RPAH: A Moving Target Network Defense Mechanism Naturally Resists Reconnaissances and Attacks
Network servers and applications commonly use static IP addresses and communication ports, making themselves easy targets for network reconnaissances and attacks. Moving target defense (MTD) is an innovatory and promising proactive defense technique. In this paper, we develop a novel MTD mechanism,...
Gespeichert in:
| Veröffentlicht in: | IEICE Transactions on Information and Systems 2017/03/01, Vol.E100.D(3), pp.496-510 |
|---|---|
| Hauptverfasser: | , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 510 |
|---|---|
| container_issue | 3 |
| container_start_page | 496 |
| container_title | IEICE Transactions on Information and Systems |
| container_volume | E100.D |
| creator | LUO, Yue-Bin WANG, Bao-Sheng WANG, Xiao-Feng ZHANG, Bo-Feng HU, Wei |
| description | Network servers and applications commonly use static IP addresses and communication ports, making themselves easy targets for network reconnaissances and attacks. Moving target defense (MTD) is an innovatory and promising proactive defense technique. In this paper, we develop a novel MTD mechanism, called Random Port and Address Hopping (RPAH). The goal of RPAH is to hide network servers and applications and resist network reconnaissances and attacks by constantly changing their IP addresses and ports. In order to enhance the unpredictability, RPAH integrates source identity, service identity and temporal parameter in the hopping to provide three hopping frequencies, i.e., source hopping, service hopping and temporal hopping. RPAH provides high unpredictability and the maximum hopping diversities by introducing port and address demultiplexing mechanism, and provides a convenient attack detection mechanism with which the messages from attackers using invalid or inactive addresses/ports will be conveniently detected and denied. Our experiments and evaluation on campus network and PlanetLab show that RPAH is effective in resisting various network reconnaissance and attack models such as network scanning and worm propagation, while introducing an acceptable operation overhead. |
| doi_str_mv | 10.1587/transinf.2016EDP7304 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1893882541</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2014549652</sourcerecordid><originalsourceid>FETCH-LOGICAL-c600t-30d878bcc10bc621a2689d6de18d1d88cb97812be1a2cef5f722a9153de7e2263</originalsourceid><addsrcrecordid>eNpdkE1PGzEQhi3USqS0_4CDpV56Weqx115vbxEJUAkoiuCILMc7GzZsvNTjtOLfs1X4Uk8z0jzvq9HD2CGII9C2-p6Tj9TF9kgKMPPZVaVEuccmUJW6AGXgA5uIGkxhtZL77BPRWgiwEvSE3S6upmc_-JRfDH-6uOLXPq0w80vMf4d0z2fYYiTkFxjufOxowy993ibf9498gdRRpnGGIUbfEfkYkLiPDZ_m7MM9fWYfW98TfnmeB-zmZH59fFac_zr9eTw9L4IRIhdKNLayyxBALIOR4KWxdWMaBNtAY21Y1pUFucTxErDVbSWlr0GrBiuU0qgD9m3X-5CG31uk7DYdBex7H3HYkgNbK2ulLmFEv_6HrodtiuN3brRX6rI2Wo5UuaNCGogStu4hdRufHh0I98-5e3Hu3jkfY4tdbE3Zr_A15FPuQo9voTkI4WZOvSzvSl7h0XhyGNUTHG6Tng</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2014549652</pqid></control><display><type>article</type><title>RPAH: A Moving Target Network Defense Mechanism Naturally Resists Reconnaissances and Attacks</title><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><source>J-STAGE (Japan Science & Technology Information Aggregator, Electronic) Freely Available Titles - Japanese</source><creator>LUO, Yue-Bin ; WANG, Bao-Sheng ; WANG, Xiao-Feng ; ZHANG, Bo-Feng ; HU, Wei</creator><creatorcontrib>LUO, Yue-Bin ; WANG, Bao-Sheng ; WANG, Xiao-Feng ; ZHANG, Bo-Feng ; HU, Wei</creatorcontrib><description>Network servers and applications commonly use static IP addresses and communication ports, making themselves easy targets for network reconnaissances and attacks. Moving target defense (MTD) is an innovatory and promising proactive defense technique. In this paper, we develop a novel MTD mechanism, called Random Port and Address Hopping (RPAH). The goal of RPAH is to hide network servers and applications and resist network reconnaissances and attacks by constantly changing their IP addresses and ports. In order to enhance the unpredictability, RPAH integrates source identity, service identity and temporal parameter in the hopping to provide three hopping frequencies, i.e., source hopping, service hopping and temporal hopping. RPAH provides high unpredictability and the maximum hopping diversities by introducing port and address demultiplexing mechanism, and provides a convenient attack detection mechanism with which the messages from attackers using invalid or inactive addresses/ports will be conveniently detected and denied. Our experiments and evaluation on campus network and PlanetLab show that RPAH is effective in resisting various network reconnaissance and attack models such as network scanning and worm propagation, while introducing an acceptable operation overhead.