Yu-jia ZHANG,Jian-min PANG,Zheng ZHANG,Jiang-xing WU

DOI: https://doi.org/10.11896/j.issn.1002-137X.2018.02.037

2018-01-01

Abstract:With the development of reverse engineering,the software industry has suffered a great loss from the software piracy and malicious attack for a long time.Code obfuscation techniques which can hide specific function of a program from malicious analysis for malware is thus frequently employed to mitigate this risk.However,most of the existing obfuscation methods are language embedded and depend on the target architecture,this paper proposed a method of compile-time obfuscation,and further presented a prototype implementedation based on the LLVM compiler infrastructure.Furthermore,this paper implemented a mimic security defence system which is free from malicious attack with the software diversity method.

QIN Junning,HAN Jiajia,ZHOU Sheng,WU Chunming,CHEN Shuangxi,ZHAO Ruoyan,ZHANG Jiangyu

DOI: https://doi.org/10.11959/j.issn.1000-0801.2020143

2020-01-01

Abstract:The unbalanced development status of network security was introduced.The main hazards and the mechanism model of penetration testing were described,and the inherent shortcomings of many existing traditional defense methods were analyzed.However,new method of the mimic defense model makes the attack information obtained invalid by dynamically selecting the executive set and adaptively changing the system composition.The same attack mode is difficult to be maintained or reproduced.Based on the attack chain model,the traditional defensetechnology and mimic defense technology were analyzed and compared,and it was demonstrated that it had a protective role in multiple stages of the attack chain.Finally,the effectiveness and superiority of the mimic defense was verified by experiments,and the model was summarized and prospected.

Shuang-Xi Chen,Xin-Yue Jiang,Gao-Ning Pan,Chun-Ming Wu

DOI: https://doi.org/10.1109/ISNCC.2019.8909166

2019-01-01

Abstract:Resource Scheduling Strategy on heterogeneous executives, which is the “real” service provider, is studied in this paper based on Mimic Defense Theory. Since the redundancy and heterogeneity of executives, their response times differ. In order to mitigate the Bucket Effect on the response time of heterogeneous executives in the existing mimic defense methods, this paper proposes a method based on feedback control model that executive source allocation is adjusted dynamically to improve the response time of the executive set. The comparative experiment shows that this scheduling strategy has a great improvement in response process time, comparing with the existing scheduling strategy.

Ming Wan,Minglei Hao,Yang Li,Jianming Zhao,Ying Li

DOI: https://doi.org/10.1145/3586102.3586127

2022-01-01

Abstract:Due to the rapid development of industrial automation, ICSs (Industrial Control Systems) gradually expose their potential security vulnerabilities, and are facing more and more serious security risks. Although different industrial security technologies have been developed to strengthen industrial security protection, they always struggle for their own because of their standalone and non-related functions, and their actual defense effects are not encouraging. This paper first summarizes some intrinsic security vulnerabilities in ICSs, and analyzes the main causes to generate each class of vulnerabilities. Furthermore, five popular security technologies which have been successfully applied in today's ICSs are introduced, and their advantages and shortages are also compared by explaining each working mechanism. In order to take full advantage of various industrial security technologies, this paper proposes one novel cooperative defense model based P2DR (Policy, Protection, Detection and Response), which establishes the dynamical defense process to integrate five different industrial security technologies. Under the guidance of security policies, this model can comprehensively utilize the resources of various industrial security technologies to learn and judge current security status of the whole system, and effectively adjust the optimum deployment to provide the strongest protection with the lowest risk. Finally, one applicable case based on the proposed model is designed to verify the feasibility of cooperative defense in ICSs.

