Advanced Search
Volume 40 Issue 4
Apr.  2018
Turn off MathJax
Article Contents
WANG Kai, CHEN Xinhua, CHEN Xi, Wu Zehui. On the Defense Advantages of Network Address Shuffling Against Different Scanning Attacks[J]. Journal of Electronics & Information Technology, 2018, 40(4): 794-801. doi: 10.11999/JEIT170105
Citation: WANG Kai, CHEN Xinhua, CHEN Xi, Wu Zehui. On the Defense Advantages of Network Address Shuffling Against Different Scanning Attacks[J]. Journal of Electronics & Information Technology, 2018, 40(4): 794-801. doi: 10.11999/JEIT170105

On the Defense Advantages of Network Address Shuffling Against Different Scanning Attacks

doi: 10.11999/JEIT170105
Funds:

The National Natural Science Foundation of China (61271252)

  • Received Date: 2017-02-08
  • Rev Recd Date: 2018-01-25
  • Publish Date: 2018-04-19
  • Network address shuffling invalidates the address information collected by the attacker with dynamically changing or remapping the hosts network addresses, however, the defense performance of network address shuffling decreases when against scanning attacks which launch attacks at the same time of discovering targets, and few studies analyze theoretically different defense advantages of network address shuffling against scanning attacks of different scanning strategies. In this paper, two strategies of network address shuffling are considered: uniform shuffling and non-repeat shuffling. It presents probabilistic models of scanning attacks in the static address and network address shuffling environments, which analyzes both the probability of the attacker hitting at least one host and the number of hosts hit by the attacker. Then, the defense advantages of both network address shuffling strategies are theoretically calculated and compared with the static address environment. Analysis results indicate that both shuffling strategies have no defense advantages against repeatable scanning attack compared with the static address environment; uniform shuffling has probability advantage against non-repeat scanning attack only when the hosts number is small, and non-repeat shuffling has significant ratio advantage only when the hosts number accounts for a small proportion in the network space size.
  • loading
  • OKHRAVI H, RABE M A, MAYBERRY T J, et al. Survey of cyber moving target techniques[R]. Technical Report 1166, Lincoln Laboratory, Massachusetts Institute of Technology, 2013.
    ATIGHETCHI M, PAL P, WEBBER F, et al. Adaptive use of networkcentric mechanisms in cyber-defense[C]. Proceedings of the 6th IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, Hokkaido, Japan, 2003: 183-192. doi: 10.1109/ISORC.2003. 1199253.
    KEWLEY D, FINK R, LOWRY J, et al. Dynamic approaches to thwart adversary intelligence gathering[C]. Proceedings of the DARPA Information Survivability Conference Exposition II, Los Alamitos, California, 2001: 176-185. doi: 10.1109/DISCEX.2001.932214.
    ANTONATOS S, AKRITIDIS P, MARKATOS E P, et al. Defending against hitlist worms using network address space randomization[J]. Computer Networks, 2007, 51(12): 3471-3490. doi: 10.1016/j.comnet.2007.02.006.
    JAFARIAN J H, AL-SHAER E, and DUAN Q. Openflow random host mutation: Transparent moving target defense using software defined networking[C]. Proceedings of the First Workshop on Hot Topics in Software Defined Networking, Helsinki, Finland, 2012: 127-132. doi: 10.1145 /2342441.2342467.
    AL-SHAER E, DUAN Q, and JAFARIAN J H. Random host mutation for moving target defense[C]. Proceedings of the 8th International Conference on Security and Privacy in Communication Networks, Padua, Italy, 2012: 310-327. doi: 10.1007/978-3-642-36883-7_19.
    JAFARIAN J H, AL-SHAER E, and DUAN Q. An effective address mutation approach for disrupting reconnaissance attacks[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(12): 2562-2577. doi: 10.1109/TIFS.2015. 2467358.
    DUNLOP M, GROAT S, URNANSKI W, et al. MT6D: A moving target IPv6 defense[C]. Military Communications Conference on Cyber Security and Network Operations, Baltimore, Maryland, 2011: 1321-1326. doi: 10.1109/ MILCOM.2011.6127486.
    MACFARLAND D C and SHUE C A. The SDN shuffle: Creating a moving-target defense using host-based software-defined networking[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 37-41. doi: 10.1145/2808475.2808485.
    YEGNESWARAN V, ALFELD C, NARFORD B, et al. Camouflaging honeynets[C]. Proceedings of IEEE Global Internet Symposium, Anchorage, Alaska, 2007: 49-54. doi: 10.1109/GI.2007.4301430.
    URIAS V E, STOUT W, and LOVERRO C. Computer network deception as a moving target defense[C]. IEEE International Carnahan Conference on Security Technology, Taipei, 2015: 1-6. doi: 10.1109/CCST.2015.7389665.
    ZHUANG R, DELOADCH S A, and OU X. Towards a theory of moving target defense[C]. Proceedings of First ACM Workshop on Moving Target Defense, Scottsdale, USA, 2014: 31-40. doi: 10.1145/2663474.2663479.
    ZHUANG R, BARDAS A G, DELOACH Scott A, et al. A theory of cyber attacks: a step towards analyzing MTD systems[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 11-20. doi: 10.1145/2808475. 2808478.
    GREEN M, MACFARLAND D C, SMESTAD D R, et al. Characterizing network-based moving target defenses[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 31-35. doi: 10.1145/2808475.2808484.
    XU J, GUO P, ZHAO M, et al. Comparing different moving target defense techniques[C]. Proceedings of 1st ACM Workshop on Moving Target Defense, Scottsdale, USA, 2014: 97-107. doi: 10.1145/2663474.2663486.
    CAI G, WANG B, WANG X, et al. An introduction to network address shuffling[C]. 18th International Conference on Advanced Communication Technology (ICACT), Pyeongchang, Korea, 2016: 185-190. doi: 10.1109/ICACT. 2016.7423322.
    CARROLL T E, CROUSE M, FULP E W, et al. Analysis of network address shuffling as a moving target defense[C]. IEEE International Conference on Communications (ICC), Sydney, Australia, 2014: 701-706. doi: 10.1109/ICC.2014. 6883401.
    CROUSE M, PROSSER B, and FULP E W. Probabilistic performance analysis of moving target and deception reconnaissance defenses[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 21-29. doi: 10.1145/808475.2808480.
    MAHMOUD H M. Plya Urn Models[M]. London, British, Chapman and Hall, 2008: 124312.
    LANTZ B, HELLER B, and MCKEOWN N. A network in a laptop: Rapid prototyping for software-defined networks[C]. Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, Monterey, USA, 2010: 1-6. doi: 10.1145 /1868447.1868466.
    OpenFlow Group at Stanford University. POX Wiki[OL]. https://OpenFlow.stanford.edu/display/ONL/POX+Wiki, 2016.
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Article Metrics

    Article views (1297) PDF downloads(175) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return