科技论文写作结课作业.docx

科技论文写作结课作业单位： xxxxxx 姓名： 学号： 导师： 电话： 导师评语： 7 / 7The Comparison Between Moving Target Defense FrameworksAbstractIneffective performance of traditional defense system facing constantly-developing multifarious network attacks leads to the rapid development of Moving Target Defense (MTD). In this paper, we divided existing technologies of MTD to four groups based on the comparison of MTD and Mimic Security Defense (MSD). Then, we present the differences between the generic framework for MTD and MOTAG (Moving Target Defense against Internet Denial of Service Attacks). We analyze and highlight some improving suggestions for the greedy shuffling algorithm.Keywords: Moving Target Defense Mimic Security DefenseShufflingFramework1. IntroductionThe number and scale of distributed denial-of-service (DDoS) attacks have increased at an incredible rate over the past decade 1. Meanwhile, the cost of carrying out a DDoS attack has declined surprisingly fast. A Trend Micros whitepaper 2 has exposed that $150 is enough to launch 1-week DDoS attack on Russian. Thereinto, data center is the severely afflicted area of DDoS attacks. In addition, dazzled Trojans and vulnerability in various applications lead to the leakage of personal information even loss or damage to property. Bloomberg reported that the hackers “exploited an overlooked flaw in one of the banks websites” 3. Beyond that, all kinds of new attacks have sprung up in recent decades, like BadUSB and Advanced Persistent Threat (APT) which is one of the most serious threats to critical infrastructures. As stated above, with the fast development of Internet, multifarious network attacks have emerged endlessly and traditional defense strategies have been powerless. To put it simply, traditional defense system can be classified as static defensive mechanism, composed of Firewall and Encrypted Authentication System, and dynamic defensive mechanism such as Network Intrusion Detection (NID). Nevertheless, it has been incapable of meeting the requirements of network security fully with the striking progress on network attack. To trace to their sources, the configurations of most network systems are static so that there is enough time for attackers to monitor, probe and attack, resulting in the information asymmetry between the attackers and the defenders. Neither Firewall nor NID is the ultimate solution of obstructing network attack.Researchers realized that it is virtually impossible to discover and settle all vulnerabilities on account of the increasing complexity of systems and information asymmetry between the defenders and the adversaries. To address static vulnerability, MTD was proposed as the cyberspace game-changing technology to fend off the various network attacks by the Networking and Information Technology Research and Development (NITRD). The core idea of MTD is dynamically shift which can be conducted at different levels including IP layer, application layer, etc. To increase uncertainty and apparent complexity is the ultimate aim of MTD. The remainder of the paper is organized as follows: in the next section, we briefly conduct a literature review. Sec. discusses several general frameworks and mechanisms for MTD and NMTD, respectively. Finally, we conclude the paper in Sec. .2. Literature reviewThere have been a number of research efforts devoted to preventing from a broader range of attacks. Address space randomization or address space layout randomization (ASLR), one of security technologies for buffer overflow, is one of the most successful applications of MTD 4. The principle is to randomization of the heap, stack and so on so as to the cost and difficulty of attacks will increase. Kewley et al. 5 introduced DYNAT (Dynamic Network Address Translation) which means that IP address is uncertain and stochastic when the private IP address of intranet is converted to a public IP address. DYNAT can protect the system by confusing attackers. Cristian et al. 6 investigated data randomization, a new technique offering probabilistic protection against memory error exploits. In order to resist remote code injection exploits and SQL injection exploits of web applications, Marthony et al. 7 proposed two novel approaches to resist remote code injection exploits and SQL injection exploits based on the conversion of implement language. MOTAG, a moving target defense mechanism including a greedy shuffling algorithm to optimize the strategy, was developed to protect against DDoS attacks 8. Marc et al. 9 defined seven properties of network-based Moving Target Defense (NMTD) and provided the assessment of four typical NMTD systems according to fundamental properties. Linqiang Ge et al. 10 not only presented and evaluated a generic defense framework, but also designed a user-server mapping mechanism to improve the resilience of system. In the next section, we highlight and compare several frameworks and mechanisms. 3.Discussion3.1The classification and comparison of existing technologyLinqiang Ge et al. first introduce a general framework for MTD after a summary and classification of classic MTD techniques. In the research, MTD techniques are categorized into two levels: the application level and lower level. As an example of low-lever MTD, ASLR must be the one of the most successful strategies on account of the extensive utilization in modern OS, including LINUX and Windows. In addition, there have been a lot of researches based on high-level MTD techniques. For instance, OpenFlow Random Host Mutation (OF-RHM) transparently alters IP addresses in a stochastic tactics on the basis of OpenFlow which can allocate each system a random IP 14. Besides, the authors sum up the pros, cons and attacks that the techniques can thwart.According to the survey of Okhravi 11, Marthony et al. 7 divide the