Abstract
Moving target defense is a revolutionary technology changing the antagonistic pattern between attack and defense, with end-point information hopping one of the hotspots in this field. In order to counterpoise the defensive benefit of end-point information hopping and service quality of network system, a novel technique named self-adaptive end-point hopping technique based on adversary strategy awareness is proposed. To solve the blindness problem of hopping mechanism in the course of defense, hopping triggering based on adversary strategy awareness is applied to guide the choice of hopping mode by discriminating the scanning attack strategy, which enhances targeted defense. Furthermore, aimed at the low availability problem caused by limited network resource and high hopping overhead, satisfiability modulo theories are used to formally describe hopping constraints, so as to ensure low hopping overhead. Finally, both theoretical and experimental analyses are performed, demonstrating that the proposed technique can ensure low hopping overhead, while effectively discriminating and defending different types of scanning attacks.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Jajodia, S.; Ghosh, A.K.; Swarup, V.; et al.: Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Springer, Berlin (2011)
Networking F. IT Research, and D.(NITRD). Federal Cybersecurity Game-change and D Themes, [EB/OL]. https://www.nitrd.gov/cybersecurity/page/federal-cybersecurity-1Themes, [EB/OL]. https://www.nitrd.gov/cybersecurity/page/federal-cybersecurity-1
Kewley, D.; Fink, R.; Lowry, J.; et al.: Dynamic approaches to thwart adversary intelligence gathering. In: Proceedings on DARPA Information Survivability Conference and Exposition II, 2001 DISCEX’01, vol. 1, pp. 176–185. IEEE (2001)
Sun, K.; Jajodia, S.: Protecting enterprise networks through attack surface expansion. In: Proceedings of the 2014 Workshop on Cyber Security Analytics, Intelligence and Automation, pp. 29–32. ACM (2014)
Evans, D.; Nguyen-Tuong, A.; Knight, J.: Effectiveness of moving target defenses. In: Moving Target Defense, pp. 29–48. Springer, New York (2011)
Xu, J.; Guo, P.; Zhao, M.; et al.: Comparing different moving target defense techniques. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Arizona, pp. 97–107 (2014)
Al-Shaer, E.: Toward network configuration randomization for moving target defense. In: Moving Target Defense, pp. 153–159. Springer, New York (2011)
Bjørner, N.; De Moura, L.: Z310: applications, enablers, challenges and directions. In: Sixth International Workshop on Constraints in Formal Verification (2009)
Carvalho, M.; Eskridge, T.C.; Bunch, L.; et al.: Mtc2: a command and control framework for moving target defense and cyber resilience. In: 2013 6th International Symposium on Resilient Control Systems (ISRCS), pp. 175–180. IEEE (2013)
Atighetchi, M.; Pal, P.; Webber, F.; et al.: Adaptive use of network-centric mechanisms in cyber-defense. In: 2003 Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, pp. 183–192. IEEE (2003)
Lee, H.C.J.; Thing, V.L.L.: Port hopping for resilient networks. In: IEEE 60th Vehicular Technology Conference, 2004. VTC2004-Fall, vol. 5, pp. 3291–3295. IEEE (2004)
Dunlop, M.; Groat, S.; Urbanski, W.; et al.: Mt6d: a moving target ipv6 defense. In: Military Communications Conference, 2011-Milcom, pp. 1321–1326. IEEE (2011)
Hari, K.; Dohi, T.: Dependability modeling and analysis of random port hopping. In: 2012 9th International Conference on Ubiquitous Intelligence and Computing and 9th International Conference on Autonomic and Trusted Computing (UIC/ATC), pp. 586–593. IEEE (2012)
Kai, L.; Jia, C.; Shi, L.: Improvement of distributed timestamp synchronization. J. Commun. 33(10), 110–116 (2012)
Malathi, P.: Mitigating distributed denial of service attacks in multiparty applications in the presence of clock drifts. In: 2013 Fourth International Conference on Computing, Communications and Networking Technologies (ICCCNT), pp. 1–6. IEEE (2013)
Kirkpatrick, K.: Software-defined networking. Commun. ACM 56(9), 16–19 (2013)
