Random Host and Service Multiplexing for Moving Target Defense in Software-Defined Networks
Title | Random Host and Service Multiplexing for Moving Target Defense in Software-Defined Networks |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Sharma, Dilli P., Cho, Jin-Hee, Moore, Terrence J., Nelson, Frederica F., Lim, Hyuk, Kim, Dong Seong |
Conference Name | ICC 2019 - 2019 IEEE International Conference on Communications (ICC) |
ISBN Number | 978-1-5386-8088-9 |
Keywords | attack success probability, computer network security, control systems, IP networks, MTD technique, Multiplexing, Network reconnaissance, proactive defense mechanism, pubcrawl, random host and service multiplexing technique, random IP addresses, Reconnaissance, resilience, Resiliency, RHSM, Scalability, scanning attacks, Servers, software defined networking, software-defined networking-based MTD technique, Software-Defined Networks, Static Network, Synchronization, virtual IP addresses, virtual IPs, virtual port numbers, virtual ports |
Abstract | Moving target defense (MTD) is a proactive defense mechanism of changing the attack surface to increase an attacker's confusion and/or uncertainty, which invalidates its intelligence gained through reconnaissance and/or network scanning attacks. In this work, we propose software-defined networking (SDN)-based MTD technique using the shuffling of IP addresses and port numbers aiming to obfuscate both network and transport layers' real identities of the host and the service for defending against the network reconnaissance and scanning attacks. We call our proposed MTD technique Random Host and Service Multiplexing, namely RHSM. RHSM allows each host to use random, multiple virtual IP addresses to be dynamically and periodically shuffled. In addition, it uses short-lived, multiple virtual port numbers for an active service running on the host. Our proposed RHSM is novel in that we employ multiplexing (or de-multiplexing) to dynamically change and remap from all the virtual IPs of the host to the real IP or the virtual ports of the services to the real port, respectively. Via extensive simulation experiments, we prove how effectively and efficiently RHSM outperforms a baseline counterpart (i.e., a static network without RHSM) in terms of the attack success probability and defense cost. |
URL | https://ieeexplore.ieee.org/document/8761496/ |
DOI | 10.1109/ICC.2019.8761496 |
Citation Key | sharma_random_2019 |
- Resiliency
- virtual ports
- virtual port numbers
- virtual IPs
- virtual IP addresses
- Synchronization
- Static Network
- Software-Defined Networks
- software-defined networking-based MTD technique
- software defined networking
- Servers
- scanning attacks
- Scalability
- RHSM
- attack success probability
- resilience
- Reconnaissance
- random IP addresses
- random host and service multiplexing technique
- pubcrawl
- proactive defense mechanism
- Network reconnaissance
- Multiplexing
- MTD technique
- IP networks
- control systems
- computer network security