计算机工程与应用 ›› 2022, Vol. 58 ›› Issue (15): 124-132.DOI: 10.3778/j.issn.1002-8331.2105-0169

• 网络、通信与安全 • 上一篇    下一篇

MTD增强的网络欺骗防御系统

高春刚,王永杰,熊鑫立   

  1. 1.国防科技大学 电子对抗学院,合肥 230037
    2.安徽省网络安全态势感知与评估重点实验室,合肥 230037
  • 出版日期:2022-08-01 发布日期:2022-08-01

MTD Enhanced Cyber Deception Defense System

GAO Chungang, WANG Yongjie, XIONG Xinli   

  1. 1.College of Electronic Engineering, National University of Defense Technology, Hefei 230037, China
    2.Anhui Key Laboratory of Cyberspace Security Situation Awareness and Evaluation, Hefei 230037, China
  • Online:2022-08-01 Published:2022-08-01

摘要: 计算机网络正在飞速发展,但随之而来的系统破坏、信息泄露等网络安全问题也日益突出。攻击者在正式攻击前通常进行大量的网络侦查,以发现目标网络和系统上的可利用漏洞,而传统网络系统中的静态配置为攻击者发现网络目标和发起攻击提供了极大的优势。为了减轻攻击者持续性网络侦查攻击的有效性,基于软件定义网络开发了移动目标防御(moving target defense,MTD)增强的网络欺骗防御系统。该系统采用网络欺骗技术,混淆攻击者收集到的目标网络和系统信息,延长攻击者扫描到网络内真实脆弱性主机的时间,提高其时间成本;并在此基础上融合移动目标防御技术,动态随机地变换网络内节点的IP地址,增强网络欺骗系统的防御效能。实现了系统原型并对其进行评估,在虚拟网络拓扑规模为3个网段且地址变换周期为30?s的配置下,该系统将攻击者发现脆弱性主机的时间平均延迟7倍,将攻击者成功攻击脆弱性主机的概率降低83%,同时系统额外开销平均在8%以内。

关键词: 网络侦查攻击, 网络欺骗, 移动目标防御, 软件定义网络

Abstract: Computer networks are developing rapidly, but network security such as system damage and information leakage are also becoming increasingly prominent. Attackers usually conduct a large number of network reconnaissance before a formal attack to discover exploitable vulnerabilities in the target network and system. The static configuration in traditional network systems provides a great advantage for adversaries to find network targets and launch attacks. To reduce the effectiveness of adversaries’ continuous reconnaissance attacks, this paper develops a moving target defense enhanced cyber deception defense system based on software-defined networks. The system uses cyber deception technology to confuse the target network and system information collected by the attacker, extends the time for the attacker to scan the real vulnerable hosts in the network, and increases the attacker’s time cost. Besides, this paper integrates IP address randomization technology on the cyber deception, dynamically and randomly changes the IP addresses of nodes in the network to enhance the defensive effectiveness of the network deception system. Finally, the system prototype is implemented and evaluated. In a configuration where the virtual network topology scale is three network segments, and the address conversion cycle is 30 seconds, this system delays the adversaries’ discovery of vulnerable hosts by an average of seven times, reducing the probability of adversaries successfully attacking vulnerable hosts by 83%. At the same time, the system overhead is less than 8% on average.

Key words: network reconnaissance attack, cyber deception, moving target defense, software defined network