Antonatos, S.; Akritidis, P.; Markatos, E.P.; et al.: Defending against hitlist worms using network address space randomization. Comput. Netw. 51(12), 3471–3490 (2007)
Yackoski, J.; Xie, P.; Bullen, H.; et al.: A self-shielding dynamic network architecture. In: Military Communications Conference, 2011-MILCOM, pp. 1381–1386. IEEE (2011)
Jafarian, J.H.; Al-Shaer, E.; Duan, Q.: Openflow random host mutation: transparent moving target defense using software defined networking. In: Proceedings of the First Workshop on Hot topics in Software Defined Networks, pp. 127–132. ACM (2012)
Jafarian, J.H.H.; Al-Shaer, E.; Duan, Q.: Spatio-temporal address mutation for proactive cyber agility against sophisticated attackers. In: Proceedings of the First ACM Workshop on Moving Target Defense, pp. 69–78. ACM (2014)
Libo, M.; Xing, L.; Liang, Z.: On modeling and deploying an effective scan monitoring system. J. Softw. 20(4), 845–857 (2009)
Wang, Y.; Wen, S.; Xiang, Y.; et al.: Modeling the propagation of worms in networks: a survey. IEEE Commun. Surv. Tutor. 16(2), 942–960 (2014)
Badishi, G.; Herzberg, A.; Keidar, I.: Keeping denial-of-service attackers in the dark. IEEE Trans. Depend. Secure Comput. 4(3), 191–204 (2007)
Chunlei, Z.; Chunfu, J.; Chen, W.; et al.: Research on adaptive strategies for end-hopping system. J. Commun. 11A, 7–57 (2011)
Sibson, R.: Information radius. Zeitschrift für Wahrscheinlichkeitstheorie und verwandte Gebiete 14(2), 149–160 (1969)
Yu, S.; Thapngam, T.; Liu, J.; et al.: Discriminating DDoS flows from flash crowds using information distance. In: Third International Conference on Network and System Security, 2009 NSS’09, pp. 351–356. IEEE (2009)
Ding, Y.; Yan, E.; Frazho, A.; et al.: PageRank for ranking authors in cocitation networks. J. Am. Soc. Inf. Sci. Technol. 60(11), 2229–2243 (2009)
Cong, S.; Ge, Y.; Chen, Q.; et al.: DTHMM based delay modeling and prediction for networked control systems. J. Syst. Eng. Electron. 21(6), 1014–1024 (2010)
Collins, M.P.; Reiter, M.K.: Hit-list worm detection and bot identification in large networks using protocol graphs. In: Recent Advances in Intrusion Detection, pp. 276–295. Springer, Berlin (2007)
Kar, K.; Kodialam, M.; Lakshman, T.V.; Tassiulas, L.: Routing for network capacity maximization in energy-constrained ad hoc networks. In: Proceedings on INFOCOM (2003)
Huang, M.; Liang, W.; Xu, Z.; et al.: Dynamic routing for network throughput maximization in software-defined networks. In: IEEE INFOCOM the 35th Annual IEEE International Conference on Computer Communications, pp. 978–986. IEEE (2016)
Peng, B.; Kemp, A.H.; Boussakta, S.: QoS routing with bandwidth and hop-count consideration: a performance perspective. J. Commun. 1(2), 1–11 (2006)
TUN/TAP: http://en.wikipedia.org/wiki/TUN/TAP (2000)
Lei, C.; Ma, D.; Zhang, H.; et al.: Moving target network defense effectiveness evaluation based on change-point detection. Math Probl Eng 2016 (2016)
Carroll, T.E.; Crouse, M.; Fulp, E.W.; et al.: Analysis of network address shuffling as a moving target defense. In: 2014 IEEE International Conference on Communications (ICC), pp. 701–706. IEEE (2014)
Lantz, B.; Heller, B.; McKeown, N.: A network in a laptop: rapid prototyping for software-defined networks. In: Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks (2010)
McKeown, N.; Anderson, T.; Balakrishnan, H.; Parulkar, G.; Peterson, L.; Rexford, J.; Shenker, S.; Turner, J.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)
Medved, J.; Varga, R.; Tkacik, A.; et al. Opendaylight: towards a model-driven sdn controller architecture. In: 2014 IEEE 15th International Symposium on, A World of Wireless, Mobile and Multimedia Networks (WoWMoM), pp. 1–6. IEEE (2014)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lei, C., Zhang, Hq., Ma, Dh. et al. Network Moving Target Defense Technique Based on Self-Adaptive End-Point Hopping. Arab J Sci Eng 42, 3249–3262 (2017). https://doi.org/10.1007/s13369-017-2430-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13369-017-2430-5