Openflow random host mutation: transparent moving target defense using software defined networking

  • Authors:
  • Jafar Haadi Jafarian;Ehab Al-Shaer;Qi Duan

  • Affiliations:
  • University of North Carolina at Charlotte, Charlotte, NC, USA;University of North Carolina at Charlotte, Charlotte, NC, USA;University of North Carolina at Charlotte, Charlotte, NC, USA

  • Venue:
  • Proceedings of the first workshop on Hot topics in software defined networks
  • Year:
  • 2012

Quantified Score

Hi-index 0.00

Visualization

Abstract

Static configurations serve great advantage for adversaries in discovering network targets and launching attacks. Identifying active IP addresses in a target domain is a precursory step for many attacks. Frequently changing hosts' IP addresses is a novel proactive moving target defense (MTD) that hides network assets from external/internal scanners. In this paper, we use OpenFlow to develop a MTD architecture that transparently mutates host IP addresses with high unpredictability and rate, while maintaining configuration integrity and minimizing operation overhead. The presented technique is called OpenFlow Random Host Mutation (OF-RHM) in which the OpenFlow controller frequently assigns each host a random virtual IP that is translated to/from the real IP of the host. The real IP remains untouched, so IP mutation is completely transparent for end-hosts. Named hosts are reachable via the virtual IP addresses acquired via DNS, but real IP addresses can be only reached by authorized entities. Our implementation and evaluation show that OF-RHM can effectively defend against stealthy scanning, worm propagation, and other scanning-based attack.