Moving target defense solution on network layer based on OpenFlow

Yi-xun HU; Kang-feng ZHENG; Yi-xian YANG; Xin-xin NIU

doi:10.11959/j.issn.1000-436x.2017202

您当前的位置：

首页 >

文章列表页 >

Moving target defense solution on network layer based on OpenFlow

Papers | 更新时间：2024-06-05

- Moving target defense solution on network layer based on OpenFlow
- Journal on Communications Vol. 38, Issue 10, Pages: 102-112(2017)
- 作者机构：
  
  1. 北京邮电大学网络空间安全学院，北京 100876
  2. 贵州大学公共大数据国家重点实验室，贵州贵阳 550025
- 作者简介：
- 基金信息：
  
  The National Key Research and Development Program of China(2017YFB0802703);The National Natural Science Foundation of China(61602052)
- DOI：10.11959/j.issn.1000-436x.2017202
  CLC： TN915.08
- Online First：2017-10，
  
  Published：25 October 2017
- 稿件说明：
移动端阅览
Yi-xun HU, Kang-feng ZHENG, Yi-xian YANG, et al. Moving target defense solution on network layer based on OpenFlow[J]. Journal on Communications, 2017, 38(10): 102-112.
DOI：

Yi-xun HU, Kang-feng ZHENG, Yi-xian YANG, et al. Moving target defense solution on network layer based on OpenFlow[J]. Journal on Communications, 2017, 38(10): 102-112. DOI： 10.11959/j.issn.1000-436x.2017202.

摘要

为在网络攻防博弈中占据主动地位，利用OpenFlow网络结构提供的网络灵活性，提出一个基于OpenFlow的网络层移动目标防御方案。在网络层，通过对防护区域内通信中的每一跳网络地址进行伪随机变换，对跨区域网络通信的出口端口进行伪随机映射，从而实现通信节点的隐藏以及网络结构的保护。实验表明，该方案有效可行。相比于现有移动目标防御方案，该方案易部署、兼容性好，并实现了节点全网的通信保护。

Abstract

In order to take an active part in network attack and defense

a moving target defense solution on network layer based on OpenFlow was proposed

using the flexibility of network brought by OpenFlow network architecture.On the network layer

through mapping the correspondent nodes’ addresses to pseudo-random virtual addresses in the LAN and mapping correspondent nodes’ ports to virtual ports

achieving the hiding of correspond nodes in the whole network and the information of network architecture.Researches verify the system’s effectiveness.Comparing with existing moving target defense solutions

the proposed algorithm can be deployed easily in the traditional network

and realize comprehensive protection of the corresponding in the whole network.

关键词

Keywords

references

石乐义 , 贾春福 , 吕述望 . 基于端信息跳变的主动网络防护研究 [J ] . 通信学报 , 2008 , 29 ( 2 ): 106 - 10 .

SHI L Y , JIA C F , LYU S W . Research on end hopping for active network confrontation [J ] . Journal on Communications , 2008 , 29 ( 2 ): 106 - 10 .

蔡桂林 , 王宝生 , 王天佐 , 等 . 移动目标防御技术研究进展 [J ] . 计算机研究与发展 , 53 ( 5 ): 968 - 987 .

CAI G L , WANG B S , WANG T Z , et al . Research and development of moving target defense technology [J ] . Journal of Computer Research and Development , 53 ( 5 ): 968 - 987 .

JACKSON T , SALAMAT B , HOMESCU A , et al . Compiler-generated software diversity [J ] . Moving Target Defense , 2011 : 77 - 98 .

VIKRAM S , YANG C , GU G . Nomad:towards non-intrusive moving-target defense against Web bots [C ] // Communications and Network Security (CNS) . 2013 : 55 - 63 .

PORTOKALIDIS G , KEROMYTIS A D . Global ISR:toward a comprehensive defense against unauthorized code execution [J ] . Moving Target Defense , 2011 : 49 - 76 .

LUCAS B , FULP E W , JOHN D J , et al . An initial framework for evolving computer configurations as a moving target defense [C ] // The 9th Annual Cyber and Information Security Research Conference . 2014 : 69 - 72 .

APPLEGATE S D , . The principle of maneuver in cyber operations [C ] // 2012 4th International Conference on Cyber Conflict (CYCON 2012) . 2012 : 1 - 13 .

CAI G L , WANG B S , LUO Y B , et al . Characterizing the running patterns of moving target defense mechanisms [C ] // 2016 18th International Conference on Advanced Communication Technology (ICACT) . 2016 : 191 - 196 .

TOMMY C , XIONG K Q . Dynamic generation containment systems (DGCS):a moving target defense approach [C ] // 3rd International Workshop on Emerging Ideas and Trends in Engineering of Cyber-Physical Systems (EITEC) . 2016 : 11 - 16 .

KIRKPATRICK K . Software-defined networking [J ] . Communications of the ACM , 2013 .

MCKEOWN N , ANDERSON T , BALAKRISHNAN H , et al . OpenFlow:enabling innovation in campus networks [C ] // ACM SIGCOMM Computer Communication Review . 2008 : 69 - 74 .

JAFARIAN JH , AL-SHAER E , DUAN Q . OpenFlow random host mutation:transparent moving target defense using software defined networking [C ] // The first Workshop on Hot Topics in Software Defined Networks . 2012 : 127 - 132 .

AL-SHAER E , DUAN Q , JAFARIAN J H . Random host mutation for moving target defense [C ] // SecureComm . 2012 : 310 - 327 .

WANG S L , ZHANG L , TANG C J . A new dynamic address solution for moving target defense [C ] // Information Technology,Networking,Electronic and Automation Control Conference . 2016 : 1149 - 1152 .

Views

1920

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Design of key technologies for intranet dynamic gateway based on DPDK

Markov games and multi-agent reinforcement learning based decision-making method for cloud-native moving target defense

Research on mimic decision method based on deep learning

Active defense technology against intelligent jammer

Design of self-adaptive spatio-temporal diversity joint scheduling strategy

Related Author

Dacheng ZHOU

Shumin HUO

Guozhen CHENG

Weizhen HE

Fucai CHEN

QI Gaoxin

TAN Jinglei

ZHANG Hengwei

Related Institution

National Digital Switching System Engineering and Technological R＆D Center

School of Cryptography Engineering, Information Engineering University

Key Laboratory of Cyberspace Security, Ministry of Education

Institute of Information Technology, Information Engineering University

Songshan Laboratory

AI问答

⁰