Abstract
Online hosts and networks are easy targets of network attacks due to their static nature, which creates an information asymmetry and makes them easy to attack and hard to defend. To break the asymmetry, Moving Target Defense was proposed to bring uncertainties to computer systems. It can be applied to all levels of protections, covering applications, system software, operating systems, and networks. In this paper, we present, Sniffer Reflector, a new method to practice Moving Target Defense against network reconnaissance, which is usually considered as the very first step of most attacks. Sniffer Reflector employs Software-Defined Networking to disturb network reconnaissance. We use virtualization to provide an obfuscated reconnaissance result for attackers. Our method can be easily combined with existing security tools for network forensics as well. We have developed a prototype in a virtual local area network. Our experiment results show that Sniffer Reflector is effective and efficient in blurring various network reconnaissance.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Technically, the terms network reconnaissance and network scan are exchangeable when describing network probe activities. We use them equally in this paper.
References
Al-Shaer, E.: Toward network configuration randomization for moving target defense. In: Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.) Moving Target Defense, vol. 54, pp. 153–159. Springer, New York (2011)
Allman, M., Paxson, V., Terrell, J.: A brief history of scanning. In: Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, pp. 77–82 (2007)
Davoli, R.: VDE: virtual distributed ethernet. In: 1st International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, pp. 213–220. IEEE (2005)
Dunlop, M., Groat, S., Urbanski, W., Marchany, R., Tront, J.: MT6D: A moving target IPv6 defense. In: Military Communications Conference. IEEE (2011)
Evans, D., Nguyen-Tuong, A., Knight, J.: Effectiveness of moving target defenses. In: Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.) Moving Target Defense, vol. 54, pp. 29–48. Springer, New York (2011)
Gadge, J., Patil, A.A.: Port scan detection. In: 16th IEEE International Conference on Networks, ICON 2008, pp. 1–6. IEEE (2008)
Groat, S., Dunlop, M., Urbanksi, W., Marchany, R., Tront, J.: Using an IPv6 moving target defense to protect the smart grid. In: 2012 IEEE PES Innovative Smart Grid Technologies (ISGT), pp. 1–7, January 2012
Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.): Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats. Advances in Information Security, vol. 54. Springer, New York (2011)
Kewley, D., Fink, R., Lowry, J., Dean, M.: Dynamic approaches to thwart adversary intelligence gathering. In: Proceedings of DARPA Information Survivability Conference and Exposition II, pp. 176–185 (2001)
Kivity, A., Kamay, Y., Laor, D., Lublin, U., Liguori, A.: KVM: the Linux virtual machine monitor. Proc. Linux Symp. 1, 225–230 (2007)
Lantz, B., Heller, B., McKeown, N.: A network in a laptop: rapid prototyping for software-defined networks. In: Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, p. 19 (2010)
Lara, A., Kolasani, A., Ramamurthy, B.: Network innovation using openflow: a survey. IEEE Commun. Surv. Tutorials 16, 493–512 (2014)
Liao, H.J., Lin, C.H.R., Lin, Y.C.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36, 16–24 (2013)
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: Openflow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)
Okhravi, H., Comella, A., Robinson, E., Haines, J.: Creating a cyber moving target for critical infrastructure applications using platform diversity. Int. J. Crit. Infrastruct. Prot. 5(1), 30–39 (2012)
Panjwani, S., Tan, S., Jarrin, K.M., Cukier, M.: An experimental evaluation to determine if port scans are precursors to an attack. In: Proceedings on International Conference on Dependable Systems and Networks, DSN 2005, pp. 602–611. IEEE (2005)
Provos, N.: Honeyd-a virtual honeypot Daemon. In: 10th DFN-CERT Workshop, Hamburg, Germany, vol. 2, p. 4 (2003)
Rinard, M.: Manipulating program functionality to eliminate security vulnerabilities. In: Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.) Moving Target Defense, vol. 54, pp. 105–115. Springer, New York (2011)
Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 298–307 (2004)
Staniford, S., Hoagland, J.A., McAlerney, J.M.: Practical automated detection of stealthy portscans. J. Comput. Secur. 10(1/2), 105–136 (2002)
Wang, H., Jia, Q., Fleck, D., Powell, W., Li, F., Stavrou, A.: A moving target DDoS defense mechanism. Comput. Commun. 46, 10–21 (2014)
Xing, T., Huang, D., Xu, L., Chung, C.J., Khatkar, P.: Snortflow: a openflow-based intrusion prevention system in cloud environment. In: Research and Educational Experiment Workshop (GREE), Second GENI, pp. 89–92. IEEE (2013)
Acknowledgements
This work was supported in part by the NSF Grants CCF-1320605 and CNS-1223710, and ONR Grants N00014-13-1-0175 and N00014-16-1-2265.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Wang, L., Wu, D. (2016). Moving Target Defense Against Network Reconnaissance with Software Defined Networking. In: Bishop, M., Nascimento, A. (eds) Information Security. ISC 2016. Lecture Notes in Computer Science(), vol 9866. Springer, Cham. https://doi.org/10.1007/978-3-319-45871-7_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-45871-7_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45870-0
Online ISBN: 978-3-319-45871-7
eBook Packages: Computer ScienceComputer Science (R0)