一种软件定义APT攻击移动目标防御网络架构
|
摘要
针对传统网络架构的确定性、静态性和同构性造成APT攻击难以有效防御的问题,提出了一种软件定义APT攻击移动目标防御网络架构SDMTDA。对APT攻击行为进行了建模,总结了APT攻击依赖网络结构和漏洞信息的特点;结合软件定义安全理念建立了从下到上分别为物理层、控制层、应用层的三层网络架构,并给出了网络结构变化和漏洞信息变化的算法,分析了移动目标防御的三种方法在SDMTDA中的实现;对架构进行了分析、实现并测试。实验结果表明,该架构具有软件定义、变化迅速、扩展性强的优点。
Aiming at the problem that the advanced persistent threat( APT) attack w as difficult to effectively defend due to the certainty,statics and isomorphism of traditional netw ork architecture,a softw are defined APT attack moving target defense netw ork architecture SDM TDA w as proposed. The behavior and the characteristics of APT attack w ere modelized. A three-tier netw ork architecture of the physical layer,control layer,application layer w as established considered w ith softw are definition security. The algorithm of netw ork structure and vulnerability information change w ere given,and three categories of moving target defense realized in SDM TDA w ere analyzed. The experimental results show that the architecture has the advantages of softw are definability,rapid variability and strong expansibility.
Aiming at the problem that the advanced persistent threat( APT) attack w as difficult to effectively defend due to the certainty,statics and isomorphism of traditional netw ork architecture,a softw are defined APT attack moving target defense netw ork architecture SDM TDA w as proposed. The behavior and the characteristics of APT attack w ere modelized. A three-tier netw ork architecture of the physical layer,control layer,application layer w as established considered w ith softw are definition security. The algorithm of netw ork structure and vulnerability information change w ere given,and three categories of moving target defense realized in SDM TDA w ere analyzed. The experimental results show that the architecture has the advantages of softw are definability,rapid variability and strong expansibility.
引文
[1]LANGNER R.Stuxnet:dissecting a cyberwarfare weapon[J].IEEE Security&Privacy:IEEE Secur Priv,2011,9(3):49-51.
[2]BENCSTH B,PK G,BUTTYN L,et al.The cousins of stuxnet:Duqu,flame,and gauss[J].Future Internet,2012,4(4):971-1003.
[3]Kaspersky Labs Global Research&Analysis Team.Wanna Cry ransomware used in widespread attacks all over the world[EB/OL].(2017-5-12)[2017-5-17].https://securelist.com/blog/incidents/78351/w annacry-ransomw are-used-in-w idespread-attacks-all-over-the-w orld/.
[4]CAI Guiling,WANG Baosheng,HU Wei,et al.Moving target defense:state of the art and characteristics[J].Frontiers of Information Technology&Electronic Engineering:Front Inform Technol Elect Eng,2016,17(11):1122-1153.
[5]JAJODIA S,GHOSH A K,SWARUP V,et al.Moving target defense:creating asymmetric uncertainty for cyber threats[M].New York:Springer Science&Business Media,2011.
[6]HUTCHINS E M,CLOPPERT M J,AMIN R M.Intelligence-driven computer network defense informed by analysis of adver-sary campaigns and intrusion kill chains[J].Leading Issues in Information Warfare&Security Research,2011,1(1):80.
[7]LI Meicong,HUANG Wei,WANG Yongbin,et al.The study of APT attack stage model[C]//2016 IEEE/ACIS 15th International Conference on Computer and Information Science(ICIS).Okayama,Japan:IEEE,2016:1-5.
[8]CHOI J,CHOI C,LYNN H M,et al.Ontology based APT attack behavior analysis in cloud computing[C]//2015 10th International Conference on Broadband and Wireless Computing,Communication and Applications(BWCCA).Krakow,Poland:IEEE,2015:375-379.
[9]IOANNOU G,LOUVIERIS P,CLEWLEY N,et al.A Markov multi-phase transferable belief model:an application for predicting data exfiltration APTs[C]//Proceedings of the 16th International Conference on Information Fusion.Turkey:IEEE,2013:842-849.
[10]FANG Xupeng,ZHAI Lidong,JIA Zhaopeng,et al.A game model for predicting the attack path of APT[C]//2014 IEEE12th International Conference on Dependable,Autonomic and Secure Computing.Dalian,China:IEEE,2014:491-495.
[11]YANG Haopu.Method for behavior-prediction of APT attack based on dynamic Bayesian game[C]//2016 IEEE International Conference on Cloud Computing and Big Data Analysis(ICCCBDA).Chengdu,China:IEEE,2016:177-182.
[12]KIM Y H,PARK W H.A study on cyber threat prediction based on intrusion detection event for APT attack detection[J].M ultimedia Tools and Applications:M ultimed Tools Appl,2014,71(2):685-698.
[13]MANADHATA P K,WING J M.An attack surface metric[J].IEEE Transactions on Software Engineering,2011,37(3):371-386.
