X-EDF: An Efficient Defensive Deception Framework against Reconnaissance Attacks

Download PDF
Open Webpage

Zhihang Zhang, Chenlin Huang, Yan Ding, Jinzhu Kong, Qing Liao, Pan Dong, Haifang Zhou

Published: 01 Jan 2024, Last Modified: 08 Nov 2025MSN 2024EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: Deception techniques are increasingly recognized as trans-formative in the realm of cyber defense. With the advent of sophisticated, large-scale scanning technologies such as ZMap, attackers can swiftly pinpoint active and vulnerable ports on edge nodes. Given the diversity of these nodes, a versatile security tool adaptable to various deployment environments is essential. Moreover, edge nodes often encounter performance constraints, necessitating a defense strategy that balances cost-effectiveness for defenders. In response to these challenges, we introduce the X-EDF: an eXpress Data Path (XDP)-based Efficient Defensive De-ception Framework. This framework facilitates an efficient and lightweight deceptive defense leveraging XDP technology. The X-EDF can efficiently respond to attackers' scanning requests with deceptive messages before these requests enter the protocol stack, thus achieving deception defense at a minimal cost. We have validated the effectiveness of our defense strategy through game-theoretic proofs and real-world network deployments.