[1]张建辉,徐思捷,曾俊杰,等.突变—服务欺骗协同的移动目标防御方法[J].郑州大学学报(工学版),2027,48(XX):1-10.[doi:10.13705/j.issn.1671-6833.2026.04.019]
 ZHANG Jianhui,XU Sijie,ZENG Junjie,et al.A Mutation-Service Deception Collaborative Moving Target Defense Method[J].Journal of Zhengzhou University (Engineering Science),2027,48(XX):1-10.[doi:10.13705/j.issn.1671-6833.2026.04.019]
点击复制

突变—服务欺骗协同的移动目标防御方法()
分享到:

《郑州大学学报(工学版)》[ISSN:1671-6833/CN:41-1339/T]

卷:
48
期数:
2027年XX
页码:
1-10
栏目:
出版日期:
2027-12-10

文章信息/Info

Title:
A Mutation-Service Deception Collaborative Moving Target Defense Method
作者:
张建辉1,2徐思捷1曾俊杰1王瑞民3
(1.郑州大学 网络空间安全学院,河南 郑州 450002;2.嵩山实验室,河南 郑州 450046;3.郑州大学 计算机与人工智能学院,河南 郑州 450001)
Author(s):
ZHANG Jianhui1,2, XU Sijie1, ZENG Junjie1, WANG Ruimin3
(1. School of Cyber Science and Engineering, Zhengzhou University, Zhengzhou 450002, China; 2. Songshan Laboratory, Zhengzhou 450052, China; 3. School of Computer and Artificial Intelligence, Zhengzhou University, Zhengzhou 450001, China)
关键词:
数字孪生网络移动目标防御服务欺骗深度强化学习
Keywords:
digital twin network moving target defense service deception deep reinforcement learning
分类号:
TP302.1TP302.7
DOI:
10.13705/j.issn.1671-6833.2026.04.019
文献标志码:
A
摘要:
针对数字孪生网络(DTN)中突变类移动目标防御(MTD)策略因离散触发而难以在触发间隔内持续拦截恶意流量,易形成防御空窗的问题,提出一种突变-服务欺骗协同的MTD方法(MSD-MTD)。在地址突变和服务端口突变基础上,引入服务欺骗机制对突变间隔内的可疑流量进行重定向,以增强持续防护能力;进一步结合基于跨节点流量对齐与特征选择的入侵检测方法感知网络状态,并利用深度Q网络(DQN)实现MTD策略的自适应选择。在Mininet-WiFi平台上,基于CICIDS-2017、CICIDS-2018和UNSW-NB15数据集开展对比实验,并与两种典型地址突变方法进行比较。结果表明:MSD-MTD在3个数据集上的平均防御成功率分别达到93.36%、88.20%和95.50%,且往返时延主要分布在0~2ms,说明所提方法在提升防御效果的同时对网络服务时延影响较小。
Abstract:
To address the problem that mutation-based moving target defense (MTD) strategies in digital twin network (DTN) were discretely triggered and thus could not continuously intercept malicious traffic during trigger intervals, which might result in protection gaps, a mutation-service deception collaborative MTD method was proposed, termed MSD-MTD. Building upon address and service port mutation, MSD-MTD introduced a service deception mechanism to redirect suspicious traffic within mutation intervals, thereby enhancing continuous protection.Moreover, an intrusion detection approach based on cross-node traffic alignment and feature selection was employed to perceive network states, and a deep Q-network (DQN) was used to enable adaptive selection of MTD strategies. Comparative experiments were conducted on the Mininet-WiFi platform using the CICIDS-2017, CICIDS-2018, andUNSW-NB15 datasets, with performance benchmarked against two representative address-mutation methods. The results showed that MSD-MTD achieved average defense success rates of 93.36%, 88.20%, and 95.50% on the three datasets, respectively, while the round-trip time was mainly distributed within 0—2 ms, indicating that the proposed method improved defense effectiveness while imposing only a limited impact on network service latency.

参考文献/References:

