Zequan Chen,Gang Cui,Lin Zhang,Xin Yang,Hui Li,Yan Zhao,Chengtao Ma,Tao Sun

DOI: https://doi.org/10.1109/access.2021.3077075

IF: 3.9

2021-01-01

IEEE Access

Abstract:Traditional defensive techniques are usually static and passive, and appear weak to confront highly adaptive and stealthy attacks. As a novel security theory, Cyberspace Mimic Defense (CMD) creates asymmetric uncertainty that favors the defender. CMD constructs multiple executors which are diverse functional equivalent variants for the protected target and arbitral mechanism. In this way, CMD senses the results of current running executors and changes the attack surface. Although CMD enhances the security of systems, there are still some critical gaps with respect to design a defensive strategy under costs and security. In this paper, we propose a dual model to dynamically select the number of executors being reconfigured according to the states of the executors. First, we establish a Markov anti-attack model to compare the effects of CMD under different types of attack. Then, we use a dynamic game of incomplete information to determine the optimal strategy, which achieves the balance of the number of reconfiguration and security. Finally, experimental results show that our dual model reduces defensive costs while guarantees security.

computer science, information systems,telecommunications,engineering, electrical & electronic

QIN Junning,HAN Jiajia,ZHOU Sheng,WU Chunming,CHEN Shuangxi,ZHAO Ruoyan,ZHANG Jiangyu

DOI: https://doi.org/10.11959/j.issn.1000-0801.2020143

2020-01-01

Abstract:The unbalanced development status of network security was introduced.The main hazards and the mechanism model of penetration testing were described,and the inherent shortcomings of many existing traditional defense methods were analyzed.However,new method of the mimic defense model makes the attack information obtained invalid by dynamically selecting the executive set and adaptively changing the system composition.The same attack mode is difficult to be maintained or reproduced.Based on the attack chain model,the traditional defensetechnology and mimic defense technology were analyzed and compared,and it was demonstrated that it had a protective role in multiple stages of the attack chain.Finally,the effectiveness and superiority of the mimic defense was verified by experiments,and the model was summarized and prospected.

Shuang-Xi Chen,Xin-Yue Jiang,Gao-Ning Pan,Chun-Ming Wu

DOI: https://doi.org/10.1109/ISNCC.2019.8909166

2019-01-01

Abstract:Resource Scheduling Strategy on heterogeneous executives, which is the “real” service provider, is studied in this paper based on Mimic Defense Theory. Since the redundancy and heterogeneity of executives, their response times differ. In order to mitigate the Bucket Effect on the response time of heterogeneous executives in the existing mimic defense methods, this paper proposes a method based on feedback control model that executive source allocation is adjusted dynamically to improve the response time of the executive set. The comparative experiment shows that this scheduling strategy has a great improvement in response process time, comparing with the existing scheduling strategy.

Hongchao Hu,Jiangxing Wu,Zhenpeng Wang,Guozhen Cheng

DOI: https://doi.org/10.1049/iet-ifs.2017.0086

2017-01-01

IET Information Security

Abstract:In recent years, both academia and industry in cyber security have tried to develop innovative defense technologies, expecting that to change the rules of the game between attackers and defenders. The authors start by analysing the root causes of security problems in cyberspace: (i) vulnerabilities in cyber systems are universal; (ii) current cyber systems are static, predictable and monoculture which allows adversaries to plan and launch attacks effectively; (iii) existing techniques cannot detect and eliminates attacks employing unknown vulnerabilities. Based on their analysis, they develop a novel defense framework, mimic defense (MD), that employs dynamic, heterogeneity, redundancy (DHR)' mechanism to defense cyber attacks. The main ideas behind MD are: constructing diverse functional equivalent variants for the protected target; scheduling some variants to run in parallel dynamically; and adopting policy-based arbitration mechanism to decide whose results of current running variants are correct. Theoretical analysis and simulation results show that DHR can significantly increase the difficulties for attackers and enhance the security of cyber systems, and the security enhancement can be more than ten times. They also present a proof-of-principle prototype that employ MD, mimic router, to examine its effectiveness. Finally, they conclude its limitations.