efforts into five classes according to what-to-move: changing run-time environment, such as ASLR and Randomized Instruction Set Emulation; changing applications code dynamically or diversifying software, like Self-randomizing instruction addresses; changing data representations 12; changing platforms 13; changing network configurations 10.It is worth noting that MSD proposed by Jiangxing Wu 15, the Chinese Academy of Engineering. Inspired by the mimic octopus which can imitate more than ten marine organisms such as the coral reef and the protean Eight-Diagram tactics, Wu et al. present that it is reasonable for inevitable vulnerability to change the architecture and execution environment of systems. The core concept is to formulate a pseudo-random system via taking advantage of the diversity and dynamism of software and hardware reasonably so that the cost of launching attacks increases exponentially. To be specific, initiative saltation of network configurations, platforms, operating environment, software, data structure on basis of providing the identical function play a key role in MSD. Compared with MTD, the common ground is the basic ideadynamism, diversification and randomization. In order to remove the single point of failure and raise the cost of cyberattacks, MTD and MSD apply the redundant and isomerism strategy such as a pool of proxy nodes and application servers with different operating systems. Even though it becomes complex and expensive for defenders to design and preserve the system, the approach can protect the system to a certain degree which is worthy for defenders. The difference is the implementation methodMSD focuses on synergistic effect between software and hardware but the main object of MTD is software technology.Above all, the concept of MTD should be expanded and reclassified as network layer, application layer, operating system level and hardware layer. Five classes in 7 can be redistricted. Namely, the dynamical change of applications code, software diversity and data diversity can be regarded as application layer. Then, Network layer includes network configurations dynamism and some technologies about changing run-time environment such as ASLR. Plus, dynamically changes on platforms belong to operating system level. Certain strategies of changing run-time environment like Randomized Instruction Set Emulation can be considered as hardware layer.3.2 The generic framework for MTD/NMTDGe et al. design a generic framework for MTD including a user-service mapping scheme in the service layer. As depicted in Figure 1, there are three interconnected components named the proxy server, the proxy nodes and the services servers. Compared with traditional network frameworks, the MTD service layer, comprised of proxy server and a pool of proxy nodes, mediates communications between all users and application servers to guarantee the security of application servers. The services servers, which can be also called the application servers, consist of a small subset of redundant and isomerism operating systems which provide selfsame functions for users. As for users, the IP addresses of application servers are non-transparent and users cannot connect directly with application servers. Meanwhile, the proxy server provides authentications for users firsthand but proxy nodes are semitransparent which means only authorized users have the right to communicate with proxy nodes and application servers. It is worth noting that communications among three key components are credible enough to prevent replay attacks.As stated above, firstly, users must access the proxy server whose IP address is associated with the domain name of application servers to get the certification. Then, the user can obtain the IP address of a random proxy node allocated by the proxy server. Meanwhile, the proxy server will inform the proxy node the upcoming visit including the IP address of the authenticated user and a selected application server. Finally, the user can acquire the service from a designated application server selected via the user-service mapping scheme. The core principle of the generic framework is that only the IP address of the proxy server is visible for all users and the authenticated users will be only notified the IP address of the specified proxy node so that it is highly unlikely for adversaries to attack application servers directly. It is worth mentioning that the proxy server, exposed to the attackers, will be protected in a special strategy such as proof-of-work (PoW) protection 16.In addition, it is based on the user-server mapping scheme that the proxy server allocates the proxy nodes to users. Considering the vulnerabilities of the service servers and risk of users, the user-server mapping scheme defines a security reputation level based on the historical behavior of that user and a severity level of system vulnerabilities. The strategy can be conducted quantitatively through defining a cost to describe the performance including the network performance and the security cost. And when the performance is modeled as an optimization problem, the framework can minimize the possibility of the servers being in a risk and improve user experience about the network performance.Figure 1: A Generic Framework for MTD.As for DDoS attacks, Jia et al. present a greedy shuffling algorithm to optimize the strategy of proxies shuffling based on MOTAG, and implement it on MATLAB to verify the effectiveness. The MOTAG architecture is the same as the above framework.The basic principle between the MTD framework and MOTAG is extremely similar, such as the same components and the hidden properties of IP addresses. However, the only difference decides the distinct function: an optimized performance based on the user-service mapping scheme and the