Survey on cyber deception

The asymmetric situation of network attacks and defenses is one of the key issues of current network security.Cyber deception was a revolutionary technology introduced by defenders to alter the asymmetric situation.By thwarting an attacker's cognitive processes,defenders can mislead attackers,hence causing them to take specific actions that aid network security defenses.In this way,defenders can log attackers'behavior and method,increase cost for the attackers to launch a successful attack,as well as reduce the probability of an attacker's success.Cyber deception formally and classify cyber deception into four classes was defined.Then,the cyber deceptions’development was divided into three stages,and each stage’s character was decided.Next,a hierarchical model to describe the existing work was proposed.At last,the countermeasures in cyber deception and the development trends in this field was discussed.     

A new dynamic defense model based on active deception

Aiming at the traditional passive deception models, this paper constructs a Decoy Platform based on Intelligent Agent (DPIA) to realize dynamic defense. The paper explores a new dynamic defense model based on active deception, introduces its architecture, and expatiates on communication methods and security guarantee in information transference. Simulation results show that the DPIA can attract hacker agility and activity, lead abnormal traffic into it, distribute a large number of attack data, and ensure real network security.     

基于动态伪装网络的主动欺骗防御方法

针对现有蜜罐易被攻击者识破而导致其抵御渗透攻击时经常失效的问题,提出一种基于动态伪装网络的主动欺骗防御方法。首先,给出动态伪装网络定义并描述基于动态伴随网络的主动欺骗攻防场景;然后,在分析攻防交互过程的基础上,构建信号博弈模型来指导最优欺骗策略选取;进一步,设计基于双层威胁渗透图的攻防策略收益量化方法;最后,提出一种统一纯策略与混策略的博弈均衡求解方法。实验结果表明,基于动态伪装网络,精炼贝叶斯均衡能够为防御者实施最优防御策略提供有效指导,实现防御者收益最大化。此外,还总结了利用动态伪装网络进行主动欺骗防御的特点与规律。     

基于攻防博弈模型的网络安全测评和最优主动防范

随着社会主义现代化进程的不断发展和社会生产力水平的不断提高,近年来我国的计算机产业得以飞速发展,且已经成为促进我国经济发展的主要动力。本文通过以攻防博弈论为基础,通过建立模型的方式对网络安全测评和最优主动防范方法进行了具体分析。     

Optimal strategy selection approach of moving target defense based on Markov time game

For the problem that the existed game model was challenging to model the dynamic continuous characteristics of network attack and defense confrontation effectively,a method based on Markov time game was proposed to select the optimal strategy for moving target defense.Based on the analysis of the attack and defense confrontation process of moving targets,the set of moving target attack and defense strategies was constructed.The dynamics of the single-stage moving target defense process was described by time game.The randomness of multi-stage moving target defense state transformation was described by Markov decision process.At the same time,by abstracting the use of resource vulnerability by attack-defense participants as the alternation of the control of the attack surface,the versatility of the game model was effectively guaranteed.On this basis,the existence of equilibrium was analyzed and proved,and the optimal strategy selection algorithm was designed.Finally,the practicality of the constructed model and the effectiveness of the algorithm are verified by an application example.     

Markov game modeling of mimic defense and defense strategy determination

Network mimic defense technology enhances the robustness of active defense through the redundancy,dynamic and diversity as well as the decision feedback mechanism.However,little work has been done for its security assessment and existing classic game models are not suitable for its dynamic characteristics and lack of universality.A Markov game model was proposed to analyze the transfer relationship between offensive and defensive status and the measurement method of safety and reliability of mimic defense,and calculated the offensive and defensive game equilibrium through non-linear programming algorithm to determine the best defensive strategy considering performance.Experiments give a comparison with the multi-target hiding technique and shows that the mimic defense has a higher defensive effect.Combining with the specific network case,the specific attack and defense path for the exploit of the system vulnerability is given and the effectiveness of the defense strategy algorithm is verified.     