Hongchao Hu,Jiangxing Wu,Zhenpeng Wang,Guozhen Cheng

DOI: https://doi.org/10.1049/iet-ifs.2017.0086

2017-01-01

IET Information Security

Abstract:In recent years, both academia and industry in cyber security have tried to develop innovative defense technologies, expecting that to change the rules of the game between attackers and defenders. The authors start by analysing the root causes of security problems in cyberspace: (i) vulnerabilities in cyber systems are universal; (ii) current cyber systems are static, predictable and monoculture which allows adversaries to plan and launch attacks effectively; (iii) existing techniques cannot detect and eliminates attacks employing unknown vulnerabilities. Based on their analysis, they develop a novel defense framework, mimic defense (MD), that employs dynamic, heterogeneity, redundancy (DHR)' mechanism to defense cyber attacks. The main ideas behind MD are: constructing diverse functional equivalent variants for the protected target; scheduling some variants to run in parallel dynamically; and adopting policy-based arbitration mechanism to decide whose results of current running variants are correct. Theoretical analysis and simulation results show that DHR can significantly increase the difficulties for attackers and enhance the security of cyber systems, and the security enhancement can be more than ten times. They also present a proof-of-principle prototype that employ MD, mimic router, to examine its effectiveness. Finally, they conclude its limitations.

Guangsong Li,Wei Wang,Keke Gai,Yazhe Tang,Benchao Yang,Xueming Si

DOI: https://doi.org/10.1007/s11265-019-01473-6

2020-04-15

Journal of Signal Processing Systems

Abstract:The long-term existence of various vulnerabilities and backdoors in software and hardware makes security threats of the cyberspace more and more serious. Cyberspace mimic defense tries to use uncertain defense to deal with uncertain threat and construct the risk-controlled information system based on components with security flaws. However, mimic defense system is at a preliminary stage of research. It is necessary to pay more attention to the new theory. This paper further expands the ideas from mimic defense system and proposes a typical framework for the system. Then principles of mimic transformation design are explained. This paper also describes concepts of mimic operator and mimic awareness function. Effectiveness of mimic defense system is showed by simulations of mimic defense web server.

Haifeng Zhou,Chunming Wu,Ming Jiang,Boyang Zhou,Wen Gao,Tingting Pan,Min Huang

DOI: https://doi.org/10.1109/mcom.2015.7081074

IF: 9.03

2015-01-01

IEEE Communications Magazine

Abstract:The past few years have witnessed revolutionary advances in network technology. Along with new techniques such as SDN come lots of new network security challenges. Conventional network security mechanisms are incompetent to overcome these challenges, since they are built on a static network configuration that facilitates attackers in finding the weaknesses of a network. In this article, we conceive a novel conceptual network security mechanism, the evolving defense mechanism (EDM), to resolve current and future security problems. EDM is based on a bio-inspired idea of network configuration variations. According to the security requirements of the system, the user, and the network security state, EDM selects an efficient network configuration variation strategy to prevent corresponding security threats. Combined with SDN implementation, EDM resolves security problems from a new angle and is capable of evolving with new network security technology. We sketch a way to implement EDM and present its reference framework, which serves as an ecosystem and coexisting environment for various kinds of network configuration variations. The proposed mechanism avoids the deficiency of conventional mechanisms and has potential to cope with emerging security threats.

Zhimei Zhang,Shaowei Huang,Ying Chen,Boda Li,Shengwei Mei

DOI: https://doi.org/10.1109/tpwrs.2021.3086681

IF: 7.326

2022-01-01

IEEE Transactions on Power Systems

Abstract:Since modern cyber-physical power systems are vulnerable to coordinated wide-area cyber attacks, it is necessary to mitigate the potential risk as much as possible. At the planning stage, the defender can utilize software diversity, which is a common phenomenon that the cyber software of different substations comes from different competing vendors. Therefore, different kinds of software may not be exposed to the same zero-day security loophole, preventing the attacker from taking charge of multiple substations at the same time. In this paper, the optimal scheme of software deployment considering long-term risk mitigation is studied. Firstly, the framework of diversity-based cyber defense against malicious attacks is formulated. Secondly, the risk index based on representative attack patterns is constructed, which is the objective to be minimized. Thirdly, considering that the deployment scheme is long-term stable while the operating mode varies with time, we construct a multiobjective nonlinear stochastic programming to mitigate the average risk of operating modes. Then the optimization problem is solved by the multiobjective genetic algorithm. Lastly, results of the IEEE 39-node CPPS and and the Virtual European Grid demonstrate that the proposed method can considerably reduce the attack risk.

