An SDN-Based Moving Target Defense as a Countermeasure to Prevent Network Scans
نویسندگان
چکیده
This paper proposes a Software-Defined Network (SDN)-based Moving Target Defense (MTD) to protect the network from potential scans in compromised network. As unique feature, contrary traditional MTDs, proposed MTD can work alongside other tools and countermeasures already deployed (e.g., Intrusion Protection Detection Systems) without affecting its behavior. Through extensive evaluation, we showed effectiveness of mechanism compared existing solutions preventing different rates controller performance.
منابع مشابه
Simulation-based Approaches to Studying Effectiveness of Moving-Target Network Defense
Moving-target defense has been hypothesized as a potential game changer in cyber defense, including that for computer networks. However there has been little work to study how much proactively changing a network’s configuration can increase the difficulty for attackers and thus improve the resilience of the system under attack. In this paper we present a basic design schema of a movingtarget ne...
متن کاملMoving Target Defense Against Network Reconnaissance with Software Defined Networking
Online hosts and networks are easy targets of network attacks due to their static nature, which creates an information asymmetry and makes them easy to attack and hard to defend. To break the asymmetry, Moving Target Defense was proposed to bring uncertainties to computer systems. It can be applied to all levels of protections, covering applications, system software, operating systems, and netw...
متن کاملModel-driven, Moving-Target Defense for Enterprise Network Security
This chapter presents the design and initial simulation results for a prototype moving-target defense (MTD) system, whose goal is to significantly increase the difficulty of attacks on enterprise networks. Most networks are static, which gives attacker’s a great advantage. Services are run on well-known ports at fixed, easily identifiable IP addresses. The goal of an MTD system is to eliminate ...
متن کاملA moving target DDoS defense mechanism
In this paper, we introduce a moving target defense mechanism that defends authenticated clients against Internet service DDoS attacks. Our mechanism employs a group of dynamic, hidden proxies to relay traffic between authenticated clients and servers. By continuously replacing attacked proxies with backup proxies and reassigning (shuffling) the attacked clients onto the new proxies, innocent c...
متن کاملA Framework for Moving Target Defense Quantification
Moving Target Defense (MTD) has emerged as a game changer in the security landscape, as it can create asymmetric uncertainty favoring the defender. Despite the significant work done in this area and the many different techniques that have been proposed, MTD has not yet gained widespread adoption due to several limitations. Specifically, interactions between multiple techniques have not been stu...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEICE Transactions on Communications
سال: 2022
ISSN: ['0916-8516', '1745-1345']
DOI: https://doi.org/10.1587/transcom.2021tmp0020