[14]HONG J B,KIM D S.Assessing the effectiveness of moving target defenses using security models[J].IEEE Transactions on Dependable and Secure Computing,2016,13(2):163-177.
[15]KREUTZ D,RAMOS F M V,VERISSIMO P E,et al.Software-defined networking:a comprehensive survey[J].Proceedings of the IEEE,2015,103(1):14-76.
[16]BERNSTEIN D.Containers and cloud:from LXC to docker to kubernetes[J].IEEE Cloud Computing,2014,1(3):81-84.
[17]JAFARIAN J H,AL-SHAER E,DUAN Q.Openflow random host mutation:transparent moving target defense using softw are defined netw orking[C]//Proceedings of the 1st Workshop on Hot Topics in Softw are Defined Netw orks.Helsinki,Finland:ACM,2012:127-132.
[18]WANG Li,WU Dinghao.Moving target defense against network reconnaissance with software defined networking[M]//BISHOP M,NASCIM ENTO A C A.Information Security:Lecture Notes in Computer Science.Cham:Springer Int Publishing Ag,2016:203-217.
[19]CHIN T,XIONG Kaiqi.Dynamic generation containment systems(DGCS):a moving target defense approach[C]//20163rd International Workshop on Emerging Ideas and Trends in Engineering of Cyber-Physical Systems(EITEC).Vienna,Austria:IEEE,2016:11-16.
[20]AZAB M,ELTOWEISSY M.MIGRATE:Towards a Lightweight Moving-Target Defense Against Cloud Side-Channels[C]//2016 IEEE Security and Privacy Workshops(SPW)San Jose.California,USA:IEEE,2016:96-103.
[21]LIU Yanbing,LU Xingyu,YI Jian,et al.SDSA:a framework of a software-defined security architecture[J].China Communications,2016,13(2):178-188.
[22]DARABSEH A,AL-AYYOUB M,JARARWEH Y,et al.SDSecurity:a software defined security experimental framework[C]//2015 IEEE International Conference on Communication Workshop(ICCW).[S.l.]:IEEE,2015:1871-1876.
[23]谭韧,殷肖川,廉哲,等.APT攻击分层表示模型[J].计算机应用,2017,37(9):2551-2556.TAN Ren,YIN Xiaochuan,LIAN Zhe,et al.Hierarchical representation model of APT attack[J].Journal of Computer Applications,2017,37(9):2551-2556.
[24]CRIU Project.CRIU[EB/OL].(2017-9-21)[2017-9-21].https://criu.org/Main_Page.
[25]PICKARTZ S,EILING N,LANKES S,et al.Migrating linux containers using CRIU[M]//TAUFER M,MOHR B,KUNKEL J M.High Performance Computing:ISC High Performance 2016 International Workshops.Cham:Springer International Publishing,2016:674-684.
[26]BEN-ASHER N,MORRIS-KING J,THOMPSON B,et al.Attacker skill defender strategies and the effectiveness of migration-based moving target defense in cyber systems[C]//11th International Conference on Cyber Warfare and Security:ICCWS2016.Boston,US:Academic Conferences and Publishing Limited,2016:21.
[27]WETTE P,DRXLER M,SCHWABE A.Maxi Net:distributed emulation of software-defined networks[C]//2014 IFIP Netw orking Conference.Trondheim,Norw ay:IEEE,2014:1-9.
[28]Linux Fundation.The Open Daylight Platform|Open Daylight[EB/OL].(2017-5-12)[2017-10-1].https://www.opendaylight.org/.
[2]BENCSTH B,PK G,BUTTYN L,et al.The cousins of stuxnet:Duqu,flame,and gauss[J].Future Internet,2012,4(4):971-1003.
[3]Kaspersky Labs Global Research&Analysis Team.Wanna Cry ransomware used in widespread attacks all over the world[EB/OL].(2017-5-12)[2017-5-17].https://securelist.com/blog/incidents/78351/w annacry-ransomw are-used-in-w idespread-attacks-all-over-the-w orld/.
[4]CAI Guiling,WANG Baosheng,HU Wei,et al.Moving target defense:state of the art and characteristics[J].Frontiers of Information Technology&Electronic Engineering:Front Inform Technol Elect Eng,2016,17(11):1122-1153.
[5]JAJODIA S,GHOSH A K,SWARUP V,et al.Moving target defense:creating asymmetric uncertainty for cyber threats[M].New York:Springer Science&Business Media,2011.
[6]HUTCHINS E M,CLOPPERT M J,AMIN R M.Intelligence-driven computer network defense informed by analysis of adver-sary campaigns and intrusion kill chains[J].Leading Issues in Information Warfare&Security Research,2011,1(1):80.
[7]LI Meicong,HUANG Wei,WANG Yongbin,et al.The study of APT attack stage model[C]//2016 IEEE/ACIS 15th International Conference on Computer and Information Science(ICIS).Okayama,Japan:IEEE,2016:1-5.
