Visible to the public Biblio

Filters: Author is Nelson, Frederica F.  [Clear All Filters]
2020
Kim, Dong Seong, Kim, Minjune, Cho, Jin-Hee, Lim, Hyuk, Moore, Terrence J., Nelson, Frederica F..  2020.  Design and Performance Analysis of Software Defined Networking Based Web Services Adopting Moving Target Defense. 2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S). :43—44.
Moving Target Defense (MTD) has been emerged as a promising countermeasure to defend systems against cyberattacks asymmetrically while working well with legacy security and defense mechanisms. MTD provides proactive security services by dynamically altering attack surfaces and increasing attack cost or complexity to prevent further escalation of the attack. However, one of the non-trivial hurdles in deploying MTD techniques is how to handle potential performance degradation (e.g., interruptions of service availability) and maintain acceptable quality-of-service (QoS) in an MTD-enabled system. In this paper, we derive the service performance metrics (e.g., an extent of failed jobs) to measure how much performance degradation is introduced due to MTD operations, and propose QoS-aware service strategies (i.e., drop and wait) to manage ongoing jobs with the minimum performance degradation even under MTD operations running. We evaluate the service performance of software-defined networking (SDN)-based web services (i.e., Apache web servers). Our experimental results prove that the MTD-enabled system can minimize performance degradation by using the proposed job management strategies. The proposed strategies aim to optimize a specific service configuration (e.g., types of jobs and request rates) and effectively minimize the adverse impact of deploying MTD in the system with acceptable QoS while retaining the security effect of IP shuffling-based MTD.
2019
Sharma, Dilli P., Cho, Jin-Hee, Moore, Terrence J., Nelson, Frederica F., Lim, Hyuk, Kim, Dong Seong.  2019.  Random Host and Service Multiplexing for Moving Target Defense in Software-Defined Networks. ICC 2019 - 2019 IEEE International Conference on Communications (ICC). :1—6.

Moving target defense (MTD) is a proactive defense mechanism of changing the attack surface to increase an attacker's confusion and/or uncertainty, which invalidates its intelligence gained through reconnaissance and/or network scanning attacks. In this work, we propose software-defined networking (SDN)-based MTD technique using the shuffling of IP addresses and port numbers aiming to obfuscate both network and transport layers' real identities of the host and the service for defending against the network reconnaissance and scanning attacks. We call our proposed MTD technique Random Host and Service Multiplexing, namely RHSM. RHSM allows each host to use random, multiple virtual IP addresses to be dynamically and periodically shuffled. In addition, it uses short-lived, multiple virtual port numbers for an active service running on the host. Our proposed RHSM is novel in that we employ multiplexing (or de-multiplexing) to dynamically change and remap from all the virtual IPs of the host to the real IP or the virtual ports of the services to the real port, respectively. Via extensive simulation experiments, we prove how effectively and efficiently RHSM outperforms a baseline counterpart (i.e., a static network without RHSM) in terms of the attack success probability and defense cost.

Dishington, Cole, Sharma, Dilli P., Kim, Dong Seong, Cho, Jin-Hee, Moore, Terrence J., Nelson, Frederica F..  2019.  Security and Performance Assessment of IP Multiplexing Moving Target Defence in Software Defined Networks. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :288–295.

With the interconnection of services and customers, network attacks are capable of large amounts of damage. Flexible Random Virtual IP Multiplexing (FRVM) is a Moving Target Defence (MTD) technique that protects against reconnaissance and access with address mutation and multiplexing. Security techniques must be trusted, however, FRVM, along with past MTD techniques, have gaps in realistic evaluation and thorough analysis of security and performance. FRVM, and two comparison techniques, were deployed on a virtualised network to demonstrate FRVM's security and performance trade-offs. The key results include the security and performance trade-offs of address multiplexing and address mutation. The security benefit of IP address multiplexing is much greater than its performance overhead, deployed on top of address mutation. Frequent address mutation significantly increases an attackers' network scan durations as well as effectively obfuscating and hiding network configurations.