Dynamic generation containment systems (DGCS): A Moving Target Defense approach
作者: Tommy Chin , Kaiqi Xiong
DOI: 10.1109/EITEC.2016.7503690
关键词: Container (abstract data type) 、 Engineering 、 SCADA 、 Supercomputer 、 Systems architecture 、 Computer security 、 Evasion (network security) 、 Intrusion detection system 、 Cyber-physical system 、 Virtualization
摘要: Supervisory Control and Data Acquisition (SCADA) systems are critical assets to public utility manufacturing organizations. These systems, although critical, prone numerous cyber security related threats attacks. To combat such challenges, we propose a Dynamic Generated Containment System (DGCS), moving target defense model as method of threat evasion. Under the proposed approach, employ use intrusion detection (IDS) in conjunction with virtualization solution—Docker. The approach provides an individual Docker container for each detected by our IDS. We conduct several experiments using high performance computing measure demonstrate approach.
ieeecomputersociety.org参考文章(9)
Yulong Zhang, Min Li, Kun Bai, Meng Yu, Wanyu Zang, Incentive Compatible Moving Target Defense against VM-Colocation Attacks in Clouds information security conference. pp. 388- 399 ,(2012) , 10.1007/978-3-642-30436-1_32
Shankar Sastry, Saurabh Amin, Alvaro A. Cárdenas, Research challenges for the security of control systems usenix security symposium. pp. 6- ,(2008)
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Marthony Taguinod, Adam Doupe, Ziming Zhao, Gail-Joon Ahn, Toward a Moving Target Defense for Web Applications information reuse and integration. pp. 510- 517 ,(2015) , 10.1109/IRI.2015.84
Mark Berman, Jeffrey S. Chase, Lawrence Landweber, Akihiro Nakao, Max Ott, Dipankar Raychaudhuri, Robert Ricci, Ivan Seskar, GENI: A federated testbed for innovative network experiments Computer Networks. ,vol. 61, pp. 5- 23 ,(2014) , 10.1016/J.BJP.2013.12.037
Ruijin Zhou, Fang Liu, Chao Li, Tao Li, Optimizing virtual machine live storage migration in heterogeneous storage environment Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments - VEE '13. ,vol. 48, pp. 73- 84 ,(2013) , 10.1145/2451512.2451529
Dirk Merkel, Docker: lightweight Linux containers for consistent development and deployment Linux Journal. ,vol. 2014, pp. 2- ,(2014)
Adrian R Chavez, Mitchell Tyler Martin, Jason Hamlet, William Stout, Erik Lee, None, Network Randomization and Dynamic Defense for Critical Infrastructure Systems Office of Scientific and Technical Information (OSTI). ,(2015) , 10.2172/1179040
Shih-Wei Fang, Anthony Portante, Mohammad Husain, Moving Target Defense Mechanisms in Cyber-Physical Systems CRC Press. pp. 63- 90 ,(2015) , 10.1201/B19311-4