Adversary-aware IP address randomization for proactive agility against sophisticated attackers
- 1 April 2015
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
Network reconnaissance of IP addresses and ports is prerequisite to many host and network attacks. Meanwhile, static configurations of networks and hosts simplify this adversarial reconnaissance. In this paper, we present a novel proactive-adaptive defense technique that turns end-hosts into untraceable moving targets, and establishes dynamics into static systems by monitoring the adversarial behavior and reconfiguring the addresses of network hosts adaptively. This adaptability is achieved by discovering hazardous network ranges and addresses and evacuating network hosts from them quickly. Our approach maximizes adaptability by (1) using fast and accurate hypothesis testing for characterization of adversarial behavior, and (2) achieving a very fast IP randomization (i.e., update) rate through separating randomization from end-hosts and managing it via network appliances. The architecture and protocols of our approach can be transparently deployed on legacy networks, as well as software-defined networks. Our extensive analysis and evaluation show that by adaptive distortion of adversarial reconnaissance, our approach slows down the attack and increases its detectability, thus significantly raising the bar against stealthy scanning, major classes of evasive scanning and worm propagation, as well as targeted (hacking) attacks.Keywords
This publication has 15 references indexed in Scilit:
- Openflow random host mutationPublished by Association for Computing Machinery (ACM) ,2012
- A Self-shielding Dynamic Network ArchitecturePublished by Institute of Electrical and Electronics Engineers (IEEE) ,2011
- Global ISR: Toward a Comprehensive Defense Against Unauthorized Code ExecutionPublished by Springer Science and Business Media LLC ,2011
- A network in a laptopPublished by Association for Computing Machinery (ACM) ,2010
- An Attacker-Defender Game for HoneynetsLecture Notes in Computer Science, 2009
- Understanding Divide-Conquer-Scanning WormsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2008
- On the performance of Internet worm scanning strategiesPerformance Evaluation, 2006
- Countering code-injection attacks with instruction-set randomizationPublished by Association for Computing Machinery (ACM) ,2003
- Dynamic approaches to thwart adversary intelligence gatheringPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- A characterization of binary decision diagramsIEEE Transactions on Computers, 1993