For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
RPAH: A Moving Target Network Defense Mechanism Naturally Resists Reconnaissances and Attacks
Yue-Bin LUO Bao-Sheng WANG Xiao-Feng WANG Bo-Feng ZHANG Wei HU
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2017/03/01
Online ISSN: 1745-1361
Type of Manuscript: PAPER
Category: Information Network
port and address hopping, moving target defense, network security, reconnaissance,
Full Text: PDF(3.2MB)
>>Buy this Article
Network servers and applications commonly use static IP addresses and communication ports, making themselves easy targets for network reconnaissances and attacks. Moving target defense (MTD) is an innovatory and promising proactive defense technique. In this paper, we develop a novel MTD mechanism, called Random Port and Address Hopping (RPAH). The goal of RPAH is to hide network servers and applications and resist network reconnaissances and attacks by constantly changing their IP addresses and ports. In order to enhance the unpredictability, RPAH integrates source identity, service identity and temporal parameter in the hopping to provide three hopping frequencies, i.e., source hopping, service hopping and temporal hopping. RPAH provides high unpredictability and the maximum hopping diversities by introducing port and address demultiplexing mechanism, and provides a convenient attack detection mechanism with which the messages from attackers using invalid or inactive addresses/ports will be conveniently detected and denied. Our experiments and evaluation on campus network and PlanetLab show that RPAH is effective in resisting various network reconnaissance and attack models such as network scanning and worm propagation, while introducing an acceptable operation overhead.