• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Journal of network and computer applications >Dynamic Security Metrics for Software-Defined Network-based Moving Target Defense
【24h】

Dynamic Security Metrics for Software-Defined Network-based Moving Target Defense

机译:软件定义网络的移动目标防御动态安全度量

获取原文
获取原文并翻译 | 示例
       
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

We propose a suite of dynamic security metrics that timely, dynamically, and adaptively assess the effectiveness of the software-defined network (SDN)-based moving target defense (MTD) techniques. The security metrics are developed to measure the dynamics of a network and a host state's information (e.g., IP address, port, software stacks, vulnerabilities, or network topology) introduced by various types of MTD techniques shuffling them. The key aspect of our proposed metrics is to capture variability that keeps track of changing patterns of the network and the host states upon every MTD triggering event. In this work, we propose the following security metrics capturing the variability based on the changes made by the MTD: (1) Network and host address-based metrics measuring variability of the network and host addresses based on a degree of uncertainty and unpredictability on the assigned IP address to the hosts in a network; (2) Attack path-based metrics measuring variability of attack paths using graphical models estimated based on the network state transitions from one topology to another topology upon triggering a network topology and/or IP shuffling MTD; and (3) Attack stage-based success metrics measuring the chances of discovering a vulnerable target host's information, exploiting the target host's vulnerability, and compromising the target host. Via extensive simulation study, we investigated the key parameters that can significantly affect the MTD performance based on the proposed security metrics. Our simulation results show that the metrics are viable to measure the effectiveness of deploying the MTD techniques.
机译:我们提出了一套动态安全度量,即时,动态地,自适应地评估基于软件定义的网络(SDN)的移动目标防御(MTD)技术的有效性。开发了安全指标,以测量网络的动态和主州的信息(例如,通过各种类型的MTD技术推出的MTD技术引入的信息(例如,IP地址,端口,软件堆栈,漏洞或网络拓扑)。我们提出的指标的关键方面是捕获可变性,以跟踪每个MTD触发事件时更改网络模式和主机状态。在这项工作中,我们提出了基于MTD:(1)网络和主机地址的度量基于网络和主机地址的变化来捕获以下安全性的可变性,这是基于对网络的不确定性程度和不可预测性的基于网络和主机地址的可变性将IP地址分配给网络中的主机; (2)攻击基于路径的度量测量攻击路径的可变性使用基于网络状态从一个拓扑到触发网络拓扑和/或IP洗牌MTD的另一个拓扑到另一个拓扑结构的图形模型; (3)攻击基于阶段的成功指标测量发现脆弱的目标主机信息的机会,利用目标主机的漏洞,并损害目标主机。通过广泛的仿真研究,我们研究了基于所提出的安全指标,可以显着影响MTD性能的关键参数。我们的仿真结果表明,度量标准可行,以衡量部署MTD技术的有效性。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号