DOI QR코드

DOI QR Code

Trends in Network Address Moving Technology

네트워크 주소 이동 기술 동향

  • Published : 2017.12.01

Abstract

Moving Target Defense(MTD) is a novel security technology concept in which the IT infrastructure changes its form actively and prevents various types of cyber attacks. Network address moving technology is the field that has been most actively researched in terms of MTD. A number of studies on network address moving published over the last decade have suggested a virtual address-based network address moving technology for efficiency in the implementation. However, virtual address-based network address moving technology has serious vulnerabilities in terms of security and availability. This paper examines the technological characteristics of the existing studies and analyzes their limitations. It suggests security requirements to be considered when designing the network address moving technology through a technological analysis.

Keywords

Acknowledgement

Grant : 능동적 사전보안을 위한 사이버 자가변이 기술 개발

Supported by : 정보통신기술진흥센터

References

  1. Gartner, "The Internet of Things," WorldWide, 2013.
  2. G. Cai et al., "Moving Target Defense: State of the Art and Characteristics," Frontiers Inform. Technol. Electron. Eng., vol. 17, no. 11, Nov. 2016, pp. 1122-1153. https://doi.org/10.1631/FITEE.1601321
  3. G. Cai et al., "An Introduction to Network Address Shuffling," Int. Conf. IEEE Adv. Commun. Technol., Pyeonchang, Rep. of Korea, Jan. 31-Feb. 3, 2016, pp. 185-190.
  4. M. Dunlop et al., "MT6D: A Moving Target IPv6 Defense," Military Commun. Conf., Baltimore, MD, USA, Nov. 7-10, 2011, pp. 1321-1326.
  5. J.H. Jafarian, E. Al-Shaer, and Q. Duan, "Openflow Random Host Mutation: Transparent Moving Target Defense Using Software Defined Networking," Proc. Workshop Hot Topics Softw. Defined Netw., Helsinki, Finland, Aug. 13, 2012, pp. 127-132.
  6. E. Al-Shaer, Q. Duan, and J.H. Jafarian, "Random Host Mutation for Moving Target Defense," in SecureComm 2012: Security and Privacy in communication Networks, Heidelberg, Berlin: Springer, 2012, pp. 310-327.
  7. D. Kewley et al., "Dynamic Approaches to Thwart Adversary Intelligence Gathering," DISCEX'01. Proc. IEEE, Anaheim, CA, USA, June 12-14, 2001. pp. 176-185.
  8. M. Atighetchi et al., "Adaptive Use of Network-Centric Mechanisms in Cyber-Defense," IEEE Int. Symp. Object-Oriented Real-Time Distrib. Comput., Cambridge, MA, USA, Apr. 18, 2003, pp. 179-188.
  9. S. Antonatos et al., "Defending Against Hitlist Worms Using Network Address Space Randomization," Comput. Netw., vol. 51, no. 12, Aug. 2007, pp. 3471-3490. https://doi.org/10.1016/j.comnet.2007.02.006
  10. A. Clark, K. Sun, and R. Poovendran, "Effectiveness of IP Address Randomization in Decoy-Based Moving Target Defense," IEEE Annu. Conf. Decision Contr., Florence, Italy, Dec. 10-13, 2013, pp. 678-685.
  11. J.H.H. Jafarian, E. Al-Shaer, and Q. Duan, "Spatio-Temporal Address Mutation for Proactive Cyber Agility Against Sophisticated Attackers," Proc. ACM Workshop Moving Target Defense, Scottsdale, AZ, USA, Nov. 2014, pp. 69-78.
  12. J.H.H. Jafarian, E. Al-Shaer, and Q. Duan, "Adversary-Aware IP Address Randomization for Proactive Agility Against Sophisticated Attackers," IEEE Conf. Comput. Commun., Kowloon, Hong Kong, 2015, pp. 738-746,
  13. J.H.H. Jafarian, E. Al-Shaer, and Q. Duan, "An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks," IEEE Trans. Inform. Forensics Security, vol. 10, no.12, 2015, pp. 2562-2577. https://doi.org/10.1109/TIFS.2015.2467358
  14. J.H.H. Jafarian et al., "Multi-dimensional Host Identity Anonymization for Defeating Skilled Attackers," Proc. ACM Workshop Moving Target Defense, Vienna, Austria, Oct. 24, 2016, pp. 47-58.
  15. J. Sun and K. Sun, "DESIR: Decoy-Enhanced Seamless IP Randomization," Annu. IEEE Int. Conf. Comput. Commun., San Francisco, CA, USA, Apr. 10-14, 2016, pp. 1-9.
  16. W. Fan, D. Fernandez, and Z. Du, "Versatile Virtual Honeynet Management Framework," IET Inform. Security, vol. 11, no. 1, 2016, pp. 38-45. https://doi.org/10.1049/iet-ifs.2015.0256
  17. S. Jajodia et al., Moving Target Defense: Creating Asymmetric Uncertaintyfor Cyber Threats, New York, USA: Springer Science & Business Media, 2011.
  18. M. Smart, G.R. Malan, and F. Jahanian, "Defeating TCP/IP Stack Fingerprinting," Usenix Security Symp., Denver, CO, USA, Aug. 14-17, 2000.
  19. M.A. Rahman, M.H. Manshaei, and E. Al-Shaer, "A Game-Theoretic Approach for Deceiving Remote Operating System Fingerprinting," IEEE Conf. Commun. Netw. Security, National Harbor, MD, USA, Oct. 14-16, 2013, pp. 73-81.
  20. M. Albanese et al., "Manipulating the Attacker's View of a System's Attack Surface," IEEE Conf. Commun. Netw. Security, San Francisco, CA, USA, Oct. 29-31, 2014, pp. 472-480
  21. Kampanakis, Panos, Harry Perros, and Tsegereda Beyene, "SDN-Based Solutions for Moving Target Defense Network Protection," IEEE Int. Symp. WoWMoM, Sydney, Australia, June 19, 2014, pp. 1-6.
  22. Z. Zhao, F. Liu, and D. Gong, "An SDN-Based Fingerprint Hopping Method to Prevent Fingerprinting Attacks," Security Commun. Netw., vol. 2017, 2017.
  23. D. Ma et al., "A Self-Adaptive Hopping Approach of Moving Target Defense to thwart Scanning Attacks," in Information and Communications Security, New York, USA: Springer, 2016. pp. 39-53.
  24. L. Shi et al., "Port and Address Hopping for Active Cyber-Defense," in Intelligence and Security Informatics, Heidelberg, Berlin: Springer, 2007, pp. 295-300.
  25. Y.B. Luo, et al, "RPAH: Random Port and Address Hopping for Thwarting Internal and External Adversaries," Trustcom/BigDataSE/ISPA, Helsingki, Finland, Aug. 20-22, 2015, pp. 263-270.
  26. Linux Kernel Multipath TCP Protect, Accessed 2017. https://www.multipath-tcp.org/
  27. M. Scharf and A. Ford, "Multipath TCP (MPTCP) Application Interface Considerations," No. RFC 6897, 2013.
  28. C. Pearce and S. Zeadally, "Ancillary Impacts of Multipath TCP on Current and Future Network Security," IEEE Internet Comput., vol. 19, no. 5, 2015, pp. 58-65. https://doi.org/10.1109/MIC.2015.70