PlumX Metrics
Embed PlumX Metrics

How to Disturb Network Reconnaissance: A Moving Target Defense Approach Based on Deep Reinforcement Learning

IEEE Transactions on Information Forensics and Security, ISSN: 1556-6021, Vol: 18, Page: 5735-5748
2023
  • 24
    Citations
  • 0
    Usage
  • 12
    Captures
  • 1
    Mentions
  • 0
    Social Media
Metric Options:   Counts1 Year3 Year

Metrics Details

  • Citations
    24
    • Citation Indexes
      24
  • Captures
    12
  • Mentions
    1
    • News Mentions
      1
      • News
        1

Most Recent News

Reports from State Key Laboratory of Networking and Switching Technology Advance Knowledge in Engineering (How To Disturb Network Reconnaissance: a Moving Target Defense Approach Based On Deep Reinforcement Learning)

2023 NOV 01 (NewsRx) -- By a News Reporter-Staff News Editor at NewsRx Policy and Law Daily -- Current study results on Engineering have been

Article Description

With the explosive growth of Internet traffic, large sensitive and valuable information is at risk of cyber attacks, which are mostly preceded by network reconnaissance. A moving target defense technique called host address mutation (HAM) helps facing network reconnaissance. However, there still exist several fundamental problems in HAM: 1) current approaches cannot be self-adaptive to adversarial strategies; 2) network state is time-varying because each host decides whether to mutate IP address; and 3) most methods mainly focus on enhancing security, but ignore the survivability of existing connections. In this paper, an Intelligence-Driven Host Address Mutation (ID-HAM) scheme is proposed to address aforementioned challenges. We firstly model a Markov decision process (MDP) to describe the mutation process, and design a seamless mutation mechanism. Secondly, to remove infeasible actions from the action space of MDP, we formulate address-to-host assignments as a constrained satisfaction problem. Thirdly, we design an advantage actor-critic algorithm for HAM, which aims to learn from scanning behaviors. Finally, security analysis and extensive simulations highlight the effectiveness of ID-HAM. Compared with state-of-the-art solutions, ID-HAM can decrease maximum 25% times of scanning hits while only influencing communication slightly. We also implemented a proof-of-concept prototype system to conduct experiments with multiple scanning tools.

Bibliographic Details

Tao Zhang; Changqiao Xu; Jiahao Shen; Xiaohui Kuang; Luigi Alfredo Grieco

Institute of Electrical and Electronics Engineers (IEEE)

Engineering; Computer Science

Provide Feedback

Have ideas for a new metric? Would you like to see something else here?Let us know