Distributed Denial of Service (DDoS) is a huge hazard to Software-Defined Networks (SDN). Active defense technology is one of the effective measures to ensure the security of SDN. Active defense can increase the difficulty of the attacker's attack and reduce the probability of being attacked successfully. However, the active defense method based on port hopping has the problems of fixed hopping strategy, lack of flexibility and poor security (for example, it is easy for an attacker to grasp the law of server port hopping). Aiming at these problems, we proposed a Dynamic Moving Target Defense method based on Adaptive Port Hopping (DMTD-APH). The DMTD-APH combines the characteristics of SDN on the basis of port hopping and improves the flexibility of active defense by designing strategies such as hopping synchronization, hopping and forwarding, and adaptive hopping. At the same time, the DMTD-APH dynamically detects the network status through the source address entropy value and data flow rate method and performs time-adaptive or space-adaptive hopping adjustments to ports according to the detection results to build an adaptive active network defense model. The experimental results show that DMTD-APH enhances the anti-attack and service type of the network, and has stronger dynamics and security.
KEYWORDS: Defense and security, Network security, Neural networks, Information security, Evolutionary algorithms, Data modeling, Education and training, Computer security, Control systems, Standards development
Threat Intelligence is the knowledge set and operational advice of a series of evidences including vulnerabilities, threats, characteristics and behaviors obtained through big data, distributed system or other specific collection methods. It can restore the network attacks that have happened and predict the future possible attacks, and provide reference for users to make decisions. Help users avoid or minimize losses caused by network attacks. However, the existing technologies cannot respond in time and defend in advance to threat behaviors in the network environment as a whole, and cannot simultaneously take into account the prediction efficiency and accuracy of threat prediction. Aiming at the deficiency of existing technologies, this paper builds a security defense model of industrial control system based on threat intelligence. Firstly, credible threat intelligence is extracted through the quality assessment model of deep neural network algorithm. Secondly, high-quality threat intelligence is extracted through the self-defined matching principle, and contextual data is extracted to analyze the attack intention and predict the attack behavior. Finally, by constructing an attack and defense game model based on the attacker and the defender, the mixed strategy Nash equilibrium is used to predict the attack behavior based on non-high quality threat intelligence. Through a series of experiments, the model has a good predictive effect in the industrial control system.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.