Location-Aware Measurement for Cyber Mimic Defense: You Cannot Improve What You Cannot Measure
Abstract
:1. Introduction
2. Preliminaries
2.1. CMD Framework
2.2. Network Topology
3. Network Partitioning
- Modularity (Q)
- Modularity gain (ΔQ)
- Initially, each node is regarded as a separate community;
- For each node i, try to assign it to a neighbor community in turn and calculate the modularity gain after assignment, find the assignment method with the maximum modularity gain and assign it if its , otherwise leave it unchanged;
- Repeat the steps in 2 until the communities in which all nodes are located no longer change;
- Compress a community into a new node, convert the weights of edges interconnected by nodes within the community to the weights of the ring of the new node, and convert the weights of edges between communities to the weights of the edges between the new nodes;
- Repeat the above steps until the results converge.
4. Metrics in the Objective Space
4.1. Single Node
- Independent failure risk.
4.2. Relationship between Nodes
- Common-mode index.
- Transfer probability.
4.3. Entire Community
- Comprehensive failure risk.
5. Simulation
6. Related Works
7. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Zheng, Y.; Li, Z.; Xu, X.; Zhao, Q. Dynamic defenses in cyber security: Techniques, methods and challenges. Digit. Commun. Netw. 2022, 8, 422–435. [Google Scholar] [CrossRef]
- Yang, J.; Chen, X.; Chen, S.; Jiang, X.; Tan, X. Conditional variational auto-encoder and extreme value theory aided two-stage learning approach for intelligent fine-grained known/unknown intrusion detection. IEEE Trans. Inf. Forensics Secur. 2021, 16, 3538–3553. [Google Scholar] [CrossRef]
- Yousef, W.A.; Traoré, I.; Briguglio, W. UN-AVOIDS: Unsupervised and Nonparametric Approach for Visualizing Outliers and Invariant Detection Scoring. IEEE Trans. Inf. Forensics Secur. 2021, 16, 5195–5210. [Google Scholar] [CrossRef]
- Tian, W.; Du, M.; Ji, X.; Liu, G.; Dai, Y.; Han, Z. Honeypot detection strategy against advanced persistent threats in industrial internet of things: A prospect theoretic game. IEEE Internet Things J. 2021, 8, 17372–17381. [Google Scholar] [CrossRef]
- Giraldo, J.; El Hariri, M.; Parvania, M. Decentralized Moving Target Defense for Microgrid Protection against False-Data Injection Attacks. IEEE Trans. Smart Grid 2022, 13, 3700–3710. [Google Scholar] [CrossRef]
- Hu, Y.; Xun, P.; Zhu, P.; Xiong, Y.; Zhu, Y.; Shi, W.; Hu, C. Network-based multidimensional moving target defense against false data injection attack in power system. Comput. Secur. 2021, 107, 102283. [Google Scholar] [CrossRef]
- Sengupta, S.; Chowdhary, A.; Sabur, A.; Alshamrani, A.; Huang, D.; Kambhampati, S. A survey of moving target defenses for network security. IEEE Commun. Surv. Tutor. 2020, 22, 1909–1941. [Google Scholar] [CrossRef] [Green Version]
- Negi, P.S.; Garg, A.; Lal, R. Intrusion detection and prevention using honeypot network for cloud security. In Proceedings of the 2020 10th International Conference on Cloud Computing, Data Science & Engineering (Confluence), Noida, India, 29–31 January 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 129–132. [Google Scholar]
- Wu, J. Cyberspace Mimic Defense; Springer: Berlin/Heidelberg, Germany, 2020. [Google Scholar]
