Deceiving Network Reconnaissance Using SDN-Based Virtual Topologies

Achleitner, Stefan; Porta, Thomas F. La; McDaniel, Patrick; Sugrim, Shridatt; Krishnamurthy, Srikanth V.; Chadha, Ritu

doi:10.1109/tnsm.2017.2724239

Cited by 65 publications

(51 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…4) Network Topology Shuffling: The underlying idea of this technique is to invalidate an attacker's path information by continuously changing routes in networks. Achleitner et al [1,2] proposed a virtual topology generation framework against network scanning attacks by leveraging the SDN technology. Hong et al [68] presented an optimal network reconfiguration technique based on the concept of shufflingbased MTD for SDN environments.…”

Section: A Shufflingmentioning

confidence: 99%

“…Main Attacks: Common attacks considered in SDN-based MTD approaches include reconnaissance (or scanning) attacks [31,66,69,78,79,85,138] and DDoS attacks [13,145], which can be countermeasured by using random IP mutation and/or network topology shuffling. Key Methodologies: The key idea of deploying MTD techniques in SDN environments is to highly leverage its centralized structure with an SDN controller to optimize the configuration of the deployed MTD techniques, such as IP randomization / shuffling [78,79,100,138,145], network routing paths [68], attack graphs / paths [31], port hopping [85], packet header randomization / obfuscation [143,156], or virtual topology generation [1]. The key concerns in developing SDNbased MTD are resolving a scalability issue in an attack graph [31] or IP shuffling [100] and optimizing both security and performance in terms of minimizing security vulnerabilities while minimizing defense cost and service interruptions to users.…”

Section: Software Defined Network (Sdns)mentioning

confidence: 99%

See 1 more Smart Citation

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

Cho

Sharma

Alavizadeh

et al. 2020

IEEE Commun. Surv. Tutorials

203

View full text Add to dashboard Cite

Reactive defense mechanisms, such as intrusion detection systems, have made significant efforts to secure a system or network for the last several decades. However, the nature of reactive security mechanisms has limitations because potential attackers cannot be prevented in advance. We are facing a reality with the proliferation of persistent, advanced, intelligent attacks while defenders are often way behind attackers in taking appropriate actions to thwart potential attackers. The concept of moving target defense (MTD) has emerged as a proactive defense mechanism aiming to prevent attacks. In this work, we conducted a comprehensive, in-depth survey to discuss the following aspects of MTD: key roles, design principles, classifications, common attacks, key methodologies, important algorithms, metrics, evaluation methods, and application domains. We discuss the pros and cons of all aspects of MTD surveyed in this work. Lastly, we highlight insights and lessons learned from this study and suggest future work directions. The aim of this paper is to provide the overall trends of MTD research in terms of critical aspects of defense systems for researchers who seek for developing proactive, adaptive MTD mechanisms.

show abstract

Section: A Shufflingmentioning

confidence: 99%

Section: Software Defined Network (Sdns)mentioning

confidence: 99%

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

Cho

Sharma

Alavizadeh

et al. 2020

IEEE Commun. Surv. Tutorials

203

View full text Add to dashboard Cite

show abstract

“…Besides the traditional scanning method, advance level attackers can analyze the statistics of round-trip time and measured bandwidth on links to find the inconsistency [44]. To make the real and fake network indistinguishable, we take a similar approach described in [44]. By adding artificial delay to certain packets, we change the link bandwidth and host delays.…”

Section: Delay Handlermentioning

confidence: 99%

Attacker Capability based Dynamic Deception Model for Large-Scale Networks

Amin¹,

Shetty²,

Njilla³

et al. 2019

ICST Transactions on Security and Safety

View full text Add to dashboard Cite

In modern days, cyber networks need continuous monitoring to keep the network secure and available to legitimate users. Cyber attackers use reconnaissance mission to collect critical network information and using that information, they make an advanced level cyber-attack plan. To thwart the reconnaissance mission and counterattack plan, the cyber defender needs to come up with a state-of-the-art cyber defense strategy. In this paper, we model a dynamic deception system (DDS) which will not only thwart reconnaissance mission but also steer the attacker towards fake network to achieve a fake goal state. In our model, we also capture the attacker's capability using a belief matrix which is a joint probability distribution over the security states and attacker types. Experiments conducted on the prototype implementation of our DDS confirm that the defender can make the decision whether to spend more resources or save resources based on attacker types and thwart reconnaissance mission.

show abstract

“…The authors also proposed a mechanism to protect against such attacks. SDN based virtual topologies for countering the Reconnaissance attacks was proposed in [19]. The work also proposed mechanism for the identification of malicious nodes generating scanning through statistical information.…”

Section: Related Workmentioning

confidence: 99%

Distributed Shadow Controllers based Moving Target Defense Framework for Control Plane Security

Hyder¹,

Ismail²

2019

IJACSA

View full text Add to dashboard Cite

Moving Target Defense (MTD) has drawn substantial attention of research community in recent past for designing secure networks. MTD significantly reduced the asymmetric advantage of attackers by constantly changing the attack surface. In this paper Software Defined Networking (SDN) based MTD framework SMTSC (SDN based MTD framework using Shadow Controllers) has been proposed. Although the previous work in SDN based MTD targets the Data plane security, we exploit MTD for the protection of Control plane of SDN. The proposed solution uses the concept of Shadow Controllers for producing dynamism in order to provide security at the Control plane of SDN environment. We proposed the concepts of Shadow Controllers for throttling the reconnaissance attacks targeting Controllers. The advantage of our approach is multifold. First it exploits the mechanism of MTD for providing security in the Control plane. The other advantage is that the multi-controller approach provides higher availability in the SDN network. Another critical gain is the lower computational overhead of SMTSC. Mininet and ONOS Controller are used to implement the proposed framework. The effectiveness and overheads of the framework is evaluated in terms of attacker's effort, defender cost and complexity introduced in the network. Results demonstrated promising trends for the protection of Control plan of SDN environment.

show abstract

Deceiving Network Reconnaissance Using SDN-Based Virtual Topologies

Cited by 65 publications

References 27 publications

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

Attacker Capability based Dynamic Deception Model for Large-Scale Networks

Distributed Shadow Controllers based Moving Target Defense Framework for Control Plane Security

Contact Info

Product

Resources

About