Review of KIISC (정보보호학회지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지

네트워크 주소 변이 기반 Moving Target Defense 연구 동향

  • 우사무엘 (한국전자통신연구원 초연결통신연구소 정보보호연구본부 지능보안연구그룹) ;
  • 박경민 (한국전자통신연구원 초연결통신연구소 정보보호연구본부 지능보안연구그룹) ;
  • 문대성 (한국전자통신연구원 초연결통신연구소 정보보호연구본부 지능보안연구그룹) ;
  • 김익균 (한국전자통신연구원 초연결통신연구소 정보보호연구본부 지능보안연구그룹)
  • Published : 2018.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

지능형 지속 위협(Advanced Persistent Threat) 공격은 Intrusion Kill Chain과 같은 일련의 단계로 구성되어 있기 때문에 특정 단계가 차단되면 공격은 실패하게 된다. Moving Target Defense(MTD)는 보호대상의 주요 속성(네트워크, 운영체제, 소프트웨어, 데이터)을 변화시켜 Intrusion Kill Chain을 구성하는 각 단계를 차단하는 능동적 사전 보안 기술이다. MTD 전략 중에서 네트워크 주소 변이(Network Address Mutation) 기술은 보호대상의 네트워크 주소(IP. Port)를 능동적으로 변이하는 기술로써, Intrusion Kill Chain의 첫 단계인 정찰(Reconnaissance) 행위에 소요되는 비용을 급격하게 증가시킬 수 있는 효율적인 보안 기술이다. 본 논문은 네트워크 주소 변이 기술 분야의 관련 연구들을 살펴보고 네트워크 주소 변이 기술 설계 시 고려해야하는 보안 요구사항과 기능 요구사항을 제안한다.

Keywords

References

  1. Martin, Lockheed. "Cyber Kill Chain." Available: http://cyber.lockheedmartin.com/hubfs/Gainingthe AdvantageCyberKillChain.pdf, 2014
  2. Cai, Gui-lin, et al, "Moving target defense: state of the art and characteristics," Frontiers of Information Technology & Elec-tronic Engineering, pp. 1122-1153, 2016.
  3. Hamed, et al. "Finding focus in the blur of moving-target techniques." IEEE Security & Privacy pp. 16-26, 2014.
  4. D. Kewley, R. Fink, J. Lowry and M. Dean, "Dynamic Aproaches to Thwart Adversary Inteligence Gathering," Procedings of the DARPA Information Survivabilty Conference and Expositon, p. 176-185, 2001.
  5. Yackoski, Justin, et al. "A self-shielding dynamic network architecture." Military communications conference, 2011-MILCOM 2011. IEEE, 2011.
  6. Jafarian, Jafar Haadi, Ehab Al-Shaer, and Qi Duan. "Openflow random host mutation: transparent moving target defense using software defined networking." Workshop on Hot topics in software defined networks. ACM, 2012.
  7. Jafarian, Jafar Haadi H., Ehab Al-Shaer, and Qi Duan. "Spatio-temporal address mutation for proactive cyber agility against sophisticated attackers." Proceedings of the First ACM Workshop on Moving Target Defense. ACM, 2014.
  8. J. H. Jafarian, E. Al-Shaer and Q. Duan, "An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks," IEEE Transactions on Information Forensics, vol.10, no.12, pp. 2562-2577, August 2015. https://doi.org/10.1109/TIFS.2015.2467358
  9. J. Sun and K. Sun, "DESIR: Decoy-enhanced seamless IP randomization," Proceedings of the IEEE ONFOCOM, 2016.
  10. Dunlop, Matthew, et al, "Mt6d: A moving target ipv6 defense,"IEEE Military Communications Conference, 2011.
  11. Luo, Yue-Bin, et al. "RPAH: Random port and address hopping for thwarting internal and external adversaries." Trustcom/BigDataSE/ISPA, Vol. 1, 2015.
  12. K.M.Park, S.Woo, D.S.Moon, and I.K.Kim, "Trends in Network Address Moving Technology," ETRI Electronics and Telecommunication Trends, Vol 32, 2017
  13. K.M.Park, S.Woo, D.S.Moon, and H. Choi, "Secure Cyber Deception Architecture and Decoy Injection to Mitigate the Insider Threat", Symmetry, 2018
  14. Zhao, Zheng, Fenlin Liu, and Daofu Gong, "An SDN-Based Fingerprint Hopping Method to Prevent Fingerprinting At-tacks," Security and Communication Networks, 2017.
  15. M. Atighetchi, P. Pal, F. Webber, and C. Jones, "Adaptive Use of Network-Centric Mechanisms in Cyber-Defense," In Object-Oriented Real-Time Distributed Computing, Sixth IEEE International Symposium on (pp. 183-192). 2003
  16. S. Antonatos, P. Akritidis, E.P. Markatos, and K.G. Anagnostakis, "Defending against hitlist worms using network address space randomization," Computer Networks, 51 (pp. 3471-3490) 2007. https://doi.org/10.1016/j.comnet.2007.02.006
  17. J. H. Jafarian, A. Niakanlahiji, E. Al-Shaer, and Q. Duan, "Multi-dimensional Host Identity Anonymization for Defeating Skilled Attackers," Proceedings of the 2016 ACM Workshop on Moving Target Defense, (pp. 47-58) 2016