Experimental evaluation of the IP address space randomisation (IASR) technique and its disruption to selected network services

In recent years, some computer network defence (CND) researchers and experts have been suggesting the use of moving target defence (MTD) as a proactive cyber security approach. MTD is a set of network defence techniques such as randomisation, deception, etc., that significantly increases the attacker’s work effort. One randomisation technique, called internet protocol (IP) address space randomisation (IASR), periodically or aperiodically makes random changes to the network‘s IP addresses. This makes it harder for attackers to achieve their goals. However, despite its security benefits, this defence technique disrupts the functioning of some network services. It is therefore important to understand the level of disruption that comes with the technique. In this work, we experimentally evaluate IASR and its disruptive effects on selected network services. Using virtual machines (VMs), we carried out this experiment by setting up a typical computer network that supports selected network services, namely ping, mail, web, and streaming video. We transformed a typical zoned computer network into a flat network and implemented IASR on it. Then, we executed the four selected network services during IASR and made observations on how disruptive the technology could be on these services. The results of our experimental evaluation show variations in performance degradation in some of the selected services when hosts’ IP addresses are changed during IASR, suggesting the need for IASR-aware services if this technology is to be effectively adopted for CND. Significance for defence and security This report was a deliverable for the Advanced Computer Network Operations (CNO) Tools and Techniques (ACTT) project, whose objective was to study advanced CNO tools and techniques for computer network defence. The experimental work to evaluate the internet protocol (IP) address space randomisation (IASR) technique and its disruptive effects on services in an operational network, partially shows what to expect if such technology is considered for network defence. If network planners and defenders consider IASR as a network defence technique, degradation in service performance that comes with it should be taken into consideration. DRDC-RDDC-2014-R146 i