An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks

Jafarian, Jafar Haadi; Al-Shaer, Ehab; Duan, Qi

doi:10.1109/tifs.2015.2467358

Cited by 107 publications

(75 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• Other metrics: Based on the unique features of each of the existing MTD approaches, various other types of metrics have been adopted to measure the effectiveness of MTD as follows: -Controllability [125]: This refers to the portion of critical system assets which expose a high vulnerability to an attacker if compromised. -Worm propagation speed [3,78,79]: This measures how much a deployed MTD can slow down actions by an attacker. This also indirectly increases the detection of attackers by earning more time to monitor the attacker.…”

Section: A Metrics For Measuring Mtd Effectivenessmentioning

confidence: 99%

“…Some other works also used specific metrics to capture defense cost as follows: -Address space overhead [3]: In deploying Random IP mutation techniques, this refers to the required address space based on mutation speed (e.g., low frequency mutation, LFM, or high frequency mutation, HFM). -Flow table size [78,79,164]: This measures the size of flow table in OpenFlow (OF) switches when OF-RHM (Random Host Mutation) is used in an SDN-based MTD. -Integrated performance cost [34,51]: This metric integrates both performance and security cost.…”

Section: Qos To Usersmentioning

confidence: 99%

See 1 more Smart Citation

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

Cho

Sharma

Alavizadeh

et al. 2020

IEEE Commun. Surv. Tutorials

222

View full text Add to dashboard Cite

Reactive defense mechanisms, such as intrusion detection systems, have made significant efforts to secure a system or network for the last several decades. However, the nature of reactive security mechanisms has limitations because potential attackers cannot be prevented in advance. We are facing a reality with the proliferation of persistent, advanced, intelligent attacks while defenders are often way behind attackers in taking appropriate actions to thwart potential attackers. The concept of moving target defense (MTD) has emerged as a proactive defense mechanism aiming to prevent attacks. In this work, we conducted a comprehensive, in-depth survey to discuss the following aspects of MTD: key roles, design principles, classifications, common attacks, key methodologies, important algorithms, metrics, evaluation methods, and application domains. We discuss the pros and cons of all aspects of MTD surveyed in this work. Lastly, we highlight insights and lessons learned from this study and suggest future work directions. The aim of this paper is to provide the overall trends of MTD research in terms of critical aspects of defense systems for researchers who seek for developing proactive, adaptive MTD mechanisms.

show abstract

Section: A Metrics For Measuring Mtd Effectivenessmentioning

confidence: 99%

Section: Qos To Usersmentioning

confidence: 99%

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

Cho

Sharma

Alavizadeh

et al. 2020

IEEE Commun. Surv. Tutorials

222

View full text Add to dashboard Cite

show abstract

“…The OF-RHM/RHM research team has been conducting ongoing research based on RHM [15][16][17]. HIDE, the latest research area of the RHM research team, includes fingerprint mutation and attack surface expansion, operating a honeypot cloud as well as network address mutation on the RHM network model.…”

Section: Hidementioning

confidence: 99%

Secure Cyber Deception Architecture and Decoy Injection to Mitigate the Insider Threat

et al. 2018

View full text Add to dashboard Cite

Abstract:We propose a novel dynamic host mutation (DHM) architecture based on moving target defense (MTD) that can actively cope with cyberattacks. The goal of the DHM is to break the cyber kill chain, expand the attack surface to increase the attacker's target analysis cost, and disrupt the attacker's fingerprinting to disable the server trace. We define the participating entities that share the MTD policy within the enterprise network or the critical infrastructure, and define functional modules of each entity for DHM enforcement. The threat model of this study is an insider threat of a type not considered in previous studies. We define an attack model considering an insider threat and propose a decoy injection mechanism to confuse the attacker. In addition, we analyze the security of the proposed structure and mechanism based on the security requirements and propose a trade-off considering security and availability.

show abstract

“…We focus on just network level MTD in this paper. The Networkbased Moving Target Defense (NMTD) policy randomizes properties of the network, including IP addresses, MAC addresses, port numbers, and even the communication routing and protocol [1]. Software-Defined Network (SDN) decouples the control plane and data plane, making the network management and expansion more flexible.…”

Section: Introductionmentioning

confidence: 99%

A Defense Mechanism of Random Routing Mutation in SDN

Liu

Zhang

Guo³

2017

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYFocused on network reconnaissance, eavesdropping, and DoS attacks caused by static routing policies, this paper designs a random routing mutation architecture based on the OpenFlow protocol, which takes advantages of the global network view and centralized control in a software-defined network. An entropy matrix of network traffic characteristics is constructed by using volume measurements and characteristic measurements of network traffic. Random routing mutation is triggered according to the result of network anomaly detection, which using a wavelet transform and principal component analysis to handle the above entropy matrix for both spatial and temporal correlations. The generation of a random routing path is specified as a 0-1 knapsack problem, which is calculated using an improved ant colony algorithm. Theoretical analysis and simulation results show that the proposed method not only increases the difficulty of network reconnaissance and eavesdropping but also reduces the impact of DoS attacks on the normal communication in an SDN network.

show abstract

An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks

Cited by 107 publications

References 25 publications

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

Secure Cyber Deception Architecture and Decoy Injection to Mitigate the Insider Threat

A Defense Mechanism of Random Routing Mutation in SDN

Contact Info

Product

Resources

About