JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2018, Vol. 53 ›› Issue (1): 38-45.doi: 10.6040/j.issn.1671-9352.2.2017.196

Previous Articles     Next Articles

Software defined APT attack moving target defense network architecture

TAN Ren, YIN Xiao-chuan*, JIAO Xian-long, LIAN Zhe, CHEN Yu-xin   

  1. Information and Navigation College, Air Force Engineering University, Xian 710077, Shaanxi, China
  • Received:2017-08-28 Online:2018-01-20 Published:2018-01-19

PDF (PC)

1027

Abstract: Aiming at the problem that the advanced persistent threat(APT)attack was difficult to effectively defend due to the certainty, statics and isomorphism of traditional network architecture, a software defined APT attack moving target defense network architecture SDMTDA was proposed. The behavior and the characteristics of APT attack were modelized. A three-tier network architecture of the physical layer, control layer, application layer was established considered with software definition security. The algorithm of network structure and vulnerability information change were given, and three categories of moving target defense realized in SDMTDA were analyzed. The experimental results show that the architecture has the advantages of software definability, rapid variability and strong expansibility.

Key words: container technology, advanced persistent threat, software defined security, moving target defense, software defined networking

CLC Number: 

  • TP309
[1] LANGNER R. Stuxnet: dissecting a cyberwarfare weapon[J]. IEEE Security & Privacy: IEEE Secur Priv, 2011, 9(3):49-51.
[2] BENCSÁTH B, PÉK G, BUTTYÁN L, et al. The cousins of stuxnet: Duqu, flame, and gauss[J]. Future Internet, 2012, 4(4):971-1003.
[3] Kaspersky Labs Global Research & Analysis Team. WannaCry ransomware used in widespread attacks all over the world[EB/OL].(2017-5-12)[2017-5-17]. https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/.
[4] CAI Guiling, WANG Baosheng, HU Wei, et al. Moving target defense: state of the art and characteristics[J]. Frontiers of Information Technology & Electronic Engineering: Front Inform Technol Elect Eng, 2016, 17(11):1122-1153.
[5] JAJODIA S, GHOSH A K, SWARUP V, et al. Moving target defense: creating asymmetric uncertainty for cyber threats[M]. New York: Springer Science & Business Media, 2011.
[6] HUTCHINS E M, CLOPPERT M J, AMIN R M. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains[J]. Leading Issues in Information Warfare & Security Research, 2011, 1(1):80.
[7] LI Meicong, HUANG Wei, WANG Yongbin, et al. The study of APT attack stage model[C] // 2016 IEEE/ACIS 15th International Conference on Computer and Information Science(ICIS). Okayama, Japan: IEEE, 2016: 1-5.
[8] CHOI J, CHOI C, LYNN H M, et al. Ontology based APT attack behavior analysis in cloud computing[C] // 2015 10th International Conference on Broadband and Wireless Computing, Communication and Applications(BWCCA). Krakow, Poland: IEEE, 2015: 375-379.
[9] IOANNOU G, LOUVIERIS P, CLEWLEY N, et al. A Markov multi-phase transferable belief model: an application for predicting data exfiltration APTs[C] // Proceedings of the 16th International Conference on Information Fusion. Turkey: IEEE, 2013: 842-849.
[10] FANG Xupeng, ZHAI Lidong, JIA Zhaopeng, et al. A game model for predicting the attack path of APT[C] // 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing. Dalian, China: IEEE, 2014: 491-495.
[11] YANG Haopu. Method for behavior-prediction of APT attack based on dynamic Bayesian game[C] // 2016 IEEE International Conference on Cloud Computing and Big Data Analysis(ICCCBDA). Chengdu, China: IEEE, 2016: 177-182.
[12] KIM Y H, PARK W H. A study on cyber threat prediction based on intrusion detection event for APT attack detection[J]. Multimedia Tools and Applications: Multimed Tools Appl, 2014, 71(2):685-698.
[13] MANADHATA P K,WING J M. An attack surface metric[J]. IEEE Transactions on Software Engineering, 2011, 37(3):371-386.
[14] HONG J B, KIM D S. Assessing the effectiveness of moving target defenses using security models[J]. IEEE Transactions on Dependable and Secure Computing, 2016, 13(2):163-177.
[15] KREUTZ D, RAMOS F M V, VERISSIMO P E, et al. Software-defined networking: a comprehensive survey[J]. Proceedings of the IEEE, 2015, 103(1):14-76.
[16] BERNSTEIN D. Containers and cloud: from LXC to docker to kubernetes[J]. IEEE Cloud Computing, 2014, 1(3):81-84.
[17] JAFARIAN J H, AL-SHAER E, DUAN Q. Openflow random host mutation: transparent moving target defense using software defined networking[C] // Proceedings of the 1st Workshop on Hot Topics in Software Defined Networks. Helsinki, Finland: ACM, 2012: 127-132.
[18] WANG Li, WU Dinghao. Moving target defense against network reconnaissance with software defined networking[M] // BISHOP M, NASCIMENTO A C A. Information Security: Lecture Notes in Computer Science.Cham:Springer Int Publishing Ag, 2016: 203-217.
