Go to DBLP homepageDFilter: A Network Access Layer Collaborative Defense Model for Moving Target Defense
Abstract: Due to the inherent properties of IT networks, such as the determinacy of network composition, the statics of network structure, and the homogeneity of network elements, network defense is always in a passive position in cyberattack-defense con-frontations. In response, cybersecurity researchers have proposed using Moving Target Defense technology to reverse it. However, in practical application scenarios, while Moving Target Defense demonstrates its defensive value, it also introduces several issues such as increased network complexity, limited processing performance due to restricted by network protocol stack, and inherent limitations of related technologies themselves. This article constructs a network access layer collaborative defense model, DFilter based on XDP-eBPF. The policy preprocessing layer implements the O(1) time complexity network traffic filtering and matching algorithm, and further refines the control strength of the state-of-the-art algorithm based on security labels. On this basis, the multi-dimensional and fine-grained collaborative defense methods proposed by the policy disposal layer, enriching the diversity of model defense capabilities. Based on the model and algorithm proposed in this article, an experimental topology environment was constructed and comprehensive experimental evaluation were completed. The experimental results showed that DFilter effectively improved the preprocessing efficiency of network access layer traffic, further refined the control strength and significantly enhanced the variability of the network traffic.
External IDs:dblp:conf/cscwd/YangSWHMH25
Loading