A Software-Defined Approach for Mitigating Insider and External Threats via Moving Target Defense

In cyberspace conflicts, defenders face a significant disadvantage. A single mistake in a defense strategy could irreparably compromise a network infrastructure, while attackers can persistently search for vulnerabilities to exploit. Moreover, adversaries can learn from their errors and refine their methods for subsequent attempts. To bridge this gap, deception techniques such as Active Deception (AD) and Moving Target Defense (MTD) have been introduced as an additional layer of defense to enhance traditional cyber-defense strategies. These techniques aim to deceive attackers, detect their activities, and gather intelligence on their attack methodologies. Existing literature focuses on mitigating specific adversarial strategies, such as scanning or service exploitation, rather than providing a comprehensive defense mechanism against diverse threats from both internal and external sources. To tackle this challenge, our approach leverages the combined capabilities of MTD and honeypots to bolster the security of an enterprise network and gain valuable insights into the attacker's behavior. The system accurately detects the attacker's scanning and exploitation activities, redirecting all their connections towards a Honeynet for further analysis and protection of critical assets. Additionally, proactive and reactive port hopping techniques are strategically employed to confuse and mislead the attacker. Through the implementation of these techniques, our goal is to fortify network defenses, increase the complexity faced by potential attackers, and acquire valuable knowledge about their tactics.