Analysis of Threat Model and Requirements in Network-based Moving Target Defense (네트워크 기반 무빙 타켓 방어의 위협 모델 및 요구사항 분석)

Koohong Kang (강구홍); Tae-Keun Park (박태근); Daesung Moon (문대성)

doi:10.9708/jksci.2017.22.10.083

Analysis of Threat Model and Requirements in Network-based Moving Target Defense

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2017, 22(10), pp.83-92
DOI : 10.9708/jksci.2017.22.10.083
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science
Received : August 30, 2017
Accepted : September 25, 2017
Published : October 31, 2017

Koohong Kang ¹, Tae-Keun Park ², Daesung Moon ³

¹서원대학교
²단국대학교
³한국전자통신연구원

Accredited

ABSTRACT

Reconnaissance is performed gathering information from a series of scanning probes where the objective is to identify attributes of target hosts. Network reconnaissance of IP addresses and ports is prerequisite to various cyber attacks. In order to increase the attacker’s workload and to break the attack kill chain, a few proactive techniques based on the network-based moving target defense (NMTD) paradigm, referred to as IP address mutation/randomization, have been presented. However, there are no commercial or trial systems deployed in real networks. In this paper, we propose a threat model and the request for requirements for developing NMTD techniques. For this purpose, we first examine the challenging problems in the NMTD mechanisms that were proposed for the legacy TCP/IP network. Secondly, we present a threat model in terms of attacker’s intelligence, the intended information scope, and the attacker’s location. Lastly, we provide seven basic requirements to develop an NMTD mechanism for the legacy TCP/IP network: 1) end-host address mutation, 2) post tracking, 3) address mutation unit, 4) service transparency, 5) name and address access, 6) adaptive defense, and 7) controller operation. We believe that this paper gives some insight into how to design and implement a new NMTD mechanism that would be deployable in real network.

KEYWORDS

Moving target defense, Network address mutation, Internet security

Citation status

* References for papers published after 2023 are currently being built.

[journal] H. Okhravi / 2014 / Finding Focus in the Blur of Moving-Target Techniques / IEEE Security&Privacy 12(2) : 16~26

[confproc] D. Kewley / 2001 / Dynamic Approaches to Thwart Adversary Intelligence Gathering / Proceedings of the DARPA Information Survivability Conference and Exposition : 176~185

[confproc] M. Atighetchi / 2003 / Adaptive Use of Network-Centric Mechanisms in Cyber-Defense / Proceedings of the sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing : 183~192

[journal] S. Antonatos / 2007 / Defending against histlist worms using network address space randomization / Computer Networks 51(12) : 3471~3490

[journal] J. H. Jafarian / 2015 / An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks / IEEE Transactions on Information Forensics 10(12) : 2562~2577

[confproc] J. Sun / 2016 / DESIR: Decoy-enhanced seamless IP randomization / Proceedings of the IEEE ONFOCOM

[confproc] J. H. Jafarian / 2016 / Multi-dimensional Host Identity Anonymization for Defeating Skilled Attacks / Proceedings of the 2016 ACM Workshop on Moving Target Defense : 47~58

[confproc] J. H. Jafarian / 2012 / OpenFlow Random Host Mutation: Transparent Moving Target Defense using Software Defined Networking / Proceedings of the first worshop on Hot topics in software defined networks : 127~132

[journal] Z. Zhao / 2017 / An SDN-Based Fingerprint Hopping Method to Prevent Fingerprinting Attacks / Proceedings of the Security and Communication Networks

[journal] B. A. Nunes / 2014 / A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks / IEEE Communications Surveys & Tutorials 16(3) : 1617~1634

[web] R. Droms / Dynamic Host Configuration Protocol, RFC 2131 / http://www.rfc-editor.org

[report] G. Su / 2002 / Mobile Communication with Virtual Network Address Translation / Department of Computer Science, Columbia University

[journal] S. Ansari / 2002 / Packet sniffing: a brief introduction / IEEE potentials 21(5) : 17~19

[book] G. F. Lyon / 2009 / Nmap network scanning: The official Nmap project guide to network discovery and security scanning / Insecure

[confproc] C. Kreibich / 2001 / Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics / Proceedings of USENIX Security Symposium

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Analysis of Threat Model and Requirements in Network-based Moving Target Defense

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Analysis of Threat Model and Requirements in Network-based Moving Target Defense

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (3)

REFERENCES (15) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.