protection from DDoS attacks based on the greedy shuffling algorithm. Different from the MTD framework, only for names, the authentication server and the proxies replace the proxy server and proxy nodes, respectively. For the MTD framework, when proxy nodes are under DDoS attacks, the only method is to forbid the under-attack node to provide the service and reallocate a proxy node which will be attacked again as expected. Nevertheless, the specific shuffling strategy of proxy nodes makes it possible. In MOTAG, not all proxies are on the status of the service at the beginning but a part of them which are referred to as “moving” proxies are not activated until some nodes are attacked. “Moving” proxies are entirely hidden for all users including legitimate clients and nothing will be carried out if there is no attack. It is if and only if clients are authenticated by the authentication server that all clients can connect with proxies and the application servers. Attackers will obtain the access authority via social engineering, stealing users login information and so on even though the authentication server is protected as a military base and the proxies are under DDoS attacks as soon as IP addresses are revealed. In the meantime, the shuffling strategy plays an important role in thwart DDoS attacks. Firstly, the proxies will be divided into attacked and innocent proxies and all clients connecting with the attacked proxies are identified as suspected clients. The major objects of the strategy are attacked and moving proxies which are named shuffling proxies and the aim is to separate innocent clients from insiders which are invaded. Then, the authentication server reassigns suspected clients to shuffling proxies which is called as a shuffle. After each shuffle, shuffling proxies will be split into two groups: attacked and innocent and some suspected clients are also separated as innocent proxies. Meanwhile, the objects are changed into shuffling proxies which are still attacked and rest suspected clients. The shift will terminate under three statuses. First, there are so less clients left than proxies that each proxy corresponds to a client. Second, there is only one proxy left so that the shuffle cannot be conducted sequentially. Third, all insiders are eliminated which is the best consequence. It is worth noting that the innocent proxies will be removed from the shuffling proxies after each movement so that shuffling proxies decreases progressively gradually, resulting in an undesirable termination that there is only one proxy left. Hence, we can modify the greedy shuffling algorithm. The kernel is to maintain the number of the shuffling proxies which means that an extra step needs to be added after each movement. When the innocent clients are separated via shuffling, they will be marked and reallocated to service proxies. In the meantime, the innocent proxies are still the shuffling proxies to participate in the next movement, ensuring the unchangeable number of the shuffling proxies. Therefore, the second terminate condition is impossible which means insiders must be found after enough movements.Focusing on the macroscopic properties, Marc et al. simplify the framework as Figure 2, wherein the proxy server and proxy nodes are simplified as the mapping service component. In addition, the connection between untrustworthy client and sink is in above frameworks. Seven properties common to NMTDs, defined in 9, may help guide researchers to evaluate the NMTD systems. The seven properties respectively are moving property including unpredictability sub-property, vastness sub-property and periodicity sub-property, access control property including uniqueness sub-property, availability sub-property and revocability sub-property, and distinguishability property. We can evaluate MOTAG based on seven properties. Moving property: All proxies and application services in MOTAG are hidden for unauthenticated clients and enough to provide the service. However, proxies will not change until attacks break out so that targets will be not moved periodically. Therefore, MOTAG can provide the unpredictability and vastness sub-properties. In other words, MOTAG is relatively passive way. Access Control Property: The authentication server allocates a dedicated proxy node to the authenticated client. Meanwhile, the proxy node will be noticed the coming connection. Hence, the framework fulfills the requirements of three sub-properties.Distinguishability Property: All clients can connect with proxies if and only if clients are authenticated by the authentication server. It is undeniable that untrustworthy clients can be authenticated successfully through probing and monitoring the users authentication procedure. To some extent, the authentication server can meet the distinguishability property.Figure 2: Overview of components in MTD system4. ConclusionsWe compare MTD with MSD and propose that the concept of MTD should be expanded and reclassified. The most important change is that MTD should include hardware diversity. Then, we discuss the generic framework for MTD and MOTAG. Plus, we improve the greedy shuffling algorithm based on the analysis of the shuffling strategy which can optimize the result of movements. REFERENCES1 R. Dobbins and C. Morales, “Worldwide infrastructure security report vii,” 2011. 2 T. Micro, “Russian underground 101,” /cloud-content/us/pdfs/security-intelligence/ white-papers/wp-russian-underground-101.pdf, 2012.3 J. Robertson and M. Riley, “JPMorgan Hack Said to Span Months Via Multiple Flaws,” Aug. 20144 B. P. E.-J. G. N. M. Hovav Shacham, Matthew Page and D. Boneh, “On the effectiveness of address-space random-ization,” in Proceedings of the 11th ACM conference on Computer and communications security (CCS), ACM, NewYork, pp. 298307, 2004.5 D.