Daojing He,Sammy Chan,Yan Zhang,Chunming Wu,Bing Wang

DOI: https://doi.org/10.1109/mis.2013.105

IF: 6.744

2014-01-01

IEEE Intelligent Systems

Abstract:Attack-defense models play an important role in the design of cybersecurity systems. Here, the authors review some traditional and prevailing attack-defense models along with their weaknesses. Then, they survey some recently proposed paradigm shifts to these models based on which more effective security strategies can be designed. Further, they provide some suggestions on how to adopt the new models, and present challenges that need to be addressed in this field.

L Cai,Xh Yang

DOI: https://doi.org/10.1109/ICSMC.2005.1571196

2005-01-01

Abstract:More and more network attacks are focusing on application level vulnerabilities. Recently, several examples of this trend have been highly publicized such as the SQL Slammer and SQL Snake attacks. Traditional firewalls, used for protecting the database, only prevent attacks searching for vulnerabilities. Database firewalls take defense deep into the organization by providing full syntax control and audit of the SQL AN stream before it reaches the database, and enforcing content-driven access to database. This paper proposes a layered reference model for database firewalls by enhancing the capability of COAST Laboratory's model. It separates a database firewall into three layers (network layer, schematic layer and semantic layer) according to the knowledge, computation target, and the control granularity of each layer. Based on this model, a database firewall product had been prototyped It can greatly improve the database security by introducing self-controlled authentication principal mapping, object mapping, and mandatory access control modules.

Jianpeng Zhao,Shize Guo,Kangfeng Zheng,Xinxin Niu,Yao Jiang

DOI: https://doi.org/10.1109/ICITIS.2010.5689469

2010-01-01

Abstract:This paper analyses the characteristics of the Web Accessing DoS attacks, then proposes an active defense model. Based on the differences of data and time between the Web Accessing DoS attacks and the normal users' browsing behavior, the active defense model will divide the web accessing traffic into three types: the normal browsing traffic, the actual attacking traffic, the dubitable attacking traffic. The policies for accessing traffic are different: the normal browsing traffic is permitted to access the web site; the actual attacking traffic is forbidden to access the web site; the dubitable attacking traffic will be led into the deception web site, then the active defense model will determine whether to permit the traffic to access the web site or not according to the observing result. The experimental results show that the model is effective in detecting and preventing the Web Accessing DoS attacks.

LI lang,LI Renfa,LI Kenli

DOI: https://doi.org/10.3969/j.issn.1671-1815.2006.02.011

2006-01-01

Abstract:Presently, aiming at the increasingly serious campus network security, a set of more efficient and perfect model of active defense are propose. This model organically joins intrusion detection and deception techniques, adopt the technology of the honeynet to draw the characteristic storehouse of the attack, transmit the mechanism through XML news, realized an intact active defense system model, the relevant sore technology is discussed.

楼润瑜,王备战,王伟

2010-01-01

Abstract:In order to defend the attacks caused by DDOS and worms(or vicious codes) in large scale network,a general,solid,in-depth and distributed active cooperation defense model is presented.A set of achievable methods ranging from systemic architecture,function mechanisms and algorithm descriptions are given.The model,which is demonstrated by the system architecture,function modules and active cooperation defense to stop the attacks,is the integrated and systemic model.It integrates several role security technologies,such as IDS,firework and honeynet,and achieves a complete set of functional mechanisms for active cooperation defense.By the cooperation from the security components within inside and outside the autonomous system(AS),we realize the active cooperation defense which involves the multi-level defense range from network boundary level,kernel level,sub-network level to host level.As a result,the presented model not only can achieve effectively security defense in the large scale network,but also can have the good generality and scalability.

