DTrap:A Cyberattack-Defense Confrontation Technique Based on Moving Target Defense

Zheng Yang,Degang Sun,Yan Wang,Xinbo Han,Chen Meng,Weiqing Huang
DOI: https://doi.org/10.1109/trustcom60117.2023.00370
2024-01-01
Abstract:In the evolution process of cyberattack-defense confrontation, both sides have always been in a state of mutual confrontation and collaborative development, continuously upgrading their tools to improve adversarial capabilities. However, in this arms race, the positions of the both sides are imbalanced. As the party actively initiating the attack, attackers always is able to actively adjust the attack strategy based on the detected defense vulnerabilities to launch effective attacks. While the defenders always detecting defense vulnerabilities after suffering losses and filling them in a "patching" manner. This post awareness security protection strategy has a "fatal time difference" when dealing with unknown attacks. This paper aims to change the imbalanced state. Therefore, a attack confrontation model DTrap is proposed based on the concept of moving target defense, which introduce of high simulation trap hosts to achieve IP address and service port confusion. It can simulate real hosts to achieve various common network protocol requests and responses, and it can provide better dynamism than Honeypot when adjusting trap policies. DTrap can reverse the imbalance situation by increasing attack costs and promoting attack difficulty. We constructed a real adversarial environment, the security effectiveness of the DTrap model was evaluated through comprehensive and multi-dimensional experiments. The results indicate that DTrap can exert expected effectiveness in resisting network attacks of different dimensions, and effectively enhance the network attack confrontation ability.
What problem does this paper attempt to address?