Openflow random host mutation
- 13 August 2012
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM)
- p. 127-132
- https://doi.org/10.1145/2342441.2342467
Abstract
Static configurations serve great advantage for adversaries in discovering network targets and launching attacks. Identifying active IP addresses in a target domain is a precursory step for many attacks. Frequently changing hosts' IP addresses is a novel proactive moving target defense (MTD) that hides network assets from external/internal scanners. In this paper, we use OpenFlow to develop a MTD architecture that transparently mutates host IP addresses with high unpredictability and rate, while maintaining configuration integrity and minimizing operation overhead. The presented technique is called OpenFlow Random Host Mutation (OF-RHM) in which the OpenFlow controller frequently assigns each host a random virtual IP that is translated to/from the real IP of the host. The real IP remains untouched, so IP mutation is completely transparent for end-hosts. Named hosts are reachable via the virtual IP addresses acquired via DNS, but real IP addresses can be only reached by authorized entities. Our implementation and evaluation show that OF-RHM can effectively defend against stealthy scanning, worm propagation, and other scanning-based attack.Keywords
This publication has 8 references indexed in Scilit:
- A network in a laptopPublished by Association for Computing Machinery (ACM) ,2010
- Network configuration in a box: towards end-to-end verification of network reachability and securityPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2009
- NOXACM SIGCOMM Computer Communication Review, 2008
- OpenFlowACM SIGCOMM Computer Communication Review, 2008
- Defending against hitlist worms using network address space randomizationComputer Networks, 2007
- On the performance of Internet worm scanning strategiesPerformance Evaluation, 2006
- Dynamic approaches to thwart adversary intelligence gatheringPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Computing Partitions with Applications to the Knapsack ProblemJournal of the ACM, 1974