RPAH: Random Port and Address Hopping for Thwarting Internal and External Adversaries

Network servers and applications commonly use static IP addresses and communication ports, making themselves easy targets for network reconnaissances and attacks. Port and address hopping is a novel and effective moving target defense (MTD) which hides network servers and applications by constantly changing IP addresses and ports. In this paper, we develop a novel port and address hopping mechanism called Random Port and Address Hopping (RPAH), which constantly and unpredictably mutates IP addresses and communication ports based on source identity, service identity as well as time with high rate. RPAH provides us a more strength and effective MTD mechanism with three hopping frequency, i.e., source hopping, service hopping and temporal hopping. In RPAH networks, the real IPs (rIPs) and real ports (rPorts) remain untouched and packets are routed based on dynamic and temporary virtual IPs (vIPs) of servers. Therefore, messages from adversaries using static, invalid or inactive IP addresses/ports will be detected and denied. Our experiments and evaluation show that RPAH is effective in defense against various internal and external threats such as network scanning, SYN flooding attack and worm propagation, while introducing an acceptable operation overhead.

[1]  Baosheng Wang,et al.  Analysis of Port Hopping for Proactive Cyber Defense 1 , 2015 .

[2]  Michael Atighetchi,et al.  Adaptive use of network-centric mechanisms in cyber-defense , 2003, Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, 2003..

[3]  Jugal K. Kalita,et al.  Network attacks: Taxonomy, tools and systems , 2014, J. Netw. Comput. Appl..

[4]  Donald F. Towsley,et al.  On the performance of Internet worm scanning strategies , 2006, Perform. Evaluation.

[5]  H.C.J. Lee,et al.  Port hopping for resilient networks , 2004, IEEE 60th Vehicular Technology Conference, 2004. VTC2004-Fall. 2004.

[6]  Ehab Al-Shaer,et al.  Spatio-temporal Address Mutation for Proactive Cyber Agility against Sophisticated Attackers , 2014, MTD '14.

[7]  Ehab Al-Shaer,et al.  Random Host Mutation for Moving Target Defense , 2012, SecureComm.

[8]  Idit Keidar,et al.  Keeping Denial-of-Service Attackers in the Dark , 2007, IEEE Transactions on Dependable and Secure Computing.

[9]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[10]  Fei Li,et al.  A moving target DDoS defense mechanism , 2014, Comput. Commun..

[11]  Evangelos P. Markatos,et al.  Defending against hitlist worms using network address space randomization , 2007, Comput. Networks.