Jiale Fu,Yali Yuan,Jiajun He,Sichu Liang,Zhe Huang,Hongyu Zhu

DOI: https://doi.org/10.48550/arXiv.2208.10276

2022-08-22

Cryptography and Security

Abstract:The current security problems in cyberspace are characterized by strong and complex threats. Defenders face numerous problems such as lack of prior knowledge, various threats, and unknown vulnerabilities, which urgently need new fundamental theories to support. To address these issues, this article proposes a generic theoretical model for cyberspace defense and a new mimic defense framework, that is, Spatiotemporally heterogeneous, Input aware, and Dynamically updated Mimic Defense (SIDMD). We make the following contributions: (1) We first redefine vulnerabilities from the input space perspective to normalize the diverse cyberspace security problem. (2) We propose a novel unknown vulnerability discovery method and a dynamic scheduling strategy considering temporal and spatial dimensions without prior knowledge. Theoretical analysis and experimental results show that SIDMD has the best security performance in complex attack scenarios, and the probability of successful attacks is greatly reduced compared to the state-of-the-art.

Jiangxing WU

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.04.001

2016-01-01

Abstract:The unbalance in cyber security and its root is analyzed in this paper, of which a dynamically redundant het-erogeneity architecture and the basic principle to compose an information system of high reliability and high security level with unreliable hardware is mainly discussed. Then, basic concepts about mimic defense is briefly stated. Finally, a test evaluation and preliminary conclusion about the system of mimic defense verification is presented.

Jiangxing Wu

DOI: https://doi.org/10.1007/978-3-030-29844-9_5

IF: 2.701

2019-01-01

Wireless Networks

Abstract:As mentioned earlier, moving target defense (MTD) [1] adopts multiple security technologies featuring diversity, dynamicity, and randomness, aiming to change the passive cyber defense situation by greatly increasing the cost of attack and vulnerability exploitation through the deployment and operation of networks, platforms, systems, devices, and even components that are subject to apparent uncertainty and random dynamics. In fact, such basic defense methods or technical elements as diversity, randomness, redundancy, and dynamicity are not exclusively for MTD or certain security defense systems. They have been widely used in all aspects of the related fields, and the purpose is nothing but how to endow the target system with security attributes, such as diversity, randomness, and dynamicity, to build a survivable, recoverable, and fault-tolerant self-adaptive system in the harsh context of an elusive operating environment, asymmetrical threats, or uncertain failures. For example, the biodiversity mechanism in natural communities guarantees the stability of the ecosystems, while the dynamic multipath forwarding mechanism in communication networks guarantees the anti-interception of data transmission. Various encryption technologies are applying pseudo-random properties or methods, and the redundancy technology is a “talisman” in the field of reliability. This chapter will elaborate on the concepts, characteristics, and applications of diversity, randomness, and dynamicity technologies themselves and analyze the possible engineering challenges for introducing these underlying defense technologies into information systems, with an attempt to comb the ties among the three technologies and propose the relevant arguments.

Xu Junjie,Junjie Xu

DOI: https://doi.org/10.4236/jcc.2021.97001

2021-01-01

Journal of Computer and Communications

Abstract:With the rapid growth of network technology, the methods and types of cyber-attacks are increasing rapidly. Traditional static passive defense technologies focus on external security and known threats to the target system and cannot resist advanced persistent threats. To solve the situation that cyberspace security is easy to attack and difficult to defend, Chinese experts on cyberspace security proposed an innovative theory called mimic defense, it is an active defense technology that employs “Dynamic, Heterogeneous, Redundant” architecture to defense attacks. This article first briefly describes the classic network defense technology and Moving Target Defense (MTD). Next, it mainly explains in detail the principles of the mimic defense based on the DHR architecture and analyzes the attack surface of DHR architecture. This article also includes applications of mimic defense technology, such as mimic routers, and mimic web defense systems. Finally, it briefly summarizes the existing research on mimic defense, expounds the problems that need to be solved in mimic defense, and looks forward to the future development of mimic defense.

