Affiliation:
1. State Key Laboratory of Integrated Services Networks, School of Telecommunication Engineering Xidian University Xi'an China
2. State Key Laboratory of Astronautic Dynamics Xi'an Satellite Control Center Xi'an China
3. Shaanxi Key Laboratory of Blockchain and Secure Computing Xidian University Xi'an China
Abstract
AbstractThe threat of Scan and Foothold Attack to the Network Edge (SFANE) is increasing, which greatly affects the application and development of edge computing network architecture. However, existing works focus on the implementation of specific technologies that resist the SFANE but ignore the effectiveness analysis of them. To overcome this limitation, this paper constructs probabilistic models for evaluating network edge's resistance against SFANE. In particular, the attacker models of the SFANE based on the ATT&CK model are first formalized. Afterward, according to the state‐of‐the‐art defense technologies, three different defense strategies are illustrated: no defense, address mutation, and fingerprint decoy. Subsequently, three different probabilistic models are constructed to provide a deeper analysis of the theoretical effect of these strategies on resisting the SFANE. Finally, the experimental results show that the actual defense effect of each strategy almost perfectly follows its probabilistic model.
Funder
National Key Research and Development Program of China
National Natural Science Foundation of China
Publisher
Institution of Engineering and Technology (IET)