Visible to the public Random Host and Service Multiplexing for Moving Target Defense in Software-Defined Networks

TitleRandom Host and Service Multiplexing for Moving Target Defense in Software-Defined Networks
Publication TypeConference Paper
Year of Publication2019
AuthorsSharma, Dilli P., Cho, Jin-Hee, Moore, Terrence J., Nelson, Frederica F., Lim, Hyuk, Kim, Dong Seong
Conference NameICC 2019 - 2019 IEEE International Conference on Communications (ICC)
ISBN Number978-1-5386-8088-9
Keywordsattack success probability, computer network security, control systems, IP networks, MTD technique, Multiplexing, Network reconnaissance, proactive defense mechanism, pubcrawl, random host and service multiplexing technique, random IP addresses, Reconnaissance, resilience, Resiliency, RHSM, Scalability, scanning attacks, Servers, software defined networking, software-defined networking-based MTD technique, Software-Defined Networks, Static Network, Synchronization, virtual IP addresses, virtual IPs, virtual port numbers, virtual ports

Moving target defense (MTD) is a proactive defense mechanism of changing the attack surface to increase an attacker's confusion and/or uncertainty, which invalidates its intelligence gained through reconnaissance and/or network scanning attacks. In this work, we propose software-defined networking (SDN)-based MTD technique using the shuffling of IP addresses and port numbers aiming to obfuscate both network and transport layers' real identities of the host and the service for defending against the network reconnaissance and scanning attacks. We call our proposed MTD technique Random Host and Service Multiplexing, namely RHSM. RHSM allows each host to use random, multiple virtual IP addresses to be dynamically and periodically shuffled. In addition, it uses short-lived, multiple virtual port numbers for an active service running on the host. Our proposed RHSM is novel in that we employ multiplexing (or de-multiplexing) to dynamically change and remap from all the virtual IPs of the host to the real IP or the virtual ports of the services to the real port, respectively. Via extensive simulation experiments, we prove how effectively and efficiently RHSM outperforms a baseline counterpart (i.e., a static network without RHSM) in terms of the attack success probability and defense cost.

Citation Keysharma_random_2019