End hopping technology is one of the hot research domains in the field of proactive network defense. An end hopping model based on fixed time slot under the fixed policy is established. The defense gains decline caused by fixed hopping period and the service loss caused by data packet loss on hopping boundary are analyzed. The real-time network anomaly assessment algorithm based on the fusion of nonextensive entropy and Sibson entropy is proposed. Then, the selfadaptive end hopping period and space policy based on the proposed algorithm are designed and the proactive network defense model is constructed which improves the defense gains. Furthermore, Hopping period stretching policy based on network delay prediction is proposed to ensure the service quality on hopping boundary. Theoretical analysis and simulation results show the effectiveness and good service of the proposed model in network defense.
刘江,张红旗,代向东,王义功. 基于端信息自适应跳变的主动网络防御模型[J]. 电子与信息学报, 2015, 37(11): 2642-2649.
Liu Jiang, Zhang Hong-qi, Dai Xiang-dong, Wang Yi-gong. A Proactive Network Defense Model Based on Selfadaptive End Hopping. JEIT, 2015, 37(11): 2642-2649.
Zhuang R, DeLoach S A, and Ou X. Towards a theory of moving target defense[C]. Proceedings of the First ACM Workshop on Moving Target Defense, Scottsdale, Arizona, 2014: 31-40.
[2]
Jajodia S and Sun K. MTD 2014: first ACM workshop on moving target defense[C]. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Arizona, 2014: 1550-1551.
[3]
Xu Jun, Guo Pin-yao, Zhao Ming-yi, et al.. Comparing different moving target defense techniques[C]. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Arizona, 2014: 97-107.
[4]
Wang H, Jia Q, Fleck D, et al.. A moving target DDoS defense mechanism[J]. Computer Communications, 2014, 46(3): 10-21.
[5]
Lee H C J and Thing V L L. Port hopping for resilient networks[C]. Proceedings of the 60th IEEE Vehicular Technology Conference, Washington, 2004: 3291-3295.
[6]
Atighetchi M, Pal P, Webber F, et al.. Adaptive use of network-centric mechanisms in cyber-defense[C]. Proceedings of the 6th IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, Hokkaido, 2003: 183-192.
[7]
Sifalakis M, Schmid S, and Hutchison D. Network address hopping: a mechanism to enhance data protection for packet communications[C]. 2005 IEEE International Conference on Communications, Seoul, 2005: 1518-1523.
[8]
Antonatos S, Akritidis P, Markatos E P, et al.. Defending against hitlist worms using network address space randomization[J]. Computer Networks, 2007, 51(12): 3471-3490.
[9]
Badishi G, Herzberg A, and Keidar I. Keeping denial-of-service attackers in the dark[J]. IEEE Transactions on Dependable and Secure Computing, 2007, 4(3): 191-204.
[10]
Dunlop M, Groat S, Urbanski W, et al.. Mt6d: a moving target IPv6 defense[C]. The 2011 Military Communications Conference, Baltimore, Maryland, 2011: 1321-1326.
[11]
Hari K and Dohi T. Dependability modeling and analysis of random port hopping[C]. 2012 9th International Conference on Ubiquitous Intelligence & Computing and 9th International Conference on Autonomic & Trusted Computing, Fukuoka, 2012: 586-593.
[12]
Ellis J W. Method and system for securing data utilizing reconfigurable logic [P]. US, Patent 8127130, 2012-2-28.
[13]
Fu Z, Papatriantafilou M, and Tsigas P. Mitigating distributed denial of service attacks in multiparty applications in the presence of clock drifts[J]. IEEE Transactions on Dependable and Secure Computing, 2012, 9(3): 401-413.
Lin Kai, Jia Chun-fu, and Shi Le-yi. Improvement of distributed timestamp synchronization[J]. Journal of Communications, 2012, 33(10): 110-116.
[16]
赵春蕾. 端信息跳变系统自适应策略研究[D]. [博士论文], 南开大学, 2012.
Zhao Chun-lei. Research on adaptive strategies for end-hopping system[D]. [Ph.D. dissertation], Nankai University, 2012.
[17]
Yu S, Thapngam T, Liu J, et al.. Discriminating DDoS flows from flash crowds using information distance[C]. Proceedings of the third International Conference on Network and System Security, Piscataway, NJ, 2009: 351-356.
[18]
Cong S, Ge Y, Chen Q, et al.. DTHMM based delay modeling and prediction for networked control systems[J]. Journal of Systems Engineering and Electronics, 2010, 21(6): 1014-1024.