Quantitative Analysis Of Security Effectiveness And Research Of Defense Decision Method On Dynamic Platform Techniques

With the increasing scale of the Internet,the cyberspace security situation is facing severe challenges.New types of attacks are emerging,and the confrontation between the attacker and defender has never stopped.Traditional defense methods are more and more difficult to resist increasingly serious attacks.Defenders are often in a passive situation while facing security threats such as zero-day vulnerabilities and APT attacks.Moving target defense came into being as a proactive defense strategy to reverse this unfavorable situation.It constantly changes the attack surface by importing dynamics and diversity into the network system,thereby increasing the difficulty and cost of attacks.A lot of work has been conducted in the security effectiveness evaluation and the defense decision method of various moving target defense mechanisms.However,most of the existing security effectiveness evaluation methods are based on discrete-time models and are steady-state analysis methods,which can neither describe the real-time confrontation characteristics nor reflect the transient changes of system security metrics.In the research of defense decision method research,most of the models cannot describe the cumulative cost,and the applicability of those models are limited.Aiming at these problems and difficulties,this paper focuses on the quantitative analysis of security effectiveness and defense decision method of dynamic platform techniques.The main contributions are as follows:(1)This paper proposes a quantitative analysis model based on continuous-time Markov chain for the security effectiveness of dynamic platform techniques.For a system that deploys the dynamic platform techniques,the model accurately depicts the interactions among the critical service running in the system,the attacker's multi-phased attack behavior and the migration mechanism.This paper then evaluates the survivability of critical service in the dynamic platform system according to the model.A series of survivability metrics are defined,including transient metrics and accumulated metrics.Transient analysis is performed for security effectiveness of dynamic platform techniques.Then the continuous-time Markov chain model is generated and solved by using Stochastic Reward Net.By setting different parameters,the experimental results are obtained and the numerical analysis is carried out.The results indicate the changes of survivability metrics with time,and demonstrate the effectiveness of the dynamic platform techniques in resisting attacks.It is instructive to improve and enhance the dynamic platform defense policy.(2)This paper combines the dynamic platform techniques with the traditional detection-based defense mechanism,and proposes a dynamic decision defense mechanism that enables defenders to make defense decisions according to the monitored system state.Aiming at the defense decision problem in this scenario,a continuous-time Markov decision process model is proposed.The model describes the confrontation scenario of the dynamic platform system under the dynamic decision defense mechanism.Then the reward function is defined,which includes both the immediate reward and the cumulative reward,and it comprehensively considers the relationship between the system reward and the defense cost.This paper utilizes value iteration algorithm to get the total expected discounted reward and the optimal policy.By setting different parameters,numerical analysis is conducted.The results demonstrate the impact of dynamic platform diversity on optimal policy selection and the total expected discounted reward,which can be used to select the optimal number of dynamic platforms.