본문 바로가기
  • Home

Analysis of Threat Model and Requirements in Network-based Moving Target Defense

  • Journal of The Korea Society of Computer and Information
  • Abbr : JKSCI
  • 2017, 22(10), pp.83-92
  • DOI : 10.9708/jksci.2017.22.10.083
  • Publisher : The Korean Society Of Computer And Information
  • Research Area : Engineering > Computer Science
  • Received : August 30, 2017
  • Accepted : September 25, 2017
  • Published : October 31, 2017

Koohong Kang 1 Tae-Keun Park 2 Daesung Moon 3

1서원대학교
2단국대학교
3한국전자통신연구원

Accredited

ABSTRACT

Reconnaissance is performed gathering information from a series of scanning probes where the objective is to identify attributes of target hosts. Network reconnaissance of IP addresses and ports is prerequisite to various cyber attacks. In order to increase the attacker’s workload and to break the attack kill chain, a few proactive techniques based on the network-based moving target defense (NMTD) paradigm, referred to as IP address mutation/randomization, have been presented. However, there are no commercial or trial systems deployed in real networks. In this paper, we propose a threat model and the request for requirements for developing NMTD techniques. For this purpose, we first examine the challenging problems in the NMTD mechanisms that were proposed for the legacy TCP/IP network. Secondly, we present a threat model in terms of attacker’s intelligence, the intended information scope, and the attacker’s location. Lastly, we provide seven basic requirements to develop an NMTD mechanism for the legacy TCP/IP network: 1) end-host address mutation, 2) post tracking, 3) address mutation unit, 4) service transparency, 5) name and address access, 6) adaptive defense, and 7) controller operation. We believe that this paper gives some insight into how to design and implement a new NMTD mechanism that would be deployable in real network.

Citation status

* References for papers published after 2023 are currently being built.