Research on end hopping and spreading for active cyber defense

Inspired by the spread spectrum technology for communications,the concept of end spreading was proposed to represent a piece of information of the data transmission with a sequence of multiple end information,of which each piece of end information was irrelevant to the information it conveys.Thus the covert data transmission can be performed.Further,an active cyber defense model of end information hopping and spreading was presented,in which the hopping strategy was separated from the synchronization strategy.The synchronization was accomplished by means of end information spreading for synchronous authentication of both parties,which can solve the high-speed hopping synchronization problem with high concealment requirements.The mode of generation,transmission and authentication of the spreading sequence,and the data migration strategy in the end hopping and spreading model were described in detail,and the security performance and synchronization performance were analyzed and verified experimentally.Theoretical analysis and experimental results show that the cyber defense model of end information hopping and spreading has improved the availability and confidentiality of network services under high-speed hopping and has good anti-attack performance,which is of great significance for the proactive defense application of high intensity confrontation.     

Optimal strategy selection method for moving target defense based on signaling game

To solve the problem of the optimal strategy selection for moving target defense,the defense strategy was defined formally,the defense principle from the perspective of attack surface shifting and exploration surface enlarging was taken into account.Then,network attack-defense behaviors were analyzed from the sight of dynamic confrontation and bounded information.According to the analysis of attack-defense game types and confrontation process,the moving target defense model based on signaling game was constructed.Meanwhile,the method to quantify strategies was improved and the solution of perfect Bayesian equilibrium was proposed.Furthermore,the optimal defense strategy selection algorithm was designed by the equilibrium analysis.Finally,the simulation demonstrates the effectiveness and feasibility of the proposed optimal strategy and selection method.     

Method to generate cyber deception traffic based on adversarial sample

In order to prevent attacker traffic classification attacks,a method for generating deception traffic based on adversarial samples from the perspective of the defender was proposed.By adding perturbation to the normal network traffic,an adversarial sample of deception traffic was formed,so that an attacker could make a misclassification when implementing a traffic analysis attack based on a deep learning model,achieving deception effect by causing the attacker to consume time and energy.Several different methods for crafting perturbation were used to generate adversarial samples of deception traffic,and the LeNet-5 deep convolutional neural network was selected as a traffic classification model for attackers to deceive.The effectiveness of the proposed method is verified by experiments,which provides a new method for network traffic obfuscation and deception.     

Defense decision-making method based on incomplete information stochastic game and Q-learning

Most of the existing stochastic games are based on the assumption of complete information,which are not consistent with the fact of network attack and defense.Aiming at this problem,the uncertainty of the attacker’s revenue was transformed to the uncertainty of the attacker type,and then a stochastic game model with incomplete information was constructed.The probability of network state transition is difficult to determine,which makes it impossible to determine the parameter needed to solve the equilibrium.Aiming at this problem,the Q-learning was introduced into stochastic game,which allowed defender to get the relevant parameter by learning in network attack and defense and to solve Bayesian Nash equilibrium.Based on the above,a defense decision algorithm that could learn online was designed.The simulation experiment proves the effectiveness of the proposed method.     

Moving target defense against network eavesdropping attack using POF

Eavesdropping attack hereby was the major attack for traditional network communication.As this kind of attacks was stealthy and untraceable,it was barely detectable for those feature detection or static configuration based passive defense approaches.Since existing encryption or dynamic address methods could only confuse part of fields of network protocols,they couldn’t form a comprehensive protection.Therefore a moving target defense method by utilizing the protocol customization ability of protocol-oblivious forwarding (POF) was proposed,through private protocol packet randomization strategy and randomly drop deception-packets on dynamic paths strategy.It could greatly increase the difficulty of implementing network eavesdropping attack and protect the privacy of the network communication process.Experiments and compare studies show its efficiency.     

Website defense strategy selection method based on attack-defense game and Monte Carlo simulation

Aiming at the selection of security defense strategy in network attack-defense,the dynamic change process of mutual influence between attack-defense strategy was studied.Based on the game process of both offense and defense,the attack-defense game model was constructed,the attack process of the attacker based on Monte Carlo simulation was simulated and the attacker’s best attack utility was obtained,so as to calculate the best defensive utility of the defender.In order to maximize the effectiveness of network security defense,the optimal defense strategy under limited resources was implemented.Simulation experiments verify the effectiveness of the proposed method and analyze the influence of different parameter settings on the selection of defense strategy.     

