Moving Target Defense Based on Adaptive Forwarding Path Migration for Securing the SCADA Network
Static characteristics of supervisory control and data acquisition (SCADA) system are often exploited to perform malicious activities on smart grids. Most of the time, the success of cyberattacks begins with the profiling of the target system and follows by the analysis of the limited resources. To...
Guardado en:
| Autores principales: | , , , , , , , |
|---|---|
| Formato: | article |
| Lenguaje: | EN |
| Publicado: |
Hindawi-Wiley
2021
|
| Materias: | |
| Acceso en línea: | https://doaj.org/article/25873da59a2744db8663168b4acadf43 |
| Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| id |
oai:doaj.org-article:25873da59a2744db8663168b4acadf43 |
|---|---|
| record_format |
dspace |
| spelling |
oai:doaj.org-article:25873da59a2744db8663168b4acadf432021-11-08T02:36:40ZMoving Target Defense Based on Adaptive Forwarding Path Migration for Securing the SCADA Network1939-012210.1155/2021/1704125https://doaj.org/article/25873da59a2744db8663168b4acadf432021-01-01T00:00:00Zhttp://dx.doi.org/10.1155/2021/1704125https://doaj.org/toc/1939-0122Static characteristics of supervisory control and data acquisition (SCADA) system are often exploited to perform malicious activities on smart grids. Most of the time, the success of cyberattacks begins with the profiling of the target system and follows by the analysis of the limited resources. To alleviate the asymmetry between attack and defense, network-based moving target defense (MTD) techniques have been applied in the network system to defend against cyberattacks by constructing a dynamic attack surface to the adversary. In this paper, we propose a novel MTD technique based on adaptive forwarding path migration (AFPM) that focuses on improving the defense capability and optimizing the network performance of path mutation. Considering the transient problems present in path mutation caused by the dynamic switching of the forwarding path, we formalize the mutation constraints based on the satisfiability modulo theory (SMT) to select the mutation path. Considering the limited defense capability of path mutation owing to the traditional mutation selection mechanism, we design the mutation path generation algorithm based on the network security capacity matrix to obtain an optimal combination of mutation path and mutation period. Finally, we compare and analyze various cyber defense techniques used in the SCADA network and demonstrate experimentally that our MTD technique can prevent more than 92% of passive monitoring under specified conditions while ensuring the quality of service (QoS) to be almost the same as the static network.Yifan HuPeng XunPeidong ZhuWenjie KangYinqiao XiongYufei ZhuWeiheng ShiChenxi HuHindawi-WileyarticleTechnology (General)T1-995Science (General)Q1-390ENSecurity and Communication Networks, Vol 2021 (2021) |
| institution |
DOAJ |
| collection |
DOAJ |
| language |
EN |
| topic |
Technology (General) T1-995 Science (General) Q1-390 |
| spellingShingle |
Technology (General) T1-995 Science (General) Q1-390 Yifan Hu Peng Xun Peidong Zhu Wenjie Kang Yinqiao Xiong Yufei Zhu Weiheng Shi Chenxi Hu Moving Target Defense Based on Adaptive Forwarding Path Migration for Securing the SCADA Network |
| description |
Static characteristics of supervisory control and data acquisition (SCADA) system are often exploited to perform malicious activities on smart grids. Most of the time, the success of cyberattacks begins with the profiling of the target system and follows by the analysis of the limited resources. To alleviate the asymmetry between attack and defense, network-based moving target defense (MTD) techniques have been applied in the network system to defend against cyberattacks by constructing a dynamic attack surface to the adversary. In this paper, we propose a novel MTD technique based on adaptive forwarding path migration (AFPM) that focuses on improving the defense capability and optimizing the network performance of path mutation. Considering the transient problems present in path mutation caused by the dynamic switching of the forwarding path, we formalize the mutation constraints based on the satisfiability modulo theory (SMT) to select the mutation path. Considering the limited defense capability of path mutation owing to the traditional mutation selection mechanism, we design the mutation path generation algorithm based on the network security capacity matrix to obtain an optimal combination of mutation path and mutation period. Finally, we compare and analyze various cyber defense techniques used in the SCADA network and demonstrate experimentally that our MTD technique can prevent more than 92% of passive monitoring under specified conditions while ensuring the quality of service (QoS) to be almost the same as the static network. |
| format |
article |
| author |
Yifan Hu Peng Xun Peidong Zhu Wenjie Kang Yinqiao Xiong Yufei Zhu Weiheng Shi Chenxi Hu |
| author_facet |
Yifan Hu Peng Xun Peidong Zhu Wenjie Kang Yinqiao Xiong Yufei Zhu Weiheng Shi Chenxi Hu |
| author_sort |
Yifan Hu |
| title |
Moving Target Defense Based on Adaptive Forwarding Path Migration for Securing the SCADA Network |
| title_short |
Moving Target Defense Based on Adaptive Forwarding Path Migration for Securing the SCADA Network |
| title_full |
Moving Target Defense Based on Adaptive Forwarding Path Migration for Securing the SCADA Network |
| title_fullStr |
Moving Target Defense Based on Adaptive Forwarding Path Migration for Securing the SCADA Network |
| title_full_unstemmed |
Moving Target Defense Based on Adaptive Forwarding Path Migration for Securing the SCADA Network |
| title_sort |
moving target defense based on adaptive forwarding path migration for securing the scada network |
| publisher |
Hindawi-Wiley |
| publishDate |
2021 |
| url |
https://doaj.org/article/25873da59a2744db8663168b4acadf43 |
| work_keys_str_mv |
AT yifanhu movingtargetdefensebasedonadaptiveforwardingpathmigrationforsecuringthescadanetwork AT pengxun movingtargetdefensebasedonadaptiveforwardingpathmigrationforsecuringthescadanetwork AT peidongzhu movingtargetdefensebasedonadaptiveforwardingpathmigrationforsecuringthescadanetwork AT wenjiekang movingtargetdefensebasedonadaptiveforwardingpathmigrationforsecuringthescadanetwork AT yinqiaoxiong movingtargetdefensebasedonadaptiveforwardingpathmigrationforsecuringthescadanetwork AT yufeizhu movingtargetdefensebasedonadaptiveforwardingpathmigrationforsecuringthescadanetwork AT weihengshi movingtargetdefensebasedonadaptiveforwardingpathmigrationforsecuringthescadanetwork AT chenxihu movingtargetdefensebasedonadaptiveforwardingpathmigrationforsecuringthescadanetwork |
| _version_ |
1718443074667937792 |