Adversary-aware IP address randomization for proactive agility against sophisticated attackers

Jafarian, Jafar Haadi; Al-Shaer, Ehab; Duan, Qi

doi:10.1109/infocom.2015.7218443

Cited by 48 publications

(33 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The OF-RHM/RHM research team has been conducting ongoing research based on RHM [15][16][17]. HIDE, the latest research area of the RHM research team, includes fingerprint mutation and attack surface expansion, operating a honeypot cloud as well as network address mutation on the RHM network model.…”

Section: Hidementioning

confidence: 99%

Secure Cyber Deception Architecture and Decoy Injection to Mitigate the Insider Threat

et al. 2018

View full text Add to dashboard Cite

Abstract:We propose a novel dynamic host mutation (DHM) architecture based on moving target defense (MTD) that can actively cope with cyberattacks. The goal of the DHM is to break the cyber kill chain, expand the attack surface to increase the attacker's target analysis cost, and disrupt the attacker's fingerprinting to disable the server trace. We define the participating entities that share the MTD policy within the enterprise network or the critical infrastructure, and define functional modules of each entity for DHM enforcement. The threat model of this study is an insider threat of a type not considered in previous studies. We define an attack model considering an insider threat and propose a decoy injection mechanism to confuse the attacker. In addition, we analyze the security of the proposed structure and mechanism based on the security requirements and propose a trade-off considering security and availability.

show abstract

Section: Hidementioning

confidence: 99%

Secure Cyber Deception Architecture and Decoy Injection to Mitigate the Insider Threat

et al. 2018

View full text Add to dashboard Cite

show abstract

“…1) IP address translation. OpenFlow Random Host Mutation (OF-RHM) and Random Host Mutation (RHM) [12,13] are the virtual address random transformation technology proposed by alshaer et al OF-RHM is applied to SDN network, and provides the random virtual IP allocated by OpenFlow, and the translation of real IP and virtual IP is performed by the OF-RHM. The network structure of OF-RHM is shown as figure 2.…”

Section: Mechanism Based On Random Translationmentioning

confidence: 99%

The New Progress of Motive Target Defense Technology

Tiantian¹

2018

IJDST

View full text Add to dashboard Cite

The concept of moving target defense (MTD) is an excellent solution proposed in USA to make the defender become dominant player while the defender is the disadvantage one in the game of defender and attacker. Focus on summarized the attack surface characteristic and functional connotation of moving target defense, according to the hierarchy in the execution stack, this paper classified and analyzed current moving target defense technologies into four categories, such as dynamic communication network, dynamic communication run-time environment, dynamic communication data and dynamic communication application, described the theory of every mechanism in each category, summarized the advantages and disadvantages of each mechanism. On the basis of the study of current mechanisms of moving target defense technologies, this paper designed a moving target defense system based on terminal information hopping and analyzed its anti-attack performance. The experiment result proven that system can effectively increase the time consumption and complexity of successful attack, and decrease successful attack rate by continually shifting the attack surface, our design greatly improved the strength of inactive defense. This study can provide the theoretical guidance for the design and implementation of mutimechanisms moving target defense systems.

show abstract

“…Jafarian et al [10] used the OpenFlow protocol to develop an MTD architecture that transparently mutates IP addresses with high unpredictability, which is able to maintain configuration integrity and minimize operation overhead. Jafarian et al [11] also presented a novel MTD technique that enables the host-to-IP binding of each destination host to vary randomly across the network based on the source identity and time. The integration of both spatial and temporal mutations could effectively defeat various reconnaissance-based threat models, ranging from naive IP sharing techniques to sophisticated advanced persistent threats.…”

Section: Related Workmentioning

confidence: 99%

A Defense Mechanism of Random Routing Mutation in SDN

Liu

Zhang

Guo³

2017

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYFocused on network reconnaissance, eavesdropping, and DoS attacks caused by static routing policies, this paper designs a random routing mutation architecture based on the OpenFlow protocol, which takes advantages of the global network view and centralized control in a software-defined network. An entropy matrix of network traffic characteristics is constructed by using volume measurements and characteristic measurements of network traffic. Random routing mutation is triggered according to the result of network anomaly detection, which using a wavelet transform and principal component analysis to handle the above entropy matrix for both spatial and temporal correlations. The generation of a random routing path is specified as a 0-1 knapsack problem, which is calculated using an improved ant colony algorithm. Theoretical analysis and simulation results show that the proposed method not only increases the difficulty of network reconnaissance and eavesdropping but also reduces the impact of DoS attacks on the normal communication in an SDN network.

show abstract

Adversary-aware IP address randomization for proactive agility against sophisticated attackers

Cited by 48 publications

References 15 publications

Secure Cyber Deception Architecture and Decoy Injection to Mitigate the Insider Threat

Secure Cyber Deception Architecture and Decoy Injection to Mitigate the Insider Threat

The New Progress of Motive Target Defense Technology

A Defense Mechanism of Random Routing Mutation in SDN

Contact Info

Product

Resources

About