SCIENTIA SINICA Informationis, Volume 50 , Issue 12 : 1944(2020) https://doi.org/10.1360/SSI-2019-0224

## A two-dimension security assessing model for CMDs combined with Generalized Stochastic Petri net

Xin YANG 1,2, Hui LI 1,2,*,
• AcceptedMar 17, 2020
• PublishedOct 21, 2020
Share
Rating

### Abstract

Cyber mimic defenses have recently emerged as a dynamic heterogeneity redundancy architecture, which adjust the asymmetry between defenders and attackers by reconfiguring the system according to the network scenario. Some studies have investigated the effectiveness of security models, however, there is still a lack of convincing and practical methods to assess CMD networks quantitatively. Thus, in this paper, we propose a two-dimension model that calculates those details as a digital result to compare different CMD networks. In addition, the proposed method demonstrates good scalability in different networks. Specifically, in the first dimension, i.e., attacking a single node, we elaborate on system configurations and employ the Generalized Stochastic Petri net model to capture the effectiveness of different behaviors from gamers. To quantify the impacts of those behaviors, we parameterized them using a Poisson process, common vulnerabilities and exposures, and the common vulnerability scoring system. In the second dimension, we adopt Markov chains and the Martingale theory to analyze the attack process along the attack chain. Finally, security metrics and countermeasures under different scenarios are presented to verify the effectiveness of CMD, which provides some guidance for designing future systems with acceptable cost.

Appendix

### References

[1] Mandiant Intelligence Center. APT1: Exposing One of China's Cyber Espionage Units. Mandiant, Technical Report, 2013. Google Scholar

[2] Jajodia S, Ghosh A K, Swarup V, et al. Moving Target Defense. New York: Springer, 2011. Google Scholar

[3] Zhang Y H. Analysis and research on moving target defense system based on MUTE. Modern Computer, 2015, 4: 15--19. Google Scholar

[4] Wu C R, Yan M, Jin H L, et al. A self-transforming proactive defense network framework based on “carrier". J Cyber Secur, 2016, 1: 11--28. Google Scholar

[5] Wu J X. Introduction to Cyberspace Mimic Defense. Beijing: Science Press, 2017. Google Scholar

[6] Zhang Y, Zhang B W. Research progress of security assessment methods for moving target defense systems. Commun Technol, 2018, 51: 1--6. Google Scholar

[7] Zhuang R, Zhang S, Deloach S, et al. Simulationbased approaches to studying effectiveness of moving-target network defense. In: Proceedings of National Symposium on Moving Target Research, 2012. Google Scholar

[8] Zhuang R, Zhang S, Bardas A, et al. Investigating the application of moving target defenses to network security. In: Proceedings of the 6th International Symposium on Resilient Control Systems, 2013. 162--169. Google Scholar

[9] Hong J B, Kim D S. Assessing the Effectiveness of Moving Target Defenses Using Security Models. IEEE Trans Dependable Secure Comput, 2016, 13: 163-177 CrossRef Google Scholar

[10] Richard C, Glass K. Predictive Moving Target Defense. No. SAND2012-4007C. Albuquerque: Sandia National Lab.(SNL-NM), 2012. Google Scholar

[11] Yang X, Li H, Wang H. NPM: an anti-attacking analysis model of the MTD system based on martingale theory. In: Proceedings of IEEE Symposium on Computers and Communications, 2018. Google Scholar

[12] Maleki H, Valizadeh S, Koch W, et al. Markov modeling of moving target defense games. In: Proceedings of ACM Workshop on Moving Target Defense, 2016. 81--92. Google Scholar

[13] German R. Markov regenerative stochastic Petri nets with general execution policies: S variable analysis and a prototype tool. Performance Evaluation, 2000, 39: 165-188 CrossRef Google Scholar

[14] Mitchell R, Chen I R. Modeling and Analysis of Attacks and Counter Defense Mechanisms for Cyber Physical Systems. IEEE Trans Rel, 2016, 65: 350-358 CrossRef Google Scholar

[15] Cai G, Wang B, Luo Y, et al. A model for evaluating and comparing moving target defense techniques based on generalized stochastic Petri net. In: Advanced Computer Architecture. Singapore: Springer, 2016. 184--197. Google Scholar

[16] Moody W C, Hu H, Apon A, Defensive maneuver cyber platform modeling with stochastic Petri nets. In: Proceedings of IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2014. 531--538. Google Scholar

[17] Lin C, Wang Y Z, Wang Y. Analysis and Evaluation for Network Security Based on Stochastic Game Model. Beijing: Tsinghua University Press, 2014. Google Scholar

[18] Ross S M. Stochastic Processes. Hoboken: Wiley, 1983. Google Scholar

[19] Li S Y R. A Martingale Approach to the Study of Occurrence of Sequence Patterns in Repeated Experiments. Ann Probab, 1980, 8: 1171-1176 CrossRef Google Scholar

[20] Mell P, Scarfone K, Romanosky S. Common Vulnerability Scoring System. IEEE Security & Privacy Magazine, 2007, 4(6):85-89 DOI 10.1109/MSP.2006.145. Google Scholar

[21] Mell P, Scarfone K, Romanosky S. A complete guide to the common vulnerability scoring system, version 2.0. FIRST Forum of Incident Response and Security Teams, 2007. 1--23. Google Scholar

[22] NVD. National vulnerability database v2. 2019. http://nvd.nist.gov/. Google Scholar

[23] Hirel C, Tuffin B, Trivedi K S. SPNP: Stochastic Petri Nets. Version 6.0. In: Lecture Notes in Computer Science. Berlin: Springer, 2000. 1786: 354--357. Google Scholar

• Figure A1

GSPN model

• Figure 2

The framework of analysis model

• Figure 3

The GSPN model in perspectives of the attacker and defender

• Figure 4

The simplified GSPN model

• Figure 5

(Color online) The Markov chain

• Figure 6

(Color online) Attacking time/working time vs. probability of exfiltration

• Figure 7

(Color online) Frequency of disturbing & probability of exfiltration. (a) General figure; (b) detailed figure

• Table 1   Transitions in the GSPN model
 Transitions $t_{01}$ $~t_{1{\rm~Bj}}$ $t_{12}$ $t_{2{\rm~Dj}}~$ $~t_{12{\rm~a}}$ $~t_{10{\rm~d}}$ $~t_{2{\rm~Cj}}$ $~t_{23}$ $~t_{23{\rm~a}}$ General attacks 1 0.4883 0.5117 $9.093~\times~10^{-5}$ 1 1 0.9093 0.0907 1 Special attacks 1 0.3032 0.6968 $6.988~\times~10^{-5}$ 1 1 0.6987 0.3012 1 Transitions $~t_{{\rm~D2m}}$ $~t_{20{\rm~d}}$ $~t_{\rm~20s}$ $~t_{\rm~3Dj}$ $~t_{\rm~3Cj}$ $~t_{\rm~3Ej}$ $~t_{\rm~32d}$ $~t_{\rm~30s}$ $~t_{30}$ General attacks 1 1/2 1/3 $2.9997\times~10^{-4}$ 0.9997 $1\times~10^{-8}$ 1 1/3 0.0001 Special attacks 1 1/2 1/3 $2.9997\times~10^{-4}$ 0.9997 $~1\times~10^{-8}$ 1 1/3 0.0001

Citations

Altmetric