Moving Target Defense Based on Adaptive Forwarding Path Migration for Securing the SCADA Network-Reference-Cited by-同舟云学术

Moving Target Defense Based on Adaptive Forwarding Path Migration for Securing the SCADA Network

Published:2021-10-26 Issue: Volume:2021 Page:1-15
ISSN:1939-0122
Container-title:Security and Communication Networks
language:en
Short-container-title:Security and Communication Networks

Author:

Hu Yifan¹^ORCID,Xun Peng¹^ORCID,Zhu Peidong²^ORCID,Kang Wenjie³⁴⁵^ORCID,Xiong Yinqiao¹²^ORCID,Zhu Yufei¹^ORCID,Shi Weiheng⁶^ORCID,Hu Chenxi⁷^ORCID

Affiliation:

1. College of Computer, National University of Defense Technology, Changsha 410073, China

2. Department of Electronic Information and Electrical Engineering, Changsha University, Changsha 410022, China

3. Hunan Provincial Key Laboratory of Network Investigational Technology, Hunan Police Academy, Changsha 410138, China

4. College of Systems Engineering, National University of Defense Technology, Changsha 410073, China

5. Key Laboratory of Police Internet of Things Application Ministry of Public Security, Beijing 100089, China

6. College of Meteorology and Oceanography, National University of Defense Technology, Nanjing 211101, China

7. College of Electrical Engineering, National University of Defense Technology, Hefei 230037, China

Abstract

Static characteristics of supervisory control and data acquisition (SCADA) system are often exploited to perform malicious activities on smart grids. Most of the time, the success of cyberattacks begins with the profiling of the target system and follows by the analysis of the limited resources. To alleviate the asymmetry between attack and defense, network-based moving target defense (MTD) techniques have been applied in the network system to defend against cyberattacks by constructing a dynamic attack surface to the adversary. In this paper, we propose a novel MTD technique based on adaptive forwarding path migration (AFPM) that focuses on improving the defense capability and optimizing the network performance of path mutation. Considering the transient problems present in path mutation caused by the dynamic switching of the forwarding path, we formalize the mutation constraints based on the satisfiability modulo theory (SMT) to select the mutation path. Considering the limited defense capability of path mutation owing to the traditional mutation selection mechanism, we design the mutation path generation algorithm based on the network security capacity matrix to obtain an optimal combination of mutation path and mutation period. Finally, we compare and analyze various cyber defense techniques used in the SCADA network and demonstrate experimentally that our MTD technique can prevent more than 92% of passive monitoring under specified conditions while ensuring the quality of service (QoS) to be almost the same as the static network.

Funder

NSFC

Publisher

Hindawi Limited

Subject

Computer Networks and Communications,Information Systems

Link

http://downloads.hindawi.com/journals/scn/2021/1704125.pdf

Reference30 articles.

1. Stuxnet: Dissecting a Cyberwarfare Weapon

2. The 2015 Ukraine Blackout: Implications for False Data Injection Attacks

3. Industroyer: An in-depth look at the culprit behind ukraine’s power grid blackout;C. Osborne;ZDNet. com,2018

4. Analysis of the SYN Flood DoS Attack

5. Random host mutation for moving target defense;E. A. Shaer

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Magnetic resonance elastography (MRE) outperforms acoustic force radiation impulse (ARFI) in predicting oesophageal varices in obese NAFLD cirrhosis;Abdominal Radiology;2024-04-23

2. Securing Forwarding Layers from Eavesdropping Attacks Using Proactive Approaches;Computers, Materials & Continua;2024