Research On Key Technologies Of Cyber Deception Active Defense Based On SDN

While the Internet brings efficiency and convenience to people,the problem of network security is becoming increasingly serious and has become one of the most urgent problems to be solved by the government,military and enterprises.Traditional network defense mostly protect network and system security through intrusion detection,firewall and other technologies.However,such passive defense technologies often fall into the situation of “easy to attack but difficult to defend” when dealing with complex,automated and intelligent attacks represented by advanced persistent threat(APT)attacks.Security personnel are therefore beginning to focus on active defence technologies,and cyber deception active defense is being proposed as one of them.The cyber deception active defense can disturb the attacker’s perception and judgment of the network information system by setting a scam in the network information system,so as to discover,delay or block the activities of the attacker.Cyber deception active defense is a hot topic in current network security research,but there are still several key issues to be resolved.In view of this,this paper takes network intrusion prevention as the starting point,combines the basic theory of cyber deception active defense,studies the cyber deception active defense technology,defense effectiveness evaluation,strategy optimization and system implementation,and achieves the following results:1.Aiming at the problem that the existing cyber deception active defense is easy to be recognized by attackers,an MTD enhanced cyber deception active defense model(MTDCD)is proposed.By adopting cyber deception active defense technology,it can confuse the target network and system information collected by the attacker,extend the time for the attacker to scan the real vulnerable host in the network,and increase its time cost.On this basis,the moving target defense technology is integrated,and the IP addresses of nodes in the network are dynamically and randomly changed to improve the survival rate of the nodes,thereby further enhancing the defensive effectiveness of the cyber deception active defense.2.Aiming at the problems in the existing defense effectiveness evaluation research that the evaluation model is relatively simple,the evaluation results are not intuitive,and the subsequent strategy optimization cannot be better guided,a defense effectiveness evaluation model based on the Urn model is proposed.Through in-depth analysis of actual network confrontation,the network attack and defense scenario is constructed,and the defense effectiveness evaluation model is established based on the Urn model.Compared with the existing multiple defense defense methods,the effectiveness of the MTDCD defense mechanism is proved.At the same time,the defense effectiveness of MTDCD is evaluated from multiple aspects such as virtual network topology size,deception probability of decoy nodes,IP address randomization period,IP address transfer probability,etc.,to provide reference and guidance for subsequent defense strategy design.3.Aiming at the problem of insufficient initiative in the offensive and defensive interaction process of the existing cyber deceptive active defense,which leads to poor deception effect,a method for selecting the optimal strategy of MTDCD based on signal game is proposed.On the basis of in-depth analysis of network offense and defense scenarios,a signal game model is constructed to describe the network offense and defense process,and a multi-stage offense and defense game equilibrium solution method is designed to guide the selection of optimal deception defense strategies.Meanwhile,considering the uncertainty existing in the actual network attack and defense,the probabilistic model is used to quantify the attack and defense benefits.Experimental results show that this method can actively trick the attacker to attack the false target,so as to maximize the benefits of the defender.4.In order to verify the effectiveness of the model and method proposed in this paper,an MTDCD verification system based on software-defined network(SDN)is designed and implemented.Utilizing the high controllability and programmability of SDN,the MTDCD verification system is realized.On this basis,the accuracy of the effectiveness evaluation model and the optimal strategy selection method proposed in this paper was cross-validated,and it was verified through examples that MTDCD can effectively deal with network scanning and intranet penetration,and at the same time has acceptable system overhead.