- Zheng, J.; Wu, G.; Wen, B.; Lu, Y.; Liang, R. Research on SDN-based mimic server defense technology. In Proceedings of the 2019 International Conference on Artificial Intelligence and Computer Science, Wuhan, China, 12–13 July 2019; pp. 163–169. [Google Scholar]
- Jin, H.; Li, Z.; Zou, D.; Yuan, B. Dseom: A framework for dynamic security evaluation and optimization of mtd in container-based cloud. IEEE Trans. Dependable Secur. Comput. 2019, 18, 1125–1136. [Google Scholar] [CrossRef]
- Li, H.; Hu, J.; Ma, H.; Huang, T. The architecture of distributed storage system under mimic defense theory. In Proceedings of the 2017 IEEE International Conference on Big Data (Big Data), Boston, MA, USA, 11–14 December 2017; IEEE: Piscataway, NJ, USA, 2017; pp. 2658–2663. [Google Scholar]
- Picek, S.; Hemberg, E.; O’Reilly, U.M. If you can’t measure it, you can’t improve it: Moving target defense metrics. In Proceedings of the 2017 Workshop on Moving Target Defense, Dallas, TX, USA, 30 October 2017; pp. 115–118. [Google Scholar]
- Barabási, A.L. Scale-free networks: A decade and beyond. Science 2009, 325, 412–413. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Fortunato, S. Community detection in graphs. Phys. Rep. 2010, 486, 75–174. [Google Scholar]
- Blondel, V.D.; Guillaume, J.L.; Lambiotte, R.; Lefebvre, E. Fast unfolding of communities in large networks. J. Stat. Mech. Theory Exp. 2008, 2008, P10008. [Google Scholar] [CrossRef] [Green Version]
- Cohen-Addad, V.; Kosowski, A.; Mallmann-Trenn, F.; Saulpic, D. On the power of louvain in the stochastic block model. Adv. Neural Inf. Process. Syst. 2020, 33, 4055–4066. [Google Scholar]
- Fortunato, S.; Lancichinetti, A. Community detection algorithms: A comparative analysis: Invited presentation, extended abstract. In Proceedings of the 4th International ICST Conference on Performance Evaluation Methodologies and Tools, Pisa, Italy, 20–22 October 2009. [Google Scholar]
- Shameli-Sendi, A.; Louafi, H.; He, W.; Cheriet, M. Dynamic optimal countermeasure selection for intrusion response system. IEEE Trans. Dependable Secur. Comput. 2016, 15, 755–770. [Google Scholar] [CrossRef]
- Yang, S.; Chen, W.; Zhang, X.; Liang, C.; Wang, H.; Cui, W. A graph-based model for transmission network vulnerability analysis. IEEE Syst. J. 2019, 14, 1447–1456. [Google Scholar] [CrossRef]
- Wang, L.; Jajodia, S.; Singhal, A.; Cheng, P.; Noel, S. k-zero day safety: A network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans. Dependable Secur. Comput. 2013, 11, 30–44. [Google Scholar] [CrossRef]
- Hong, J.B.; Enoch, S.Y.; Kim, D.S.; Nhlabatsi, A.; Fetais, N.; Khan, K.M. Dynamic security metrics for measuring the effectiveness of moving target defense techniques. Comput. Secur. 2018, 79, 33–52. [Google Scholar] [CrossRef]
- Hong, J.B.; Kim, D.S. Assessing the effectiveness of moving target defenses using security models. IEEE Trans. Dependable Secur. Comput. 2015, 13, 163–177. [Google Scholar] [CrossRef]
- Connell, W.; Menasce, D.A.; Albanese, M. Performance modeling of moving target defenses with reconfiguration limits. IEEE Trans. Dependable Secur. Comput. 2018, 18, 205–219. [Google Scholar] [CrossRef] [Green Version]
- Muñoz-González, L.; Sgandurra, D.; Barrère, M.; Lupu, E.C. Exact inference techniques for the analysis of Bayesian attack graphs. IEEE Trans. Dependable Secur. Comput. 2017, 16, 231–244. [Google Scholar] [CrossRef] [Green Version]
