JOURNAL ARTICLE

An active defense model based on situational awareness and firewalls.

  • Published In: Concurrency & Computation: Practice & Experience, 2023, v. 35, n. 6. P. 1 1 of 3

  • Database: Applied Science & Technology Source Ultimate 2 of 3

  • Authored By: Li, Di; Hu, Yikun; Xiao, Guoqing; Duan, Mingxing; Li, Kenli 3 of 3

Abstract

Summary: With the rapid development of the internet, cyberspace security issues have become increasingly prominent. The importance of constructing a cyberspace security system is self‐evident, but compared with attackers, defenders in cyberspace are in a castle‐like passive defense state in most cases. Therefore, building a reliable, accurate, timely, and active defense system is challenging. The key is to accurately focus on defense priorities, the anticipation of attackers who will likely succeed, and blocking attacks in a timely manner. In this article, we propose an active defense model based on the interaction of situational awareness and firewalls. First, by biasing the integrity, confidentiality, and availability of assets to get the score of assets, and using the Common Vulnerability Scoring System to assess the threat level of assets, we combine the two to determine the maximum system damage that the asset will suffer if it is lost, and then focus on defense. Meanwhile, log analysis of the network situational awareness platform can predict successful attackers, and then the linked firewall strategy can block these attacks in time before the attackers obtain attack gains. After that, we force the attackers to give up their attacks on the target by increasing the attack cost. We compared our model with iptables auto‐blocking and nginx auto‐blocking, and our model excelled them across the board in terms of comprehensiveness and false positive rate. The experimental results verify thar our active defense model proposed in this article can better reduce the defense cost and increase the attack cost, thus achieving the relatively defense goal. [ABSTRACT FROM AUTHOR]

Additional Information

  • Source:Concurrency & Computation: Practice & Experience. 2023/03, Vol. 35, Issue 6, p1
  • Document Type:Article
  • Subject Area:Computer Science
  • Publication Date:2023
  • ISSN:15320626
  • DOI:10.1002/cpe.7577
  • Accession Number:161825700
  • Copyright Statement:Copyright of Concurrency & Computation: Practice & Experience is the property of Wiley-Blackwell and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Looking to go deeper into this topic? Look for more articles on EBSCOhost.