Moving target defense against network reconnaissance with softwaredefined networking

Li Wang, Dinghao Wu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

Online hosts and networks are easy targets of network attacks due to their static nature, which creates an information asym- metry and makes them easy to attack and hard to defend. To break the asymmetry, Moving Target Defense was proposed to bring uncertainties to computer systems. It can be applied to all levels of protections, cov- ering applications, system software, operating systems, and networks. In this paper, we present, Sniffer Reflector, a new method to practice Moving Target Defense against network reconnaissance, which is usually considered as the very first step of most attacks. Sniffer Reflector employs Software-Defined Networking to disturb network reconnaissance. We use virtualization to provide an obfuscated reconnaissance result for attack- ers. Our method can be easily combined with existing security tools for network forensics as well. We have developed a prototype in a virtual local area network. Our experiment results show that Sniffer Reflector is effective and efficient in blurring various network reconnaissance.

Original languageEnglish (US)
Title of host publicationInformation Security - 19th International Conference, ISC 2016, Proceedings
EditorsMatt Bishop, Anderson C.A. Nascimento
PublisherSpringer Verlag
Pages203-217
Number of pages15
ISBN (Print)9783319458700
DOIs
StatePublished - Jan 1 2016
Event19th Annual International Conference on Information Security, ISC 2016 - Honolulu, United States
Duration: Sep 3 2016Sep 6 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9866 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other19th Annual International Conference on Information Security, ISC 2016
CountryUnited States
CityHonolulu
Period9/3/169/6/16

Fingerprint

Moving Target
Networking
Local area networks
Computer systems
Reflector
Experiments
Attack
Information Asymmetry
Software defined networking
Uncertainty
Digital forensics
Virtualization
Operating Systems
Software System
Asymmetry
Prototype
Target
Software

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Wang, L., & Wu, D. (2016). Moving target defense against network reconnaissance with softwaredefined networking. In M. Bishop, & A. C. A. Nascimento (Eds.), Information Security - 19th International Conference, ISC 2016, Proceedings (pp. 203-217). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9866 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-45871-7_13
Wang, Li ; Wu, Dinghao. / Moving target defense against network reconnaissance with softwaredefined networking. Information Security - 19th International Conference, ISC 2016, Proceedings. editor / Matt Bishop ; Anderson C.A. Nascimento. Springer Verlag, 2016. pp. 203-217 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{acb7996a98ec48259c0ffbde4005d352,
title = "Moving target defense against network reconnaissance with softwaredefined networking",
abstract = "Online hosts and networks are easy targets of network attacks due to their static nature, which creates an information asym- metry and makes them easy to attack and hard to defend. To break the asymmetry, Moving Target Defense was proposed to bring uncertainties to computer systems. It can be applied to all levels of protections, cov- ering applications, system software, operating systems, and networks. In this paper, we present, Sniffer Reflector, a new method to practice Moving Target Defense against network reconnaissance, which is usually considered as the very first step of most attacks. Sniffer Reflector employs Software-Defined Networking to disturb network reconnaissance. We use virtualization to provide an obfuscated reconnaissance result for attack- ers. Our method can be easily combined with existing security tools for network forensics as well. We have developed a prototype in a virtual local area network. Our experiment results show that Sniffer Reflector is effective and efficient in blurring various network reconnaissance.",
author = "Li Wang and Dinghao Wu",
year = "2016",
month = "1",
day = "1",
doi = "10.1007/978-3-319-45871-7_13",
language = "English (US)",
isbn = "9783319458700",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "203--217",
editor = "Matt Bishop and Nascimento, {Anderson C.A.}",
booktitle = "Information Security - 19th International Conference, ISC 2016, Proceedings",
address = "Germany",

}

Wang, L & Wu, D 2016, Moving target defense against network reconnaissance with softwaredefined networking. in M Bishop & ACA Nascimento (eds), Information Security - 19th International Conference, ISC 2016, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9866 LNCS, Springer Verlag, pp. 203-217, 19th Annual International Conference on Information Security, ISC 2016, Honolulu, United States, 9/3/16. https://doi.org/10.1007/978-3-319-45871-7_13

Moving target defense against network reconnaissance with softwaredefined networking. / Wang, Li; Wu, Dinghao.

Information Security - 19th International Conference, ISC 2016, Proceedings. ed. / Matt Bishop; Anderson C.A. Nascimento. Springer Verlag, 2016. p. 203-217 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9866 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Moving target defense against network reconnaissance with softwaredefined networking

AU - Wang, Li

AU - Wu, Dinghao

PY - 2016/1/1

Y1 - 2016/1/1

N2 - Online hosts and networks are easy targets of network attacks due to their static nature, which creates an information asym- metry and makes them easy to attack and hard to defend. To break the asymmetry, Moving Target Defense was proposed to bring uncertainties to computer systems. It can be applied to all levels of protections, cov- ering applications, system software, operating systems, and networks. In this paper, we present, Sniffer Reflector, a new method to practice Moving Target Defense against network reconnaissance, which is usually considered as the very first step of most attacks. Sniffer Reflector employs Software-Defined Networking to disturb network reconnaissance. We use virtualization to provide an obfuscated reconnaissance result for attack- ers. Our method can be easily combined with existing security tools for network forensics as well. We have developed a prototype in a virtual local area network. Our experiment results show that Sniffer Reflector is effective and efficient in blurring various network reconnaissance.

AB - Online hosts and networks are easy targets of network attacks due to their static nature, which creates an information asym- metry and makes them easy to attack and hard to defend. To break the asymmetry, Moving Target Defense was proposed to bring uncertainties to computer systems. It can be applied to all levels of protections, cov- ering applications, system software, operating systems, and networks. In this paper, we present, Sniffer Reflector, a new method to practice Moving Target Defense against network reconnaissance, which is usually considered as the very first step of most attacks. Sniffer Reflector employs Software-Defined Networking to disturb network reconnaissance. We use virtualization to provide an obfuscated reconnaissance result for attack- ers. Our method can be easily combined with existing security tools for network forensics as well. We have developed a prototype in a virtual local area network. Our experiment results show that Sniffer Reflector is effective and efficient in blurring various network reconnaissance.

UR - http://www.scopus.com/inward/record.url?scp=84988446563&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84988446563&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-45871-7_13

DO - 10.1007/978-3-319-45871-7_13

M3 - Conference contribution

SN - 9783319458700

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 203

EP - 217

BT - Information Security - 19th International Conference, ISC 2016, Proceedings

A2 - Bishop, Matt

A2 - Nascimento, Anderson C.A.

PB - Springer Verlag

ER -

Wang L, Wu D. Moving target defense against network reconnaissance with softwaredefined networking. In Bishop M, Nascimento ACA, editors, Information Security - 19th International Conference, ISC 2016, Proceedings. Springer Verlag. 2016. p. 203-217. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-45871-7_13