More Web Proxy on the site http://driver.im/

research-article

OpenMTD: A Framework for Efficient Network-Level MTD Evaluation

Authors:

Richard Poschinger,

Raphael Labaca-Castro,

Gabi Dreo RodosekAuthors Info & Claims

MTD'20: Proceedings of the 7th ACM Workshop on Moving Target Defense

Pages 31 - 41

https://doi.org/10.1145/3411496.3421223

Published: 09 November 2020 Publication History

Abstract

Moving Target Defense (MTD) represents a way of defending networked systems on different levels. It mainly focuses on shifting the different surfaces of the protected environment. Existing approaches studied on network-level are Port Hopping (PH), which shifts ports, and Network Address Shuffling (NAS), which steadily alters the network addresses of hosts. As a result, the formerly static attack surface now behaves dynamically whilst the relationship of ports to services and network addresses to hosts can be changed. Most MTD approaches have only been evaluated theoretically and comparisons are still lacking. Hence, based on existing results, it is not possible to contrast implementations like PH and NAS in terms of security and network performance. Finally, implementation details are usually not shared publicly. To mitigate these shortcomings, we developed a hybrid platform that evaluates such techniques and reimplemented PH and NAS with additional features such as connection tracker with fingerprinting service and a honeypot module, which is helpful to bypass attackers attempts. We created a common software platform to integrate approaches using the same gateway components and providing graphic network usability. The environment, named OpenMTD, has been open-sourced and works in a modular fashion allowing for easy extensions and future developments. We show that common attacks, starting with a reconnaissance phase were not able to successfully reach vulnerable hosts that are part of the OpenMTD-protected network. A new worm has been developed to spread across the network and the propagation paths showed that OpenMTD can lay the ground for extending protection mechanisms against self-propagating threats.

References

[1]

Ehab Al-Shaer, Qi Duan, and Jafar Haadi Jafarian. 2013. Random Host Mutation for Moving Target Defense. In Security and Privacy in Communication Networks, Angelos D. Keromytis and Roberto Di Pietro (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 310--327.

[2]

S. Antonatos, P. Akritidis, E. P. Markatos, and K. G. Anagnostakis. 2005. Defending against Hitlist Worms Using Network Address Space Randomization. In Proceedings of the 2005 ACM Workshop on Rapid Malcode. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/1103626.1103633

[3]

Gal Badishi, Amir Herzberg, and Idit Keidar. 2005. Keeping Denial-of-Service Attackers in the Dark. In Distributed Computing, Pierre Fraigniaud (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 18--32.

[4]

Cisco Systems, Inc. 2018. Cisco Global Cloud Index: Forecast and Methodology, 2016-2021 White Paper. https://www.cisco.com/c/en/us/solutions/collateral/service-provider/global-cloud-index-gci/white-paper-c11-738085.html Last accessed 29 January 2020.

[5]

Warren Connell, Massimiliano Albanese, and Sridhar Venkatesan. 2017. A Framework for Moving Target Defense Quantification. In ICT Systems Security and Privacy Protection, Sabrina De Capitani di Vimercati and Fabio Martinelli (Eds.). Springer International Publishing, Cham, 124--138.

[6]

curl Team. [n.d.]. curl - the man page. https://curl.haxx.se/docs/manpage.html Last accessed 4 March 2020.

[7]

Matthew Dunlop, Stephen Groat, William Urbanski, Randy Marchany, and Joseph Tront. 2011. MT6D: A Moving Target IPv6 Defense. In 2011 - MILCOM 2011 Military Communications Conference. 1321--1326. https://doi.org/10.1109/MILCOM.2011.6127486

[8]

Daniel Fraunholz, Daniel Krohmer, Simon Duque Anton, and Hans Dieter Schotten. 2018a. Catch Me If You Can: Dynamic Concealment of Network Entities. In Proceedings of the 5th ACM Workshop on Moving Target Defense (Toronto, Canada) (MTD '18). Association for Computing Machinery, New York, NY, USA, 31--39. https://doi.org/10.1145/3268966.3268970

Digital Library

[9]

Daniel Fraunholz, Daniel Reti, Simon Duque Anton, and Hans Dieter Schotten. 2018b. Cloxy: A Context-Aware Deception-as-a-Service Reverse Proxy for Web Services. In Proceedings of the 5th ACM Workshop on Moving Target Defense (Toronto, Canada) (MTD '18). Association for Computing Machinery, New York, NY, USA, 40--47. https://doi.org/10.1145/3268966.3268973

Digital Library

[10]

Johann George. [n.d.]. qperf - Linux man page. https://linux.die.net/man/1/qperf Last accessed 4 March 2020.

[11]

GNS3. 2020. GNS3 Documentation. https://docs.gns3.com/ Last accessed 16 February 2020.

