With the explosive growth of Internet traffic, large sensitive and valuable information is at risk of cyber attacks, which are mostly preceded by network reconnaissance. A moving target defense technique called host address mutation (HAM) helps facing network reconnaissance. However, there still exist several fundamental problems in HAM: 1) current approaches cannot be self-adaptive to adversarial strategies; 2) network state is time-varying because each host decides whether to mutate IP address; and 3) most methods mainly focus on enhancing security, but ignore the survivability of existing connections. In this paper, an Intelligence-Driven Host Address Mutation (ID-HAM) scheme is proposed to address aforementioned challenges. We firstly model a Markov decision process (MDP) to describe the mutation process, and design a seamless mutation mechanism. Secondly, to remove infeasible actions from the action space of MDP, we formulate address-to-host assignments as a constrained satisfaction problem. Thirdly, we design an advantage actor-critic algorithm for HAM, which aims to learn from scanning behaviors. Finally, security analysis and extensive simulations highlight the effectiveness of ID-HAM. Compared with state-of-the-art solutions, ID-HAM can decrease maximum 25% times of scanning hits while only influencing communication slightly. We also implemented a proof-of-concept prototype system to conduct experiments with multiple scanning tools.
How to Disturb Network Reconnaissance: A Moving Target Defense Approach Based on Deep Reinforcement Learning / Zhang, Tao; Xu, Changqiao; Shen, Jiahao; Kuang, Xiaohui; Grieco, Luigi Alfredo. - In: IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY. - ISSN 1556-6013. - STAMPA. - 18:(2023), pp. 5735-5748. [10.1109/TIFS.2023.3314219]
How to Disturb Network Reconnaissance: A Moving Target Defense Approach Based on Deep Reinforcement Learning
Grieco, Luigi Alfredo
2023
Abstract
With the explosive growth of Internet traffic, large sensitive and valuable information is at risk of cyber attacks, which are mostly preceded by network reconnaissance. A moving target defense technique called host address mutation (HAM) helps facing network reconnaissance. However, there still exist several fundamental problems in HAM: 1) current approaches cannot be self-adaptive to adversarial strategies; 2) network state is time-varying because each host decides whether to mutate IP address; and 3) most methods mainly focus on enhancing security, but ignore the survivability of existing connections. In this paper, an Intelligence-Driven Host Address Mutation (ID-HAM) scheme is proposed to address aforementioned challenges. We firstly model a Markov decision process (MDP) to describe the mutation process, and design a seamless mutation mechanism. Secondly, to remove infeasible actions from the action space of MDP, we formulate address-to-host assignments as a constrained satisfaction problem. Thirdly, we design an advantage actor-critic algorithm for HAM, which aims to learn from scanning behaviors. Finally, security analysis and extensive simulations highlight the effectiveness of ID-HAM. Compared with state-of-the-art solutions, ID-HAM can decrease maximum 25% times of scanning hits while only influencing communication slightly. We also implemented a proof-of-concept prototype system to conduct experiments with multiple scanning tools.| File | Dimensione | Formato | |
|---|---|---|---|
|
2023_How_to_Disturb_Network_Reconnaissance_pdfeditoriale.pdf
solo gestori catalogo
Tipologia:
Versione editoriale
Licenza:
Tutti i diritti riservati
Dimensione
2.99 MB
Formato
Adobe PDF
|
2.99 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