[19] CHIN T, XIONG Kaiqi. Dynamic generation containment systems(DGCS): a moving target defense approach[C] // 2016 3rd International Workshop on Emerging Ideas and Trends in Engineering of Cyber-Physical Systems(EITEC). Vienna, Austria: IEEE, 2016: 11-16.
[20] AZAB M, ELTOWEISSY M. MIGRATE: Towards a Lightweight Moving-Target Defense Against Cloud Side-Channels[C] // 2016 IEEE Security and Privacy Workshops(SPW)San Jose. California, USA: IEEE, 2016: 96-103.
[21] LIU Yanbing, LU Xingyu, YI Jian, et al. SDSA: a framework of a software-defined security architecture[J]. China Communications, 2016, 13(2):178-188.
[22] DARABSEH A, AL-AYYOUB M, JARARWEH Y, et al. SDSecurity: a software defined security experimental framework[C] // 2015 IEEE International Conference on Communication Workshop(ICCW).[S.l.] : IEEE, 2015: 1871-1876.
[23] 谭韧, 殷肖川, 廉哲, 等. APT攻击分层表示模型[J]. 计算机应用, 2017, 37(9):2551-2556. TAN Ren, YIN Xiaochuan, LIAN Zhe, et al. Hierarchical representation model of APT attack[J]. Journal of Computer Applications, 2017, 37(9):2551-2556.
[24] CRIU Project. CRIU[EB/OL].(2017-9-21)[2017-9-21]. https://criu.org/Main_Page.
[25] PICKARTZ S, EILING N, LANKES S, et al. Migrating linux containers using CRIU[M] // TAUFER M, MOHR B, KUNKEL J M. High Performance Computing: ISC High Performance 2016 International Workshops. Cham: Springer International Publishing, 2016: 674-684.
[26] BEN-ASHER N, MORRIS-KING J, THOMPSON B, et al. Attacker skill defender strategies and the effectiveness of migration-based moving target defense in cyber systems[C] // 11th International Conference on Cyber Warfare and Security: ICCWS2016. Boston, US: Academic Conferences and Publishing Limited, 2016: 21.
[27] WETTE P, DRÄXLER M, SCHWABE A. MaxiNet: distributed emulation of software-defined networks[C] // 2014 IFIP Networking Conference. Trondheim, Norway: IEEE, 2014: 1-9.
[28] Linux Fundation. The OpenDaylight Platform | OpenDaylight[EB/OL].(2017-5-12)[2017-10-1]. https://www.opendaylight.org/.
[1] YAN Yan, HAO Xiao-hong. Differential privacy partitioning algorithm based on adaptive density grids [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(9): 12-22.
[2] JIAO Hong-ru, QIN Jing. Quantum secret sharing scheme realizing all hyperstar quantum access structure [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(9): 62-68.
[3] XU Li-dong, WANG Ming-qiang. A meet-in-the-middle attack on 10-round AES-128 [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(7): 39-45.
[4] ZHANG Jian-biao, LI Zhi-gang, LIU Guo-jie, WANG Chao, WANG Wei. Process active dynamic measurement method for Windows environment [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(7): 46-50.
[5] CUI Zhao-yang, SUN Jia-qi, XU Song-yan, JIANG Xin. A secure clustering algorithm of Ad Hoc network for colony UAVs [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(7): 51-59.
[6] LIU Zheng, NIU Fang-lin, QIAN Da-xing, CAI Xi-biao, GUO Ying. Design of anti-eavesdropping code based on fountain codes [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(7): 60-64.
[7] LIU Ming-ming, ZHANG Min-qing, LIU Jia, GAO Pei-xian. Steganalysis method based on shallow convolution neural network [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(3): 63-70.
[8] RUAN Shu-hua, WENG Jun-hao, MAO Hui, CHEN Xue-lian. Metric model for cloud computing security risk assessment [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(3): 71-76.
[9] KANG Hai-yan, HUANG Yu-xuan, CHEN Chu-qiao. Enhancing privacy for geographic information based on video analysis [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(1): 19-29.
[10] MENG Bo, LU Jin-tian, WANG De-jun, HE Xu-dong. Survey of security analysis of security protocol implementations [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(1): 1-18.
[11] SUN Ze-rui, WANG Ji-jun, LI Guo-xiang, XIA Guo-en. New reversible data hiding algorithm based on interpolation images [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(1): 46-52.
[12] SUN Liang, CHEN Xiao-chun, ZHONG Yang, LIN Zhi-peng, REN Tong. Secure startup mechanism of server based on trusted BMC [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(1): 89-94.
[13] YAO Ke, ZHU Bin-rui, QIN Jing. Verifiable public key searchable encryption protocol based on biometrics [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(11): 11-22.
[14] HAN Pan-pan, QIN Jing. Verifiable and searchable encryption scheme for outsourced database in cloud computing [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(9): 41-53.
[15] DING Yi-tao, YANG Hai-bin, YANG Xiao-yuan, ZHOU Tan-ping. A reversible image data hiding scheme in Homomorphic encrypted domain [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(7): 104-110.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
Copyright 2018 © Editorial office of JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE)
Supported by Beijing Magtech Co.Ltd