Design of a Protected Server Network with Decoys for Network-based Moving Target Defense

Tae-Keun Park; Kyung-Min Park; Daesung Moon

Journal of The Korea Society of Computer and Information

Abbr : JKSCI
2018, 23(9), pp.57-64
Publisher : The Korean Society Of Computer And Information
Research Area : Computer Science

Tae-Keun Park ¹, Kyung-Min Park ², Daesung Moon ³

¹단국대학교
²한국전자통신연구원
³한국전자통신연구원

ABSTRACT

In recent years, a new approach to cyber security, called the moving target defense, has emerged as a potential solution to the challenge of static systems. In this paper, we design a protected server network with a large number of decoys to anonymize the protected servers that dynamically mutate their IP address and port numbers according to Hidden Tunnel Networking, which is a network-based moving target defense scheme. In the network, a protected server is one-to-one mapped to a decoy-bed that generates a number of decoys, and the decoys share the same IP address pool with the protected server. First, the protected server network supports mutating the IP address and port numbers of the protected server very frequently regardless of the number of decoys. Second, it provides independence of the decoy-bed configuration. Third, it allows the protected servers to freely change their IP address pool. Lastly, it can reduce the possibility that an attacker will reuse the discovered attributes of a protected server in previous scanning. We believe that applying Hidden Tunnel Networking to protected servers in the proposed network can significantly reduce the probability of the protected servers being identified and compromised by attackers through deploying a large number of decoys.
KEYWORDS

Network-based moving target defense, mutation, cyber security, protected server, decoy
REFERENCES (16)

[journal] S. Woo / 2018 / Trends in Moving Target Defense based on Network Address Mutation / Review of Korea Institute Of Information Security And Cryptology 28(2) : 5~11

[journal] 강구홍 / 2017 / Analysis of Threat Model and Requirements in Network-based Moving Target Defense / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 22(10) : 83~92

[journal] H. Okhravi / 2014 / Finding Focus in the Blur of Moving-Target Techniques / IEEE Security&Privacy 12(2) : 16~26

[confproc] D. Kewley / 2001 / Dynamic Approaches to Thwart Adversary Intelligence Gathering / Proceedings of the DARPA Information Survivability Conference and Exposition : 176~185

[confproc] M. Atighetchi / 2003 / Adaptive Use of Network-Centric Mechanisms in Cyber-Defense / Proceedings of the sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing : 183~192

[journal] S. Antonatos / 2007 / Defending against hitlist worms using network address space randomization / Computer Networks / Elsevier BV 51(12) : 3471~3490 / 10.1016/j.comnet.2007.02.006

[journal] Jafar Haadi Jafarian / 2015 / An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks / IEEE Transactions on Information Forensics and Security / Institute of Electrical and Electronics Engineers (IEEE) 10(12) : 2562~2577 / 10.1109/TIFS.2015.2467358

[confproc] J. Sun / 2016 / DESIR: Decoy-enhanced seamless IP randomization / Proceedings of the IEEE INFOCOM

[confproc] J. H. Jafarian / 2016 / Multi-dimensional Host Identity Anonymization for Defeating Skilled Attacks / Proceedings of the 2016 ACM Workshop on Moving Target Defense : 47~58

[journal] T. Park / 2018 / A Scalable and Seamless Connection Migration Scheme for Moving Target Defense in Legacy Networks / IEICE Trans. Inf. & Syst. E101-D(11)

[other] K. Park / 2018 / Pseudonym Address based Hidden Tunnel Networking for Network Address Mutation, KOREA Patent App. No. 10-2018-0076029

[web] Fred Cohen / The Use of Deception Techniques: Honeypots and Decoys / Fred Cohen & Associates / http://all.net/journal/deception/Deception_Techniques_.pdf

[confproc] K. Borders / 2007 / OpenFire: Using Deception to Reduce Network Attacks / 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007 : 224~233

[book] Niels Provos / 2008 / Virtual Honeypots: From Botnet Tracking to Intrusion Detection / Addison Wesley

[web] O. Andreasson / Iptables Tutorial 1.2.0 - Linux Firewall Configuration / http://www.freetechbooks.com/iptablestutorial-1-2-0-linux-firewall-configuration-t273.html

[confproc] S. Achleitner / 2016 / Cyber Deception: Virtual Networks to Defend Insider Reconnaissance / MIST'16
KCI Citation (2)

KJC Korea
Journal Central

Statistics

Tools