Design of a Protected Server Network with Decoys for Network-based Moving Target Defense

Tae-Keun Park (박태근); Kyungmin Park (박경민); Daesung Moon (문대성)

doi:10.9708/jksci.2018.23.09.057

Design of a Protected Server Network with Decoys for Network-based Moving Target Defense

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2018, 23(9), pp.57-64
DOI : 10.9708/jksci.2018.23.09.057
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science
Received : August 21, 2018
Accepted : September 17, 2018
Published : September 28, 2018

Tae-Keun Park ¹, Kyungmin Park ², Daesung Moon ²

¹단국대학교
²한국전자통신연구원

Accredited

ABSTRACT

In recent years, a new approach to cyber security, called the moving target defense, has emerged as a potential solution to the challenge of static systems. In this paper, we design a protected server network with a large number of decoys to anonymize the protected servers that dynamically mutate their IP address and port numbers according to Hidden Tunnel Networking, which is a network-based moving target defense scheme. In the network, a protected server is one-to-one mapped to a decoy-bed that generates a number of decoys, and the decoys share the same IP address pool with the protected server. First, the protected server network supports mutating the IP address and port numbers of the protected server very frequently regardless of the number of decoys. Second, it provides independence of the decoy-bed configuration. Third, it allows the protected servers to freely change their IP address pool. Lastly, it can reduce the possibility that an attacker will reuse the discovered attributes of a protected server in previous scanning. We believe that applying Hidden Tunnel Networking to protected servers in the proposed network can significantly reduce the probability of the protected servers being identified and compromised by attackers through deploying a large number of decoys.

KEYWORDS

Network-based moving target defense, mutation, cyber security, protected server, decoy

Citation status

* References for papers published after 2023 are currently being built.

[journal] S. Woo / 2018 / Trends in Moving Target Defense based on Network Address Mutation / Review of Korea Institute Of Information Security And Cryptology 28(2) : 5~11

[journal] 강구홍 / 2017 / Analysis of Threat Model and Requirements in Network-based Moving Target Defense / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 22(10) : 83~92

[journal] H. Okhravi / 2014 / Finding Focus in the Blur of Moving-Target Techniques / IEEE Security&Privacy 12(2) : 16~26

[confproc] D. Kewley / 2001 / Dynamic Approaches to Thwart Adversary Intelligence Gathering / Proceedings of the DARPA Information Survivability Conference and Exposition : 176~185

[confproc] M. Atighetchi / 2003 / Adaptive Use of Network-Centric Mechanisms in Cyber-Defense / Proceedings of the sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing : 183~192

[journal] S. Antonatos / 2007 / Defending against hitlist worms using network address space randomization / Computer Networks / Elsevier BV 51(12) : 3471~3490

[journal] Jafar Haadi Jafarian / 2015 / An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks / IEEE Transactions on Information Forensics and Security / Institute of Electrical and Electronics Engineers (IEEE) 10(12) : 2562~2577

[confproc] J. Sun / 2016 / DESIR: Decoy-enhanced seamless IP randomization / Proceedings of the IEEE INFOCOM

[confproc] J. H. Jafarian / 2016 / Multi-dimensional Host Identity Anonymization for Defeating Skilled Attacks / Proceedings of the 2016 ACM Workshop on Moving Target Defense : 47~58

[journal] T. Park / 2018 / A Scalable and Seamless Connection Migration Scheme for Moving Target Defense in Legacy Networks / IEICE Trans. Inf. & Syst. E101-D(11)

[other] K. Park / 2018 / Pseudonym Address based Hidden Tunnel Networking for Network Address Mutation, KOREA Patent App. No. 10-2018-0076029

[web] Fred Cohen / The Use of Deception Techniques: Honeypots and Decoys / Fred Cohen & Associates / http://all.net/journal/deception/Deception_Techniques_.pdf

[confproc] K. Borders / 2007 / OpenFire: Using Deception to Reduce Network Attacks / 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007 : 224~233

[book] Niels Provos / 2008 / Virtual Honeypots: From Botnet Tracking to Intrusion Detection / Addison Wesley

[web] O. Andreasson / Iptables Tutorial 1.2.0 - Linux Firewall Configuration / http://www.freetechbooks.com/iptablestutorial-1-2-0-linux-firewall-configuration-t273.html

[confproc] S. Achleitner / 2016 / Cyber Deception: Virtual Networks to Defend Insider Reconnaissance / MIST'16

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Design of a Protected Server Network with Decoys for Network-based Moving Target Defense

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Design of a Protected Server Network with Decoys for Network-based Moving Target Defense

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (2)

REFERENCES (16) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.