Full Service Hopping for Proactive Cyber-Defense

Abstract: Inspired by deceptive and evasive countermeasures for military environment, a proactive cyber defense tactic of full service hopping is proposed which changes all the service information pseudo-randomly, including service port, network address, service slot, cryptographic algorithm and even the service protocol. A novel concept of dynamic honey pot is presented which mimics the ancient battle diagrams to bewilder the adversary by changing the role of every hopping station pseudo-randomly. Thereafter a full ser… Show more

“…In order to expand the poor portability and scalability of the tactic in [22], they introduce a full service hopping framework implemented through mobile java agent in [23], and design a spokesman scheme to solve the problem of precise time synchronization. However, they make a too strong assumption that attackers know nothing about the hopping algorithm, and they didn't give any detailed information about the hopping algorithm.…”

“…Although paper [20] tries to introduce spatial mutation to increase its effectiveness, but do not consider port mutation which restricts its applicability. The port and address hopping works [21]- [23] combines port hopping and address mutation to increase their defense ability by simultaneously hopping port and address. Nevertheless, they do not provide detailed algorithms and implementations, and they usually consider one kind of hopping, i.e., temporal hopping, which restricts its applicability against coordinated attack models.…”

“…Note that, the port scanning was performed to the target host discovered in the process of host discovery. Since the nature of existing port hopping [12], address hopping [5], [16] and port and address hopping/mutation [18], [19], [21]- [23] schemes is periodic port or/and address rotation. Assume there is only one server host running in the target network, existing works can be simplified as address hopping using the whole domain addresses and port hopping using the whole port space despite their detail implementation techniques, and they were depicted in Figs.…”

RPAH: A Moving Target Network Defense Mechanism Naturally Resists Reconnaissances and Attacks

“…In order to expand the poor portability and scalability of the tactic in [22], they introduce a full service hopping framework implemented through mobile java agent in [23], and design a spokesman scheme to solve the problem of precise time synchronization. However, they make a too strong assumption that attackers know nothing about the hopping algorithm, and they didn't give any detailed information about the hopping algorithm.…”

“…Although paper [20] tries to introduce spatial mutation to increase its effectiveness, but do not consider port mutation which restricts its applicability. The port and address hopping works [21]- [23] combines port hopping and address mutation to increase their defense ability by simultaneously hopping port and address. Nevertheless, they do not provide detailed algorithms and implementations, and they usually consider one kind of hopping, i.e., temporal hopping, which restricts its applicability against coordinated attack models.…”

“…Note that, the port scanning was performed to the target host discovered in the process of host discovery. Since the nature of existing port hopping [12], address hopping [5], [16] and port and address hopping/mutation [18], [19], [21]- [23] schemes is periodic port or/and address rotation. Assume there is only one server host running in the target network, existing works can be simplified as address hopping using the whole domain addresses and port hopping using the whole port space despite their detail implementation techniques, and they were depicted in Figs.…”

RPAH: A Moving Target Network Defense Mechanism Naturally Resists Reconnaissances and Attacks

DSPHR: A Dynamic SDN-Based Port Hopping Routing Technique for Mitigating SD-WSN Attacks

Multi End-Hopping Modeling and Optimization Using Cooperative Game