A Hybrid Cyber Defense Mechanism to Mitigate the Persistent Scan and Foothold Attack
As the prerequisite for the attacker to invade the target network, Persistent Scan and Foothold Attack (PSFA) is becoming progressively more subtle and complex. Even worse, the static and predictable characteristics of traditional systems provide an asymmetric advantage for attackers in launching th...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Hindawi-Wiley
2020-01-01
|
| Series: | Security and Communication Networks |
| Online Access: | http://dx.doi.org/10.1155/2020/8882200 |
| id |
doaj-6024cc6975264060b907c1ebbcfbde90 |
|---|---|
| record_format |
Article |
| spelling |
doaj-6024cc6975264060b907c1ebbcfbde902020-11-25T03:44:05ZengHindawi-WileySecurity and Communication Networks1939-01141939-01222020-01-01202010.1155/2020/88822008882200A Hybrid Cyber Defense Mechanism to Mitigate the Persistent Scan and Foothold AttackShuo Wang0Qingqi Pei1Yuchen Zhang2Xiaohu Liu3Guangming Tang4Information Science and Technology Institute, Zhengzhou 450001, ChinaState Key Laboratory of Integrated Services Network, Xidian University, Xi’an 710071, ChinaInformation Science and Technology Institute, Zhengzhou 450001, ChinaInformation Science and Technology Institute, Zhengzhou 450001, ChinaInformation Science and Technology Institute, Zhengzhou 450001, ChinaAs the prerequisite for the attacker to invade the target network, Persistent Scan and Foothold Attack (PSFA) is becoming progressively more subtle and complex. Even worse, the static and predictable characteristics of traditional systems provide an asymmetric advantage for attackers in launching the PSFA. To reverse this asymmetric advantage and resist the PSFA, two new defense ideas, called moving target defense (MTD) and deception-based cyber defense (DCD), have been suggested to provide the proactive selectable measures to complement traditional defense. However, MTD is unable to defeat the sophisticated attacker with fingerprint tracking ability. Meanwhile, DCD is easy to be marked by the attacker, which will result in a great waste of defense resources and poor defense effectiveness. To address this shortcoming, we propose the hybrid cyber defense mechanism that combines the address mutation (belonging to MTD) and fingerprint camouflage (belonging to DCD) strategies. More specifically, we first introduce and formalize the attacker model of PSFA based on the cyber kill chain. Afterwards, the traffic direction technology is designed to realize the coordination between the strategy of address mutation and the strategy of fingerprint camouflage. Furthermore, we construct the fine-grained quantitative modeling of the attacker’s behaviors through an in-depth observation of actual network confrontation. Based on this, a dynamic defense strategy generation algorithm is presented to maximize the effectiveness of our hybrid mechanism. Finally, the experimental results show that our hybrid mechanism can greatly improve the time required for a successful attack and achieve a better defense effect than the single strategy.http://dx.doi.org/10.1155/2020/8882200 |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Shuo Wang Qingqi Pei Yuchen Zhang Xiaohu Liu Guangming Tang |
| spellingShingle |
Shuo Wang Qingqi Pei Yuchen Zhang Xiaohu Liu Guangming Tang A Hybrid Cyber Defense Mechanism to Mitigate the Persistent Scan and Foothold Attack Security and Communication Networks |
| author_facet |
Shuo Wang Qingqi Pei Yuchen Zhang Xiaohu Liu Guangming Tang |
| author_sort |
Shuo Wang |
| title |
A Hybrid Cyber Defense Mechanism to Mitigate the Persistent Scan and Foothold Attack |
| title_short |
A Hybrid Cyber Defense Mechanism to Mitigate the Persistent Scan and Foothold Attack |
| title_full |
A Hybrid Cyber Defense Mechanism to Mitigate the Persistent Scan and Foothold Attack |
| title_fullStr |
A Hybrid Cyber Defense Mechanism to Mitigate the Persistent Scan and Foothold Attack |
| title_full_unstemmed |
A Hybrid Cyber Defense Mechanism to Mitigate the Persistent Scan and Foothold Attack |
| title_sort |
hybrid cyber defense mechanism to mitigate the persistent scan and foothold attack |
| publisher |
Hindawi-Wiley |
| series |
Security and Communication Networks |
| issn |
1939-0114 1939-0122 |
| publishDate |
2020-01-01 |
| description |
As the prerequisite for the attacker to invade the target network, Persistent Scan and Foothold Attack (PSFA) is becoming progressively more subtle and complex. Even worse, the static and predictable characteristics of traditional systems provide an asymmetric advantage for attackers in launching the PSFA. To reverse this asymmetric advantage and resist the PSFA, two new defense ideas, called moving target defense (MTD) and deception-based cyber defense (DCD), have been suggested to provide the proactive selectable measures to complement traditional defense. However, MTD is unable to defeat the sophisticated attacker with fingerprint tracking ability. Meanwhile, DCD is easy to be marked by the attacker, which will result in a great waste of defense resources and poor defense effectiveness. To address this shortcoming, we propose the hybrid cyber defense mechanism that combines the address mutation (belonging to MTD) and fingerprint camouflage (belonging to DCD) strategies. More specifically, we first introduce and formalize the attacker model of PSFA based on the cyber kill chain. Afterwards, the traffic direction technology is designed to realize the coordination between the strategy of address mutation and the strategy of fingerprint camouflage. Furthermore, we construct the fine-grained quantitative modeling of the attacker’s behaviors through an in-depth observation of actual network confrontation. Based on this, a dynamic defense strategy generation algorithm is presented to maximize the effectiveness of our hybrid mechanism. Finally, the experimental results show that our hybrid mechanism can greatly improve the time required for a successful attack and achieve a better defense effect than the single strategy. |
| url |
http://dx.doi.org/10.1155/2020/8882200 |
| work_keys_str_mv |
AT shuowang ahybridcyberdefensemechanismtomitigatethepersistentscanandfootholdattack AT qingqipei ahybridcyberdefensemechanismtomitigatethepersistentscanandfootholdattack AT yuchenzhang ahybridcyberdefensemechanismtomitigatethepersistentscanandfootholdattack AT xiaohuliu ahybridcyberdefensemechanismtomitigatethepersistentscanandfootholdattack AT guangmingtang ahybridcyberdefensemechanismtomitigatethepersistentscanandfootholdattack AT shuowang hybridcyberdefensemechanismtomitigatethepersistentscanandfootholdattack AT qingqipei hybridcyberdefensemechanismtomitigatethepersistentscanandfootholdattack AT yuchenzhang hybridcyberdefensemechanismtomitigatethepersistentscanandfootholdattack AT xiaohuliu hybridcyberdefensemechanismtomitigatethepersistentscanandfootholdattack AT guangmingtang hybridcyberdefensemechanismtomitigatethepersistentscanandfootholdattack |
| _version_ |
1715130706195120128 |