</description><identifier>ISSN: 0916-8532</identifier><identifier>EISSN: 1745-1361</identifier><identifier>DOI: 10.1587/transinf.2016EDP7304</identifier><language>eng</language><publisher>Tokyo: The Institute of Electronics, Information and Communication Engineers</publisher><subject>Computer information security ; Computer worms ; Cybersecurity ; Demultiplexing ; IP (Internet Protocol) ; Messages ; moving target defense ; Moving targets ; network security ; Network servers ; Networks ; port and address hopping ; Ports ; reconnaissance ; Resists</subject><ispartof>IEICE Transactions on Information and Systems, 2017/03/01, Vol.E100.D(3), pp.496-510</ispartof><rights>2017 The Institute of Electronics, Information and Communication Engineers</rights><rights>Copyright Japan Science and Technology Agency 2017</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c600t-30d878bcc10bc621a2689d6de18d1d88cb97812be1a2cef5f722a9153de7e2263</citedby><cites>FETCH-LOGICAL-c600t-30d878bcc10bc621a2689d6de18d1d88cb97812be1a2cef5f722a9153de7e2263</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,1876,27903,27904</link.rule.ids></links><search><creatorcontrib>LUO, Yue-Bin</creatorcontrib><creatorcontrib>WANG, Bao-Sheng</creatorcontrib><creatorcontrib>WANG, Xiao-Feng</creatorcontrib><creatorcontrib>ZHANG, Bo-Feng</creatorcontrib><creatorcontrib>HU, Wei</creatorcontrib><title>RPAH: A Moving Target Network Defense Mechanism Naturally Resists Reconnaissances and Attacks</title><title>IEICE Transactions on Information and Systems</title><addtitle>IEICE Trans. Inf. & Syst.</addtitle><description>Network servers and applications commonly use static IP addresses and communication ports, making themselves easy targets for network reconnaissances and attacks. Moving target defense (MTD) is an innovatory and promising proactive defense technique. In this paper, we develop a novel MTD mechanism, called Random Port and Address Hopping (RPAH). The goal of RPAH is to hide network servers and applications and resist network reconnaissances and attacks by constantly changing their IP addresses and ports. In order to enhance the unpredictability, RPAH integrates source identity, service identity and temporal parameter in the hopping to provide three hopping frequencies, i.e., source hopping, service hopping and temporal hopping. RPAH provides high unpredictability and the maximum hopping diversities by introducing port and address demultiplexing mechanism, and provides a convenient attack detection mechanism with which the messages from attackers using invalid or inactive addresses/ports will be conveniently detected and denied. Our experiments and evaluation on campus network and PlanetLab show that RPAH is effective in resisting various network reconnaissance and attack models such as network scanning and worm propagation, while introducing an acceptable operation overhead.</description><subject>Computer information security</subject><subject>Computer worms</subject><subject>Cybersecurity</subject><subject>Demultiplexing</subject><subject>IP (Internet Protocol)</subject><subject>Messages</subject><subject>moving target defense</subject><subject>Moving targets</subject><subject>network security</subject><subject>Network servers</subject><subject>Networks</subject><subject>port and address hopping</subject><subject>Ports</subject><subject>reconnaissance</subject><subject>Resists</subject><issn>0916-8532</issn><issn>1745-1361</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2017</creationdate><recordtype>article</recordtype><recordid>eNpdkE1PGzEQhi3USqS0_4CDpV56Weqx115vbxEJUAkoiuCILMc7GzZsvNTjtOLfs1X4Uk8z0jzvq9HD2CGII9C2-p6Tj9TF9kgKMPPZVaVEuccmUJW6AGXgA5uIGkxhtZL77BPRWgiwEvSE3S6upmc_-JRfDH-6uOLXPq0w80vMf4d0z2fYYiTkFxjufOxowy993ibf9498gdRRpnGGIUbfEfkYkLiPDZ_m7MM9fWYfW98TfnmeB-zmZH59fFac_zr9eTw9L4IRIhdKNLayyxBALIOR4KWxdWMaBNtAY21Y1pUFucTxErDVbSWlr0GrBiuU0qgD9m3X-5CG31uk7DYdBex7H3HYkgNbK2ulLmFEv_6HrodtiuN3brRX6rI2Wo5UuaNCGogStu4hdRufHh0I98-5e3Hu3jkfY4tdbE3Zr_A15FPuQo9voTkI4WZOvSzvSl7h0XhyGNUTHG6Tng</recordid><startdate>20170101</startdate><enddate>20170101</enddate><creator>LUO, Yue-Bin</creator><creator>WANG, Bao-Sheng</creator><creator>WANG, Xiao-Feng</creator><creator>ZHANG, Bo-Feng</creator><creator>HU, Wei</creator><general>The Institute of Electronics, Information and Communication Engineers</general><general>Japan Science and Technology Agency</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20170101</creationdate><title>RPAH: