Title :
SDN-based solutions for Moving Target Defense network protection
Author :
Kampanakis, Panos ; Perros, Harry ; Beyene, Tsegereda
Author_Institution :
Security Res. & Oper., Cisco Syst., San Jose, CA, USA
Abstract :
Software-Defined Networking (SDN) allows network capabilities and services to be managed through a central control point. Moving Target Defense (MTD) on the other hand, introduces a constantly adapting environment in order to delay or prevent attacks on a system. MTD is a use case where SDN can be leveraged in order to provide attack surface obfuscation. In this paper, we investigate how SDN can be used in some network-based MTD techniques. We first describe the advantages and disadvantages of these techniques, the potential countermeasures attackers could take to circumvent them, and the overhead of implementing MTD using SDN. Subsequently, we study the performance of the SDN-based MTD methods using Cisco´s One Platform Kit and we show that they significantly increase the attacker´s overheads.
Keywords :
computer network security; Cisco One Platform Kit; SDN-based MTD methods; SDN-based solutions; attack surface obfuscation; central control point; countermeasures attackers; moving target defense network protection; network-based MTD techniques; software-defined networking; Algorithm design and analysis; Delays; Payloads; Ports (Computers); Reconnaissance; Servers; Cisco onePK; MTD; Moving Target Defense; SDN; Software Defined Networks;
Conference_Titel :
World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2014 IEEE 15th International Symposium on a
Conference_Location :
Sydney, NSW
DOI :
10.1109/WoWMoM.2014.6918979
