scholarly journals CHAOS: An SDN-Based Moving Target Defense System

2017 ◽  
Vol 2017 ◽  
pp. 1-11 ◽  
Author(s):  
Yuan Shi ◽  
Huanguo Zhang ◽  
Juan Wang ◽  
Feng Xiao ◽  
Jianwei Huang ◽  
...  
Keyword(s):  
Information Disclosure ◽  
Experimental Results ◽  
Moving Target ◽  
Normal Flow ◽  
Defense System ◽  
Moving Target Defense ◽  
Network Defense ◽  
Tower Structure ◽  
Attack Surface ◽  
Sdn Controller

Moving target defense (MTD) has provided a dynamic and proactive network defense to reduce or move the attack surface that is available for exploitation. However, traditional network is difficult to realize dynamic and active security defense effectively and comprehensively. Software-defined networking (SDN) points out a brand-new path for building dynamic and proactive defense system. In this paper, we propose CHAOS, an SDN-based MTD system. Utilizing the programmability and flexibility of SDN, CHAOS obfuscates the attack surface including host mutation obfuscation, ports obfuscation, and obfuscation based on decoy servers, thereby enhancing the unpredictability of the networking environment. We propose the Chaos Tower Obfuscation (CTO) method, which uses the Chaos Tower Structure (CTS) to depict the hierarchy of all the hosts in an intranet and define expected connection and unexpected connection. Moreover, we develop fast CTO algorithms to achieve a different degree of obfuscation for the hosts in each layer. We design and implement CHAOS as an application of SDN controller. Our approach makes it very easy to realize moving target defense in networks. Our experimental results show that a network protected by CHAOS is capable of decreasing the percentage of information disclosure effectively to guarantee the normal flow of traffic.

scholarly journals Modeling and Performance Analysis of Satellite Network Moving Target Defense System with Petri Nets

2021 ◽  
Vol 13 (7) ◽  
pp. 1262
Author(s):  
Leyi Shi ◽  
Shanshan Du ◽  
Yifan Miao ◽  
Songbai Lan
Keyword(s):  
Performance Analysis ◽  
Petri Nets ◽  
Performance Optimization ◽  
Stochastic Petri Nets ◽  
Satellite Network ◽  
Moving Target ◽  
Defense System ◽  
Moving Target Defense ◽  
Active Defense ◽  
And Performance

With the development of satellite communication networks and the increase of satellite services, security problems have gradually become some of the most concerning issues. Researchers have made great efforts, including conventional safety methods such as secure transmission, anti-jamming, secure access, and especially the new generation of active defense technology represented by MTD. However, few scholars have theoretically studied the influence of active defense technique on the performance of satellite networks. Formal modeling and performance analysis have not been given sufficient attention. In this paper, we focus on the performance evaluation of satellite network moving target defense system. Firstly, two Stochastic Petri Nets (SPN) models are constructed to analyze the performance of satellite network in traditional and active defense states, respectively. Secondly, the steady-state probability of each marking in SPN models is obtained by using the isomorphism relation between SPN and Markov Chains (MC), and further key performance indicators such as average time delay, throughput, and the utilization of bandwidth are reasoned theoretically. Finally, the proposed two SPN models are simulated based on the PIPE platform. In addition, the effect of parameters on the selected performance indexes is analyzed by varying the values of different parameters. The simulation results prove the correctness of the theoretical reasoning and draw the key factors affecting the performance of satellite network, which can provide an important theoretical basis for the design and performance optimization of the satellite network moving target defense system.

scholarly journals Moving Target Defense for SDN-Based Cloud Datacenter Network Protection

2021 ◽  
Vol 10 (3) ◽  
pp. 1784-1794
Keyword(s):  
Defense Mechanism ◽  
Significant Advance ◽  
Moving Target ◽  
Security Risk ◽  
Moving Target Defense ◽  
Network Protection ◽  
Cloud Datacenter ◽  
Datacenter Network ◽  
Attack Surface ◽  
Security Operations

The significant advance of software Defined Networking (SDN) technology has enabled several complex system operations to be highly dynamic, flexible and robust; particularly in terms of programmability and controllability with the help of SDN controllers. Accordingly, many security operations have utilized this capability to be optimally deployed in a complex network using the SDN functionalities. Moving target defense (MTD) has emerged as an adaptive and proactive defense mechanism aiming to thwart a potential attacker. The key underlying idea of MTD is to increase uncertainty and confusion for attackers by changing attack surface (i.e., system or network configurations) that can invalidate the intelligence collected by the attackers and interrupt attack execution; ultimately leading to attack failure. In this research, by leveraging the advanced SDN technology, the model of MTD using SDN-based system framework design is proposed. The model uses a runtime model that allows the proposed framework to infer the current state of the system. Based on the obtained information, the MTD mechanism using SDN can provide proactive, adaptive and affordable defense services for the exploitable aspects of the cloud datacenter network to increase uncertainty and complexityto the attackers and reduce the likelihood of an attack and minimize cloud security risk. The research also validates the outperformance of the proposed MTD technique in attack success rate via simulation on SDN-based cloud datacenter network experiments in a virtualized environment.

