Spatio-temporal address mutation for proactive cyber agility against sophisticated attackers

Proceedings of the ACM Conference on Computer and Communications Security

Volumn 2014-November, Issue November, 2014, Pages 69-78

  Jafarian, Jafar Haadi ^a   Al Shaer, Ehab ^a   Duan, Qi ^a  

^a University of North Carolina at Charlotte   (United States)

Author keywords

Adversary awareness; IP address randomization; Moving target defense (MTD); Reconnaissance

Indexed keywords

LOCATION; NETWORK SECURITY; RANDOM PROCESSES;

ADDRESS MAPPINGS; ADVERSARY-AWARENESS; DEFENSE TECHNIQUES; DISTRIBUTED NETWORKS; EXPERIMENTAL ANALYSIS; IP ADDRESSS; MOVING TARGET DEFENSE; RECONNAISSANCE;

INTERNET PROTOCOLS;

EID: 84937692873     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2663474.2663483     Document Type: Conference Paper

References (21)

1. E. Al-Shaer, Q. Duan, and J. H. Jafarian. Random host mutation for moving target defense. In Proceedings of the 8th International Conference on Security and Privacy in Communication Networks, Padua, Italy, 2012.
2. M. Albanese, A. De Benedictis, S. Jajodia, and K. Sun. A moving target defense mechanism for manets based on identity virtualization. In Communications and Network Security (CNS), 2013 IEEE Conference on, pages 278-286, Oct 2013.
3. S. Antonatos, P. Akritidis, E. P. Markatos, and K. G. Anagnostakis. Defending against hitlist worms using network address space randomization. Comput. Netw., 51(12):3471-3490, 2007.
4. M. Atighetchi, P. Pal, F. Webber, and C. Jones. Adaptive use of network-centric mechanisms in cyber-defense. In ISORC '03, page 183. IEEE Computer Society, 2003.
5. W. v. d. G. C. Contavalli. Client subnet in dns requests. http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-00 2011.
6. J.-Y. Cai, V. Yegneswaran, C. Alfeld, and P. Barford. An attacker-defender game for honeynets. In Proceedings of the 15th Annual International Conference on Computing and Combinatorics, pages 7-16. Springer-Verlag, 2009.
7. M. P. Collins and M. K. Reiter. Hit-list worm detection and bot identification in large networks using protocol graphs. In Proceedings of the 10th international conference on Recent advances in intrusion detection, RAID'07, pages 276-295, Berlin, Heidelberg, 2007. Springer-Verlag.
8. V. N. L. Franqueira. Finding multi-step attacks in computer networks using heuristic search and mobile ambients. PhD thesis, University of Twente, Enschede, 2009.
9. J. H. Jafarian, E. Al-Shaer, and Q. Duan. Open flow random host mutation: Transparent moving target defense using software defined networking. In Proceedings of HotSDN workshop at SIGCOMM'12, Helsinki, Finland, 2012.
10. R. E. Kass, editor. Markov Chain Monte Carlo in Practice (Chapman & Hall/CRC Interdisciplinary Statistics). Chapman and Hall/CRC, 1 edition, Dec. 1995.
11. D. Kewley, R. Fink, J. Lowry, and M. Dean. Dynamic approaches to thwart adversary intelligence gathering. In DARPA Information Survivability Conference Exposition II, 2001. DISCEX '01. Proceedings, volume 1, pages 176 -185 vol.1, 2001.
12. B. Lantz, B. Heller, and N. McKeown. A network in a laptop: Rapid prototyping for software-defined networks. In Proceedings of the Ninth ACM SIGCOMM Workshop on Hot Topics in Networks, Hotnets '10, pages 191-196, New York, NY, USA, 2010. ACM.
13. OpenFlow group at Stanford University. POX Wiki, 2013. https://openflow.stanford.edu/display/ONL/POX+Wiki.
14. N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner. Open flow: Enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev., 38(2):69-74, Mar. 2008.
15. L. Page, S. Brin, R. Motwani, and T. Winograd. The pagerank citation ranking: Bringing order to the web. Technical Report 1999-66, Stanford InfoLab, November 1999.
16. K. security lab. Securelist. http://www.securelist.com/en/analysis, 2012.
17. S. Stafford and J. Li. Behavior-based worm detectors compared. In S. Jha, R. Sommer, and C. Kreibich, editors, Recent Advances in Intrusion Detection, volume 6307 of Lecture Notes in Computer Science, pages 38-57. Springer Berlin Heidelberg, 2010.
18. L. Wang, T. Islam, T. Long, A. Singhal, and S. Jajodia. An attack graph-based probabilistic security metric. In Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security, pages 283-296, Berlin, Heidelberg, 2008. Springer-Verlag.
19. J. Yackoski, P. Xie, H. Bullen, J. Li, and K. Sun. A self-shielding dynamic network architecture. In MILITARY COMMUNICATIONS CONFERENCE, 2011 - MILCOM 2011, pages 1381 -1386, nov. 2011.
20. V. Yegneswaran and C. Alfeld. Camouflaging honeynets. In In Proceedings of IEEE Global Internet Symposium, 2007.
21. C. Zou and D. Towsley. Routing Worm: A Fast, Selective Attack Worm Based on IP Address Information. Workshop on Principles of Advanced and Distributed Simulation, pages 199-206, 2005.