Network security model based on active defense and passive defense hybrid strategy

Zhao, Gaoli; Song, Junping

doi:10.3233/jifs-189287

Cited by 6 publications

(7 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Deception based information security is a promising solution to enhance established defense mechanisms in network security [20]. A new model of computer network security, combining active and passive defense systems, has been proposed to improve security defense efficiency [21].…”

Section: Related Workmentioning

confidence: 99%

Interoperable Defensive Strategies of Network Security Evaluation

Alarood,

Alzahrani

2024

IEEE Access

View full text Add to dashboard Cite

To advance defense interoperability, foster productive collaboration, and enhance the capabilities of defense systems to respond to evolving threats, it is imperative to tackle the challenges of defensive strategic issues in Network security. That is why an experimental study was done to assess the application of the interoperability defense theory to an operational target network system. The study used five strategies, including "Risk," "Complexity," "Dependency," "Personnel," and "Environment," and employed DEMATEL and performance analysis evaluation. These five defense techniques to interoperability are conceptualized. The experimental results revealed that network defense, instead of being consistently passive, is the recipient of influence in an interoperable defensive system. Interoperability protective strategies have varying degrees of influence on network security evaluations. A significant relationship was observed between the level of technological complexity and the ability to tolerate its significant effects. Within the complexity group, further analysis showed a noteworthy reduction in "Risk". However, there were no significant variations in " Environment" before and after the interoperable implementation. Finally, the DEMATEL analysis indicates that the entire variables are effect criteria no cause criteria. Given that all criteria are categorized as "effect" and none as "cause," it suggests a scenario in which each criterion is interconnected and influenced by other criteria within the system, but none of them serve as direct influencers or causes. Therefore, this study contributes to the evaluation of interoperability in strategic network security defense.

show abstract

Section: Related Workmentioning

confidence: 99%

Interoperable Defensive Strategies of Network Security Evaluation

Alarood,

Alzahrani

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Reference 21 proposed a network attack behavior classification model, which can more effectively and comprehensively assess the overall situation of cyberspace security. Zhao et al 22 described common passive and active defense techniques, and builded a network security system combining active defense and passive defense. Akashe et al 23 presented a new network‐based active defense technique that utilizes real‐time attack detection and builds network spoofing.…”

Section: Related Workmentioning

confidence: 99%

An active defense model based on situational awareness and firewalls

Xiao

et al. 2023

Concurrency and Computation

View full text Add to dashboard Cite

With the rapid development of the internet, cyberspace security issues have become increasingly prominent. The importance of constructing a cyberspace security system is self-evident, but compared with attackers, defenders in cyberspace are in a castle-like passive defense state in most cases. Therefore, building a reliable, accurate, timely, and active defense system is challenging. The key is to accurately focus on defense priorities, the anticipation of attackers who will likely succeed, and blocking attacks in a timely manner. In this article, we propose an active defense model based on the interaction of situational awareness and firewalls. First, by biasing the integrity, confidentiality, and availability of assets to get the score of assets, and using the Common Vulnerability Scoring System to assess the threat level of assets, we combine the two to determine the maximum system damage that the asset will suffer if it is lost, and then focus on defense. Meanwhile, log analysis of the network situational awareness platform can predict successful attackers, and then the linked firewall strategy can block these attacks in time before the attackers obtain attack gains. After that, we force the attackers to give up their attacks on the target by increasing the attack cost.We compared our model with iptables auto-blocking and nginx auto-blocking, and our model excelled them across the board in terms of comprehensiveness and false positive rate. The experimental results verify thar our active defense model proposed in this article can better reduce the defense cost and increase the attack cost, thus achieving the relatively defense goal. K E Y W O R D Sactive defense, cyber attack and defense, defense cost, game theory INTRODUCTIONWith the development of information technology, cyberspace has become the fifth space after "land, sea, air, and sky", and the security of cyberspace is directly related to the sovereign security of the country. Cyber attack and defense have become hot spots in current cybersecurity research. The objectives of cyber attackers include collecting information about a target, paralyzing the target service, entering the target and stealing data, while the objectives of cyber defenders are to keep the service running normally and stop attackers. Scanning of the target system is something that a cyber attacker must do before launching cyber attacks, which helps the attacker gain access to exploitable vulnerabilities in the target system to compromise the network. The purpose of such a scan is to understand the configurations of target systems, including but not limited to the target system's operating system, IP address, running services, software versions, existing common vulnerabilities & exposures(CVEs), weak passwords, and so on. How to prevent attackers from obtaining the scan results or prevent the attacker from using the scan results for other benefits is the goal

show abstract

“…The data collection and processing system functions in this configuration and completes the required duties. The user's activities, working patterns, browsing habits, and the amount of time and resources he has invested are evaluated and netted under this section of the Honeypot system to determine whether the individual is an intruder or a potential user [24]. To complete the aforementioned duties, a specific unit of the operating environment is needed.…”

Section: Data Capturing and Processing System (Dcps)mentioning

confidence: 99%

Spark-Based Network Security Honeypot System: Detailed Performance Analysis

Mudgal¹,

Bhatia²

2022

IJSSE

View full text Add to dashboard Cite

In the contemporary world, network security has been of the biggest importance and acute worry in both individual and institutional wisdom, concurrent with the newly emerging technologies. Firewalls, encryption techniques, intrusion detection systems, and honeypots are just a few of the systems and technologies that have been developed to ensure information security. Systems for safeguarding an organizational environment through various defensive strategies are traditionally developed. "The enemy continues on attacking" is a primarily defensive statement. By empowering an organization to take action, Honeypot demonstrates its importance. An institution can discover, gather, address, and absorb new security policy flaws with the aid of honeypots. This methodology allows an organization's security measures to continuously incorporate new threats and penetration methods. This is the main justification of creating, developing, and using a honeypot. It is a resource that is meant to be taken advantage of and compromised. To evaluate the methodology, a spark-based honeypot strategy has been designed, put into practice, and tested in this study. The suggested study strategy has undergone many days of testing on a campus-based network. The designed system's primary function is to behave as a fully resourced computer or vault to draw intruders with the requirement that they not defend against or respond to intrusions. The studies were carried out using a number of parameters that were designed.

show abstract

Network security model based on active defense and passive defense hybrid strategy

Cited by 6 publications

References 13 publications

Interoperable Defensive Strategies of Network Security Evaluation

Interoperable Defensive Strategies of Network Security Evaluation

An active defense model based on situational awareness and firewalls

Spark-Based Network Security Honeypot System: Detailed Performance Analysis

Contact Info

Product

Resources

About