科技论文写作结课作业
银婚是几年-元宵祝福短信
科技论文写作结课作业
单位: xxxxxx
姓名:
学号:
导师:
电话:
导师评语:
The Comparison BetweenMoving
Target Defense Frameworks
Abstract
Ineffective performance of traditional defense
systemfacing constantly-developing
multifarious network attacks leads to the
rapid development of Moving Target Defense (MTD).
In
this paper, we divided existing
technologies of MTD to four groups based on the
comparison of
MTD and Mimic Security
Defense(MSD).Then, we present the differences
between the generic
framework for MTD and
MOTAG (Moving Target Defense against Internet
Denial of Service
Attacks). We analyze and
highlight some improving suggestions for the
greedyshuffling algorithm.
Keywords: Moving
Target DefenseMimic Security
DefenseShufflingFramework
1. Introduction
The number and scale of distributed denial-
of-service (DDoS)attacks haveincreasedat an
incredible rate over the past
decade[1].Meanwhile, the cost of carrying out a
DDoS attackhas
declined surprisingly fast. A
Trend Micro’s whitepaper [2] has exposed that $$150
is enough to
launch 1-week DDoS attack on nto,
data center is the severely afflicted area of
DDoS attacks. In addition, dazzled Trojans and
vulnerability in various applications lead to the
leakage of personal information even loss or
damage to property. Bloombergreported that the
hackers ―exploited an overlooked flaw inone of
the bank’s websites‖ [3].Beyond that, all kinds of
new attacks have sprung up in recent decades,
like BadUSB andAdvanced Persistent Threat(APT)
which is one of the most serious threats to
critical infrastructures.
As stated above,
with the fast development of Internet,
multifariousnetwork attacks have
emerged
endlessly and traditionaldefense strategies have
been powerless. To put it simply,
traditional
defense system can be classified as static
defensive mechanism, composed of Firewall
and
Encrypted Authentication System, and dynamic
defensive mechanism such as Network
Intrusion
Detection (NID). Nevertheless, it has been
incapable of meeting the requirements of
network securityfully with the striking
progress on network trace to their sources, the
configurations of most network systems are
static so that there is enough time for attackers
to
monitor, probe and attack, resulting in the
information asymmetry between the attackers andthe
r Firewall nor NID is the ultimate solution of
obstructing network attack.
Researchers
realized that it is virtually impossibleto
discover and settle all vulnerabilities on
account of the increasing complexity of
systems and information asymmetry between the
defenders and theadversaries. To address
static vulnerability, MTD was proposed as the
cyberspace game-changing technology to fend
off the variousnetworkattacks by the Networking
and Information Technology Research and
Development (NITRD).The core idea ofMTD is
dynamically shift which can be conducted at
different levels includingIP layer, application
layer,
etc. Toincrease uncertainty and
apparent complexityis the ultimate aim of MTD.
1 7
The remainder of
the paper is organized as follows:in the next
section, we briefly conduct a
literature .
Ⅲdiscusses several general frameworks
andmechanisms for MTD and
NMTD, respectively.
Finally, we conclude the paper in Sec. Ⅳ.
2.
Literature review
There have been a number of
research efforts devoted to preventing from a
broader range of
s space randomization or
address spacelayout randomization (ASLR), one of
security technologies for buffer overflow, is
one of the most successful applications of MTD
[4].
The principle is to randomization of the
heap, stack and so on so as to the cost and
difficulty of
attacks will increase. Kewley
etal. [5] introduced DYNAT (Dynamic Network
Address Translation)
which means that IP
address is uncertain and stochastic when the
private IP address of intranet is
converted to
a public IP address. DYNAT can protect the system
by confusing attackers. Cristian
et al. [6]
investigated data randomization, a new
techniqueofferingprobabilistic protection against
memory error exploits. In order to resist
remote code injection exploits and SQL
injectionexploits
of web applications,Marthony
et al. [7] proposed two novel approaches to resist
remote code
injection exploits and SQL
injectionexploits based on the conversion of
implement
, a moving target defense
mechanismincluding a greedy shuffling algorithm to
optimize the strategy, was developed to
protect against DDoS attacks [8].Marc et al. [9]
defined
seven properties of network-based
Moving Target Defense (NMTD) and provided the
assessment
of four typical NMTD systems
according to fundamental ng Ge et al. [10] not
only presented and evaluated a generic defense
framework, but also designed a user-server
mapping mechanism to improve the resilience of
the next section, we highlight and
compare
several frameworks andmechanisms.
3.
Discussion
3.1 The classification and
comparison of existing technology
Linqiang Ge
et al. first introduce a general framework for MTD
after a summary and
classification of classic
MTD the research, MTD techniques are categorized
into two
levels: the application level and
lower level. As an example of low-lever MTD, ASLR
must be the
one of the most successful
strategies on account of the extensive utilization
in modern OS,
including LINUX and Windows. In
addition, there have been a lot of researches
based on
high-level MTD instance, OpenFlow
Random Host Mutation (OF-RHM)
transparently
alters IP addresses in a stochastictacticson the
basis of OpenFlow which can allocate
each
system a random IP [14].Besides, the authors sum
up the pros, cons and attacks that the
techniques can thwart.
According to the
survey of Okhravi [11], Marthony et al. [7] divide
the efforts into five
classes according to
what-to-move:
changing run-time environment,
such as ASLR and Randomized Instruction Set
Emulation;
changing application’s
codedynamically or diversifying software,likeSelf-
randomizing
2 7
instruction addresses;
changingdata
representations [12];
changing platforms
[13];
changing network configurations [10].
It is worth noting that MSD proposed by
Jiangxing Wu [15], the Chinese Academy of
ed
by the mimic octopus whichcan imitate more than
ten marine organisms
such as the coral reef
and the protean Eight-Diagram tactics, Wu et al.
present that it is reasonable
for inevitable
vulnerabilityto change the architecture and
execution environment of
core concept is to
formulate a pseudo-random system via taking
advantage of the diversity and
dynamism of
software and hardware reasonably so that the cost
of launching attacks increases
be specific,
initiative saltation of networkconfigurations,
platforms, operating
environment, software,
data structure on basis of providing the identical
function play a key role in
MSD.
Compared
with MTD, the common ground is the basic
idea—dynamism, diversification and
order to
remove the single point of failure and raise the
cost of cyberattacks,
MTD and MSD apply the
redundant and isomerismstrategy such as a pool of
proxy nodes and
application servers with
different operating systems. Even though it
becomes complex and
expensive for defenders to
design and preserve the system, the approach can
protect the system to
a certain degree which
is worthy for defenders. The difference is the
implementation
method—MSD focuses on
synergistic effect between software and hardware
but the main object
of MTD is software
technology.
Above all, the concept of MTD
should be expanded andreclassified as network
layer,
application layer, operating system
level and hardware classes in [7] can be
redistricted.
Namely,the dynamical change of
application’scode, software diversity and data
diversity can be
regarded as application ,
Network layer includes network
configurations’dynamism and
some technologies
about changing run-time environment such as ASLR.
Plus, dynamically
changes on platforms belong
to operating system level. Certain strategies of
changing run-time
environment like Randomized
Instruction Set Emulation can be considered as
hardware layer.
3.2 The generic framework for
MTDNMTD
Ge et al. design a generic framework
for MTD including a user-service mapping scheme in
the service depicted in Figure 1, there are
three interconnectedcomponents named the
proxy
server, the proxy nodes and the services servers.
Compared with traditional network
frameworks,
the MTD service layer, comprised of proxy server
and a pool of proxy nodes,
mediates
communications between all users and application
servers to guarantee the security of
application services servers, which can be
also called the application servers, consist
of a small subset of redundant and isomerism
operating systems which provide selfsame functions
for for users, the IP addresses of
application servers are non-transparent and users
cannot
connect directly with application
servers. Meanwhile, the proxy server provides
authentications
for users firsthand but proxy
nodes are semitransparent which means only
authorized users have
the right to communicate
with proxy nodes and application is worth noting
that
3 7
communications
among three key components are credible enough to
prevent replay attacks.
As stated above,
firstly, users must access the proxy server whose
IP address is associated
with the domain name
of application servers to get the ,the user can
obtain the IP
address of a random proxy node
allocated by the proxy ile, the proxy server will
inform the proxy node the upcoming visit
including the IP address of the authenticated user
and a
selected application y, the user can
acquire the service from a designated application
server selected via the user-service mapping
core principle of the generic framework
is
that only the IP address of the proxy server is
visible for all users and the authenticated users
will be only notified the IP address of the
specified proxy node so that it is highly unlikely
for
adversaries to attack application servers
is worth mentioning that the proxy server,
exposed to the attackers, will be protected in
a special strategy such as proof-of-work (PoW)
protection [16].
In addition, it is based
on the user-server mapping scheme that the proxy
server allocates the
proxy nodes to ering the
vulnerabilities of the service servers and risk of
users, the
user-server mapping schemedefines a
security reputationlevel based on the historical
behavior of
that user and a severity level of
system vulnerabilities. The strategy can be
conducted
quantitativelythrough defining a
cost to describe the performance including the
network
performance and the security when the
performance is modeled as an optimization
problem, the framework can minimize
thepossibility of the servers being in a risk and
improve
user experience about the network
performance.
Figure 1: A Generic
Framework for MTD.
As for DDoS attacks, Jia
et al. present a greedy shuffling algorithm to
optimize the strategy
of proxiesshuffling
based on MOTAG, and implement it on MATLAB to
verify the
MOTAG architecture is the same as
the above framework.
The basic principle
between the MTD framework and MOTAG is extremely
similar, such as
the same components and the
hidden properties of IP addresses. However, the
only difference
4 7
decides the distinct function: an optimized
performance based on theuser-service mapping
scheme
and the protection from DDoS attacks
based on thegreedy shuffling algorithm.
Different from the MTD framework, only for names,
the authentication server and the
proxies
replace the proxy server and proxy nodes, the MTD
framework, when
proxy nodes are under DDoS
attacks, the only method is to forbid the under-
attack node to provide
the service and
reallocate a proxy node which will be attacked
again as heless, the
specific shuffling
strategy of proxy nodesmakes it possible.
In
MOTAG, not all proxies are on the status of the
service at the beginning but a part of them
which are referred to as ―moving‖ proxiesare
not activated until some nodes are
attacked.―Moving‖
proxies are entirely hidden
for all users including legitimate clients
andnothing will be carried out
if there is no
attack.
It is if and only if clients are
authenticated by the authentication serverthat all
clients can
connect with proxies and the
application servers. Attackers will obtain the
access authority via
social engineering,
stealing users’ login information and so on even
though the authentication
server is protected
as a military base and the proxies are under DDoS
attacks as soon as IP
addresses are the
meantime, the shuffling strategy plays an
important role in thwart
DDoS y, the proxies
will be divided into attacked and innocent proxies
and all clients
connecting with the attacked
proxies are identified as suspected major objects
of the
strategy are attacked andmoving proxies
which are named shuffling proxies and the aim is
to
separate innocent clients from insiders
which , the authentication server reassigns
suspected clients to shuffling proxies which
is called as a shuffle. After each shuffle,
shuffling
proxies will be split into two
groups: attacked and innocent and some suspected
clients are also
separated as innocent
proxies. Meanwhile, the objects are changed into
shuffling proxies which
are still attacked and
rest suspected clients. The shift will terminate
under three , there
are so less clients left
than proxiesthat each proxy corresponds to a
client. Second, there is only
one proxy left
so that the shuffle cannot be conducted
sequentially. Third, all insiders are
eliminated which is the best consequence.
It is worth noting that the innocent proxies
will be removed from the shuffling proxies after
each movement so that shuffling proxies
decreases progressively gradually, resulting in an
undesirable termination that there is only one
proxy , we can modify the greedy
shuffling
algorithm. The kernel is to maintain the number of
the shuffling proxies which means
that an
extra step needs to be added after each movement.
When the innocent clients are separated
via
shuffling, they will be marked and reallocated to
service proxies. In the meantime, the innocent
proxies are still the shuffling proxies to
participate in the next movement, ensuring the
unchangeable number of the shuffling ore, the
second terminate condition is
impossible which
means insiders must be found after enough
movements.
Focusing on themacroscopic
properties, Marc et al. simplify the framework as
Figure 2,
wherein the proxy server and proxy
nodes are simplified as the mapping service
addition, the connection between untrustworthy
client and sink isin above
properties common
to NMTDs, defined in [9], may help guide
researchers to evaluate the NMTD
seven
properties respectively are moving property
including unpredictability
5 7
sub-property, vastness sub-
property andperiodicity sub-property, access
control property including
uniqueness sub-
property, availability sub-property and
revocability sub-property, and
distinguishability property.
We can
evaluate MOTAG based on seven properties.
