An Efficient and Agile Spatio-Temporal Route Mutation Moving Target Defense Mechanism

For the reasons that defect remedy is an endless arduous work for static network defense technologies and cyberspace security remains unguaranteed, moving target defense (MTD) is proposed to stem the tide. Whereas, as an important branch of MTD, route mutation technologies still have limitations against some sophisticated adversaries like Advanced Persistent Threat (APT), multiple-step complex or combined attacks. In this paper, we propose a new spatio-temporal route mutation method based on MTD. We first take the maximization of resistibility towards not only multiple forms of attacks but also attackers' long-term background knowledge into consideration. We also formulate the problem into a stochastic optimization model and make it possible to agilely generate the satisfying mutation route meets the demands of various parties jointly by only solving one uniform problem. Thus, network Security is guaranteed from both flows(users) and nodes(infrastructure) perspectives. Experimental results highlight the security advantages as traffic dispersion, potential victim number and attack failure rates of our method compared to existing solutions.

[1]  Jiang Liu,et al.  A Defense Mechanism of Random Routing Mutation in SDN , 2017, IEICE Trans. Inf. Syst..

[2]  Ehab Al-Shaer,et al.  Efficient Random Route Mutation considering flow and network constraints , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[3]  Ibrahim Matta,et al.  BRITE: A Flexible Generator of Internet Topologies , 2000 .

[4]  Wei Ni,et al.  Node-centric route mutation for large-scale SDN based on 3D earth mover's distance model , 2017, 2017 17th International Symposium on Communications and Information Technologies (ISCIT).

[5]  Ehab Al-Shaer,et al.  Agile virtualized infrastructure to proactively defend against cyber attacks , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[6]  Ehab Al-Shaer,et al.  Formal Approach for Resilient Reachability based on End-System Route Agility , 2016, MTD@CCS.

[7]  Zhiming Wang,et al.  Mutine: A Mutable Virtual Network Embedding with Game-Theoretic Stochastic Routing , 2014, 2015 IEEE Global Communications Conference (GLOBECOM).

[8]  Jin B. Hong,et al.  Optimal Network Reconfiguration for Software Defined Networks Using Shuffle-Based Online MTD , 2017, 2017 IEEE 36th Symposium on Reliable Distributed Systems (SRDS).

[9]  Yang Liu,et al.  Differential privacy-guaranteed trajectory community identification over vehicle ad-hoc networks , 2018, Internet Technol. Lett..

[10]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[11]  Chen Zhang,et al.  Area-Dividing Route Mutation in Moving Target Defense Based on SDN , 2017, NSS.

[12]  BERNARD M. WAXMAN,et al.  Routing of multipoint connections , 1988, IEEE J. Sel. Areas Commun..

[13]  Cheng Lei,et al.  Network moving target defense technique based on collaborative mutation , 2017, Comput. Secur..

[14]  Ehab Al-Shaer,et al.  Proactive routing mutation against stealthy Distributed Denial of Service attacks: metrics, modeling, and analysis , 2018 .

[15]  Ehab Al-Shaer,et al.  Formal Approach for Route Agility against Persistent Attackers , 2013, ESORICS.

[16]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.