A Port-Hopping Technology against Remote Attacks and Its Effectiveness Evaluation

Abstract

Traditional network defense approaches are insufficient to deal with new types of network threats. Active defense approaches based on software-defined networks helps to solve this problem, which includes random port-hopping technology. Existing port-hopping approaches have problems such as the inability to completely hide the service port and the complicated hopping mechanism. What is more, there is no strict demonstration of the security effectiveness evaluation of random port hopping and its influencing factors. In this paper, a hidden services port-hopping approach and several models are proposed to solve these existing problems. Firstly, the algorithm, protocol, and flow update process of the method are presented. Secondly, according to the conceptual model of network attack and the network attack and defense model, the mathematical model of network attack is proposed to evaluate the security effectiveness of random port hopping. Furthermore, the resource layer and attack surface are redefined and the conceptual model of random port hopping is proposed to reveal the security mechanism of random port hopping more figuratively. After that, the factors that influence the security effectiveness of random port hopping are analyzed. Finally, both experiments and theoretical analysis show that hidden services port hopping is an effective active defense technology and the factors that influence the probability of a successful attack include the time interval of port hopping, the size of port-hopping space, and the number of vulnerable ports.