Luo Xingguo,Tong Qing,Zhang Zheng,Wu Jiangxing

DOI: https://doi.org/10.15302/j-sscae-2016.06.014

2016-01-01

Abstract:Cyberspace security is in an unbalanced state, in which it is easy to attack and difficult to defend. Active defense technology is a new direction in cyberspace security research, which is attracting increasing attention. This paper summarizes the development of active defense via the introduction of intrusion-tolerant technology and moving target defense technology. Furthermore, the theory, implementation, and testing of mimic defense are introduced. Based on a comparison of mimic defense with intrusion tolerance and moving target defense, the research direction and the key points of cybersecurity rebalancing strategy are proposed to provide a reference for the development of national cybersecurity.

Tingting Li,Cheng Feng,Chris Hankin

DOI: https://doi.org/10.48550/arXiv.1811.00142

2018-10-31

Cryptography and Security

Abstract:Network diversity has been widely recognized as an effective defense strategy to mitigate the spread of malware. Optimally diversifying network resources can improve the resilience of a network against malware propagation. This work proposes an efficient method to compute such an optimal deployment, in the context of upgrading a legacy Industrial Control System with modern IT infrastructure. Our approach can tolerate various constraints when searching for an optimal diversification, such as outdated products and strict configuration policies. We explicitly measure the vulnerability similarity of products based on the CVE/NVD, to estimate the infection rate of malware between products. A Stuxnet-inspired case demonstrates our optimal diversification in practice, particularly when constrained by various requirements. We then measure the improved resilience of the diversified network in terms of a well-defined diversity metric and Mean-time-to-compromise (MTTC), to verify the effectiveness of our approach. We further evaluate three factors affecting the performance of the optimization, such as the network structure, the variety of products and constraints. Finally, we show the competitive scalability of our approach in finding optimal solutions within a couple of seconds to minutes for networks of large scales (up to 10,000 hosts) and high densities (up to 240,000 edges).

Zhili Lin,Kedan Li,Hanxu Hou,Xin Yang,Hui Li

DOI: https://doi.org/10.1109/bigdata.2017.8258229

2017-01-01

Abstract:As the Internet and the big data system evolve rapidly, the deployment of distributed applications becomes widespread, promoting the development of Distributed File System (DFS). The existing defense technologies for DFS, such as detection or patching, mainly aim to protect the system from known attacks and vulnerabilities. However, it is difficult for those systems to solve the growing security issues from the unknown threats due to their passiveness and hysteresis. In this paper, we propose MDFS, a mimic defense theory based architecture for DFS with the capability to improve the data security. Mimic Defense (MD), a proactive defense embedded in MDFS, emphasizes dynamism, heterogeneity and redundancy. The key benefits of MD are transferring the attack surface as well as increasing the cost of modification.

Zubaida Rehman,Iqbal Gondal,Mengmeng Ge,Hai Dong,Mark Gregory,Zahir Tari

DOI: https://doi.org/10.1016/j.cose.2023.103685

IF: 5.105

2024-01-05

Computers & Security

Abstract:The Internet of Things (IoT) has become increasingly prevalent in various aspects of our lives, enabling billions of devices to connect and communicate seamlessly. However, the intricate nature of IoT connections and device vulnerabilities exposes the devices to security threats. To address the security challenges, we propose a proactive defense framework that leverages a model-based approach for security analysis and facilitates the defense strategies. Our proposed approach incorporates proactive defense mechanisms that combine Moving Target Defense techniques with cyber deception. The proposed approach involves the use of a decoy nodes as a deception technique and operating system based diversity as a moving target defense strategy to change the attack surface area of IoT networks. Additionally, we introduce a technique known as Important Measure-based Operating System Diversity to reduce defense cost. The effectiveness of the defense mechanisms was evaluated by using a graphical security model in a Software Defined Networking-based IoT network. Simulation results demonstrate the effectiveness of our approach in mitigating the impact of attacks while maintaining high performance levels in IoT networks.

