On the Defense Advantages of Network Address Shuffling Against Different Scanning Attacks

WANG Kai; CHEN Xinhua; CHEN Xi; Wu Zehui

doi:10.11999/JEIT170105

Volume 40 Issue 4

Apr. 2018

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2018 > 40(4): 794-801

WANG Kai, CHEN Xinhua, CHEN Xi, Wu Zehui. On the Defense Advantages of Network Address Shuffling Against Different Scanning Attacks[J]. Journal of Electronics & Information Technology, 2018, 40(4): 794-801. doi: 10.11999/JEIT170105

Citation:

WANG Kai, CHEN Xinhua, CHEN Xi, Wu Zehui. On the Defense Advantages of Network Address Shuffling Against Different Scanning Attacks[J]. Journal of Electronics & Information Technology, 2018, 40(4): 794-801. doi: 10.11999/JEIT170105

Citation:

PDF( 816 KB)

On the Defense Advantages of Network Address Shuffling Against Different Scanning Attacks

doi: 10.11999/JEIT170105

1.
2.
(Department of Computer, Zhengzhou Preschool Education College, Zhengzhou 450000, China)
3.
(Institute of Cyberspace Security, PLA Strategic Support Force Information Engineering University, Zhengzhou 450000, China)

Funds:

The National Natural Science Foundation of China (61271252)

Received Date: 2017-02-08
Rev Recd Date: 2018-01-25
Publish Date: 2018-04-19

Abstract

Abstract

Network address shuffling invalidates the address information collected by the attacker with dynamically changing or remapping the hosts network addresses, however, the defense performance of network address shuffling decreases when against scanning attacks which launch attacks at the same time of discovering targets, and few studies analyze theoretically different defense advantages of network address shuffling against scanning attacks of different scanning strategies. In this paper, two strategies of network address shuffling are considered: uniform shuffling and non-repeat shuffling. It presents probabilistic models of scanning attacks in the static address and network address shuffling environments, which analyzes both the probability of the attacker hitting at least one host and the number of hosts hit by the attacker. Then, the defense advantages of both network address shuffling strategies are theoretically calculated and compared with the static address environment. Analysis results indicate that both shuffling strategies have no defense advantages against repeatable scanning attack compared with the static address environment; uniform shuffling has probability advantage against non-repeat scanning attack only when the hosts number is small, and non-repeat shuffling has significant ratio advantage only when the hosts number accounts for a small proportion in the network space size.
- Moving target defense,
- Network address shuffling,
- Probabilistic model,
- Defense advantages

FullText(HTML)

References(21)

References

OKHRAVI H, RABE M A, MAYBERRY T J, et al. Survey of cyber moving target techniques[R]. Technical Report 1166, Lincoln Laboratory, Massachusetts Institute of Technology, 2013.

ATIGHETCHI M, PAL P, WEBBER F, et al. Adaptive use of networkcentric mechanisms in cyber-defense[C]. Proceedings of the 6th IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, Hokkaido, Japan, 2003: 183-192. doi: 10.1109/ISORC.2003. 1199253.

KEWLEY D, FINK R, LOWRY J, et al. Dynamic approaches to thwart adversary intelligence gathering[C]. Proceedings of the DARPA Information Survivability Conference Exposition II, Los Alamitos, California, 2001: 176-185. doi: 10.1109/DISCEX.2001.932214.

ANTONATOS S, AKRITIDIS P, MARKATOS E P, et al. Defending against hitlist worms using network address space randomization[J]. Computer Networks, 2007, 51(12): 3471-3490. doi: 10.1016/j.comnet.2007.02.006.

JAFARIAN J H, AL-SHAER E, and DUAN Q. Openflow random host mutation: Transparent moving target defense using software defined networking[C]. Proceedings of the First Workshop on Hot Topics in Software Defined Networking, Helsinki, Finland, 2012: 127-132. doi: 10.1145 /2342441.2342467.

AL-SHAER E, DUAN Q, and JAFARIAN J H. Random host mutation for moving target defense[C]. Proceedings of the 8th International Conference on Security and Privacy in Communication Networks, Padua, Italy, 2012: 310-327. doi: 10.1007/978-3-642-36883-7_19.

JAFARIAN J H, AL-SHAER E, and DUAN Q. An effective address mutation approach for disrupting reconnaissance attacks[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(12): 2562-2577. doi: 10.1109/TIFS.2015. 2467358.

DUNLOP M, GROAT S, URNANSKI W, et al. MT6D: A moving target IPv6 defense[C]. Military Communications Conference on Cyber Security and Network Operations, Baltimore, Maryland, 2011: 1321-1326. doi: 10.1109/ MILCOM.2011.6127486.

MACFARLAND D C and SHUE C A. The SDN shuffle: Creating a moving-target defense using host-based software-defined networking[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 37-41. doi: 10.1145/2808475.2808485.

YEGNESWARAN V, ALFELD C, NARFORD B, et al. Camouflaging honeynets[C]. Proceedings of IEEE Global Internet Symposium, Anchorage, Alaska, 2007: 49-54. doi: 10.1109/GI.2007.4301430.

URIAS V E, STOUT W, and LOVERRO C. Computer network deception as a moving target defense[C]. IEEE International Carnahan Conference on Security Technology, Taipei, 2015: 1-6. doi: 10.1109/CCST.2015.7389665.

ZHUANG R, DELOADCH S A, and OU X. Towards a theory of moving target defense[C]. Proceedings of First ACM Workshop on Moving Target Defense, Scottsdale, USA, 2014: 31-40. doi: 10.1145/2663474.2663479.

ZHUANG R, BARDAS A G, DELOACH Scott A, et al. A theory of cyber attacks: a step towards analyzing MTD systems[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 11-20. doi: 10.1145/2808475. 2808478.

GREEN M, MACFARLAND D C, SMESTAD D R, et al. Characterizing network-based moving target defenses[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 31-35. doi: 10.1145/2808475.2808484.

XU J, GUO P, ZHAO M, et al. Comparing different moving target defense techniques[C]. Proceedings of 1st ACM Workshop on Moving Target Defense, Scottsdale, USA, 2014: 97-107. doi: 10.1145/2663474.2663486.

CAI G, WANG B, WANG X, et al. An introduction to network address shuffling[C]. 18th International Conference on Advanced Communication Technology (ICACT), Pyeongchang, Korea, 2016: 185-190. doi: 10.1109/ICACT. 2016.7423322.

CARROLL T E, CROUSE M, FULP E W, et al. Analysis of network address shuffling as a moving target defense[C]. IEEE International Conference on Communications (ICC), Sydney, Australia, 2014: 701-706. doi: 10.1109/ICC.2014. 6883401.

CROUSE M, PROSSER B, and FULP E W. Probabilistic performance analysis of moving target and deception reconnaissance defenses[C]. ACM CCS Workshop on Moving Target Defense (MTD), Denver, USA, 2015: 21-29. doi: 10.1145/808475.2808480.

MAHMOUD H M. Plya Urn Models[M]. London, British, Chapman and Hall, 2008: 124312.

LANTZ B, HELLER B, and MCKEOWN N. A network in a laptop: Rapid prototyping for software-defined networks[C]. Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, Monterey, USA, 2010: 1-6. doi: 10.1145 /1868447.1868466.

OpenFlow Group at Stanford University. POX Wiki[OL]. https://OpenFlow.stanford.edu/display/ONL/POX+Wiki, 2016.

Relative Articles

Supplements(0)

Cited By

Proportional views