[8]CHOI J,CHOI C,LYNN H M,et al.Ontology based APT attack behavior analysis in cloud computing[C]//2015 10th International Conference on Broadband and Wireless Computing,Communication and Applications(BWCCA).Krakow,Poland:IEEE,2015:375-379.
[9]IOANNOU G,LOUVIERIS P,CLEWLEY N,et al.A Markov multi-phase transferable belief model:an application for predicting data exfiltration APTs[C]//Proceedings of the 16th International Conference on Information Fusion.Turkey:IEEE,2013:842-849.
[10]FANG Xupeng,ZHAI Lidong,JIA Zhaopeng,et al.A game model for predicting the attack path of APT[C]//2014 IEEE12th International Conference on Dependable,Autonomic and Secure Computing.Dalian,China:IEEE,2014:491-495.
[11]YANG Haopu.Method for behavior-prediction of APT attack based on dynamic Bayesian game[C]//2016 IEEE International Conference on Cloud Computing and Big Data Analysis(ICCCBDA).Chengdu,China:IEEE,2016:177-182.
[12]KIM Y H,PARK W H.A study on cyber threat prediction based on intrusion detection event for APT attack detection[J].M ultimedia Tools and Applications:M ultimed Tools Appl,2014,71(2):685-698.
[13]MANADHATA P K,WING J M.An attack surface metric[J].IEEE Transactions on Software Engineering,2011,37(3):371-386.
[14]HONG J B,KIM D S.Assessing the effectiveness of moving target defenses using security models[J].IEEE Transactions on Dependable and Secure Computing,2016,13(2):163-177.
[15]KREUTZ D,RAMOS F M V,VERISSIMO P E,et al.Software-defined networking:a comprehensive survey[J].Proceedings of the IEEE,2015,103(1):14-76.
[16]BERNSTEIN D.Containers and cloud:from LXC to docker to kubernetes[J].IEEE Cloud Computing,2014,1(3):81-84.
[17]JAFARIAN J H,AL-SHAER E,DUAN Q.Openflow random host mutation:transparent moving target defense using softw are defined netw orking[C]//Proceedings of the 1st Workshop on Hot Topics in Softw are Defined Netw orks.Helsinki,Finland:ACM,2012:127-132.
[18]WANG Li,WU Dinghao.Moving target defense against network reconnaissance with software defined networking[M]//BISHOP M,NASCIM ENTO A C A.Information Security:Lecture Notes in Computer Science.Cham:Springer Int Publishing Ag,2016:203-217.
[19]CHIN T,XIONG Kaiqi.Dynamic generation containment systems(DGCS):a moving target defense approach[C]//20163rd International Workshop on Emerging Ideas and Trends in Engineering of Cyber-Physical Systems(EITEC).Vienna,Austria:IEEE,2016:11-16.
[20]AZAB M,ELTOWEISSY M.MIGRATE:Towards a Lightweight Moving-Target Defense Against Cloud Side-Channels[C]//2016 IEEE Security and Privacy Workshops(SPW)San Jose.California,USA:IEEE,2016:96-103.
[21]LIU Yanbing,LU Xingyu,YI Jian,et al.SDSA:a framework of a software-defined security architecture[J].China Communications,2016,13(2):178-188.
[22]DARABSEH A,AL-AYYOUB M,JARARWEH Y,et al.SDSecurity:a software defined security experimental framework[C]//2015 IEEE International Conference on Communication Workshop(ICCW).[S.l.]:IEEE,2015:1871-1876.
[23]谭韧,殷肖川,廉哲,等.APT攻击分层表示模型[J].计算机应用,2017,37(9):2551-2556.TAN Ren,YIN Xiaochuan,LIAN Zhe,et al.Hierarchical representation model of APT attack[J].Journal of Computer Applications,2017,37(9):2551-2556.
[24]CRIU Project.CRIU[EB/OL].(2017-9-21)[2017-9-21].https://criu.org/Main_Page.
[25]PICKARTZ S,EILING N,LANKES S,et al.Migrating linux containers using CRIU[M]//TAUFER M,MOHR B,KUNKEL J M.High Performance Computing:ISC High Performance 2016 International Workshops.Cham:Springer International Publishing,2016:674-684.
[26]BEN-ASHER N,MORRIS-KING J,THOMPSON B,et al.Attacker skill defender strategies and the effectiveness of migration-based moving target defense in cyber systems[C]//11th International Conference on Cyber Warfare and Security:ICCWS2016.Boston,US:Academic Conferences and Publishing Limited,2016:21.
[27]WETTE P,DRXLER M,SCHWABE A.Maxi Net:distributed emulation of software-defined networks[C]//2014 IFIP Netw orking Conference.Trondheim,Norw ay:IEEE,2014:1-9.
[28]Linux Fundation.The Open Daylight Platform|Open Daylight[EB/OL].(2017-5-12)[2017-10-1].https://www.opendaylight.org/.