• Title/Summary/Keyword: Cyber Kill Chain Model

Search Result 11, Processing Time 0.016 seconds

Analysis of Threat Model and Requirements in Network-based Moving Target Defense

  • Kang, Koo-Hong;Park, Tae-Keun;Moon, Dae-Sung
    • Journal of the Korea Society of Computer and Information
    • /
    • v.22 no.10
    • /
    • pp.83-92
    • /
    • 2017
  • Reconnaissance is performed gathering information from a series of scanning probes where the objective is to identify attributes of target hosts. Network reconnaissance of IP addresses and ports is prerequisite to various cyber attacks. In order to increase the attacker's workload and to break the attack kill chain, a few proactive techniques based on the network-based moving target defense (NMTD) paradigm, referred to as IP address mutation/randomization, have been presented. However, there are no commercial or trial systems deployed in real networks. In this paper, we propose a threat model and the request for requirements for developing NMTD techniques. For this purpose, we first examine the challenging problems in the NMTD mechanisms that were proposed for the legacy TCP/IP network. Secondly, we present a threat model in terms of attacker's intelligence, the intended information scope, and the attacker's location. Lastly, we provide seven basic requirements to develop an NMTD mechanism for the legacy TCP/IP network: 1) end-host address mutation, 2) post tracking, 3) address mutation unit, 4) service transparency, 5) name and address access, 6) adaptive defense, and 7) controller operation. We believe that this paper gives some insight into how to design and implement a new NMTD mechanism that would be deployable in real network.