Yu Zheng,Zheng Li,Xiaolong Xu,Qingzhan Zhao

DOI: https://doi.org/10.1016/j.dcan.2021.07.006

IF: 6.348

2021-07-01

Digital Communications and Networks

Abstract:Driven by the rapid development of the Internet of Things, cloud computing and other emerging technologies, the connotation of cyber space is constantly expanding and becoming the fifth dimension of human activities. However, security problems in cyber space are becoming serious, and traditional defense measures (e.g., firewall, intrusion detection systems and security audit) often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with higher and higher degree of coordination and intelligence. By constructing and implementing the diverse strategy of dynamic transformation, the configuration characteristics of systems are constantly changing and the probability of vulnerability exposure is increasing. Therefore, the difficulty and cost of attack are increasing, which provides new ideas for reversing the asymmetric situation of defense and attack in cyber space. Nonetheless, there are few related works that systematically introduce dynamic defense mechanisms for cyber security. The related concepts and development strategies of dynamic defense are rarely analyzed and summarized. To bridge this gap, we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security. Specifically, we firstly introduce basic concepts and define dynamic defense in cyber security. Next, we review the architectures, enabling techniques and methods for moving target defense and mimic defense. This is followed with taxonomically summarizing the implementation and evaluation of dynamic defense. Finally, we discuss some open challenges and opportunities on dynamic defense in cyber security.

Hao YIN,Dongchao GUO,Yongqiang LYU,Peng YANG,Zhiwei ZHAO,Yaoxue ZHANG

DOI: https://doi.org/10.1360/n112017-00171

2019-01-01

Abstract:Cyberspace security is vital to state interest. Recently, there are some challenges in cyber security. In architecture for instance, although protection mechanisms are introduced and applied everywhere, the modern network architecture (well connected and open) still has difficulty in completely ensuring cyber security. It is also observed that contemporary cyber security protection mechanism highly depends on the priori information of security threats and thus will hardly address unknown potential threats. In this paper, a novel cyberspace security protection framework is proposed. A dual-structural Internet scheme that integrates the current Internet architecture with a redundant secondary structure network characterized by its broad-storage scheme, heterogeneous structure, and dynamic protection mechanism is introduced. Also, a novel active defense mechanism that is knowledge-data driven and thus independent of the priori information of the security threat is proposed. Furthermore, some key techniques such as transparent access and prepositive active defense are introduced. The theoretical and technical work proposed in this paper offers a comprehensively evolutionary solution to constructing a cyberspace in which the protection mechanism is more independent and active.

Huo Chengyi,Wu Zhenqiang,Jian Xiaochun,Zhang Jie

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.12.051

2006-01-01

Abstract:Depending on the PPDR dynamic defense model, synthesize the firewall, intrusion detection system and honeypot, this paper proposed a network security of dynamic defense model. It focused on discovering attackers early, study attackers and product new rules, so that always make network defense instrusion to be placed in the active position.

CHEN Yulai,SHAN Rongsheng,BAI Yingcai

DOI: https://doi.org/10.3969/j.issn.1009-8054.2007.02.062

2007-01-01

Abstract:This paper presents a dynamic defense model of network security, based on which a prototype system is implemented. The system integrates the mechanisms of detection and access control, and has close loop response to the results of attack detection. The system obtains some changes of the service port by network service discrimination and active scan technologies, and then dynamically adjusts and loads the detection module according to these changes, so that the accuracy and efficiency of detection are improved. The experimental results show that the system has a closed-loop dynamic protection mechanism.

Xifeng AN,Weihua LI,Zun LIU

DOI: https://doi.org/10.3321/j.issn:0253-987X.2008.12.013

2008-01-01

Abstract:A novel network security cooperative defense technology is studied and a cooperative control framework based on agent mechanism is proposed to solve the lack of cooperative control and whole effect in traditional defense systems. The technology supports both IPv4 and IPv6 protocols and security modules in the framework are associated with each other to accomplish communication and work together. Furthermore, a network security cooperative defense system is composed and the key functions that support the early-alert, audit, accident recovery, network camouflage and so on are also achieved. The pivotal research is emphasized on the key technologies of system call sequences audit model based on machine learning and cooperative accident recovery. Under the condition of 100 M Data flow speed, the NSCDS software's false negative is less than 6% and its false positive is less than 8%. Besides, all module functions work normally and the system can be used to carry out cooperative defense capability.