Moving property:All proxies and application
services in MOTAG are hidden for unauthenticated
clients and enough to provide the r, proxies
will not change until attacks break out
so
that targets will be not moved ore, MOTAGcan
provide the unpredictability
and vastness
other words, MOTAG is relatively passive way.
Access Control Property:The authentication
server allocates a dedicated proxy node to the
authenticated client. Meanwhile, the proxy
node will be noticed the coming connection. Hence,
the framework fulfills the requirements of
three sub-properties.
Distinguishability
Property:All clients can connect with proxies if
and only if clients are
authenticated by the
authentication server. It is undeniable that
untrustworthy clients can be
authenticated
successfully through probing and monitoring the
users’ authentication
some extent, the
authentication server can meet the
distinguishability property.
Figure 2:
Overview of components in MTD system
4.
Conclusions
We compare MTD with MSD and
propose that the concept of MTD should be expanded
and
reclassified. The most important change is
that MTD should include hardware diversity. Then,
we
discuss the generic framework for MTD and
MOTAG. Plus, we improve the greedy shuffling
algorithm based on the analysis of the
shuffling strategywhich can optimize the result of
movements.
REFERENCES
[1] R. Dobbins
and C. Morales, ―Worldwide infrastructure security
reportvii,‖ 2011.
[2]T. Micro,
6 7
―Russianunderground 101,‖
http:ud-contentuspdfssecurity-
intelligencewhite-paperswp-russian-
underground-101.
pdf, 2012.
[3] J.
Robertson and M. Riley, ―JPMorgan Hack Said to
SpanMonths Via Multiple Flaws,‖ Aug. 2014
[4]
B.P.E.-J. G. N. M. Hovav Shacham, Matthew Page and
D. Boneh, ―On the effectiveness of address-space
random-ization,‖ in Proceedings of the 11th
ACM conference on Computer and communications
security (CCS),
ACM, NewYork, pp. 298–307,
2004.
[5] D. Kewley, R. Fink, J. Lowry, and M.
Dean, ―Dynamic approaches to thwart adversary
intelligence gathering,‖
inProceedings of
DARPA Information Survivability Conference Amp;
Exposition II (DISCEX), 1, pp. 176–185
vol.1,2001.
[6] P. A. Cristian Cadar,
―Data randomization,‖ in Technical report
Microsoft Research, 2008.
[7] M. Taguinod, A.
Doupé, Z. Zhao, et al. Toward a Moving Target
Defense for Web Applications[C] IEEE
International Conference on Information Reuse
and Integration. IEEE, 2015:510-517.
[8] Jia
Q, Sun K, Stavrou A. MOTAG: Moving Target Defense
against Internet Denial of Service Attacks[C]
International Conference on Computer
Communications and Networks. 2013:1-9.
[9]
Green M, Macfarland D C, Smestad D R, et al.
Characterizing Network-Based Moving Target
Defenses[C]
2015:31-35.
[10] Ge L, Yu W,
Shen D, et al. Toward effectiveness and agility of
network security situational awareness using
moving target defense (MTD)[J]. Proceedings of
SPIE - The International Society for Optical
Engineering, 2014,
9085(29):3382-3397.
[11] H. Okhravi, M. Rabe, T. Mayberry, W.
Leonard, T. Hobson,D. Bigelow, and W. Streilein,
―Survey of cyber
moving targettechniques,‖
DTIC Document, Tech. Rep., 2013.
[12]
Nguyentuong A, Evans D, Knight J C, et al.
Security through redundant data diversity[C] IEEE
International
Conference on Dependable Systems
and Networks with Ftcs and DCC. 2008:187-196.
[13] Salamat B, Jackson T, Wagner G, et al.
Runtime Defense against Code Injection Attacks
Using Replicated
Execution[J]. Dependable &
Secure Computing IEEE Transactions on, 2011,
8(4):588-601.
[14] Jafarian J H, Al-Shaer E,
Duan Q. Openflow random host mutation: transparent
moving target defense using
software defined
networking[C] The Workshop on Hot Topics in
Software Defined Networks. ACM,
2012:127-132.
[15] 邬江兴. 网络空间拟态安全防御[J]. 保密科学技术, 2014(10).
[16] T. Aura, P. Nikander, and J. Leiwo, ―Dos-
resistant authentication withclient puzzles,‖ in
Security Protocols
Workshop, 2000, pp.
170–177.
7 7