Visible to the public Catch Me If You Can: Dynamic Concealment of Network Entities

TitleCatch Me If You Can: Dynamic Concealment of Network Entities
Publication TypeConference Paper
Year of Publication2018
AuthorsFraunholz, Daniel, Krohmer, Daniel, Duque Anton, Simon, Schotten, Hans Dieter
Conference NameProceedings of the 5th ACM Workshop on Moving Target Defense
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-6003-6
Keywordsdeception, Information security, moving target defense, network mutation, Predictive Metrics, pubcrawl, Resiliency, Scalability
AbstractIn this paper, a framework for Moving Target Defense is introduced. This framework bases on three pillars: network address mutation, communication stack randomization and the dynamic deployment of decoys. The network address mutation is based on the concept of domain generation algorithms, where different features are included to fulfill the system requirements. Those requirements are time dependency, unpredictability and determinism. Communication stack randomization is applied additionally to increase the complexity of reconnaissance activity. By employing communication stack randomization, previously fingerprinted systems do not only differ in the network address but also in their communication pattern behavior. And finally, decoys are integrated into the proposed framework to detect attackers that have breached the perimeter. Furthermore, attacker's resources can be bound by interacting with the decoy systems. Additionally, the framework can be extended with more advanced Moving Target Defense methods such as obscuring port numbers of services.
Citation Keyfraunholz_catch_2018