Jian Liu,Song Chen

2005-01-01

Abstract:Nowadays, the defense strategy of firewall is passive. It would wait the attacker to attack passively. Referring to safety psychology, the vulnerability of firewall is analyzed. A new firewall is presented. When the firewall finds visits that are not allowable, the firewall will redirect these visits to the recognition area, so that the main system is protected. The key technologies in the firewall are attack identification and redirection.

zhanjiang li,yutao xiang,Dongsheng He

DOI: https://doi.org/10.1007/978-3-540-74377-4_92

2007-01-01

Abstract:Currently there is very few data that can describe the whole profile of a DDoS attack. In this paper, the active DDoS defense system deploys a number of sub-systems, such as Flexible Deterministic Packet Marking (FDPM) and Mark-Aided Distributed Filtering (MADF). In addition, two DDoS tools, TFN2K and Trinoo, are adopted and integrated into SSFNet to create virtual DDoS networks to simulate the attacks. Then, simulation experiments are used to evaluate the performance of the active DDoS defense system. At last, we set up a model to describe the interactions between DDoS attack and defense party, which allows us to have a deep insight of the interactions between the attack and defense parties. Experiment results shows that the model can precisely estimate the defense effectiveness of the system when it encounters attacks.

Wenlian Lu,Shouhuai Xu,Xinlei Yi

DOI: https://doi.org/10.48550/arXiv.1603.08312

2016-03-28

Abstract:Active cyber defense is one important defensive method for combating cyber attacks. Unlike traditional defensive methods such as firewall-based filtering and anti-malware tools, active cyber defense is based on spreading "white" or "benign" worms to combat against the attackers' malwares (i.e., malicious worms) that also spread over the network. In this paper, we initiate the study of {\em optimal} active cyber defense in the setting of strategic attackers and/or strategic defenders. Specifically, we investigate infinite-time horizon optimal control and fast optimal control for strategic defenders (who want to minimize their cost) against non-strategic attackers (who do not consider the issue of cost). We also investigate the Nash equilibria for strategic defenders and attackers. We discuss the cyber security meanings/implications of the theoretic results. Our study brings interesting open problems for future research.

Cryptography and Security,Social and Information Networks,Systems and Control,Dynamical Systems,Optimization and Control

Wang Shuo,Chu Jiang,Qingqi Pei,Shao Feng,Yuan Shuai,Xiaoge Zhong

DOI: https://doi.org/10.23919/jcc.ea.2020-0384.202401

2024-01-01

China Communications

Abstract:The static and predictable characteristics of cyber systems give attackers an asymmetric advantage in gathering useful information and launching attacks. To reverse this asymmetric advantage, a new defense idea, called Moving Target Defense (MTD), has been proposed to provide additional selectable measures to complement traditional defense. However, MTD is unable to defeat the sophisticated attacker with fingerprint tracking ability. To overcome this limitation, we go one step beyond and show that the combination of MTD and Deception-based Cyber Defense (DCD) can achieve higher performance than either of them. In particular, we first introduce and formalize a novel attacker model named Scan and Foothold Attack (SFA) based on cyber kill chain. Afterwards, we develop probabilistic models for SFA defenses to provide a deeper analysis of the theoretical effect under different defense strategies. These models quantify attack success probability and the probability that the attacker will be deceived under various conditions, such as the size of address space, and the number of hosts, attack analysis time. Finally, the experimental results show that the actual defense effect of each strategy almost perfectly follows its probabilistic model. Also, the defense strategy of combining address mutation and fingerprint camouflage can achieve a better defense effect than the single address mutation.

Jinxiong Zhao,Xun Zhang,Fuqiang Di,Sensen Guo,Xiaoyu Li,Xiao Jing,Panfei Huang,Dejun Mu

DOI: https://doi.org/10.1155/2021/6699108

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:Proactive defense is one of the most promising approaches to enhance cyber-security in the power systems, while how to balance its costs and benefits has not been fully studied. This paper proposes a novel method to model cyber adversarial behaviors as attackers contending for the defenders’ benefit based on the game theory. We firstly calculate the final benefit of the hackers and defenders in different states on the basis of the constructed models and then predict the possible attack behavior and evaluate the best defense strategy for the power systems. Based on a real power system subnet, we analyze 27 attack models with our method, and the result shows that the optimal strategy of the attacker is to launch a small-scale attack. Correspondingly, the optimal strategy of the defender is to conduct partial-defense.

Yue Li,Teng Zhang,Xue Li,Ting Li

DOI: https://doi.org/10.1007/978-981-13-6621-5_10

2019-01-01

Abstract:AbstractThe targets of Advanced Persistent Threat (APT) are mainly concentrate on national key information infrastructure, key research institutes, and large commercial companies, for the purpose of stealing sensitive information, trade secrets or destroying important infrastructure. Traditional protection system is difficult to detect the APT attack, due to the method of the APT attack is unknown and uncertain. And the persisted evolution ability destroyed the traditional protection methods based on feature detection. Therefore, this paper based on the theory of red-blue confrontation, to construct the game model of attack and defense. And then combined the APT offense and defense experience, presents a model based on cyber threat detection to deal with APT attacks.