A Moving Target Network Defense Mechanism Naturally Resists Reconnaissances and Attacks</title><author>LUO, Yue-Bin ; WANG, Bao-Sheng ; WANG, Xiao-Feng ; ZHANG, Bo-Feng ; HU, Wei</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c600t-30d878bcc10bc621a2689d6de18d1d88cb97812be1a2cef5f722a9153de7e2263</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2017</creationdate><topic>Computer information security</topic><topic>Computer worms</topic><topic>Cybersecurity</topic><topic>Demultiplexing</topic><topic>IP (Internet Protocol)</topic><topic>Messages</topic><topic>moving target defense</topic><topic>Moving targets</topic><topic>network security</topic><topic>Network servers</topic><topic>Networks</topic><topic>port and address hopping</topic><topic>Ports</topic><topic>reconnaissance</topic><topic>Resists</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>LUO, Yue-Bin</creatorcontrib><creatorcontrib>WANG, Bao-Sheng</creatorcontrib><creatorcontrib>WANG, Xiao-Feng</creatorcontrib><creatorcontrib>ZHANG, Bo-Feng</creatorcontrib><creatorcontrib>HU, Wei</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEICE Transactions on Information and Systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>LUO, Yue-Bin</au><au>WANG, Bao-Sheng</au><au>WANG, Xiao-Feng</au><au>ZHANG, Bo-Feng</au><au>HU, Wei</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>RPAH: A Moving Target Network Defense Mechanism Naturally Resists Reconnaissances and Attacks</atitle><jtitle>IEICE Transactions on Information and Systems</jtitle><addtitle>IEICE Trans. Inf. & Syst.</addtitle><date>2017-01-01</date><risdate>2017</risdate><volume>E100.D</volume><issue>3</issue><spage>496</spage><epage>510</epage><pages>496-510</pages><issn>0916-8532</issn><eissn>1745-1361</eissn><abstract>Network servers and applications commonly use static IP addresses and communication ports, making themselves easy targets for network reconnaissances and attacks. Moving target defense (MTD) is an innovatory and promising proactive defense technique. In this paper, we develop a novel MTD mechanism, called Random Port and Address Hopping (RPAH). The goal of RPAH is to hide network servers and applications and resist network reconnaissances and attacks by constantly changing their IP addresses and ports. In order to enhance the unpredictability, RPAH integrates source identity, service identity and temporal parameter in the hopping to provide three hopping frequencies, i.e., source hopping, service hopping and temporal hopping. RPAH provides high unpredictability and the maximum hopping diversities by introducing port and address demultiplexing mechanism, and provides a convenient attack detection mechanism with which the messages from attackers using invalid or inactive addresses/ports will be conveniently detected and denied. Our experiments and evaluation on campus network and PlanetLab show that RPAH is effective in resisting various network reconnaissance and attack models such as network scanning and worm propagation, while introducing an acceptable operation overhead.</abstract><cop>Tokyo</cop><pub>The Institute of Electronics, Information and Communication Engineers</pub><doi>10.1587/transinf.2016EDP7304</doi><tpages>15</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0916-8532 |
| ispartof | IEICE Transactions on Information and Systems, 2017/03/01, Vol.E100.D(3), pp.496-510 |
| issn | 0916-8532 1745-1361 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_1893882541 |
| source | Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals; J-STAGE (Japan Science & Technology Information Aggregator, Electronic) Freely Available Titles - Japanese |
| subjects | Computer information security Computer worms Cybersecurity Demultiplexing IP (Internet Protocol) Messages moving target defense Moving targets network security Network servers Networks port and address hopping Ports reconnaissance Resists |
| title | RPAH: A Moving Target Network Defense Mechanism Naturally Resists Reconnaissances and Attacks |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-26T19%3A46%3A26IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=RPAH:%20A%20Moving%20Target%20Network%20Defense%20Mechanism%20Naturally%20Resists%20Reconnaissances%20and%20Attacks&rft.jtitle=IEICE%20Transactions%20on%20Information%20and%20Systems&rft.au=LUO,%20Yue-Bin&rft.date=2017-01-01&rft.volume=E100.D&rft.issue=3&rft.spage=496&rft.epage=510&rft.pages=496-510&rft.issn=0916-8532&rft.eissn=1745-1361&rft_id=info:doi/10.1587/transinf.2016EDP7304&rft_dat=%3Cproquest_cross%3E2014549652%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2014549652&rft_id=info:pmid/&rfr_iscdi=true |