Design of a Protected Server Network with Decoys for Network-based Moving Target Defense

Park Taekeun; Kyung Min Park; Daesung Moon

doi:10.9708/jksci.2018.23.09.057

In recent years, a new approach to cyber security, called the moving target defense, has emerged as a potential solution to the challenge of static systems. In this paper, we design a protected server network with a large number of decoys to anonymize the protected servers that dynamically mutate their IP address and port numbers according to Hidden Tunnel Networking, which is a network-based moving target defense scheme. In the network, a protected server is one-to-one mapped to a decoy-bed that generates a number of decoys, and the decoys share the same IP address pool with the protected server. First, the protected server network supports mutating the IP address and port numbers of the protected server very frequently regardless of the number of decoys. Second, it provides independence of the decoy-bed configuration. Third, it allows the protected servers to freely change their IP address pool. Lastly, it can reduce the possibility that an attacker will reuse the discovered attributes of a protected server in previous scanning. We believe that applying Hidden Tunnel Networking to protected servers in the proposed network can significantly reduce the probability of the protected servers being identified and compromised by attackers through deploying a large number of decoys.

Citation status

KCI Citation Counts (2)
열림/닫힘 버튼
REFERENCES (16)
열림/닫힘 버튼
* 2021년 이후 발행 논문의 참고문헌은 현재 구축 중입니다.

[journal] S. Woo / 2018 / Trends in Moving Target Defense based on Network Address Mutation / Review of Korea Institute Of Information Security And Cryptology 28(2) : 5~11

[journal] 강구홍 / 2017 / Analysis of Threat Model and Requirements in Network-based Moving Target Defense / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 22(10) : 83~92

[journal] H. Okhravi / 2014 / Finding Focus in the Blur of Moving-Target Techniques / IEEE Security&Privacy 12(2) : 16~26

[confproc] D. Kewley / 2001 / Dynamic Approaches to Thwart Adversary Intelligence Gathering / Proceedings of the DARPA Information Survivability Conference and Exposition : 176~185

[confproc] M. Atighetchi / 2003 / Adaptive Use of Network-Centric Mechanisms in Cyber-Defense / Proceedings of the sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing : 183~192

[journal] S. Antonatos / 2007 / Defending against hitlist worms using network address space randomization / Computer Networks / Elsevier BV 51(12) : 3471~3490 / 10.1016/j.comnet.2007.02.006

[journal] Jafar Haadi Jafarian / 2015 / An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks / IEEE Transactions on Information Forensics and Security / Institute of Electrical and Electronics Engineers (IEEE) 10(12) : 2562~2577 / 10.1109/TIFS.2015.2467358

[confproc] J. Sun / 2016 / DESIR: Decoy-enhanced seamless IP randomization / Proceedings of the IEEE INFOCOM

[confproc] J. H. Jafarian / 2016 / Multi-dimensional Host Identity Anonymization for Defeating Skilled Attacks / Proceedings of the 2016 ACM Workshop on Moving Target Defense : 47~58

[journal] T. Park / 2018 / A Scalable and Seamless Connection Migration Scheme for Moving Target Defense in Legacy Networks / IEICE Trans. Inf. & Syst. E101-D(11)

[other] K. Park / 2018 / Pseudonym Address based Hidden Tunnel Networking for Network Address Mutation, KOREA Patent App. No. 10-2018-0076029

[web] Fred Cohen / The Use of Deception Techniques: Honeypots and Decoys / Fred Cohen & Associates / http://all.net/journal/deception/Deception_Techniques_.pdf

[confproc] K. Borders / 2007 / OpenFire: Using Deception to Reduce Network Attacks / 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007 : 224~233

[book] Niels Provos / 2008 / Virtual Honeypots: From Botnet Tracking to Intrusion Detection / Addison Wesley

[web] O. Andreasson / Iptables Tutorial 1.2.0 - Linux Firewall Configuration / http://www.freetechbooks.com/iptablestutorial-1-2-0-linux-firewall-configuration-t273.html

[confproc] S. Achleitner / 2016 / Cyber Deception: Virtual Networks to Defend Insider Reconnaissance / MIST'16

KJC Korea
Journal Central

Statistics

Tools

Sharing

Issue List

Citation status