scholarly journals Moving Target Defense Based on Adaptive Forwarding Path Migration for Securing the SCADA Network

2021 ◽  
Vol 2021 ◽  
pp. 1-15
Author(s):  
Yifan Hu ◽  
Peng Xun ◽  
Peidong Zhu ◽  
Wenjie Kang ◽  
Yinqiao Xiong ◽  
...  
Keyword(s):  
Smart Grids ◽  
Network Performance ◽  
Target System ◽  
Moving Target ◽  
Moving Target Defense ◽  
Dynamic Switching ◽  
Scada System ◽  
Attack Surface ◽  
Capacity Matrix ◽  
Attack And Defense

Static characteristics of supervisory control and data acquisition (SCADA) system are often exploited to perform malicious activities on smart grids. Most of the time, the success of cyberattacks begins with the profiling of the target system and follows by the analysis of the limited resources. To alleviate the asymmetry between attack and defense, network-based moving target defense (MTD) techniques have been applied in the network system to defend against cyberattacks by constructing a dynamic attack surface to the adversary. In this paper, we propose a novel MTD technique based on adaptive forwarding path migration (AFPM) that focuses on improving the defense capability and optimizing the network performance of path mutation. Considering the transient problems present in path mutation caused by the dynamic switching of the forwarding path, we formalize the mutation constraints based on the satisfiability modulo theory (SMT) to select the mutation path. Considering the limited defense capability of path mutation owing to the traditional mutation selection mechanism, we design the mutation path generation algorithm based on the network security capacity matrix to obtain an optimal combination of mutation path and mutation period. Finally, we compare and analyze various cyber defense techniques used in the SCADA network and demonstrate experimentally that our MTD technique can prevent more than 92% of passive monitoring under specified conditions while ensuring the quality of service (QoS) to be almost the same as the static network.

scholarly journals INMTD: Intent-based Moving Target Defense Framework using Software Defined Networks

2020 ◽  
Vol 10 (1) ◽  
pp. 5142-5147 ◽  
Author(s):  
M. F. Hyder ◽  
M. A. Ismail
Keyword(s):  
Computational Cost ◽  
Cyber Attacks ◽  
High Availability ◽  
Moving Target ◽  
Software Defined Networks ◽  
Moving Target Defense ◽  
Efficient Protection ◽  
Sdn Controller ◽  
Probing Attacks

Intent-Based Networking (IBN) is an emerging networking paradigm while Moving Target Defense (MTD) is an active security technique. In this paper, the Intent-based Moving Target Defense (INMTD) framework using Software Defined Networks is proposed. INMTD is the first effort in exploiting IBN for the design of an efficient Moving Target Defense (MTD) framework. INMTD uses the concept of shadow servers in order to counter the first stage of cyber-attacks, i.e. reconnaissance attacks targeted against servers running in SDN networks. INMTD comprises of an MTD application running on an SDN controller. The MTD application has reconnaissance detection, MTD movement, and MTD monitoring modules. The MTD application is integrated with the intent-based northbound API of SDN controller. INMTD not only provides protection against probing attacks, but it also provides high availability due to shadow servers. The proposed framework was implemented using Mininet and ONOS SDN controller. The proposed framework was assessed in terms of defender cost, attacker’s effort, and introduced complexity in the system. The results substantiate the efficient protection against reconnaissance attacks at lower computational cost.

scholarly journals On Moving Target Techniques for Network Defense Security

2021 ◽  
Vol 9 (5) ◽  
pp. 84-90
Author(s):  
Shouq Mohsen Alnemari ◽  
Sabah M Alzahrani
Keyword(s):  
Defense Mechanisms ◽  
Assessment Methods ◽  
Moving Target ◽  
Moving Target Defense ◽  
Network Defense ◽  
Success Ratio ◽  
The Future ◽  
Traditional Technologies ◽  
Comprehensive Study

The traditional technologies, tools and procedures of any network cannot be protected from attackers due to the unchanged services and configurations of the networks. To get rid of the asymmetrical feature, Moving Target Defense technique constantly changes the platform conformation which reduces success ratio of the cyberattack. Users are faced with realness with the increase of continual, progressive, and smart attacks. However, the defenders often follow the attackers in taking suitable action to frustrate expected attackers. The moving target defense idea appeared as a preemptive protect mechanism aimed at preventing attacks. This paper conducts a comprehensive study to cover the following aspects of moving target defense, characteristics of target attacks and its limitation, classifications of defense types, major methodologies, promising defense solutions, assessment methods and applications of defense. Finally, we conclude the study and the future concern proposals. The purpose of the study is to give general directions of research regarding critical features of defense techniques to scholars seeking to improve proactive and adaptive moving target defense mechanisms.

Sign in / Sign up

Export Citation Format

Share Document