[12]

Kousaburou Hari and Tadashi Dohi. 2010. Sensitivity Analysis of Random Port Hopping. In 2010 7th International Conference on Ubiquitous Intelligence Computing and 7th International Conference on Autonomic Trusted Computing. 316--321. https://doi.org/10.1109/UIC-ATC.2010.69

[13]

Internet Systems Consortium, Inc. [n.d.]. dig - Linux man page. https://linux.die.net/man/1/dig Last accessed 5 March 2020.

[14]

Jafar Haadi Jafarian, Ehab Al-Shaer, and Qi Duan. 2012. Openflow Random Host Mutation: Transparent Moving Target Defense Using Software Defined Networking. In Proceedings of the First Workshop on Hot Topics in Software Defined Networks (Helsinki, Finland) (HotSDN '12). Association for Computing Machinery, New York, NY, USA, 127--132. https://doi.org/10.1145/2342441.2342467

Digital Library

[15]

Jafar Haadi H. Jafarian, Ehab Al-Shaer, and Qi Duan. 2014. Spatio-Temporal Address Mutation for Proactive Cyber Agility against Sophisticated Attackers. In Proceedings of the First ACM Workshop on Moving Target Defense (Scottsdale, Arizona, USA) (MTD '14). Association for Computing Machinery, New York, NY, USA, 69--78. https://doi.org/10.1145/2663474.2663483

Digital Library

[16]

Hyo jin Lee, Myung sup Kim, James W. Hong, and Gil haeng Lee. 2002. QoS Parameters to Network Performance Metrics Mapping for SLA Monitoring. http://mail.apnoms.org/knom/knom-review/v5n2/4.pdf

[17]

Dorene Kewley, Russ Fink, John Lowry, and Mike Dean. 2001. Dynamic approaches to thwart adversary intelligence gathering. In Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01, Vol. 1. 176--185 vol.1. https://doi.org/10.1109/DISCEX.2001.932214

[18]

Henry C. J. Lee and Vrizlynn L. L. Thing. 2004. Port hopping for resilient networks. In IEEE 60th Vehicular Technology Conference, 2004. VTC2004-Fall. 2004, Vol. 5. 3291--3295 Vol. 5. https://doi.org/10.1109/VETECF.2004.1404672

[19]

Lockheed Martin Corporation. 2015. Cisco Global Cloud Index: Forecast and Methodology, 2016-2021 White Paper. https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/Gaining_the_Advantage_Cyber_Kill_Chain.pdf Last accessed 13 February 2020.

[20]

Yue-Bin Luo, Baosheng Wang, and Gui-Lin Cai. 2015. Analysis of Port Hopping for Proactive Cyber Defense. In International Journal of Security and Its Applications, Vol. 9. 123--134. https://doi.org/10.14257/ijsia.2015.9.2.12

[21]

Gordon Lyon. [n.d.]. Nmap Referece Guide. https://nmap.org/book/man.html Last accessed 7 March 2020.

[22]

David Mills. 2008. Network Time Synchronization Research Project. https://www.eecis.udel.edu/ mills/ntp.html Last accessed 25 February 2020.

[23]

Jeffrey Mogul and Jon Postel. 1985. Internet Standard Subnetting Procedure. STD 5. RFC Editor. http://www.rfc-editor.org/rfc/rfc950.txt http://www.rfc-editor.org/rfc/rfc950.txt.

[24]

R. Mohtasin, P. W. C. Prasad, A. Alsadoon, G. Zajko, A. Elchouemi, and A. K. Singh. 2016. Development of a virtualized networking lab using GNS3 and VMware workstation. In 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET). 603--609. https://doi.org/10.1109/WiSPNET.2016.7566205

[25]

Jon Postel. 1980. User Datagram Protocol. STD 6. RFC Editor. http://www.rfc-editor.org/rfc/rfc768.txt http://www.rfc-editor.org/rfc/rfc768.txt.

[26]

Jon Postel. 1981. Transmission Control Protocol. STD 7. RFC Editor. http://www.rfc-editor.org/rfc/rfc793.txt http://www.rfc-editor.org/rfc/rfc793.txt.

[27]

r00t 3xp10it. [n.d.]. mass_exploiter. https://gist.github.com/r00t-3xp10it/7278942915a0514cecd73fd94a070b42 Last accessed 7 March 2020.

[28]

Poschinger Richard. 2020 a. NetWorm, a benchmarking worm for MTD analysis. https://github.com/rposchinger/networm_py3

[29]

Poschinger Richard. 2020 b. OpenMTD: A framework for efficient MTD evaluation. https://github.com/rposchinger/OpenMTD

[30]

Boris Rogier. 2016. Measuring Network Performance: Links Between Latency, Throughput and Packet Loss. https://accedian.com/enterprises/blog/measuring-network-performance-latency-throughput-packet-loss/ Last accessed 5 March 2020.

[31]

H. Singh, W. Beebee, and E. Nordmark. 2010. IPv6 Subnet Model: The Relationship between Links and Subnet Prefixes. RFC 5942. RFC Editor. http://www.rfc-editor.org/rfc/rfc5942.txt http://www.rfc-editor.org/rfc/rfc5942.txt.

