Moving Target Defense Discrete Host Address Mutation and Analysis in SDN

Document Type

Conference Proceeding

Publication Date

12-1-2020

School

Computing Sciences and Computer Engineering

Abstract

Moving Target Defense is a technique focused on disrupting certain phases of a cyber-attack. Reconnaissance is the preliminary phase of the attack in the cyber kill chain. The static nature of the existing networks gives an adequate amount of time to the adversaries in gathering enough data concerning the target and succeed in mounting an attack. Randomization of the host addresses is well known MTD technique that hides the actual network configuration from external scanners. Although random host mutation techniques are investigated extensively, the limitations such as less availability of unused public address space for mutation and host unavailability due to mutation time interval deteriorate the network's stability. Due to address space unavailability, each host address's mutation is not feasible according to the time interval, or the address space is repeated multiple times. When the host establishes a session of transmitting or receiving data, due to mutation interval, the session is interrupted, leading to the host's unavailability. In this paper, we propose a moving target defense technique to achieve the following objectives: (1) using mutation technique, randomization of IP addresses is achieved to create high uncertainty in adversary scanning; (2) the mutation time interval is separated from each host to preserve network performance and stability; (3) the mutation scheme is adapted by analyzing the data stats from the individual host (4) the analyzed data stats are used to manage the available unused address space.

Publication Title

Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020

First Page

55

Last Page

61

Link to Full Text

Share

COinS