Skip to main content
SpringerLink
Log in

Moving Target Defense Against Network Reconnaissance with Software Defined Networking

  • Conference paper
  • First Online:
Information Security (ISC 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9866))

Included in the following conference series:

Abstract

Online hosts and networks are easy targets of network attacks due to their static nature, which creates an information asymmetry and makes them easy to attack and hard to defend. To break the asymmetry, Moving Target Defense was proposed to bring uncertainties to computer systems. It can be applied to all levels of protections, covering applications, system software, operating systems, and networks. In this paper, we present, Sniffer Reflector, a new method to practice Moving Target Defense against network reconnaissance, which is usually considered as the very first step of most attacks. Sniffer Reflector employs Software-Defined Networking to disturb network reconnaissance. We use virtualization to provide an obfuscated reconnaissance result for attackers. Our method can be easily combined with existing security tools for network forensics as well. We have developed a prototype in a virtual local area network. Our experiment results show that Sniffer Reflector is effective and efficient in blurring various network reconnaissance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Technically, the terms network reconnaissance and network scan are exchangeable when describing network probe activities. We use them equally in this paper.

References

  1. Al-Shaer, E.: Toward network configuration randomization for moving target defense. In: Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.) Moving Target Defense, vol. 54, pp. 153–159. Springer, New York (2011)

    Chapter  Google Scholar 

  2. Allman, M., Paxson, V., Terrell, J.: A brief history of scanning. In: Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, pp. 77–82 (2007)

    Google Scholar 

  3. Davoli, R.: VDE: virtual distributed ethernet. In: 1st International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, pp. 213–220. IEEE (2005)

    Google Scholar 

  4. Dunlop, M., Groat, S., Urbanski, W., Marchany, R., Tront, J.: MT6D: A moving target IPv6 defense. In: Military Communications Conference. IEEE (2011)

    Google Scholar 

  5. Evans, D., Nguyen-Tuong, A., Knight, J.: Effectiveness of moving target defenses. In: Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.) Moving Target Defense, vol. 54, pp. 29–48. Springer, New York (2011)

    Chapter  Google Scholar 

  6. Gadge, J., Patil, A.A.: Port scan detection. In: 16th IEEE International Conference on Networks, ICON 2008, pp. 1–6. IEEE (2008)

    Google Scholar 

  7. Groat, S., Dunlop, M., Urbanksi, W., Marchany, R., Tront, J.: Using an IPv6 moving target defense to protect the smart grid. In: 2012 IEEE PES Innovative Smart Grid Technologies (ISGT), pp. 1–7, January 2012

    Google Scholar 

  8. Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.): Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats. Advances in Information Security, vol. 54. Springer, New York (2011)

    Google Scholar 

  9. Kewley, D., Fink, R., Lowry, J., Dean, M.: Dynamic approaches to thwart adversary intelligence gathering. In: Proceedings of DARPA Information Survivability Conference and Exposition II, pp. 176–185 (2001)

    Google Scholar 

  10. Kivity, A., Kamay, Y., Laor, D., Lublin, U., Liguori, A.: KVM: the Linux virtual machine monitor. Proc. Linux Symp. 1, 225–230 (2007)

    Google Scholar 

  11. Lantz, B., Heller, B., McKeown, N.: A network in a laptop: rapid prototyping for software-defined networks. In: Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, p. 19 (2010)

    Google Scholar 

  12. Lara, A., Kolasani, A., Ramamurthy, B.: Network innovation using openflow: a survey. IEEE Commun. Surv. Tutorials 16, 493–512 (2014)

    Article  Google Scholar 

  13. Liao, H.J., Lin, C.H.R., Lin, Y.C.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36, 16–24 (2013)

    Article  Google Scholar 

  14. McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: Openflow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)

    Article  Google Scholar 

  15. Okhravi, H., Comella, A., Robinson, E., Haines, J.: Creating a cyber moving target for critical infrastructure applications using platform diversity. Int. J. Crit. Infrastruct. Prot. 5(1), 30–39 (2012)

    Article  Google Scholar 

  16. Panjwani, S., Tan, S., Jarrin, K.M., Cukier, M.: An experimental evaluation to determine if port scans are precursors to an attack. In: Proceedings on International Conference on Dependable Systems and Networks, DSN 2005, pp. 602–611. IEEE (2005)

    Google Scholar 

  17. Provos, N.: Honeyd-a virtual honeypot Daemon. In: 10th DFN-CERT Workshop, Hamburg, Germany, vol. 2, p. 4 (2003)

    Google Scholar 

  18. Rinard, M.: Manipulating program functionality to eliminate security vulnerabilities. In: Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.) Moving Target Defense, vol. 54, pp. 105–115. Springer, New York (2011)

    Chapter  Google Scholar 

  19. Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 298–307 (2004)

    Google Scholar 

  20. Staniford, S., Hoagland, J.A., McAlerney, J.M.: Practical automated detection of stealthy portscans. J. Comput. Secur. 10(1/2), 105–136 (2002)

    Article  Google Scholar 

  21. Wang, H., Jia, Q., Fleck, D., Powell, W., Li, F., Stavrou, A.: A moving target DDoS defense mechanism. Comput. Commun. 46, 10–21 (2014)

    Article  Google Scholar 

  22. Xing, T., Huang, D., Xu, L., Chung, C.J., Khatkar, P.: Snortflow: a openflow-based intrusion prevention system in cloud environment. In: Research and Educational Experiment Workshop (GREE), Second GENI, pp. 89–92. IEEE (2013)

    Google Scholar 

Download references

Acknowledgements

This work was supported in part by the NSF Grants CCF-1320605 and CNS-1223710, and ONR Grants N00014-13-1-0175 and N00014-16-1-2265.

Author information

Authors and Affiliations

  1. College of Information Sciences and Technology, The Pennsylvania State University, University Park, PA, 16802, USA

    Li Wang & Dinghao Wu

Authors
  1. Li Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dinghao Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dinghao Wu .

Editor information

Editors and Affiliations

  1. University of California , Davies, USA

    Matt Bishop

  2. University of Washington , Tacoma, Washington, USA

    Anderson C A Nascimento

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Wang, L., Wu, D. (2016). Moving Target Defense Against Network Reconnaissance with Software Defined Networking. In: Bishop, M., Nascimento, A. (eds) Information Security. ISC 2016. Lecture Notes in Computer Science(), vol 9866. Springer, Cham. https://doi.org/10.1007/978-3-319-45871-7_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-45871-7_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-45870-0

  • Online ISBN: 978-3-319-45871-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation