科技论文写作结课作业

温柔似野鬼°
922次浏览
2020年08月12日 05:13
最佳经验
本文由作者推荐

银婚是几年-元宵祝福短信



科技论文写作结课作业








单位: xxxxxx
姓名:
学号:
导师:
电话:


导师评语:



The Comparison BetweenMoving Target Defense Frameworks
Abstract
Ineffective performance of traditional defense systemfacing constantly-developing
multifarious network attacks leads to the rapid development of Moving Target Defense (MTD). In
this paper, we divided existing technologies of MTD to four groups based on the comparison of
MTD and Mimic Security Defense(MSD).Then, we present the differences between the generic
framework for MTD and MOTAG (Moving Target Defense against Internet Denial of Service
Attacks). We analyze and highlight some improving suggestions for the greedyshuffling algorithm.
Keywords: Moving Target DefenseMimic Security DefenseShufflingFramework
1. Introduction
The number and scale of distributed denial- of-service (DDoS)attacks haveincreasedat an
incredible rate over the past decade[1].Meanwhile, the cost of carrying out a DDoS attackhas
declined surprisingly fast. A Trend Micro’s whitepaper [2] has exposed that $$150 is enough to
launch 1-week DDoS attack on nto, data center is the severely afflicted area of
DDoS attacks. In addition, dazzled Trojans and vulnerability in various applications lead to the
leakage of personal information even loss or damage to property. Bloombergreported that the
hackers ―exploited an overlooked flaw inone of the bank’s websites‖ [3].Beyond that, all kinds of
new attacks have sprung up in recent decades, like BadUSB andAdvanced Persistent Threat(APT)
which is one of the most serious threats to critical infrastructures.
As stated above, with the fast development of Internet, multifariousnetwork attacks have
emerged endlessly and traditionaldefense strategies have been powerless. To put it simply,
traditional defense system can be classified as static defensive mechanism, composed of Firewall
and Encrypted Authentication System, and dynamic defensive mechanism such as Network
Intrusion Detection (NID). Nevertheless, it has been incapable of meeting the requirements of
network securityfully with the striking progress on network trace to their sources, the
configurations of most network systems are static so that there is enough time for attackers to
monitor, probe and attack, resulting in the information asymmetry between the attackers andthe
r Firewall nor NID is the ultimate solution of obstructing network attack.
Researchers realized that it is virtually impossibleto discover and settle all vulnerabilities on
account of the increasing complexity of systems and information asymmetry between the
defenders and theadversaries. To address static vulnerability, MTD was proposed as the
cyberspace game-changing technology to fend off the variousnetworkattacks by the Networking
and Information Technology Research and Development (NITRD).The core idea ofMTD is
dynamically shift which can be conducted at different levels includingIP layer, application layer,
etc. Toincrease uncertainty and apparent complexityis the ultimate aim of MTD.
1 7



The remainder of the paper is organized as follows:in the next section, we briefly conduct a
literature . Ⅲdiscusses several general frameworks andmechanisms for MTD and
NMTD, respectively. Finally, we conclude the paper in Sec. Ⅳ.
2. Literature review
There have been a number of research efforts devoted to preventing from a broader range of
s space randomization or address spacelayout randomization (ASLR), one of
security technologies for buffer overflow, is one of the most successful applications of MTD [4].
The principle is to randomization of the heap, stack and so on so as to the cost and difficulty of
attacks will increase. Kewley etal. [5] introduced DYNAT (Dynamic Network Address Translation)
which means that IP address is uncertain and stochastic when the private IP address of intranet is
converted to a public IP address. DYNAT can protect the system by confusing attackers. Cristian
et al. [6] investigated data randomization, a new techniqueofferingprobabilistic protection against
memory error exploits. In order to resist remote code injection exploits and SQL injectionexploits
of web applications,Marthony et al. [7] proposed two novel approaches to resist remote code
injection exploits and SQL injectionexploits based on the conversion of implement
, a moving target defense mechanismincluding a greedy shuffling algorithm to
optimize the strategy, was developed to protect against DDoS attacks [8].Marc et al. [9] defined
seven properties of network-based Moving Target Defense (NMTD) and provided the assessment
of four typical NMTD systems according to fundamental ng Ge et al. [10] not
only presented and evaluated a generic defense framework, but also designed a user-server
mapping mechanism to improve the resilience of the next section, we highlight and
compare several frameworks andmechanisms.
3. Discussion
3.1 The classification and comparison of existing technology
Linqiang Ge et al. first introduce a general framework for MTD after a summary and
classification of classic MTD the research, MTD techniques are categorized into two
levels: the application level and lower level. As an example of low-lever MTD, ASLR must be the
one of the most successful strategies on account of the extensive utilization in modern OS,
including LINUX and Windows. In addition, there have been a lot of researches based on
high-level MTD instance, OpenFlow Random Host Mutation (OF-RHM)
transparently alters IP addresses in a stochastictacticson the basis of OpenFlow which can allocate
each system a random IP [14].Besides, the authors sum up the pros, cons and attacks that the
techniques can thwart.
According to the survey of Okhravi [11], Marthony et al. [7] divide the efforts into five
classes according to what-to-move:
 changing run-time environment, such as ASLR and Randomized Instruction Set Emulation;
 changing application’s codedynamically or diversifying software,likeSelf- randomizing
2 7



instruction addresses;
 changingdata representations [12];
 changing platforms [13];
 changing network configurations [10].
It is worth noting that MSD proposed by Jiangxing Wu [15], the Chinese Academy of
ed by the mimic octopus whichcan imitate more than ten marine organisms
such as the coral reef and the protean Eight-Diagram tactics, Wu et al. present that it is reasonable
for inevitable vulnerabilityto change the architecture and execution environment of
core concept is to formulate a pseudo-random system via taking advantage of the diversity and
dynamism of software and hardware reasonably so that the cost of launching attacks increases
be specific, initiative saltation of networkconfigurations, platforms, operating
environment, software, data structure on basis of providing the identical function play a key role in
MSD.
Compared with MTD, the common ground is the basic idea—dynamism, diversification and
order to remove the single point of failure and raise the cost of cyberattacks,
MTD and MSD apply the redundant and isomerismstrategy such as a pool of proxy nodes and
application servers with different operating systems. Even though it becomes complex and
expensive for defenders to design and preserve the system, the approach can protect the system to
a certain degree which is worthy for defenders. The difference is the implementation
method—MSD focuses on synergistic effect between software and hardware but the main object
of MTD is software technology.
Above all, the concept of MTD should be expanded andreclassified as network layer,
application layer, operating system level and hardware classes in [7] can be redistricted.
Namely,the dynamical change of application’scode, software diversity and data diversity can be
regarded as application , Network layer includes network configurations’dynamism and
some technologies about changing run-time environment such as ASLR. Plus, dynamically
changes on platforms belong to operating system level. Certain strategies of changing run-time
environment like Randomized Instruction Set Emulation can be considered as hardware layer.
3.2 The generic framework for MTDNMTD
Ge et al. design a generic framework for MTD including a user-service mapping scheme in
the service depicted in Figure 1, there are three interconnectedcomponents named the
proxy server, the proxy nodes and the services servers. Compared with traditional network
frameworks, the MTD service layer, comprised of proxy server and a pool of proxy nodes,
mediates communications between all users and application servers to guarantee the security of
application services servers, which can be also called the application servers, consist
of a small subset of redundant and isomerism operating systems which provide selfsame functions
for for users, the IP addresses of application servers are non-transparent and users cannot
connect directly with application servers. Meanwhile, the proxy server provides authentications
for users firsthand but proxy nodes are semitransparent which means only authorized users have
the right to communicate with proxy nodes and application is worth noting that
3 7



communications among three key components are credible enough to prevent replay attacks.
As stated above, firstly, users must access the proxy server whose IP address is associated
with the domain name of application servers to get the ,the user can obtain the IP
address of a random proxy node allocated by the proxy ile, the proxy server will
inform the proxy node the upcoming visit including the IP address of the authenticated user and a
selected application y, the user can acquire the service from a designated application
server selected via the user-service mapping core principle of the generic framework
is that only the IP address of the proxy server is visible for all users and the authenticated users
will be only notified the IP address of the specified proxy node so that it is highly unlikely for
adversaries to attack application servers is worth mentioning that the proxy server,
exposed to the attackers, will be protected in a special strategy such as proof-of-work (PoW)
protection [16].
In addition, it is based on the user-server mapping scheme that the proxy server allocates the
proxy nodes to ering the vulnerabilities of the service servers and risk of users, the
user-server mapping schemedefines a security reputationlevel based on the historical behavior of
that user and a severity level of system vulnerabilities. The strategy can be conducted
quantitativelythrough defining a cost to describe the performance including the network
performance and the security when the performance is modeled as an optimization
problem, the framework can minimize thepossibility of the servers being in a risk and improve
user experience about the network performance.