Jiangxing Wu

DOI: https://doi.org/10.1007/978-3-030-29844-9_8

IF: 2.701

2019-01-01

Wireless Networks

Abstract:DHR, as an innovative and simplified system architecture, can provide general robust control which is not seen in a conventional mode. Not relying on any a priori knowledge and additional security support, it can normalize all uncertain disturbances caused by random faults or attacks based on vulnerabilities or backdoors as classic reliability problems and handle them in the same approach. With its inherent "uncertainty" effect, the DHR framework has an intrinsic defensive function"invisibility." Such invisibility is related not only to the redundancy, heterogeneity, and multimode output vector grammar and semantic abundance of the executors under functional equivalence conditions but also to the multimode decision algorithm set; the executor scheduling policy; the cleaning, restoration, and reorganization and restructuring mechanism; as well as the application of traditional security technology. So now the question is: what driving mechanism and gaming strategy should be adopted to get the desired endogenous security defense effect? The earth biosphere that has been naturally evolving for hundreds of millions of years usually provides a perspective of solving the problem and enlightening us on our creative thinking.

He Jiajun,Yuan Yali,Liang Sichu,Fu Jiale,Zhu Hongyu,Cheng Guang

DOI: https://doi.org/10.23919/jcc.ja.2022-0842

2024-09-10

China Communications

Abstract:In recent years, network attacks have been characterized by diversification and scale, which indicates a requirement for defense strategies to sacrifice generalizability for higher security. As the latest theoretical achievement in active defense, mimic defense demonstrates high robustness against complex attacks. This study proposes a Function-aware, Bayesian adjudication, and Adaptive updating Mimic Defense (FBAMD) theory for addressing the current problems of existing work including limited ability to resist unknown threats, imprecise heterogeneous metrics, and over-reliance on relatively-correct axiom. FBAMD incorporates three critical steps. Firstly, the common features of executors' vulnerabilities are obtained from the perspective of the functional implementation (i.e, input-output relationships extraction). Secondly, a new adjudication mechanism considering Bayes' theory is proposed by leveraging the advantages of both current results and historical confidence. Furthermore, posterior confidence can be updated regularly with prior adjudication information, which provides mimic system adaptability. The experimental analysis shows that FBAMD exhibits the best performance in the face of different types of attacks compared to the state-of-the-art over real-world datasets. This study presents a promising step toward the theoretical innovation of mimic defense.

telecommunications

Zhuoxing Chen,Yiqin Lu,Jiancheng Qin,Zhe Cheng

DOI: https://doi.org/10.1109/access.2021.3111735

IF: 3.9

2021-01-01

IEEE Access

Abstract:Cyberspace mimic defense (CMD) is an active defense theory that has emerged in recent years. By dynamically constructing and scheduling multiple executors, the CMD can not only effectively defend against security threats caused by unknown cyberspace weaknesses, but also improve the present situation of information asymmetry between attackers and defenders in cyberspace. However, as one of the key technologies of the CMD, the scheduling strategy algorithm still needs to be improved in real-time security, reliability, and universality, which has restricted the development and large-scale deployment of the CMD. To solve this problem, we propose an optimal seed scheduling strategy algorithm (OSSSA) in this paper. After using continuous-time Markov processes to mathematically analyze the model of the mimic defense system in cyberspace, we introduce the key factors and their evaluation methods that affecting the CMD defense performance in the OSSSA, then propose a reliable working mechanism of the OSSSA. Furthermore, we present an evaluation method that can effectively evaluate the defense performance of the scheduling algorithms. Experimental results from software simulations and real experiments show that the OSSSA has better real-time defense performance than the current mainstream scheduling strategy algorithms, and can adapt to different practical application scenarios, which is helpful to the further development of the CMD.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zengguang Wang,Yu Lu,Xi Li,Wei Nie

DOI: https://doi.org/10.1504/ijsn.2020.106830

2020-01-01

International Journal of Security and Networks

Abstract:Existing passive defence methods cannot effectively guarantee network security; to solve this problem, a novel method is proposed that selects the optimal defence strategy. The network attack-defence process is modelled based on the Bayesian game. The payoff is quantified from the impact value of the attack-defence actions. The optimal defence strategy is selected that takes defence effectiveness as the criterion. The rationality and feasibility of the method are verified through a representative example, and the general rules of network defence are summarised. Compared to the classic strategy selection methods based on game theory, the proposed method can select the optimal strategy in the form of pure strategy by quantifying defence effectiveness, which was proven to perform better.