基于代价的主动式防御分析

在分析几种主动式防御方法的前提下，基于状态分析的形式化方法和欺骗技术，提出一种代价分析的方法。将状态分析法运用于网络防御，给出计算代价的方法和步骤，并给出一个信息诱骗的实例。演示结果证明该方法能有效地吸引攻击方向。     

基于博弈论的跳频通信装备电子防御效能评估

为解决不同电子进攻条件下跳频通信装备电子防御效能动态评估问题,提出了一种基于博弈论的评估方法.首先,从技术性能、战术策略、操作人员3个角度构建评估指标体系;其次,通过4种归一化方法、复合权重、两种聚合模型,设计了一种多指标综合算法对通信电子防御效能进行评估;最后,将评估结果作为盈利,通过攻防双方博弈得到纳什均衡评估值.仿真分析表明,该方法能合理地考虑攻防双方、战术策略和操作人员对效能发挥的影响,与传统的静态评估方法相比更具科学性、优越性,具有一定的实用价值.     

网络空间攻防对抗技术及其系统实现方案

在分析网络空间及对抗特点的基础上,讨论了网络空间攻防对抗的主要技术,即攻防博弈理论、网络攻击行为分析、网络攻击追踪和网络主动防御技术。提出了网络空间攻防对抗系统的实现方案,并分析了其可行性。此技术和系统能够为我国网络空间安全技术体系发展提供技术支撑,保障我国网络空间安全,推动我国网络空间安全产业的发展,对加快我国自主可控安全产品研发和核心技术发展具有重要作用和意义。     

基于Unity3D塔防游戏的设计与实现

基于Unity 3D引擎等技术进行开发了一款塔防游戏,实现的人物模型的创建与设置、游戏场景的布置、防守单位的创建、UI界面功能的完善、物品与背包系统的设计。本文对塔防游戏的设计,优化了场景,避免了游戏的崩溃与闪退,实现流畅的游戏体验。     

Evaluation of mimic defense strategy based on M-FlipIt game model

To make up for the lack of security performance evaluation of the mimic defense systems in the advanced persistent threat scenarios an improved game model based on the FlipIt game theory model was proposed.The dynamic strategy of mimic defense under different heterogeneity conditions was evaluated,and a case study for the simulation analysis was conducted.The simulation results show that the rotation of indefinite period can make up for the lack of heterogeneity and maintain the higher game payoff of defenders.     

Network security threat warning method based on qualitative differential game

Most current network security research based on game theory adopts the static game or multi-stage dynamic game model,which does not accord with the real-time change and continuity of the actual network attack-defense process.To make security threats warning more consistent with the attack-defense process,the threat propagation process was analyzed referring to the epidemic model.Then the network attack-defense game model was constructed based on the qualitative differential game theory,by which the evolution of the network security state could be predicted.Based on the model,the qualitative differential game solution method was designed to construct the attack-defense barrier and divide the capture area.Furthermore,the threat severity in different security states were evaluated by introducing multidimensional Euclidean distance.By designing the warning algorithm,the dynamic warning of the network security threat was realized,which had better accuracy and timeliness.Finally,simulation results verify the effectiveness of the proposed algorithm and model.     

2020年美国网络空间战略概览与分析

从全球来看,2020年百年不遇的大疫情给全球政治、地缘格局、大国关系带来了较大冲击,国际局势云诡波谲,扑朔迷离;从美国来看,2020年是美国第59届总统选举年,网络干预选举、意识形态斗争等成为年度高频词.基于此形势,美国在2020年累计出台了逾二十份网络空间战略文件.首先,从体系视角、机构视角和技术视角简要归纳了美国2...     

Moving target defense solution on network layer based on OpenFlow

In order to take an active part in network attack and defense,a moving target defense solution on network layer based on OpenFlow was proposed,using the flexibility of network brought by OpenFlow network architecture.On the network layer,through mapping the correspondent nodes’ addresses to pseudo-random virtual addresses in the LAN and mapping correspondent nodes’ ports to virtual ports,achieving the hiding of correspond nodes in the whole network and the information of network architecture.Researches verify the system’s effectiveness.Comparing with existing moving target defense solutions,the proposed algorithm can be deployed easily in the traditional network,and realize comprehensive protection of the corresponding in the whole network.