- Muñoz-González, L.; Sgandurra, D.; Paudice, A.; Lupu, E.C. Efficient attack graph analysis through approximate inference. arXiv 2016, arXiv:1606.07025. [Google Scholar] [CrossRef] [Green Version]
- Zhang, M.; Wang, L.; Jajodia, S.; Singhal, A.; Albanese, M. Network diversity: A security metric for evaluating the resilience of networks against zero-day attacks. IEEE Trans. Inf. Forensics Secur. 2016, 11, 1071–1086. [Google Scholar] [CrossRef]
- Yu, F.; Wei, Q.; Geng, Y.; Wang, Y. Research on Key Technology of Industrial Network Boundary Protection based on Endogenous Security. In Proceedings of the 2021 IEEE 4th Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC), Chongqing, China, 18–20 June 2021; IEEE: Piscataway, NJ, USA, 2021; Volume 4, pp. 112–121. [Google Scholar]
- Shen, C.; Chen, S.X.; Wu, C.M. A Decentralized Multi-ruling Arbiter for Cyberspace Mimicry Defense. In Proceedings of the 2019 International Symposium on Networks, Computers and Communications (ISNCC), Istanbul, Turkey, 18–20 June 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 1–6. [Google Scholar]
- Ren, Q.; Hu, T.; Wu, J.; Hu, Y.; He, L.; Lan, J. Multipath resilient routing for endogenous secure software defined networks. Comput. Netw. 2021, 194, 108134. [Google Scholar] [CrossRef]
- Yu, H.; Li, H.; Yang, X.; Ma, H. On distributed object storage architecture based on mimic defense. China Commun. 2021, 18, 109–120. [Google Scholar] [CrossRef]
- Yu, C.; Chen, L.; Lu, T. A Direct Anonymous Attestation Scheme Based on Mimic Defense Mechanism. In Proceedings of the 2020 International Conference on Internet of Things and Intelligent Applications (ITIA), Zhenjiang, China, 27–29 November 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 1–5. [Google Scholar]
- Liu, W.; Peng, Y.; Tian, Z.; Li, Y.; She, W. A Medical Blockchain Privacy Protection Model Based on Mimicry Defense. In Proceedings of the International Conference on Artificial Intelligence and Security, Hohhot, China, 17–20 July 2020; Springer: Berlin/Heidelberg, Germany, 2020; pp. 581–592. [Google Scholar]
- Zhao, Y.; Zhang, Z.; Tang, Y.; Ji, X. A Security Quantification Method for Mimic Defense Architecture. In Proceedings of the 2021 IEEE 5th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC), Chongqing, China, 12–14 March 2021; IEEE: Piscataway, NJ, USA, 2021; Volume 5, pp. 36–40. [Google Scholar]
Number of Trials | Number of Nodes | Number of Simulated Attacks | Average Coefficient of Correlation for Nodes | Average Coefficient of Correlation for Communities |
---|---|---|---|---|
100 | 100 | 10,000 | 0.73 | 0.91 |
100 | 200 | 20,000 | 0.71 | 0.94 |
50 | 500 | 50,000 | 0.71 | 0.97 |
20 | 1000 | 100,000 | 0.70 | 0.97 |
20 | 2000 | 200,000 | 0.69 | 0.98 |
Coefficient of Correlation | Estimated Deviation of | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Estimated Deviation of | ||||||||||||
−5% | 0.92 | 0.98 | 0.56 | 0.99 | 0.95 | 0.99 | 0.83 | 0.94 | 0.99 | 0.91 | 0.86 | |
−4% | 0.95 | 0.96 | 0.97 | 0.96 | 0.96 | 0.97 | 0.98 | 0.96 | 0.67 | 0.96 | 0.99 | |
−3% | 0.92 | 0.95 | 0.95 | 0.97 | 0.74 | 0.99 | 0.96 | 0.98 | 0.97 | 0.74 | 0.96 | |
−2% | 0.98 | 0.89 | 0.99 | 0.83 | 0.92 | 0.96 | 0.93 | 0.85 | 0.92 | 0.96 | 0.94 | |
