On the Defense Advantages of Network Address Shuffling Against Different Scanning Attacks

被引：0

作者：

Wang Kai ^{[1
,2
]}

Chen Xinhua ^{[3
]}

Chen Xi ^{[2
,4
]}

Wu Zehui ^{[2
]}

机构：

[1] Tianjin Univ, Sch Elect & Informat Engn, Tianjin 300072, Peoples R China

[2] PLA Strateg Support Force Informat Engn Univ, Inst Cyberspace Secur, Zhengzhou 450000, Henan, Peoples R China

[3] Zhengzhou Presch Educ Coll, Dept Comp, Zhengzhou 450000, Henan, Peoples R China

[4] State Key Lab Math Engn & Adv Comp, Wuxi 214125, Peoples R China

来源：

JOURNAL OF ELECTRONICS & INFORMATION TECHNOLOGY | 2018年 / 40卷 / 04期

基金：

中国国家自然科学基金;

关键词：

Moving target defense; Network address shuffling; Probabilistic model; Defense advantages;

D O I：

10.11999/JEIT170105

中图分类号：

TM [电工技术]; TN [电子技术、通信技术];

学科分类号：

0808 ; 0809 ;

摘要：

Network address shuffling invalidates the address information collected by the attacker with dynamically changing or remapping the host's network addresses, however, the defense performance of network address shuffling decreases when against scanning attacks which launch attacks at the same time of discovering targets, and few studies analyze theoretically different defense advantages of network address shuffling against scanning attacks of different scanning strategies. In this paper, two strategies of network address shuffling are considered: uniform shuffling and non-repeat shuffling. It presents probabilistic models of scanning attacks in the static address and network address shuffling environments, which analyzes both the probability of the attacker hitting at least one host and the number of hosts hit by the attacker. Then, the defense advantages of both network address shuffling strategies are theoretically calculated and compared with the static address environment. Analysis results indicate that both shuffling strategies have no defense advantages against repeatable scanning attack compared with the static address environment; uniform shuffling has probability advantage against non-repeat scanning attack only when the hosts number is small, and non-repeat shuffling has significant ratio advantage only when the hosts number accounts for a small proportion in the network space size.

引用

页码：794 / 801

页数：8

共 20 条

[1] Al-Shaer E., 2012, P INT C SECURITY PRI, P310, DOI DOI 10.1007/978-3-642-36883-7_19
[2] Defending against hitlist worms using network address space randomization
Antonatos, S.
Akritidis, P.
Markatos, E. P.
Anagnostakis, K. G.
[J]. COMPUTER NETWORKS, 2007, 51 (12) : 3471 - 3490
[3] Atighetchi M, 2003, ISORC 2003: SIXTH IEEE INTERNATIONAL SYMPOSIUM ON OBJECT-ORIENTED REAL-TIME DISTRIBUTED COMPUTING, PROCEEDINGS, P183
[4] Cai GL, 2016, INT CONF ADV COMMUN, P185, DOI 10.1109/ICACT.2016.7423322
[5] Carroll TE, 2014, IEEE ICC, P701, DOI 10.1109/ICC.2014.6883401
[6] Crouse M., 2015, P 2 ACM WORKSHOP MOV, P21, DOI [DOI 10.1145/2808475.2808480, 10.1145/2808475.2808480]
[7] Dunlop M, 2011, 2011 - MILCOM 2011 MILITARY COMMUNICATIONS CONFERENCE, P1321, DOI 10.1109/MILCOM.2011.6127486
[8] Green M., 2015, P 2 ACM WORKSHOP MOV, P31, DOI DOI 10.1145/2808475.2808484
[9] Jafarian J, 2012, P 1 WORKSH HOT TOP S, P127, DOI [DOI 10.1145/2342441.2342467, 10.1145/2342441.2342467]
[10] An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks
Jafarian, Jafar Haadi
Al-Shaer, Ehab
Duan, Qi
[J]. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2015, 10 (12) : 2562 - 2577

← 1 2 →