Yuling Liu,Dengguo Feng,Yifeng Lian,Kai Chen,Yingjun Zhang

DOI: https://doi.org/10.1007/978-3-642-38033-4_4

2013-01-01

Abstract:In a typical DDoS attack and defense scenario, both the attacker and the defender will take actions to maximize their utilities. However, each player does not know his opponent’s investment and cannot adopt the optimal strategies. We formalize a Bayesian game model to handle these uncertainties and specify two problems usually faced by the defender when choosing defense measures. A nonlinear programming method is proposed to handle policies’ permutation in order to maximize the defender’s utility. Followed the Nash equilibrium, security administrators can take optimal strategies. Finally, the practicality and effectiveness of the model and method are illustrated by an example.

Hao Hu,Yuling Liu,Chen,Hongqi Zhang,Yi Liu

DOI: https://doi.org/10.1109/tnsm.2020.2995713

2020-01-01

IEEE Transactions on Network and Service Management

Abstract:At present, there are many techniques for cyber security defense such as firewall, intrusion detection and cryptography. Despite decades of studies and experiences on this issue, there still exists a problem that we always pay great attention to technology while overlooking strategy. In the traditional warfare, the level of decision-making and the formulation of optimal strategies have a great effect on the warfare result. Similarly, the timeliness and quality of decision-making in cyber attack-defense also make great significance. Since the attackers and defenders are oppositional, the selection of optimal defense strategy with the maximum payoff is difficult. To solve this problem, the stochastic evolutionary game model is utilized to simulate the dynamic adversary of cyber attack-defense. We add the parameter λ to the Logit Quantal Response Dynamics (LQRD) equation to quantify the cognitive differences of real-world players. By calculating the evolutionary stable equilibrium, the best decision-making approach is proposed, which makes a balance between defense cost and benefit. Cases studies on ransomware indicate that the proposed approach can help the defender predict possible attack action, select the related optimal defense strategy over time, and gain the maximum defense payoff.

Yan Mi,Hengwei Zhang,Hao Hu,Jinglei Tan,Jindong Wang

DOI: https://doi.org/10.1155/2021/5594697

IF: 1.968

2021-08-21

Security and Communication Networks

Abstract:In a real-world network confrontation process, attack and defense actions change rapidly and continuously. The network environment is complex and dynamically random. Therefore, attack and defense strategies are inevitably subject to random disturbances during their execution, and the transition of the network security state is affected accordingly. In this paper, we construct a network security state transition model by referring to the epidemic evolution process, use Gaussian noise to describe random effects during the strategy execution, and introduce a random disturbance intensity factor to describe the degree of random effects. On this basis, we establish an attack-defense stochastic differential game model, propose a saddle point equilibrium solution method, and provide an algorithm to select the optimal defense strategy. Our method achieves real-time defense decision-making in network attack-defense scenarios with random disturbances and has better real-time performance and practicality than current methods. Results of a simulation experiment show that our model and algorithm are effective and feasible.

computer science, information systems,telecommunications

Bowen Xu,Mengxiang Liu,Rui Zhong,Ke Zuo,Ruilong Deng

DOI: https://doi.org/10.1109/tii.2024.3457037

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:In recent years, numerous studies have explored how to allocate limited defense resource among meters to increase difficulties for launching attacks in power systems. However, existing studies often simplify this problem by assuming the linearity of attack cost functions, which creates an inevitable gap between theoretical analysis and practical scenarios. In this article, general nonlinear attack cost functions are considered in the formulation of the optimal defense resource problem, resulting in a mixed-integer nonlinear programming problem. This poses a challenging task for numerical methods or popular commercial solvers. To address this issue, an advanced slime mould algorithm with specialized initialization and evolutionary schemes is proposed. Specifically, a customized initialization strategy is designed such that the population can be easily initialized within the nonconvex feasible region aligning with the nonlinear constraints. Besides, in the evolutionary process, the fitness function is well-designed to encourage the individuals violating nonlinear constraints to evolve toward feasible directions. Comprehensive case studies verify that, compared to the state-of-the-art solvers, the proposed approach can achieve satisfactory defense resource allocation results in terms of feasibility, optimality, and real-time performance.

