ABSTRACT
Moving Target Defenses (MTD) are proactive security countermeasures that change the attack surface in a system in ways that make it harder for attackers to succeed. These techniques have been shown to be effective, and their application in software-defined networking (SDN) against simple automated attacks is growing in popularity. However, with the increased knowledge of and ease of access to Artificial Intelligence (AI) techniques, AI is starting to be used to enhance cyber attacks, which are becoming increasingly complex. Hence, the evaluation of MTDs against simple automated attacks is no longer enough to demonstrate their effectiveness in increasing system security.
With this in mind, we propose a novel framework to evaluate MTD techniques in SDN. To this end, first, we develop a taxonomy of possible intelligent attacks against MTD techniques. Second, we show how our framework can be used to generate datasets to realize these intelligent attacks for evaluating and enhancing MTD techniques. Third, we experimentally demonstrate the feasibility of the proposed machine learning (ML) powered attacks, with an attacker who can determine the MTD trigger time from network traffic using ML, which they can use to maximize their attack window and increase their chances of success.
- Stefan Achleitner, Thomas F. La Porta, Patrick McDaniel, Shridatt Sugrim, Srikanth V. Krishnamurthy, and Ritu Chadha. 2017. Deceiving network reconnaissance using SDN-based virtual topologies. IEEE Transactions on Network and Service Management 14, 4 (Dec. 2017), 1098–1112.Google ScholarDigital Library
- Jin-Hee Cho, Dilli P. Sharma, Hooman Alavizadeh, Seunghyun Yoon, Noam Ben-Asher, Terrence J. Moore, Dong Seong Kim, Hyuk Lim, and Frederica F. Nelson. 2020. Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense. IEEE Communications Surveys Tutorials 22, 1 (2020), 709–745.Google ScholarDigital Library
- Jafar Haadi Jafarian, Ehab Al-Shaer, and Qi Duan. 2014. Spatio-temporal address mutation for proactive cyber agility against sophisticated attackers. In Proceedings of the First ACM Workshop on Moving Target Defense (MTD ’14). ACM, Scottsdale, Arizona, USA, 69–78.Google ScholarDigital Library
- J. H. Jafarian, Amirreza Niakanlahiji, E. Al-Shaer, and Qi Duan. 2016. Multi-dimensional host identity anonymization for defeating skilled attackers. In Proceedings of the 2016 ACM Workshop on Moving Target Defense (MTD ’16). ACM, Vienna, Austria, 47–58.Google ScholarDigital Library
- Nektaria Kaloudi and Jingyue Li. 2020. The AI-based Cyber Threat Landscape: A Survey. Comput. Surveys 53, 1 (Feb. 2020), 20:1–20:34.Google ScholarDigital Library
- Célestin Matte, Mathieu Cunche, Franck Rousseau, and Mathy Vanhoef. 2016. Defeating MAC address randomization through timing attacks. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec ’16). ACM, Darmstadt, Germany, 15–20.Google ScholarDigital Library
- Mininet Project. 2022. Mininet - An Instant Virtual Network on Your Laptop (or other PC). Retrieved 2022-06-27 from https://mininet.org/Google Scholar
- Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani. 2018. Toward generating a new intrusion detection dataset and intrusion traffic characterization.. In 4th International Conference on Information Systems Security and Privacy (ICISSP), Vol. 1. Funchal, Madeira, Portugal, 108–116.Google ScholarCross Ref
- Dilli Prasad Sharma, Dong Seong Kim, Seunghyun Yoon, Hyuk Lim, Jin-Hee Cho, and Terrence J. Moore. 2018. FRVM: flexible random virtual IP multiplexing in software-defined networks. In 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE, New York, NY, USA, 579–587.Google ScholarCross Ref
- Mathy Vanhoef, Célestin Matte, Mathieu Cunche, Leonardo S. Cardoso, and Frank Piessens. 2016. Why MAC address randomization is not enough: An analysis of Wi-Fi network discovery mechanisms. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (ASIA CCS ’16). ACM, Xi’an, China, 413–424.Google ScholarDigital Library
- Yuyang Zhou, Guang Cheng, Shanqing Jiang, Ying Hu, Yuyu Zhao, and Zihan Chen. 2019. A cost-effective shuffling method against DDoS attacks using moving target defense. In Proceedings of the 6th ACM Workshop on Moving Target Defense (MTD ’19). ACM, New York, NY, USA, 57–66.Google ScholarDigital Library
Index Terms
- POSTER: Toward Intelligent Cyber Attacks for Moving Target Defense Techniques in Software-Defined Networking
Recommendations
Game Theory Approaches for Evaluating the Deception-based Moving Target Defense
MTD'22: Proceedings of the 9th ACM Workshop on Moving Target DefenseMoving target defense (MTD) is a proactive defensive mechanism proposed to disrupt and disable potential attacks, thus reversing the defender's disadvantages. Cyber deception is a complementary technique that is often used to enhance MTD by utilizing ...
Moving Target Defense Against Injection Attacks
Algorithms and Architectures for Parallel ProcessingAbstractWith the development of network technology, web services become more convenient and popular. However, web services are also facing serious security threats, especially SQL injection attack(SQLIA). Due to the diversity of attack techniques and the ...
Securing Software-Defined Networks Through Adaptive Moving Target Defense Capabilities
AbstractOver the last decade, Software-Defined Networking (SDN) has become increasingly popular in computer network infrastructures. However, due to its relatively recent implementation, protective measures still need to be fully developed. One ...
Comments