Figure 1: A Generic Framework for MTD.
As for DDoS attacks, Jia et al. present a greedy shuffling algorithm to optimize the strategy
of proxiesshuffling based on MOTAG, and implement it on MATLAB to verify the
MOTAG architecture is the same as the above framework.
The basic principle between the MTD framework and MOTAG is extremely similar, such as
the same components and the hidden properties of IP addresses. However, the only difference
4 7



decides the distinct function: an optimized performance based on theuser-service mapping scheme
and the protection from DDoS attacks based on thegreedy shuffling algorithm.
Different from the MTD framework, only for names, the authentication server and the
proxies replace the proxy server and proxy nodes, the MTD framework, when
proxy nodes are under DDoS attacks, the only method is to forbid the under- attack node to provide
the service and reallocate a proxy node which will be attacked again as heless, the
specific shuffling strategy of proxy nodesmakes it possible.
In MOTAG, not all proxies are on the status of the service at the beginning but a part of them
which are referred to as ―moving‖ proxiesare not activated until some nodes are attacked.―Moving‖
proxies are entirely hidden for all users including legitimate clients andnothing will be carried out
if there is no attack.
It is if and only if clients are authenticated by the authentication serverthat all clients can
connect with proxies and the application servers. Attackers will obtain the access authority via
social engineering, stealing users’ login information and so on even though the authentication
server is protected as a military base and the proxies are under DDoS attacks as soon as IP
addresses are the meantime, the shuffling strategy plays an important role in thwart
DDoS y, the proxies will be divided into attacked and innocent proxies and all clients
connecting with the attacked proxies are identified as suspected major objects of the
strategy are attacked andmoving proxies which are named shuffling proxies and the aim is to
separate innocent clients from insiders which , the authentication server reassigns
suspected clients to shuffling proxies which is called as a shuffle. After each shuffle, shuffling
proxies will be split into two groups: attacked and innocent and some suspected clients are also
separated as innocent proxies. Meanwhile, the objects are changed into shuffling proxies which
are still attacked and rest suspected clients. The shift will terminate under three , there
are so less clients left than proxiesthat each proxy corresponds to a client. Second, there is only
one proxy left so that the shuffle cannot be conducted sequentially. Third, all insiders are
eliminated which is the best consequence.
It is worth noting that the innocent proxies will be removed from the shuffling proxies after
each movement so that shuffling proxies decreases progressively gradually, resulting in an
undesirable termination that there is only one proxy , we can modify the greedy
shuffling algorithm. The kernel is to maintain the number of the shuffling proxies which means
that an extra step needs to be added after each movement. When the innocent clients are separated
via shuffling, they will be marked and reallocated to service proxies. In the meantime, the innocent
proxies are still the shuffling proxies to participate in the next movement, ensuring the
unchangeable number of the shuffling ore, the second terminate condition is
impossible which means insiders must be found after enough movements.
Focusing on themacroscopic properties, Marc et al. simplify the framework as Figure 2,
wherein the proxy server and proxy nodes are simplified as the mapping service
addition, the connection between untrustworthy client and sink isin above
properties common to NMTDs, defined in [9], may help guide researchers to evaluate the NMTD
seven properties respectively are moving property including unpredictability
5 7



sub-property, vastness sub- property andperiodicity sub-property, access control property including
uniqueness sub- property, availability sub-property and revocability sub-property, and
distinguishability property.
We can evaluate MOTAG based on seven properties.
Moving property:All proxies and application services in MOTAG are hidden for unauthenticated
clients and enough to provide the r, proxies will not change until attacks break out
so that targets will be not moved ore, MOTAGcan provide the unpredictability
and vastness other words, MOTAG is relatively passive way.
Access Control Property:The authentication server allocates a dedicated proxy node to the
authenticated client. Meanwhile, the proxy node will be noticed the coming connection. Hence,
the framework fulfills the requirements of three sub-properties.
Distinguishability Property:All clients can connect with proxies if and only if clients are
authenticated by the authentication server. It is undeniable that untrustworthy clients can be
authenticated successfully through probing and monitoring the users’ authentication
some extent, the authentication server can meet the distinguishability property.