Ming Liu,Lu Ma,Chao Li,Weiling Chang,Yuanjie Wang,Jianming Cui,Yingying Ji

DOI: https://doi.org/10.1109/MSN50589.2020.00110

2020-01-01

Abstract:Since the current cyberspace is becoming changeable and complex over times, the situation of cyber security is becoming increasingly severe, and one of the important issues is that there is still lack of a general applicability defense model for open and dynamic networks. Recent research suggests that the evolutionary game methods have the advantage of improving the defensive capabilities based on the internal decision and learning mechanisms. In this paper, by exploiting the advantage of collaborative decision-making in multi-agent system, we constructed the dynamic cyber defense problem into a decentralized multi-agent cooperative decision framework, whose core idea is the initiative decentralized interactions among defense agents. Then, we contributed a heuristic imprecise probabilistic based interaction decision algorithm, HIDS, that is, which utilizes the multidimensional semantic relevance among observation, tasks and agents, so that agents can continuously improve cognition and optimize decision-making by learning interactive records. In addition, we analyzed the equivalence and the transformation conditions between the proposed model and the existing decision models, and combined the evolutionary game with the nonlinear stochastic theory, then the evolution process of the defense policies are analyzed. Finally, the performance comparison of the proposed algorithm and the influence of different intensity random disturbances on the evolution process are analyzed.

Jiale Fu,Yali Yuan,Jiajun He,Sichu Liang,Zhe Huang,Hongyu Zhu

DOI: https://doi.org/10.48550/arXiv.2208.10276

2022-08-22

Cryptography and Security

Abstract:The current security problems in cyberspace are characterized by strong and complex threats. Defenders face numerous problems such as lack of prior knowledge, various threats, and unknown vulnerabilities, which urgently need new fundamental theories to support. To address these issues, this article proposes a generic theoretical model for cyberspace defense and a new mimic defense framework, that is, Spatiotemporally heterogeneous, Input aware, and Dynamically updated Mimic Defense (SIDMD). We make the following contributions: (1) We first redefine vulnerabilities from the input space perspective to normalize the diverse cyberspace security problem. (2) We propose a novel unknown vulnerability discovery method and a dynamic scheduling strategy considering temporal and spatial dimensions without prior knowledge. Theoretical analysis and experimental results show that SIDMD has the best security performance in complex attack scenarios, and the probability of successful attacks is greatly reduced compared to the state-of-the-art.

Chen Lin,Hui Xiao,Rui Peng,Yisha Xiang

DOI: https://doi.org/10.1016/j.ress.2021.107510

2021-06-01

Abstract:This research studies the system defense of M defenders against N attackers. We model this problem as a defense-attack game between M defenders and N attackers based on the cumulative prospect theory. In this game, the defenders can allocate their resources to defend the system from being attacked, and to attack the attackers such that the opponents lose their offensive power. In response, the attackers can allocate its offensive resources to attack the system and defend themselves from being attacked by the defenders. In this research, we use the cumulative prospect value instead of the vulnerability as the performance measure such that the risk attitudes of defenders and attackers can be considered. Further, we study the cooperative behaviors and non-cooperative behaviors of the attackers and analyze the effect on the optimal resource allocation. Numerical experiments are carried out to illustrate the applications.

engineering, industrial,operations research & management science

Jiangxing WU

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.04.001

2016-01-01

Abstract:The unbalance in cyber security and its root is analyzed in this paper, of which a dynamically redundant het-erogeneity architecture and the basic principle to compose an information system of high reliability and high security level with unreliable hardware is mainly discussed. Then, basic concepts about mimic defense is briefly stated. Finally, a test evaluation and preliminary conclusion about the system of mimic defense verification is presented.