computer science, information systems

Qing TONG,Zheng ZHANG,Wei-Hua ZHANG,Jiang-Xing WU

DOI: https://doi.org/10.13328/j.cnki.jos.005192

2017-01-01

Abstract:The Web server system,being the most important platform of supporting and providing network services,is facing serious security problem.The existing defending technologies mainly deal with the known attacking methods or the known vulnerabilities,and therefore are not effective in case of the unknown threats and do not provide overall defense.This paper first proposes an attacking model to analyze the shortcomings of existing defending technologies.Next,a dynamic heterogeneous redundancy structure based mimic defending model is proposed,and its defending principles and the characteristics are interpreted.Then,the mimic defending Web server is designed on the mimic defending model,and the structure and the implementation principles in the Web server design are introduced.The results of security and performance tests show that the presented mimic defending Web server can defend against all kinds of attacks in the tests with little performance loss,which verifies the effectiveness and the practicability of the mimic defending technology.Finally a perspective of the future work and challenges of mimic defending technology is discussed.

Jun Zhu,Bill Chu,Heather Richter Lipford,Tyler Thomas

DOI: https://doi.org/10.1145/2752952.2752976

2015-01-01

Abstract:ABSTRACTAccess control vulnerabilities due to programming errors have consistently ranked amongst top software vulnerabilities. Previous research efforts have concentrated on using automatic program analysis techniques to detect access control vulnerabilities in applications. We report a comparative study of six open source PHP applications, and find that implicit assumptions of previous research techniques can significantly limit their effectiveness. We propose a more effective hybrid approach to mitigate access control vulnerabilities. Developers are reminded in-situ of potential access control vulnerabilities, where self-review of code can help them discover mistakes. Additionally, developers are prompted for application-specific access control knowledge, providing samples of code that could be thought of as static analysis by example. These examples are turned into code patterns that can be used in performing static analysis to detect additional access control vulnerabilities and alert the developer to take corrective actions. Our evaluation of six open source applications detected 20 zero-day access control vulnerabilities in addition to finding all access control vulnerabilities detected in previous works.

ying zhou,zhongfu wu,feng li,hao wang,zhengzhou zhu

2006-01-01

Abstract:As Peer-to-peer (P2P) networking technologies become popular, P2P worms which exploit common vulnerabilities of P2P software to achieve fast worm propagation have emerged. It is believed that software diversity can decrease the virulence of worms and the effectiveness of repeated applications of single attacks. In this paper, we introduce software diversity into the prevent- ion of worm propagation in P2P networks. In particular, we propose a P2P-based software diversity model and conduct both theoretical analysis and extensive simulations to test the performance of software diversity in containing P2P worm propagation. The results indicate that our work can provide a new way to mitigate threats of P2P worms.

Haiyang Yu,Hui Li,Xin Yang,Huajun Ma

DOI: https://doi.org/10.23919/jcc.2021.08.009

2021-01-01

China Communications

Abstract:With the advent of the era of big data, cloud computing, Internet of things, and other information industries continue to develop. There is an increasing amount of unstructured data such as pictures, audio, and video on the Internet. And the distributed object storage system has become the mainstream cloud storage solution. With the increasing number of distributed applications, data security in the distributed object storage system has become the focus. For the distributed object storage system, traditional defenses are means that fix discovered system vulnerabilities and backdoors by patching, or means to modify the corresponding structure and upgrade. However, these two kinds of means are hysteretic and hardly deal with unknown security threats. Based on mimic defense theory, this paper constructs the principle framework of the distributed object storage system and introduces the dynamic redundancy and heterogeneous function in the distributed object storage system architecture, which increases the attack cost, and greatly improves the security and availability of data.