[32]

The Apache Software Foundation. [n.d.]. ab - Apache HTTP server benchmarking tool. https://httpd.apache.org/docs/2.4/programs/ab.html Last accessed 5 March 2020.

[33]

Gernot Vormayr. 2019. fnfqueue. https://pypi.org/project/fnfqueue/ Last accessed 23 February 2020.

[34]

Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham. 2003. A Taxonomy of Computer Worms. In Proceedings of the 2003 ACM Workshop on Rapid Malcode (Washington, DC, USA) (WORM '03). Association for Computing Machinery, New York, NY, USA, 11--18. https://doi.org/10.1145/948187.948190

Digital Library

[35]

Justin Yackoski, Peng Xie, Harry Bullen, Jason Li, and Kun Sun. 2011. A Self-shielding Dynamic Network Architecture. In 2011 - MILCOM 2011 Military Communications Conference. 1381--1386. https://doi.org/10.1109/MILCOM.2011.6127498

Cited By

Abdelhay ZBello YRefaey A(2024)Toward Zero-Trust 6GC: A Software Defined Perimeter Approach with Dynamic Moving Target Defense MechanismIEEE Wireless Communications10.1109/MWC.001.230035831:2(74-80)Online publication date: Apr-2024
https://doi.org/10.1109/MWC.001.2300358
Sun SXu GHan L(2023)A Node Confidence Determination Based Moving Target Defense Strategy for SDN2023 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC)10.1109/CyberC58899.2023.00051(281-288)Online publication date: 2-Nov-2023
https://doi.org/10.1109/CyberC58899.2023.00051
Ma DTang ZSun XGuo LWang LChen KOkhravi HWang C(2022)Game Theory Approaches for Evaluating the Deception-based Moving Target DefenseProceedings of the 9th ACM Workshop on Moving Target Defense10.1145/3560828.3563995(67-77)Online publication date: 11-Nov-2022
https://dl.acm.org/doi/10.1145/3560828.3563995
Show More Cited By

Index Terms

OpenMTD: A Framework for Efficient Network-Level MTD Evaluation
1. Networks
  1. Network properties
    1. Network security
2. Security and privacy
  1. Network security

Recommendations

Towards a Theory of Moving Target Defense
MTD '14: Proceedings of the First ACM Workshop on Moving Target Defense

The static nature of cyber systems gives attackers the advantage of time. Fortunately, a new approach, called the Moving Target Defense (MTD) has emerged as a potential solution to this problem. While promising, there is currently little research to ...
A Theory of Cyber Attacks: A Step Towards Analyzing MTD Systems
MTD '15: Proceedings of the Second ACM Workshop on Moving Target Defense

Moving Target Defenses (MTD) have been touted as a game changing approach to computer security that eliminates the static nature of current computer systems -- an attacker's biggest advantage. While promising, the dynamism of MTD introduces challenges ...
Moving Target Defense Against Injection Attacks
Algorithms and Architectures for Parallel Processing
Abstract
With the development of network technology, web services become more convenient and popular. However, web services are also facing serious security threats, especially SQL injection attack(SQLIA). Due to the diversity of attack techniques and the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

MTD'20: Proceedings of the 7th ACM Workshop on Moving Target Defense

November 2020

96 pages

ISBN:9781450380850

DOI:10.1145/3411496

Program Chairs:
Hamed Okhravi
MIT Lincoln Laboratory
,
Cliff Wang
US Army Research Office

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 November 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

H2020 LEIT Information and Communication Technologies

Conference

CCS '20

Sponsor:

SIGSAC

CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security

November 9, 2020

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 40 of 92 submissions, 43%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
286
Total Downloads

Downloads (Last 12 months)71
Downloads (Last 6 weeks)2

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Abdelhay ZBello YRefaey A(2024)Toward Zero-Trust 6GC: A Software Defined Perimeter Approach with Dynamic Moving Target Defense MechanismIEEE Wireless Communications10.1109/MWC.001.230035831:2(74-80)Online publication date: Apr-2024
https://doi.org/10.1109/MWC.001.2300358
Sun SXu GHan L(2023)A Node Confidence Determination Based Moving Target Defense Strategy for SDN2023 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC)10.1109/CyberC58899.2023.00051(281-288)Online publication date: 2-Nov-2023
https://doi.org/10.1109/CyberC58899.2023.00051
Ma DTang ZSun XGuo LWang LChen KOkhravi HWang C(2022)Game Theory Approaches for Evaluating the Deception-based Moving Target DefenseProceedings of the 9th ACM Workshop on Moving Target Defense10.1145/3560828.3563995(67-77)Online publication date: 11-Nov-2022
https://dl.acm.org/doi/10.1145/3560828.3563995
Espinoza AWood RForrest STiwari M(2022)Back to the future: N-Versioning of Microservices2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN53405.2022.00049(415-427)Online publication date: Jun-2022
https://doi.org/10.1109/DSN53405.2022.00049

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents