一种软件定义APT攻击移动目标防御网络架构

doi:10.6040/j.issn.1671-9352.2.2017.196

山东大学学报（理学版） ›› 2018, Vol. 53 ›› Issue (1): 38-45.doi: 10.6040/j.issn.1671-9352.2.2017.196

一种软件定义APT攻击移动目标防御网络架构

谭韧,殷肖川^*,焦贤龙,廉哲,陈玉鑫

空军工程大学信息与导航学院, 陕西西安 710077

收稿日期:2017-08-28 出版日期:2018-01-20 发布日期:2018-01-19
通讯作者: 殷肖川(1961— ),男,博士,硕士生导师,研究方向为网络与信息安全. E-mail:redstorm@live.cn E-mail:bluewingtan@yeah.net
作者简介:谭韧(1993— ),男,硕士研究生,研究方向为网络与信息安全. E-mail:bluewingtan@yeah.net
基金资助:
国家自然科学基金资助项目(61402510);陕西省工业科技攻关项目(2016GY-087)

Software defined APT attack moving target defense network architecture

TAN Ren, YIN Xiao-chuan^*, JIAO Xian-long, LIAN Zhe, CHEN Yu-xin

Information and Navigation College, Air Force Engineering University, Xian 710077, Shaanxi, China

Received:2017-08-28 Online:2018-01-20 Published:2018-01-19

摘要/Abstract

摘要： 针对传统网络架构的确定性、静态性和同构性造成APT攻击难以有效防御的问题,提出了一种软件定义APT攻击移动目标防御网络架构SDMTDA。对APT攻击行为进行了建模,总结了APT攻击依赖网络结构和漏洞信息的特点;结合软件定义安全理念建立了从下到上分别为物理层、控制层、应用层的三层网络架构,并给出了网络结构变化和漏洞信息变化的算法,分析了移动目标防御的三种方法在SDMTDA中的实现;对架构进行了分析、实现并测试。实验结果表明,该架构具有软件定义、变化迅速、扩展性强的优点。

关键词: 软件定义安全, 高级持续性威胁, 移动目标防御, 软件定义网络, 容器技术

Abstract: Aiming at the problem that the advanced persistent threat(APT)attack was difficult to effectively defend due to the certainty, statics and isomorphism of traditional network architecture, a software defined APT attack moving target defense network architecture SDMTDA was proposed. The behavior and the characteristics of APT attack were modelized. A three-tier network architecture of the physical layer, control layer, application layer was established considered with software definition security. The algorithm of network structure and vulnerability information change were given, and three categories of moving target defense realized in SDMTDA were analyzed. The experimental results show that the architecture has the advantages of software definability, rapid variability and strong expansibility.

Key words: container technology, advanced persistent threat, software defined security, moving target defense, software defined networking

中图分类号:

TP309

谭韧,殷肖川,焦贤龙,廉哲,陈玉鑫. 一种软件定义APT攻击移动目标防御网络架构[J]. 山东大学学报（理学版）, 2018, 53(1): 38-45.

TAN Ren, YIN Xiao-chuan, JIAO Xian-long, LIAN Zhe, CHEN Yu-xin. Software defined APT attack moving target defense network architecture[J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(1): 38-45.

参考文献

[1] LANGNER R. Stuxnet: dissecting a cyberwarfare weapon[J]. IEEE Security & Privacy: IEEE Secur Priv, 2011, 9(3):49-51.
[2] BENCSÁTH B, PÉK G, BUTTYÁN L, et al. The cousins of stuxnet: Duqu, flame, and gauss[J]. Future Internet, 2012, 4(4):971-1003.
[3] Kaspersky Labs Global Research & Analysis Team. WannaCry ransomware used in widespread attacks all over the world[EB/OL].(2017-5-12)[2017-5-17]. https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/.
[4] CAI Guiling, WANG Baosheng, HU Wei, et al. Moving target defense: state of the art and characteristics[J]. Frontiers of Information Technology & Electronic Engineering: Front Inform Technol Elect Eng, 2016, 17(11):1122-1153.
[5] JAJODIA S, GHOSH A K, SWARUP V, et al. Moving target defense: creating asymmetric uncertainty for cyber threats[M]. New York: Springer Science & Business Media, 2011.
[6] HUTCHINS E M, CLOPPERT M J, AMIN R M. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains[J]. Leading Issues in Information Warfare & Security Research, 2011, 1(1):80.
[7] LI Meicong, HUANG Wei, WANG Yongbin, et al. The study of APT attack stage model[C] // 2016 IEEE/ACIS 15th International Conference on Computer and Information Science(ICIS). Okayama, Japan: IEEE, 2016: 1-5.
[8] CHOI J, CHOI C, LYNN H M, et al. Ontology based APT attack behavior analysis in cloud computing[C] // 2015 10th International Conference on Broadband and Wireless Computing, Communication and Applications(BWCCA). Krakow, Poland: IEEE, 2015: 375-379.
[9] IOANNOU G, LOUVIERIS P, CLEWLEY N, et al. A Markov multi-phase transferable belief model: an application for predicting data exfiltration APTs[C] // Proceedings of the 16th International Conference on Information Fusion. Turkey: IEEE, 2013: 842-849.
[10] FANG Xupeng, ZHAI Lidong, JIA Zhaopeng, et al. A game model for predicting the attack path of APT[C] // 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing. Dalian, China: IEEE, 2014: 491-495.
[11] YANG Haopu. Method for behavior-prediction of APT attack based on dynamic Bayesian game[C] // 2016 IEEE International Conference on Cloud Computing and Big Data Analysis(ICCCBDA). Chengdu, China: IEEE, 2016: 177-182.
[12] KIM Y H, PARK W H. A study on cyber threat prediction based on intrusion detection event for APT attack detection[J]. Multimedia Tools and Applications: Multimed Tools Appl, 2014, 71(2):685-698.
[13] MANADHATA P K,WING J M. An attack surface metric[J]. IEEE Transactions on Software Engineering, 2011, 37(3):371-386.
[14] HONG J B, KIM D S. Assessing the effectiveness of moving target defenses using security models[J]. IEEE Transactions on Dependable and Secure Computing, 2016, 13(2):163-177.
[15] KREUTZ D, RAMOS F M V, VERISSIMO P E, et al. Software-defined networking: a comprehensive survey[J]. Proceedings of the IEEE, 2015, 103(1):14-76.
[16] BERNSTEIN D. Containers and cloud: from LXC to docker to kubernetes[J]. IEEE Cloud Computing, 2014, 1(3):81-84.
[17] JAFARIAN J H, AL-SHAER E, DUAN Q. Openflow random host mutation: transparent moving target defense using software defined networking[C] // Proceedings of the 1st Workshop on Hot Topics in Software Defined Networks. Helsinki, Finland: ACM, 2012: 127-132.
[18] WANG Li, WU Dinghao. Moving target defense against network reconnaissance with software defined networking[M] // BISHOP M, NASCIMENTO A C A. Information Security: Lecture Notes in Computer Science.Cham:Springer Int Publishing Ag, 2016: 203-217.
[19] CHIN T, XIONG Kaiqi. Dynamic generation containment systems(DGCS): a moving target defense approach[C] // 2016 3rd International Workshop on Emerging Ideas and Trends in Engineering of Cyber-Physical Systems(EITEC). Vienna, Austria: IEEE, 2016: 11-16.
[20] AZAB M, ELTOWEISSY M. MIGRATE: Towards a Lightweight Moving-Target Defense Against Cloud Side-Channels[C] // 2016 IEEE Security and Privacy Workshops(SPW)San Jose. California, USA: IEEE, 2016: 96-103.
[21] LIU Yanbing, LU Xingyu, YI Jian, et al. SDSA: a framework of a software-defined security architecture[J]. China Communications, 2016, 13(2):178-188.
[22] DARABSEH A, AL-AYYOUB M, JARARWEH Y, et al. SDSecurity: a software defined security experimental framework[C] // 2015 IEEE International Conference on Communication Workshop(ICCW).[S.l.] : IEEE, 2015: 1871-1876.
[23] 谭韧, 殷肖川, 廉哲, 等. APT攻击分层表示模型[J]. 计算机应用, 2017, 37(9):2551-2556. TAN Ren, YIN Xiaochuan, LIAN Zhe, et al. Hierarchical representation model of APT attack[J]. Journal of Computer Applications, 2017, 37(9):2551-2556.
[24] CRIU Project. CRIU[EB/OL].(2017-9-21)[2017-9-21]. https://criu.org/Main_Page.
[25] PICKARTZ S, EILING N, LANKES S, et al. Migrating linux containers using CRIU[M] // TAUFER M, MOHR B, KUNKEL J M. High Performance Computing: ISC High Performance 2016 International Workshops. Cham: Springer International Publishing, 2016: 674-684.
[26] BEN-ASHER N, MORRIS-KING J, THOMPSON B, et al. Attacker skill defender strategies and the effectiveness of migration-based moving target defense in cyber systems[C] // 11th International Conference on Cyber Warfare and Security: ICCWS2016. Boston, US: Academic Conferences and Publishing Limited, 2016: 21.
[27] WETTE P, DRÄXLER M, SCHWABE A. MaxiNet: distributed emulation of software-defined networks[C] // 2014 IFIP Networking Conference. Trondheim, Norway: IEEE, 2014: 1-9.
[28] Linux Fundation. The OpenDaylight Platform | OpenDaylight[EB/OL].(2017-5-12)[2017-10-1]. https://www.opendaylight.org/.

多维度评价

Viewed

Full text

Abstract

Cited

Shared

Discussed

一种软件定义APT攻击移动目标防御网络架构

Software defined APT attack moving target defense network architecture

PDF (PC)

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

多维度评价

本文评价

推荐阅读 0

[1]	晏燕,郝晓弘. 差分隐私密度自适应网格划分发布方法[J]. 山东大学学报（理学版）, 2018, 53(9): 12-22.
[2]	焦鸿儒,秦静. 可实现全部超星量子存取结构的量子秘密共享方案[J]. 山东大学学报（理学版）, 2018, 53(9): 62-68.
[3]	许力冬,王明强. 对10轮AES-128的中间相遇攻击[J]. 山东大学学报（理学版）, 2018, 53(7): 39-45.
[4]	张建标,李志刚,刘国杰,王超,王玮. 面向Windows环境进程主动动态度量方法[J]. 山东大学学报（理学版）, 2018, 53(7): 46-50.
[5]	崔朝阳,孙甲琦,徐松艳,蒋鑫. 适用于集群无人机的自组网安全分簇算法[J]. 山东大学学报（理学版）, 2018, 53(7): 51-59.
[6]	刘政,牛芳琳,钱大兴,蔡希彪,郭颖. 基于喷泉码的防窃听编码设计[J]. 山东大学学报（理学版）, 2018, 53(7): 60-64.
[7]	刘明明,张敏情,刘佳,高培贤. 一种基于浅层卷积神经网络的隐写分析方法[J]. 山东大学学报（理学版）, 2018, 53(3): 63-70.
[8]	阮树骅,瓮俊昊,毛麾,陈雪莲. 云安全风险评估度量模型[J]. 山东大学学报（理学版）, 2018, 53(3): 71-76.
[9]	康海燕,黄渝轩,陈楚翘. 基于视频分析的地理信息隐私保护方法[J]. 山东大学学报（理学版）, 2018, 53(1): 19-29.
[10]	孟博,鲁金钿,王德军,何旭东. 安全协议实施安全性分析综述[J]. 山东大学学报（理学版）, 2018, 53(1): 1-18.
[11]	孙泽锐,王继军,李国祥,夏国恩. 基于插值图像的可逆信息隐藏算法[J]. 山东大学学报（理学版）, 2018, 53(1): 46-52.
[12]	孙亮,陈小春,钟阳,林志鹏,任彤. 基于可信BMC的服务器安全启动机制[J]. 山东大学学报（理学版）, 2018, 53(1): 89-94.
[13]	姚克,朱斌瑞,秦静. 基于生物信息的可验证公钥可搜索加密协议[J]. 山东大学学报（理学版）, 2017, 52(11): 11-22.
[14]	韩盼盼,秦静. 云计算中可验证的外包数据库加密搜索方案[J]. 山东大学学报（理学版）, 2017, 52(9): 41-53.
[15]	丁义涛,杨海滨,杨晓元,周潭平. 一种同态密文域可逆隐藏方案[J]. 山东大学学报（理学版）, 2017, 52(7): 104-110.