Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

Design of a Protected Server Network with Decoys for Network-based Moving Target Defense

  • Received : 2018.08.21
  • Accepted : 2018.09.17
  • Published : 2018.09.28
Download PDF
⟨ Previous Next ⟩

Abstract

In recent years, a new approach to cyber security, called the moving target defense, has emerged as a potential solution to the challenge of static systems. In this paper, we design a protected server network with a large number of decoys to anonymize the protected servers that dynamically mutate their IP address and port numbers according to Hidden Tunnel Networking, which is a network-based moving target defense scheme. In the network, a protected server is one-to-one mapped to a decoy-bed that generates a number of decoys, and the decoys share the same IP address pool with the protected server. First, the protected server network supports mutating the IP address and port numbers of the protected server very frequently regardless of the number of decoys. Second, it provides independence of the decoy-bed configuration. Third, it allows the protected servers to freely change their IP address pool. Lastly, it can reduce the possibility that an attacker will reuse the discovered attributes of a protected server in previous scanning. We believe that applying Hidden Tunnel Networking to protected servers in the proposed network can significantly reduce the probability of the protected servers being identified and compromised by attackers through deploying a large number of decoys.

Keywords

References

  1. S. Woo, K. Park, D. Moon, and I. Kim, "Trends in Moving Target Defense based on Network Address Mutation," Review of Korea Institute Of Information Security And Cryptology, Vol. 28, No. 2, pp. 5-11, April 2018.
  2. K. Kang, T. Park, and D. Moon, "Analysis of Threat Model and Requirements in Network-based Moving Target Defense," Journal of The Korea Society of Computer and Information, Vol. 22, No. 10, pp. 83-92, October 2017.
  3. H. Okhravi, T. Hobson, D. Bigelow and W. Streilein, "Finding Focus in the Blur of Moving-Target Techniques," In IEEE Security&Privacy, vol.12, no. 2, pp. 16-26, March 2014. https://doi.org/10.1109/MSP.2013.137
  4. D. Kewley, R. Fink, J. Lowry and M. Dean, "Dynamic Approaches to Thwart Adversary Intelligence Gathering," Proceedings of the DARPA Information Survivability Conference and Exposition, pp. 176-185, August 2001.
  5. M. Atighetchi, P. Pal, F. Webber and C. Hones, "Adaptive Use of Network-Centric Mechanisms in Cyber-Defense," Proceedings of the sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, pp. 183-192, 2003.
  6. S. Antonatos, P. Akritidis, E. P. Markatos, K. G. Anagnostakis, "Defending against histlist worms using network address space randomization," Computer Networks, vol.51, no.12, pp.3471-3490. 2007. https://doi.org/10.1016/j.comnet.2007.02.006
  7. J. H. Jafarian, E. Al-Shaer and Q. Duan, "An Effective Address Mutation Approach for Distructing Reconnaissance Attacks," IEEE Transactions on Information Forensics, vol.10, no.12, pp. 2562-2577, 2015. https://doi.org/10.1109/TIFS.2015.2467358
  8. J. Sun and K. Sun, "DESIR: Decoy-enhanced seamless IP randomization," Proceedings of the IEEE INFOCOM, 2016.
  9. J. H. Jafarian, A. Niakankahiji, E. Al-Shaer and Q. Duan, "Multi-dimensional Host Identity Anonymization for Defeating Skilled Attacks," Proceedings of the 2016 ACM Workshop on Moving Target Defense, pp. 47-58, 2016.
  10. T. Park, K. Kang, and D. Moon, "A Scalable and Seamless Connection Migration Scheme for Moving Target Defense in Legacy Networks," IEICE Trans. Inf. & Syst., In Press, Vol.E101-D, No.11, November 2018.
  11. K. Park, S. Woo, D. Moon, K. Koo, I. Kim, and J. Lee "Pseudonym Address based Hidden Tunnel Networking for Network Address Mutation," KOREA Patent App. No. 10-2018-0076029, 2018.
  12. Fred Cohen, "The Use of Deception Techniques: Honeypots and Decoys", Fred Cohen & Associates, at http://all.net/journal/deception/Deception_Techniques_.pdf, accessed 23 March 2018.
  13. K. Borders, L. Falk, and A. Prakash, "OpenFire: Using Deception to Reduce Network Attacks", 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007, pp. 224-233, 2007.
  14. Niels Provos and Thorsten Holz, "Virtual Honeypots: From Botnet Tracking to Intrusion Detection,"Addison Wesley, 2008.
  15. O. Andreasson, "Iptables Tutorial 1.2.0 - Linux Firewall Configuration,"GNUFree Document, http://www.freetechbooks.com/iptablestutorial-1-2-0-linux-firewall-configuration-t273.html
  16. S. Achleitner, T. L. Porta, P. McDaniel, S. Sugrim, S. V. Krishnamurthy, and R. Chadha, "Cyber Deception: Virtual Networks to Defend Insider Reconnaissance", MIST'16, 2016.