WANG J H , TANG G M ,et al. Intelligent and efficient method for optimal penetration path generation[J]. Journal of Computer Research and Development, 2019,56(5): 929-941.
[32]	NASH J F . Equilibrium points in n-person games[J]. National Academy of Sciences, 1950,36(1): 48-49.

Metrics

Recommended 0

No Suggested Reading articles found!

源主机	目的主机	运行服务
攻击者	Web服务器	HTTP
攻击者	Pad₁,Host₁	FTP,SMTP
Pad	Host₁	FTP,SMTP
Host₁	Pad₁	FTP,SMTP
Pad₁,Host₁	Web服务器	HTTP
Web服务器	文件服务器	HFS
Web服务器	数据服务器	Oracle
Host₂	Host₃	FTPShell
Host₃	Host₂	FTPShell
Host₂,Host₃	打印服务器	Print
Host₂,Host₃	文件服务器	HFS,RDP
Host₂,Host₃	数据服务器	Oracle,RDP
文件服务器	数据服务器	Oracle

主机编号	主机信息	CVE编号	攻击类型	所需源主机权限	获得目的主机权限	攻击复杂度
H₁	Web服务器：Apache,Tomcat	CVE-2014-0226	Remote	User	Root	中
		CVE-2017-9798	Remote	User	User	低
H₂	Pad:iOS	CVE-2016-4729	Remote	User	Root	中
		CVE-2018-8174	Remote	User	Root	高
H₃	Host₁:Windows 7	CVE-2017-0161	Remote	User	User	中
		CVE-2018-8120	Local	User	Root	低
H₄	Host₂:Windows 8 FTPShell	CVE-2015-1769	Remote	User	Root	低
		CVE-2018-7573	Remote	User	Root	低
H₅	Host₃:Windows 8 FTPShell	CVE-2015-1769	Remote	User	Root	低
		CVE-2018-7573	Remote	User	Root	低
H₆	打印服务器：HP	CVE-2017-2741	Remote	User	Root	低
H₇	文件服务器：Windows,HFS	CVE-2014-6287	Remote	User	User	低
		CVE-2012-0002	Remote	User	Root	中
H₈	数据服务器：Windows,Oracle	CVE-2016-5555	Remote	User	User	低
		CVE-2012-0002	Remote	User	Root	低

主机	攻击代价	精炼贝叶斯均衡	p(N\|d₁)	p(N\|d₂)	U_d\|N	U_d\|H	U_a\|d₁	U_a\|d₂
Web服务器	41.9	EQ₄:e₁=0.543,τ₂=0.7	1	0.516	-100	14	58.1	0
Pad	21.5	EQ₄:e₁=0.773,τ₂=0.7	1	0.346	-100	14	78.5	0
Host₁	21.5	EQ₄:e₁=0.773,τ₂=0.7	1	0.346	-100	14	78.5	0
Host₂	6.66	EQ₄:e₁=0.878,τ₂=0.7	1	0.222	-100	14	93.34	0
Host₃	6.66	EQ₄:e₁=0.878,τ₂=0.7	1	0.222	-100	14	93.34	0
文件服务器	41.9	EQ₄:e₁=0.543,τ₂=0.7	1	0.516	-100	14	58.1	0
打印服务器	+∞	EQ₁	1	1	0	0	0	0

方法	场景描述	博弈过程	方法通用性	均衡求解	混策略
文献[26]	详细	多阶段	一般	详细	不考虑
文献[27]	详细	单阶段	一般	简单	考虑
文献[28]	简单	单阶段	一般	详细	不考虑
文献[29]	简单	单阶段	较好	简单	不考虑
本文方法	详细	多阶段	较好	详细	考虑

Active deception defense method based on dynamic camouflage network

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 14

References 32

Related Articles 2

Metrics

Recommended 0

[1]	JIANG Lyu,ZHANG Hengwei,WANG Jindong. Optimal strategy selection method for moving target defense based on signaling game [J]. Journal on Communications, 2019, 40(6): 128-137.
[2]	Heng-wei ZHANG,Ding-kun YU,Ji-hong HAN,Jin-dong WANG,Tao LI. Defense policies selection method based on attack-defense signaling game model [J]. Journal on Communications, 2016, 37(5): 51-61.