Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks

Wang, Kai; Chen, Xi; Zhu, Yuefei

doi:10.1371/journal.pone.0177111

Cited by 14 publications

(11 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The paper [95] proposed an SDN-based technique that randomizes domain names and mutates network addresses to prevent attackers from using DNS query lists and the time window attack to find application servers. This system requires an authentication server, as well as DHCP and DNS servers deployed by the defender.…”

Section: Architectures Utilizing Multiple Mtd Methodsmentioning

confidence: 99%

“…However, even more of the articles surveyed have reached the emulation stage. The paper [93] was tested on a real network and [95] used a laboratory network to verify its architecture. OpenStack was used for [87] to make a small test environment out of three VMs.…”

Section: Testbedsmentioning

confidence: 99%

“…[75] uses the percentage of saved benign clients, and the number of shuffles to save benign clients is used in [113]. The ratio of missed hosts during a reconnaissance attack or the infected hosts in a worm attack is used in [95]. This is also true of [101], in which the authors named these metrics host detection/infection rate depending on the attack type.…”

Section: Metricsmentioning

confidence: 99%

See 2 more Smart Citations

A Survey on Moving Target Defense for Networks: A Practical View

2022

View full text Add to dashboard Cite

The static nature of many of currently used network systems has multiple practical benefits, including cost optimization and ease of deployment, but it makes them vulnerable to attackers who can observe from the shadows to gain insight before launching a devastating attack against the infrastructure. Moving target defense (MTD) is one of the emerging areas that promises to protect against this kind of attack by continuously shifting system parameters and changing the attack surface of protected systems. The emergence of network functions virtualization (NFV) and software-defined networking (SDN) technology allows for the implementation of very sophisticated MTD techniques. Furthermore, the introduction of such solutions as field-programmable gate array (FPGA) programmable acceleration cards makes it possible to take the MTD concept to the next level. Applying hardware acceleration to existing concepts or developing new, dedicated methods will offer more robust, efficient, and secure solutions. However, to the best of the authors’ knowledge, there are still no major implementations of MTD schemes inside large-scale networks. This survey aims to understand why, by analyzing research made in the field of MTD to show current pitfalls and possible improvements that need to be addressed in future proposals to make MTD a viable solution to address current cybersecurity threats in real-life scenarios.

show abstract

Section: Architectures Utilizing Multiple Mtd Methodsmentioning

confidence: 99%

Section: Testbedsmentioning

confidence: 99%

Section: Metricsmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Moving Target Defense for Networks: A Practical View

2022

View full text Add to dashboard Cite

show abstract

“…e μMT6D is designed to work on low-power and low-resource devices and can prevent targeted attacks through rotating the IPv6 address. Wang et al [12] proposed a network defense method based on random domain name and address mutation (RDAM). is method increases the scanning space of the attacker through a dynamic domain name method and reduces the probability that a host will be hit by an attacker scanning IP addresses.…”

Section: Related Workmentioning

confidence: 99%

Mimic Encryption Box for Network Multimedia Data Security

Zhou

et al. 2020

Security and Communication Networks

View full text Add to dashboard Cite

With the rapid development of the Internet, the security of network multimedia data has attracted increasingly more attention. The moving target defense (MTD) and cyber mimic defense (CMD) approaches provide a new way to solve this problem. To enhance the security of network multimedia data, this paper proposes a mimic encryption box for network multimedia data security. The mimic encryption box can directly access the network where the multimedia device is located, automatically complete the negotiation, provide safe and convenient encryption services, and effectively prevent network attacks. According to the principles of dynamization, diversification, and randomization, the mimic encryption box uses a reconfigurable encryption algorithm to encrypt network data and uses IP address hopping, port number hopping, protocol camouflage, and network channel change to increase the attack threshold. Second, the mimic encryption box has a built-in pseudorandom number generator and key management system, which can generate an initial random key and update the key with the hash value of the data packet to achieve “one packet, one key.” Finally, through the cooperation of the ARM and the FPGA, an access control list can be used to filter illegal data and monitor the working status of the system in real time. If an abnormality is found, the feedback reconstruction mechanism is used to “clean” the FPGA to make it work normally again. The experimental results and analysis show that the mimic encryption box designed in this paper has high network encryption performance and can effectively prevent data leakage. At the same time, it provides a mimic security defense mechanism at multiple levels, which can effectively resist a variety of network attacks and has high security.

show abstract

“…Existing work on MTD has primarily focused on low-level attributes, such as instruction set randomization [4,13] and address space layout randomization [11,30]. Some other MTD methods target network-level features, such as IP address randomization [2,12], virtualizationbased MTD [26] and software-defined networking based MTD [19,34]. However, considering the security of communication protocols in IoT, these MTD methods cannot achieve desired defense diversity against potential attacks, as the low-level protocol properties to be mutated (e.g., IP addresses or port numbers) are minimal.…”

Section: Introductionmentioning

confidence: 99%

MPD: Moving Target Defense through Communication Protocol Dialects

Mei

Gogineni

Lan

et al. 2021

Preprint

View full text Add to dashboard Cite

Communication protocol security is among the most significant challenges of the Internet of Things (IoT) due to the wide variety of hardware and software technologies involved. Moving target defense (MTD) has been adopted as an innovative strategy to solve this problem by dynamically changing target system properties and configurations to obfuscate the attack surface. Nevertheless, the existing work of MTD primarily focuses on lower-level properties (e.g., IP addresses or port numbers), and only a limited number of variations can be generated based on these properties. In this paper, we propose a new approach of MTD through communication protocol dialects (MPD) -which dynamically customizes a communication protocol into various protocol dialects and leverages them to create a moving target defense. Specifically, MPD harnesses a dialect generating function to create protocol dialects and then a mapping function to select one specific dialect for each packet during communication. To keep different network entities in synchronization, we also design a self-synchronization mechanism utilizing a pseudo-random number generator with the input of a pre-shared secret key and previously sent packets. We implement a prototype of MPD and evaluate its feasibility on standard network protocol (i.e., File Transfer Protocol) and internet of things protocol (i.e., Message Queuing Telemetry Transport).The results indicate that MPD can create a moving target defense with protocol dialects to effectively address various attacks -including the denial of service attack and malicious packet modifications -with negligible overhead.

show abstract

Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks

Cited by 14 publications

References 40 publications

A Survey on Moving Target Defense for Networks: A Practical View

A Survey on Moving Target Defense for Networks: A Practical View

Mimic Encryption Box for Network Multimedia Data Security

MPD: Moving Target Defense through Communication Protocol Dialects

Contact Info

Product

Resources

About