[1].Lin Xingqin, Kundu L, Dick C, et al. 6G digital twin networks: from theory to practice[J]. IEEE Communications Magazine, 2023, 61(11): 72-78.
[2].Nguyen H X, Trestian R, To D, et al. Digital twin for 5G and beyond [J]. IEEE Communications Magazine, 2021, 59(2): 10-15.
[3].Alcaraz C, Lopez J. Digital twin: a comprehensive survey of security threats[J]. IEEE Communications Surveys & Tutorials, 2022, 24(3): 1475-1503.
[4].Wang Weizheng, Yang Yaoqi, Khan L U, et al. Digital twin for wireless networks: security attacks and solutions[J]. IEEE Wireless Communications, 2024, 31(3):278-285.
[5].He Ke, Kim D D, Asghar M R. Adversarial machine learning for network intrusion detection systems: a comprehensive survey[J]. IEEE Communications Surveys & Tutorials, 2023, 25(1):538-566.
[6].Lei Cheng, Zhang Hongqi, Tan Jinglei, et al. Moving target defense techniques: a survey[J]. Security and Communication Networks, 2018, 2018: 3759626.
[7].Cho J H, Sharma D P, Alavizadeh H, et al. Toward proactive, adaptive defense: a survey on moving target defense[J]. IEEE Communications Surveys & Tutorials, 2020, 22(1): 709-745.
[8].Zhang Tao, Xu Changqiao, Lian Yibo, et al. When moving target defense meets attack prediction in digital twins: a convolutional and hierarchical reinforcement learning approach[J]. IEEE Journal on Selected Areas in Communications, 2023, 41(10): 3293-3305.
[9].Rehman Z, Gondal I, Ge Mengmeng, et al. Proactive defense mechanism: enhancing IoT security through diversity-based moving target defense and cyber deception[J]. Computers & Security, 2024, 139: 103685.
[10].Masud M T, Keshk M, Moustafa N, et al. Vulnerability defence using hybrid moving target defence in Internet of Things systems[J]. Computers & Security, 2025, 153: 104380.
[11].Zhou Yuyang, Cheng Guang, Ouyang Zhi, et al. Resource-efficient low-rate DDoS mitigation with moving target defense in edge clouds[J]. IEEE Transactions on Network and Service Management, 2025, 22(1): 168-186.
[12].Hu Hongchao, Zhang Shuaipu, Cheng Guozhen, et al. ReDoS defense method based on moving target defense in cloud-native environment[J] . Journal of Zhengzhou University (Engineering Science) , 2024, 45(2): 72-79.[扈红超,张帅普,程国振,等.云原生环境下基于移动目标防御的 ReDoS 防御方法[J]. 郑州大学学报(工学版), 2024, 45(2): 72-79.]
[13].Tan Jinglei, Jin Hui, Zhang Hongqi, et al. A survey: when moving target defense meets game theory[J]. Computer Science Review, 2023, 48: 100544.
[14].Zhang Tao, Xu Changqiao, Shen Jiahao, et al. How to disturb network reconnaissance: a moving target defense approach based on deep reinforcement learning[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 5735-5748.
[15].Beltrán-López P, Gil Pérez M, Nespoli P. Cyber deception: taxonomy, state of the art, frameworks, trends, and open challenges[J]. IEEE Communications Surveys & Tutorials, 2026, 28: 1520-1556.
[16].Pai V, Pai K, Manjunatha S, et al. Adaptive network anomaly detection using machine learning approaches[J]. EURASIP Journal on Information Security, 2025, 2025: 29.
[17].Luo Donghao, Wang Xue. ModernTCN: a modern pure convolution structure for general time series analysis[C]∥12th International Conference on Learning Representations. Appleton: ICLR, 2024: 1-43.
[18].Mnih V, Kavukcuoglu K, Silver D, et al. Human-level control through deep reinforcement learning[J]. Nature,2015, 518(7540): 529-533.
[19].Cui Mingxiu. DQN and dynamic feedback for multitask scheduling optimization in engineering management[J]. International Journal of Low-Carbon Technologies, 2024, 19: 2279-2286.
[20].Kumar P, Kumar R, Aljuhani A, et al. Digital twin-driven SDN for smart grid: a deep learning integrated blockchain for cybersecurity[J]. Solar Energy, 2023, 263: 111921.
[21].Li Qiuxiang, Wu Jianping. Optimizing the effectiveness of moving target defense in a probabilistic attack graph: a deep reinforcement learning approach[J]. Electronics, 2024, 13(19) : 3855.
[22].Sharafaldin I, Habibi Lashkari A, Ghorbani A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]∥4th International Conference on Information Systems Security and Privacy. Cham: Springer, 2018: 108-116.
[23].Registry of Open Data on AWS. A realistic cyber defense dataset ( CSE-CIC-IDS2018 ) [DS/OL]. [2026-03-19] . https:∥registry. opendata. aws/cse-cic-ids2018/.
[24].Moustafa N, Slay J. UNSW-NB15: a comprehensive data set for network intrusion detection systems ( UNSW-NB15 network data set) [C]∥Proceedings of the 2015 Military Communications and Information Systems Conference (MilCIS). Piscataway: IEEE, 2015: 1-6.
[25].Xu Xiaoyu, Hu Hao, Liu Yuling, et al. An adaptive IP hopping approach for moving target defense using a lightweight CNN detector[J]. Security and Communication Networks, 2021, 2021: 8848473.

备注/Memo

备注/Memo:
收稿日期:2026-03-29;修订日期:2026-04-10
基金项目:国家重点研发计划(2023YFB2906401);嵩山实验室资助项目(221100210900)
作者简介:张建辉(1977—),男,河南平顶山人,郑州大学副研究员,博士,主要从事网络空间内生安全、新型网络架构和网路数字孪生等研究,E-mail:ndsczjh@163.com。
更新日期/Last Update: 2026-05-15