基于网络空间欺骗的移动目标防御技术研究

张雅勤; 马多贺; Xiaoyan Sun; 周川; 刘峰

引用本文：

张雅勤,马多贺,Xiaoyan Sun,周川,刘峰.基于网络空间欺骗的移动目标防御技术研究[J].信息安全学报,已采用 [点击复制]
ZHANG Yaqin,MA Duohe,SUN Xiaoyan,ZHOU Chuan,LIU Feng.A Study on Cyber Deception-Based Moving Target Defense[J].Journal of Cyber Security,Accept [点击复制]

本文已被：浏览 3136次下载 1653次
基于网络空间欺骗的移动目标防御技术研究
张雅勤¹, 马多贺¹, Xiaoyan Sun², 周川³, 刘峰³
0 字体:加大+\|默认\|缩小-
(1.中国科学院信息工程研究所国家重点实验室;2.美国加利福尼亚州立大学萨克拉门托分校计算机科学系;3.中国科学院信息工程研究所信息安全国家重点实验室)

摘要:

移动目标防御(Moving Target Defense, MTD)是改变当前网络空间“易攻难守”的攻防不对称局面的革命性技术之一。MTD的基本思想是通过持续不断地转换攻击面，增加攻击者攻击的困难度和复杂度。如何选取转换属性，提高属性攻击面转换空间是MTD领域研究的重点问题。多样化、冗余和欺骗是当前属性攻击面转换空间构造的主要方法。然而，多样化和冗余策略在构建攻击面转换空间时，存在构建成本高以及系统兼容性等问题，使得传统的移动目标防御无论在理论研究，还是在实际应用中都遇到了很大瓶颈。网络空间欺骗则为这一困难问题提供了契机。网络空间欺骗由于其虚虚实实的变化，蜜罐、蜜饵、面包屑等多样化的欺骗方式，以及构建成本低、构造欺骗属性容易等特性，被提出用于扩大攻击面转换空间，成为MTD研究的重要技术手段和工具。因此十分有必要研究关注网络空间欺骗在移动目标防御的重要位置与作用，以及评估和比较网络空间欺骗在移动目标防御中的有效性。本文首先比较了基于网络空间欺骗的MTD与经典MTD (基于多样化和冗余的MTD) 的差异，明确了网络空间欺骗在移动目标防御中发挥的重要价值，然后根据已有研究从多维度对基于欺骗的MTD技术及其应用进行了探索与分类，最后归纳了研究面临的主要问题与挑战，并讨论了未来可能的研究方向。

关键词: 移动目标防御网络空间欺骗网络空间安全评估方法

DOI：10.19363/J.cnki.cn10-1380/tn.2023.06.04

投稿时间：2020-10-25修订日期：2021-04-08

基金项目:国家重点研发计划(2018YFC0806900)，国家自然科学基金(No. 61671448、No. 61902397)和中国科学院信息工程研究所“青年之星”项目(No.Y7Z0201105)

A Study on Cyber Deception-Based Moving Target Defense

Abstract:

Moving Target Defense (MTD) is one of the game-changing revolutionary concepts that surpasses traditional approaches by wresting the asymmetric advantages of the attackers over defenders. The basic idea of MTD is to continuously change the attack surface, thereby increasing the difficulty and complexity of attackers. Choosing the attributes to switch and expanding the switching space of attribute attack surface are critical problems in MTD. Currently diversification, redundancy and deception are the main strategies for constructing the switching space. However, the high cost and system incompatibility issues of the first two strategies, together with the limited attack surface switching space, make the theoretical research and practical application of traditional MTD remain stagnant. Cyber Deception provides an opportunity for this challenging problem. It offers diversified deceptive methods, such as honeypots, honey baits, and breadcrumbs, and has the characters of low cost and easy construction of deceptive properties. Therefore, cyber deception can be used to expand the attack surface switching space, and becomes one of the most important approaches and tools for MTD study. Nevertheless, the research community still lacks understanding towards the role of cyber deception in MTD, and few research works have evaluated its effectiveness. In this paper, we compare the differences between traditional MTD and cyber deception-based MTD, and identify the important value of cyber deception in MTD. Furthermore, we perform a multi-dimension classification towards existing works in cyber deception-based MTD. Finally, we summarize the limitations and challenges of existing solutions, and discuss potential future research directions

Key words: moving target defense cyber deception cybersecurity evaluation