Xuemiao Zhang,Chong Fu,Jia Lu

DOI: https://doi.org/10.3969/j.issn.1000-386x.2017.09.032

2017-01-01

Abstract:Network system is becoming increasingly large,and security issues have become increasingly prominent.Due to the large-scale,complex and indirect trend of network attacks,as well as the insufficient ability and lack of awareness of the website system's security,minor enterprises and institutions are suffering huge losses.In view of this situation,we present a self-defense system model based on network situational awareness.On the basis of this model,we designed the decision mechanism based on attack threshold,and put forward some idea of solving different attack events with specific methods,and finally proposed a structural implementation scheme.By obtaining required data from system and deducing the attack number according the rule of decision mechanism and comparing with the attack threshold,system senses the happening to some attack events.The experiments verify the feasibility and simplicity of the judgment mechanism of self-defense system.

Zhang Dawei,Shen Changxiang,Liu Jiqiang,Zhang Feifei,Li Lun,Cheng Lichen

DOI: https://doi.org/10.15302/j-sscae-2016.06.012

2016-01-01

Abstract:This paper introduces the status, problems, and future strategies of the cyberspace security infrastructure system, and proposes that cyberspace security infrastructure must be based on active defense. Therefore, this paper proposes several suggestions for a trusted technology insurance system, which include the following: In order to build a trusted technology insurance system, independent innovation in active defense must be the breaking point;key information security systems must be developed by local institutions; independent innovation must be increased; research, product development, and active defense applications must be promoted;the development of trusted computing standards must be promoted;and experimental demonstrations must be carried out.

Yichuan Wang,Jianfeng Ma,Liumei Zhang,Wenjiang Ji,Di Lu,Xinhong Hei

DOI: https://doi.org/10.1002/sec.1518

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Botnet has become a popular technique for deploying Internet crimes. The command of botnet has evolved into a major way for attackers to launch Distributed Denial of Service attacks on network servers. Modelized analysis methods need to be studied for botnet attacks implements, defense, and prediction. In this paper, we propose a novel game theory-based model to describe the scenario, in which the botmaster launching Distributed Denial of Service attacks using a botnet while the defender equipped a firewall defending. In our model, we consider the following: firstly, the botmaster and the defender can be rational or irrational; secondly, the interaction between the botmaster and the defender is modeled as a dynamic game; thirdly, their supporting or not self-learning databases. We detail the analysis of eight sub-scenarios for the assumptions and give an easy-to-use algorithm for adjustment of offensive and defensive strategy. We use the OPNET to validate our model and its effectiveness. The experiment result shows that our strategy can improve the firewall abilities to lower false alarm rate FR and improve the botmaster lower exposure rate of botnet to avoid detection. Furthermore, the model is helpful to evaluate defense ability of the defender towards current botmaster attacks by analyzing attack log in sandbox. Copyright © 2016 John Wiley & Sons, Ltd.

Kun Lv,Yun Chen,Changzhen Hu

DOI: https://doi.org/10.1016/j.inffus.2019.01.001

IF: 18.6

2019-01-01

Information Fusion

Abstract:Advanced persistent threats (APTs) pose a grave threat in cyberspace because of their long latency and concealment. In this paper, we propose a hybrid strategy game-based dynamic defense model to optimally allocate constrained secure resources for the target network. In addition, values of profits of players in this game are computed by a novel data-fusion method called NetF. Based on network protocols and log documents, the NetF deciphers data packets collected from different networks to natural language to make them comparable. Using this algorithm, data observed from the Internet and wireless sensor networks (WSNs) can be fused to calculate the comprehensive payoff of every node precisely. The Nash equilibrium can be computed using the value to detect the possibility of a node being a malicious node. Using this method, the dynamic optimal defense strategy can be allocated to every node at different times, which enhances the security of the target network obviously. In experiments, we illustrate the obtained results via case studies of a cluster of heterogeneous networks. The results guide planning of optimal defense strategies for different kinds of nodes at different times.