Quantitative Analysis Of Attack Behavior Under Lateral Movement And Defense Effectiveness-performance Under Dynamic Platform Technique

Lateral movement-based attack is a kind of dangerous attack method.It has brought highly likely threats to business systems,critical infrastructures and even national security.When launching this kind of attacks,adversaries first compromise a fraction of the targeted system and then move laterally to the rest of the system until the whole system is intruded.Note that during the lateral movement,there definitely exists some regular patterns on the behavior of adversaries.However,the corresponding analysis hasn't been carried out yet.Furthermore,during the lateral movement,adversaries' attack ability may vary over time.And during the system fixing procedure,fixing ability and system structure may also vary over time.However,the analysis on how these factors will make influences on the behavior of lateral movement-based attack hasn't been carried out yet.Lateral movement-based attack is always exploited based on zero-day vulnerabilities,which is persistent and hidden.Thus traditional passive defense mechanisms are generally limited on defending against this attack.In recent years,researchers proposed a kind of active defense mechanism called migration-based dynamic platform technique,which protects the critical job in a system by dynamically changing its executing environment to make adversaries hard to obtain complete information about this critical job,such that the attack cost increases correspondingly to improve the security of the system.However current researches haven't analyzed the effectiveness and performance of migration-based dynamic platform technique on defending against lateral movement-based attacks.In this thesis we first analyze the regular pattern of a dynamic network system under lateral movement-based attacks from the time that attack-related abnormity in the system is detected until mechanisms are designed and deployed to defend against attacks.We construct a survivability model for quantitative analyzing lateral movement-based attack under dynamic attacking and dynamic fixing scenario based on non-homogeneous continuous-time Markov chain.We then propose a phased piecewise constant approximation approach to make model be further applied on analyzing dynamic system structure scenario,such that the influences on the behavior of lateral movement-based attack under above three dynamic factors can be quantitatively analyzed.Our proposed method can obtain the regular pattern of lateral movement-based attack under dynamic attack,dynamic fix and dynamic system structure.In this thesis we further analyze the effectiveness and performance of migration-based dynamic platform technique on defending against lateral movement-based attack.Based on Stochastic Reward Nets technique,we develop a model with five sub-models for simulating typical behaviors of the attack of adversaries,the defense of migration-based dynamic platform technique,and the execution of a critical job.Based on proposed model,we further analyze what influence that different system parameters of dynamic platform and different attack power of adversaries can make on the defense effectiveness and performance while a critical job is executed under a dynamic platform technique system.