A new dynamic address solution for moving target defense

The dynamic address techniques that dynamically change network properties including protocols and addresses have been a major focus area of moving target defense. Current dynamic address proposals have a common limitation that the changing scope of a certain terminal host is limited to its corresponding subnet in the process of address dynamically changing. A new dynamic address solution is proposed based on software defined network to enlarge the changing scopes of terminal hosts. The effectiveness of proposed solution is evaluated by an experimental network created by mininet. The experiment results show that the proposed solution could effectively manage the dynamically changing process and extend the terminal hosts' changing scopes to a great extent.

[1]  Thomas E. Carroll,et al.  Analysis of network address shuffling as a moving target defense , 2014, 2014 IEEE International Conference on Communications (ICC).

[2]  Evangelos P. Markatos,et al.  Defending against hitlist worms using network address space randomization , 2007, Comput. Networks.

[3]  Scott A. DeLoach,et al.  Model-driven, Moving-Target Defense for Enterprise Network Security , 2011, Models@run.time@Dagstuhl.

[4]  Scott A. DeLoach,et al.  Investigating the application of moving target defenses to network security , 2013, 2013 6th International Symposium on Resilient Control Systems (ISRCS).

[5]  Marco M. Carvalho,et al.  A layered approach to understanding network dependencies on moving target defense mechanisms , 2013, CSIIRW '13.

[6]  D. Kewley,et al.  Dynamic approaches to thwart adversary intelligence gathering , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[7]  Jeannette M. Wing,et al.  A Formal Model for a System's Attack Surface , 2011, Moving Target Defense.

[8]  Scott A. DeLoach,et al.  A model for analyzing the effect of moving target defenses on enterprise networks , 2014, CISR '14.

[9]  Scott A. DeLoach,et al.  Simulation-based Approaches to Studying Effectiveness of Moving-Target Network Defense | NIST , 2012 .

[10]  Radha Poovendran,et al.  Effectiveness of IP address randomization in decoy-based moving target defense , 2013, 52nd IEEE Conference on Decision and Control.

[11]  Chaojing Tang,et al.  Ethernet address resolution in the context of dynamic IP address changes , 2016, 2016 IEEE International Conference of Online Analysis and Computing Science (ICOACS).

[12]  Ehab Al-Shaer,et al.  Random Host Mutation for Moving Target Defense , 2012, SecureComm.

[13]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[14]  Suzanne Hassell,et al.  Using cyber maneuver to improve network resiliency , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[15]  Scott A. DeLoach,et al.  Towards a Theory of Moving Target Defense , 2014, MTD '14.

[16]  Karl N. Levitt,et al.  Artificial Diversity as Maneuvers in a Control Theoretic Moving Target Defense , 2012 .

[17]  Scott A. DeLoach,et al.  Mission-oriented moving target defense based on cryptographically strong network dynamics , 2013, CSIIRW '13.

[18]  Robert K. Abercrombie,et al.  Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop , 2013 .

[19]  Harry G. Perros,et al.  SDN-based solutions for Moving Target Defense network protection , 2014, Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.

[20]  Anh Nguyen-Tuong,et al.  Effectiveness of Moving Target Defenses , 2011, Moving Target Defense.

[21]  Angelos Stavrou,et al.  MOTAG: Moving Target Defense against Internet Denial of Service Attacks , 2013, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[22]  Ehab Al-Shaer,et al.  Toward Network Configuration Randomization for Moving Target Defense , 2011, Moving Target Defense.