TY - GEN
T1 - OpenFlow random host mutation
T2 - 1st ACM International Workshop on Hot Topics in Software Defined Networks, HotSDN 2012
AU - Jafarian, Jafar Haadi
AU - Al-Shaer, Ehab
AU - Duan, Qi
PY - 2012/8/13
Y1 - 2012/8/13
N2 - Static configurations serve great advantage for adversaries in discovering network targets and launching attacks. Identifying active IP addresses in a target domain is a precursory step for many attacks. Frequently changing hosts' IP addresses is a novel proactive moving target defense (MTD) that hides network assets from external/internal scanners. In this paper, we use OpenFlow to develop a MTD architecture that transparently mutates host IP addresses with high unpredictability and rate, while maintaining configuration integrity and minimizing operation overhead. The presented technique is called OpenFlow Random Host Mutation (OF-RHM) in which the OpenFlow controller frequently assigns each host a random virtual IP that is translated to/from the real IP of the host. The real IP remains untouched, so IP mutation is completely transparent for end-hosts. Named hosts are reachable via the virtual IP addresses acquired via DNS, but real IP addresses can be only reached by authorized entities. Our implementation and evaluation show that OF-RHM can effectively defend against stealthy scanning, worm propagation, and other scanning-based attack.
AB - Static configurations serve great advantage for adversaries in discovering network targets and launching attacks. Identifying active IP addresses in a target domain is a precursory step for many attacks. Frequently changing hosts' IP addresses is a novel proactive moving target defense (MTD) that hides network assets from external/internal scanners. In this paper, we use OpenFlow to develop a MTD architecture that transparently mutates host IP addresses with high unpredictability and rate, while maintaining configuration integrity and minimizing operation overhead. The presented technique is called OpenFlow Random Host Mutation (OF-RHM) in which the OpenFlow controller frequently assigns each host a random virtual IP that is translated to/from the real IP of the host. The real IP remains untouched, so IP mutation is completely transparent for end-hosts. Named hosts are reachable via the virtual IP addresses acquired via DNS, but real IP addresses can be only reached by authorized entities. Our implementation and evaluation show that OF-RHM can effectively defend against stealthy scanning, worm propagation, and other scanning-based attack.
KW - ip mutation
KW - moving target defense
KW - security
KW - software-defined networking
UR - https://www.scopus.com/pages/publications/84866521295
U2 - 10.1145/2342441.2342467
DO - 10.1145/2342441.2342467
M3 - Conference contribution
AN - SCOPUS:84866521295
SN - 9781450314770
T3 - HotSDN'12 - Proceedings of the 1st ACM International Workshop on Hot Topics in Software Defined Networks
SP - 127
EP - 132
BT - HotSDN'12 - Proceedings of the 1st ACM International Workshop on Hot Topics in Software Defined Networks
PB - Association for Computing Machinery
Y2 - 13 August 2012 through 13 August 2012
ER -