A Framework for Mimic Defense System in Cyberspace

The long-term existence of various vulnerabilities and backdoors in software and hardware makes security threats of the cyberspace more and more serious. Cyberspace mimic defense tries to use uncertain defense to deal with uncertain threat and construct the risk-controlled information system based on components with security flaws. However, mimic defense system is at a preliminary stage of research. It is necessary to pay more attention to the new theory. This paper further expands the ideas from mimic defense system and proposes a typical framework for the system. Then principles of mimic transformation design are explained. This paper also describes concepts of mimic operator and mimic awareness function. Effectiveness of mimic defense system is showed by simulations of mimic defense web server.

[1]  Peter J. Bentley,et al.  Immune Memory in the Dynamic Clonal Selection Algorithm , 2002 .

[2]  Keke Gai,et al.  Permissioned Blockchain and Edge Computing Empowered Privacy-Preserving Smart Grid Networks , 2019, IEEE Internet of Things Journal.

[3]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[4]  Wenke Lee,et al.  ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks , 2015, CCS.

[5]  Meikang Qiu,et al.  A User-Centric Data Protection Method for Cloud Storage Based on Invertible DWT , 2021, IEEE Transactions on Cloud Computing.

[6]  Jin B. Hong,et al.  Assessing the Effectiveness of Moving Target Defenses Using Security Models , 2016, IEEE Transactions on Dependable and Secure Computing.

[7]  Keke Gai,et al.  Blend Arithmetic Operations on Tensor-Based Fully Homomorphic Encryption Over Real Numbers , 2018, IEEE Transactions on Industrial Informatics.

[8]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[9]  Kevin M. Carter,et al.  A Game Theoretic Approach to Strategy Determination for Dynamic Platform Defenses , 2014, MTD '14.

[10]  Peter J. Bentley,et al.  Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[11]  T. Charles Clancy,et al.  Application of Cybernetics and Control Theory for a New Paradigm in Cybersecurity , 2013, ArXiv.

[12]  Michael E. Locasto,et al.  Software Diversity: Security, Entropy and Game Theory , 2012, HotSec.

[13]  R. Browne C4I defensive infrastructure for survivability against multi-mode attacks , 2000, MILCOM 2000 Proceedings. 21st Century Military Communications. Architectures and Technologies for Information Superiority (Cat. No.00CH37155).

[14]  Keke Gai,et al.  Privacy-Preserving Energy Trading Using Consortium Blockchain in Smart Grid , 2019, IEEE Transactions on Industrial Informatics.

[15]  Jun Xu,et al.  Sustaining Availability of Web Services under Distributed Denial of Service Attacks , 2003, IEEE Trans. Computers.

[16]  Zhihui Lu,et al.  An efficient key distribution system for data fusion in V2X heterogeneous networks , 2019, Inf. Fusion.

[17]  Vitaly Shmatikov,et al.  Game-based analysis of denial-of-service prevention protocols , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[18]  QiuMeikang,et al.  Intrusion detection techniques for mobile cloud computing in heterogeneous 5G , 2016 .

[19]  George Cybenko,et al.  No free lunch in cyber security , 2014, MTD '14.

[20]  Hongchao Hu,et al.  Mimic defense: a designed-in cybersecurity defense framework , 2017, IET Inf. Secur..

[21]  Keke Gai,et al.  Spoofing-Jamming Attack Strategy Using Optimal Power Distributions in Wireless Smart Grid Networks , 2017, IEEE Transactions on Smart Grid.

[22]  Cheng Zhang,et al.  Task migration for mobile edge computing using deep reinforcement learning , 2019, Future Gener. Comput. Syst..

[23]  Scott A. DeLoach,et al.  A Theory of Cyber Attacks: A Step Towards Analyzing MTD Systems , 2015, MTD@CCS.

[24]  Scott A. DeLoach,et al.  A model for analyzing the effect of moving target defenses on enterprise networks , 2014, CISR '14.

[25]  Keke Gai,et al.  Intrusion detection techniques for mobile cloud computing in heterogeneous 5G , 2016, Secur. Commun. Networks.

[26]  L. Buttyán,et al.  A Game Based Analysis of the Client Puzzle Approach to Defend Against DoS Attacks , 2003 .