Design And Implementation Of Moving Target Defense System Based On Self-adaptive Strategy

With the development of computer networks and information technology,the Internet is playing an increasingly important role in our life,and cyber security also becomes more and more important.In the past,researchers have conducted a lot of research in the field of network security,including firewalls,intrusion detection,and access control and so on.However,the continuous emergence of cyber security incidents illustrates that traditional defense systems cannot effectively counter advanced attack methods.Network security is facing an unequal situation.The reason for this situation is the determinism,staticity and unity of traditional networks,which allows attackers to have enough time to collect information and analyze networks to conquer defense system.Moving target defense(MTD),a new technique is proposed to break the inequal situation faced by defenders.Moving target defense try not to establish a flawless system to combat intrusions.On the contrary,the idea of moving target defense is to use constantly changing deployment mechanisms and strategies.The constantly change idea can increase the difficulty and cost to attack,effectively limit the vulnerability exposure and improve the flexibility of the system.Aiming at the shortcomings of the current moving target defense technology,this thesis deeply researches the existing hopping strategy model and proposes a new self-adaptive hopping strategy.This method is based on traffic anomaly detection.It adds anomaly detection module and adaptive strategy module to the traditional moving target defense system.Therefore,system is able to detect and evaluate the traffic anomaly on the current network in real time and use the results as a guide to generate a proper hopping period.This method solves the problems of fixed hopping period and waste of resources in traditional hopping strategy.The main work of this thesis is concluded as follows:1.Design an adaptive threshold network traffic anomaly detection method based on ?-entropy and an improved EWMA model.Analyze the shortcomings of traditional entropy-based traffic anomaly detection,and discuss how to deal with the impact of network changes on the threshold of anomaly detection algorithms.This method combines entropy-based traffic anomaly detection with model prediction.First,use ?-entropy to describe the auto-correlation of network traffic.Then,use the improved EWMA model to predict the entropy of new traffic.Finally,calculate the variance to get the adaptive threshold.The adaptive threshold method can effectively deal with the problem of fixed thresholds is too high or too low when the network changes.The experimental results show that the method can adapt to the dynamically changing network environment and has a good detection effect.2.Design a new adaptive method that can dynamically adjust its own hopping strategy.Analyze the current difficult situation caused by the new follow attack method,and point out that the follow attack has the characteristics of attack lag and concentration.This method uses the results of the traffic anomaly detection algorithm to analyze the current network,and gradually adjusts the hopping period to match the current network conditions.The change of the hopping period "decrease quickly,and increase slowly",and the results of the traffic anomaly detection algorithm are used as parameters to allow the system to save more resources to achieve security.3.Design and implement a moving target defense system based on self-adaptive method.Research the problems of the traditional moving target defense system.Analayze the positioning of the new defense system and the requirements for self-adaptive strategy.Compared with the traditional system,proposed system uses a unique method of traffic anomaly detection,and reuse the results to generate new hopping strategy,which improves the system's ability to judge and adapt to network abnormal conditions.It also reduces the consumption of system and improves the practicability of the system.Finally,this thesis conducts experiments on usability and performance testing of traffic anomaly detection algorithms and system self-adaptive strategy methods.The traffic anomaly detection experiment shows that the detection rate of the algorithm reaches 97%and the false alarm rate is only 4%,indicating that the algorithm also has a good detection effect even in a constantly changing network and the result of the self-adaptive threshold is a reliable value.In the system self-adaptive strategy experiment,the difference between the self-adaptive strategy and the fixed strategy is shown when facing follow attack.The conclusion that the self-adaptive strategy can effectively detect and defense the follow attack is obtained.