−1% | 0.78 | 0.95 | 0.88 | 0.95 | 0.71 | 0.99 | 0.94 | 0.92 | 0.98 | 0.93 | 0.78 | |
0% | 0.96 | 0.95 | 0.87 | 0.98 | 0.88 | 0.99 | 0.84 | 0.90 | 0.97 | 0.91 | 0.97 | |
1% | 0.95 | 0.91 | 0.93 | 0.93 | 0.93 | 0.95 | 0.99 | 0.92 | 0.91 | 0.96 | 0.91 | |
2% | 0.96 | 0.90 | 0.88 | 0.93 | 0.95 | 0.96 | 0.92 | 0.90 | 0.94 | 0.98 | 0.98 | |
3% | 0.92 | 0.98 | 0.97 | 0.83 | 0.97 | 0.96 | 0.89 | 0.96 | 0.87 | 0.95 | 0.98 | |
4% | 0.92 | 0.90 | 0.98 | 0.94 | 0.93 | 0.82 | 0.54 | 0.90 | 0.84 | 0.96 | 0.86 | |
5% | 0.94 | 0.93 | 0.94 | 0.92 | 0.82 | 0.95 | 0.97 | 0.96 | 0.97 | 0.95 | 0.96 |
Coefficient of Correlation | Estimated Deviation of | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Estimated Deviation of | ||||||||||||
−5% | 0.66 | 0.78 | 0.57 | 0.77 | 0.74 | 0.82 | 0.72 | 0.75 | 0.77 | 0.73 | 0.82 | |
−4% | 0.72 | 0.72 | 0.80 | 0.77 | 0.76 | 0.78 | 0.81 | 0.72 | 0.73 | 0.80 | 0.77 | |
−3% | 0.79 | 0.84 | 0.76 | 0.76 | 0.80 | 0.79 | 0.69 | 0.65 | 0.74 | 0.74 | 0.75 | |
−2% | 0.77 | 0.61 | 0.79 | 0.78 | 0.70 | 0.73 | 0.68 | 0.71 | 0.69 | 0.70 | 0.75 | |
−1% | 0.71 | 0.74 | 0.62 | 0.73 | 0.64 | 0.80 | 0.72 | 0.78 | 0.72 | 0.74 | 0.66 | |
0% | 0.78 | 0.76 | 0.74 | 0.74 | 0.75 | 0.85 | 0.74 | 0.63 | 0.74 | 0.79 | 0.76 | |
1% | 0.74 | 0.73 | 0.77 | 0.74 | 0.71 | 0.70 | 0.78 | 0.74 | 0.78 | 0.76 | 0.76 | |
2% | 0.70 | 0.69 | 0.74 | 0.74 | 0.74 | 0.67 | 0.72 | 0.63 | 0.72 | 0.74 | 0.80 | |
3% | 0.83 | 0.67 | 0.77 | 0.73 | 0.79 | 0.70 | 0.77 | 0.76 | 0.76 | 0.76 | 0.84 | |
4% | 0.80 | 0.76 | 0.74 | 0.78 | 0.81 | 0.77 | 0.70 | 0.79 | 0.68 | 0.74 | 0.64 | |
5% | 0.78 | 0.77 | 0.72 | 0.49 | 0.65 | 0.81 | 0.79 | 0.80 | 0.63 | 0.72 | 0.78 |
Number of Trials | Number of Nodes | Number of Simulated Attacks | Models | Average Coefficient of Correlation for Nodes | Average Coefficient of Correlation for Communities |
---|---|---|---|---|---|
100 | 100 | 10,000 | Our model | 0.73 | 0.91 |
Model 1 | 0.35 | 0.66 | |||
Model 2 | 0.65 | 0.98 | |||
100 | 200 | 20,000 | Our model | 0.71 | 0.94 |
Model 1 | 0.39 | 0.72 | |||
Model 2 | 0.60 | 0.98 | |||
50 | 500 | 50,000 | Our model | 0.71 | 0.97 |
Model 1 | 0.48 | 0.82 | |||
Model 2 | 0.52 | 0.97 | |||
20 | 1000 | 100,000 | Our model | 0.70 | 0.97 |
Model 1 | 0.56 | 0.88 | |||
Model 2 | 0.58 | 0.95 | |||
20 | 2000 | 200,000 | Our model | 0.69 | 0.98 |
Model 1 | 0.55 | 0.92 | |||
Model 2 | 0.52 | 0.96 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Huang, Z.; Yuan, Y.; Fu, J.; He, J.; Zhu, H.; Cheng, G. Location-Aware Measurement for Cyber Mimic Defense: You Cannot Improve What You Cannot Measure. Appl. Sci. 2023, 13, 9213. https://doi.org/10.3390/app13169213
Huang Z, Yuan Y, Fu J, He J, Zhu H, Cheng G. Location-Aware Measurement for Cyber Mimic Defense: You Cannot Improve What You Cannot Measure. Applied Sciences. 2023; 13(16):9213. https://doi.org/10.3390/app13169213
Chicago/Turabian StyleHuang, Zhe, Yali Yuan, Jiale Fu, Jiajun He, Hongyu Zhu, and Guang Cheng. 2023. "Location-Aware Measurement for Cyber Mimic Defense: You Cannot Improve What You Cannot Measure" Applied Sciences 13, no. 16: 9213. https://doi.org/10.3390/app13169213
APA StyleHuang, Z., Yuan, Y., Fu, J., He, J., Zhu, H., & Cheng, G. (2023). Location-Aware Measurement for Cyber Mimic Defense: You Cannot Improve What You Cannot Measure. Applied Sciences, 13(16), 9213. https://doi.org/10.3390/app13169213