High Performance Low Latency Network Address and Port Hopping Mechanism Based on Netfilter

Network address and port hopping (NPAH) is an effectual moving target defense tactic that comes from frequency hopping in wireless communication, and it is proposed for host and service hiding and attack resistance. In this paper, we propose a high performance low latency network address and port hopping implementation mechanism, using the netfilter framework inside the Linux kernel. We have conducted experiments and tests to evaluate the performance of our method, and the result shows that the proposed mechanism is efficient in implementing NPAH on Linux platform.

[1]  Shuwang Lu,et al.  DoS Evading Mechanism upon Service Hopping , 2007, 2007 IFIP International Conference on Network and Parallel Computing Workshops (NPC 2007).

[2]  Xin Zhang,et al.  Algorithms to speedup pattern matching for network intrusion detection systems , 2015, Comput. Commun..

[3]  Michael Atighetchi,et al.  Adaptive use of network-centric mechanisms in cyber-defense , 2003, Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, 2003..

[4]  Fei Wang,et al.  A new multistage approach to detect subtle DDoS attacks , 2012, Math. Comput. Model..

[5]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[6]  Evangelos P. Markatos,et al.  Defending against hitlist worms using network address space randomization , 2007, Comput. Networks.

[7]  Xiaofeng Wang,et al.  TPAH: a universal and multi-platform deployable port and address hopping mechanism , 2015 .

[8]  Idit Keidar,et al.  Keeping Denial-of-Service Attackers in the Dark , 2007, IEEE Trans. Dependable Secur. Comput..

[9]  H.C.J. Lee,et al.  Port hopping for resilient networks , 2004, IEEE 60th Vehicular Technology Conference, 2004. VTC2004-Fall. 2004.

[10]  Zhenhua Liu,et al.  Port and Address Hopping for Active Cyber-Defense , 2007, PAISI.