Yanhua Liu,Hui Chen,Hao Zhang,Ximeng Liu

DOI: https://doi.org/10.1155/2021/4773894

IF: 1.968

2021-11-11

Security and Communication Networks

Abstract:Evolutionary game theory is widely applied in network attack and defense. The existing network attack and defense analysis methods based on evolutionary games adopt the bounded rationality hypothesis. However, the existing research ignores that both sides of the game get more information about each other with the deepening of the network attack and defense game, which may cause the attacker to crack a certain type of defense strategy, resulting in an invalid defense strategy. The failure of the defense strategy reduces the accuracy and guidance value of existing methods. To solve the above problem, we propose a reward value learning mechanism (RLM). By analyzing previous game information, RLM automatically incentives or punishes the attack and defense reward values for the next stage, which reduces the probability of defense strategy failure. RLM is introduced into the dynamic network attack and defense process under incomplete information, and a multistage evolutionary game model with a learning mechanism is constructed. Based on the above model, we design the optimal defense strategy selection algorithm. Experimental results demonstrate that the evolutionary game model with RLM has better results in the value of reward and defense success rate than the evolutionary game model without RLM.

computer science, information systems,telecommunications

Vignesh Viswanathan,Megha Bose,Praveen Paruchuri

DOI: https://doi.org/10.48550/arXiv.2301.09892

2023-01-24

Computer Science and Game Theory

Abstract:Moving Target Defense (MTD) has emerged as a key technique in various security applications as it takes away the attacker's ability to perform reconnaissance for exploiting a system's vulnerabilities. However, most of the existing research in the field assumes unrealistic access to information about the attacker's motivations and/or actions when developing MTD strategies. Many of the existing approaches also assume complete knowledge regarding the vulnerabilities of a system and how each of these vulnerabilities can be exploited by an attacker. In this work, we aim to create algorithms that generate effective Moving Target Defense strategies that do not rely on prior knowledge about the attackers. Our work assumes that the only way the defender receives information about its own reward is via interaction with the attacker in a repeated game setting. Depending on the amount of information that can be obtained from the interactions, we devise two different algorithms using multi-armed bandit formulation to identify efficient strategies. We then evaluate our algorithms using data mined from the National Vulnerability Database to showcase that they match the performance of the state-of-the-art techniques, despite using a lot less amount of information.

Weizhen He,Jinglei Tan,Yunfei Guo,Ke Shang,Guanhua Kong

DOI: https://doi.org/10.1155/2023/5560416

IF: 8.993

2023-09-07

International Journal of Intelligent Systems

Abstract:The existing cyber deception decision-making model based on game theory primarily focuses on the selection of spatial strategies, which ignores the optimal defense timing and can affect the execution of a defense strategy. Consequently, this paper presents a method for selecting deception strategies based on a multi-stage Flipit game. Firstly, based on the analysis of cyber deception attack and defense, we propose a concept of moving deception attack surface and analyze the characteristics of deception attack and defense interaction behaviors based on the Flipit game model. The Flipit game model is then utilized to create a single-stage deception spatial-temporal decision-making model. Additionally, we introduce the discount factor and transition probability based on a single-stage game model and construct a multi-stage cyber deception model. We provide the utility function of the multi-stage game model, and design a Proximal Policy Optimization algorithm based on deep reinforcement learning to compute the defender’s optimal spatial-temporal strategies. Finally, we utilize an application example to validate the effectiveness of the model and the advantages of the proposed algorithm in generating the multi-stage cyber deception strategy.

computer science, artificial intelligence

Jiangxing Wu

DOI: https://doi.org/10.1007/978-3-030-29844-9_10

2019-01-01

Abstract:In Chap. 9, we described the basic principles of mimic defense. In this chapter, we will focus on the basic conditions and constraints for mimic defense engineering and implementation, the key implementation mechanisms, major issues, and possible approaches and solutions. We will also briefly explore how to test and evaluate the mimic defense.