Figure 2: Overview of components in MTD system
4. Conclusions
We compare MTD with MSD and propose that the concept of MTD should be expanded and
reclassified. The most important change is that MTD should include hardware diversity. Then, we
discuss the generic framework for MTD and MOTAG. Plus, we improve the greedy shuffling
algorithm based on the analysis of the shuffling strategywhich can optimize the result of
movements.
REFERENCES
[1] R. Dobbins and C. Morales, ―Worldwide infrastructure security reportvii,‖ 2011.
[2]T. Micro,
6 7

―Russianunderground 101,‖



http:ud-contentuspdfssecurity- intelligencewhite-paperswp-russian- underground-101.
pdf, 2012.
[3] J. Robertson and M. Riley, ―JPMorgan Hack Said to SpanMonths Via Multiple Flaws,‖ Aug. 2014
[4] B.P.E.-J. G. N. M. Hovav Shacham, Matthew Page and D. Boneh, ―On the effectiveness of address-space
random-ization,‖ in Proceedings of the 11th ACM conference on Computer and communications security (CCS),
ACM, NewYork, pp. 298–307, 2004.
[5] D. Kewley, R. Fink, J. Lowry, and M. Dean, ―Dynamic approaches to thwart adversary intelligence gathering,‖
inProceedings of DARPA Information Survivability Conference Amp; Exposition II (DISCEX), 1, pp. 176–185
vol.1,2001.
[6] P. A. Cristian Cadar, ―Data randomization,‖ in Technical report Microsoft Research, 2008.
[7] M. Taguinod, A. Doupé, Z. Zhao, et al. Toward a Moving Target Defense for Web Applications[C] IEEE
International Conference on Information Reuse and Integration. IEEE, 2015:510-517.
[8] Jia Q, Sun K, Stavrou A. MOTAG: Moving Target Defense against Internet Denial of Service Attacks[C]
International Conference on Computer Communications and Networks. 2013:1-9.
[9] Green M, Macfarland D C, Smestad D R, et al. Characterizing Network-Based Moving Target Defenses[C]
2015:31-35.
[10] Ge L, Yu W, Shen D, et al. Toward effectiveness and agility of network security situational awareness using
moving target defense (MTD)[J]. Proceedings of SPIE - The International Society for Optical Engineering, 2014,
9085(29):3382-3397.
[11] H. Okhravi, M. Rabe, T. Mayberry, W. Leonard, T. Hobson,D. Bigelow, and W. Streilein, ―Survey of cyber
moving targettechniques,‖ DTIC Document, Tech. Rep., 2013.
[12] Nguyentuong A, Evans D, Knight J C, et al. Security through redundant data diversity[C] IEEE International
Conference on Dependable Systems and Networks with Ftcs and DCC. 2008:187-196.
[13] Salamat B, Jackson T, Wagner G, et al. Runtime Defense against Code Injection Attacks Using Replicated
Execution[J]. Dependable & Secure Computing IEEE Transactions on, 2011, 8(4):588-601.
[14] Jafarian J H, Al-Shaer E, Duan Q. Openflow random host mutation: transparent moving target defense using
software defined networking[C] The Workshop on Hot Topics in Software Defined Networks. ACM,
2012:127-132.
[15] 邬江兴. 网络空间拟态安全防御[J]. 保密科学技术, 2014(10).
[16] T. Aura, P. Nikander, and J. Leiwo, ―Dos- resistant authentication withclient puzzles,‖ in Security Protocols
Workshop, 2000, pp. 170–177.
7 7

岳阳人事网-山西招生考试网官网登录


教师资格证考试成绩查询-新加坡留学生活费


教学反思-wfrsks


5s标语-入党积极分子心得


电话营销开场白-员工履历表


中考英语作文万能句子-年度考核述职报告


交大南洋中学-校本研修计划


山东中医药大学教务处-教师个人简介