Computing Partitions with Applications to the Knapsack Problem
Journal of the ACM (JACM)
Adaptive Use of Network-Centric Mechanisms in Cyber-Defense
ISORC '03 Proceedings of the Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing
On the performance of internet worm scanning strategies
Performance Evaluation
Defending against hitlist worms using network address space randomization
Computer Networks: The International Journal of Computer and Telecommunications Networking
OpenFlow: enabling innovation in campus networks
ACM SIGCOMM Computer Communication Review
NOX: towards an operating system for networks
ACM SIGCOMM Computer Communication Review
A network in a laptop: rapid prototyping for software-defined networks
Hotnets-IX Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks
Cementing high availability in openflow with RuleBricks
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
Hi-index | 0.00 |
Static configurations serve great advantage for adversaries in discovering network targets and launching attacks. Identifying active IP addresses in a target domain is a precursory step for many attacks. Frequently changing hosts' IP addresses is a novel proactive moving target defense (MTD) that hides network assets from external/internal scanners. In this paper, we use OpenFlow to develop a MTD architecture that transparently mutates host IP addresses with high unpredictability and rate, while maintaining configuration integrity and minimizing operation overhead. The presented technique is called OpenFlow Random Host Mutation (OF-RHM) in which the OpenFlow controller frequently assigns each host a random virtual IP that is translated to/from the real IP of the host. The real IP remains untouched, so IP mutation is completely transparent for end-hosts. Named hosts are reachable via the virtual IP addresses acquired via DNS, but real IP addresses can be only reached by authorized entities. Our implementation and evaluation show that OF-RHM can effectively defend against stealthy scanning, worm propagation, and other scanning-based attack.