SDN-based solutions for Moving Target Defense network protection

Submitted by BrandonB on Tue, 05/05/2015 - 11:14am

Title	SDN-based solutions for Moving Target Defense network protection
Publication Type	Conference Paper
Year of Publication	2014
Authors	Kampanakis, P., Perros, H., Beyene, T.
Conference Name	A World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2014 IEEE 15th International Symposium on
Date Published	June
Keywords	Algorithm design and analysis, attack surface obfuscation, central control point, Cisco One Platform Kit, Cisco onePK, computer network security, countermeasures attackers, delays, moving target defense, moving target defense network protection, MTD, network-based MTD techniques, Payloads, Ports (Computers), Reconnaissance, SDN, SDN-based MTD methods, SDN-based solutions, Servers, Software Defined Networks, software-defined networking
Abstract	Software-Defined Networking (SDN) allows network capabilities and services to be managed through a central control point. Moving Target Defense (MTD) on the other hand, introduces a constantly adapting environment in order to delay or prevent attacks on a system. MTD is a use case where SDN can be leveraged in order to provide attack surface obfuscation. In this paper, we investigate how SDN can be used in some network-based MTD techniques. We first describe the advantages and disadvantages of these techniques, the potential countermeasures attackers could take to circumvent them, and the overhead of implementing MTD using SDN. Subsequently, we study the performance of the SDN-based MTD methods using Cisco's One Platform Kit and we show that they significantly increase the attacker's overheads.
DOI	10.1109/WoWMoM.2014.6918979
Citation Key	6918979

Groups:

Science of Security VO