The centralized control characteristics of software-defined networks (SDNs) make them susceptible to advanced persistent threats (APTs). Moving target defense, as an effective defense means, is constantly developing. It is difficult to effectively characterize an MTD attack and defense game with existing game models and effectively select the defense timing to balance SDN service quality and MTD decision-making benefits. From the hidden confrontation between the actual attack and defense sides, existing attack-defense scenarios are abstractly characterized and analyzed. Based on the APT attack process of the Cyber Kill Chain (CKC), a state transition model of the MTD attack surface based on the susceptible-infective-recuperative-malfunctioned (SIRM) infectious disease model is defined. An MTD attack-defense timing decision model based on the FlipIt game (FG-MTD) is constructed, which expands the static analysis in the traditional game to a dynamic continuous process. The Nash equilibrium of the proposed method is analyzed, and the optimal timing selection algorithm of the MTD is designed to provide decision support for the selection of MTD timing under moderate security. Finally, the application model is used to verify the model and method. Through numerical analysis, the timings of different types of attack-defense strategies are summarized.

中文翻译：

---

移动目标防御的最佳时机选择方法：FlipIt攻防博弈模型

软件定义网络（SDN）的集中控制特性使它们容易受到高级持续威胁（APT）的影响。移动目标防御作为一种有效的防御手段，正在不断发展。使用现有的游戏模型很难有效地刻画MTD攻击和防御游戏的特征，并且很难有效地选择防御时机以平衡SDN服务质量和MTD决策利益。从实际的攻击和防御方之间的隐藏对抗中，对现有的攻防场景进行了抽象表征和分析。基于网络杀伤链（CKC）的APT攻击过程，定义了基于易感性-感染-累及功能障碍（SIRM）传染病模型的MTD攻击面的状态转换模型。建立了基于FlipIt游戏（MTG）的MTD防御时机决策模型，将传统游戏中的静态分析扩展为动态连续过程。分析了所提方法的纳什均衡，设计了MTD的最优定时选择算法，为中等安全性下的MTD定时选择提供决策支持。最后，应用模型被用来验证模型和方法。通过数值分析，总结了不同类型的攻防策略的时机。设计了MTD的最佳时机选择算法，为中等安全性下的MTD时机选择提供决策支持。最后，应用模型被用来验证模型和方法。通过数值分析，总结了不同类型的攻防策略的时机。设计了MTD的最佳定时选择算法，为中等安全性下的MTD定时选择提供决策支持。最后，应用模型被用来验证模型和方法。通过数值分析，总结了不同类型的攻防策略的时机。