Abstract
Scanning attack is normally the first step of many other network attacks such as DDoS and propagation worm. Because of easy implementation and high returns, scanning attack especially cooperative scanning attack is widely used by hackers, which has become a serious threat to network security. In order to defend against scanning attack, this paper proposes an adaptive IP hopping in software defined network for moving target defense (MTD). In order to accurately respond to attacker’s behavior in real time, a light-weight convolutional neural network (CNN) detector composed of three convolutional modules and a judgment module is proposed to sense scanning attack. Input data of the detector is generated via designed packets sampling and data preprocess. The detection result of the detector is used to trigger IP hopping. In order to provide some fault tolerance for the CNN detector, IP hopping can also be triggered by a preset timer. The CNN driving adaptability is applied to a three-level hopping strategy to make the MTD system optimize its behavior according to real time attack. Experiments show that compared with existing technologies, our proposed method can significantly improve the defense effect to mitigate scanning attack and its subsequent attacks which are based on hit list. Hopping frequency of the proposed method is also lower than that of other methods, so the proposed method shows lower system overhead.
Highlights
According to Symantec’s 2019 report [1], a growing number of people and organizations display an interest in compromising operational computers via network. e static properties of network make the state and behavior of information system predictable, so attackers can launch attack effectively, and escape detection [2]
Attackers will know which hosts in the network are potential targets according to the response packets received, while IP hopping technology frequently changes the used IP addresses of protected hosts
Researches of IP hopping for Moving Targets Defense (MTD) can be classified into two categories according to implementation platform, which are legacy network and software defined network (SDN)
Summary
According to Symantec’s 2019 report [1], a growing number of people and organizations display an interest in compromising operational computers via network. e static properties of network make the state and behavior of information system predictable, so attackers can launch attack effectively, and escape detection [2]. IP hopping is one of the key technologies of MTD It frequently changes IP addresses of protected nodes in network in order to prevent attackers from creating effective hit list. Existing researches [4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22] have proved that IP hopping technology is an effective method to defend against scanning attack which is normally the first step of many other network attacks such as DDoS [23] and propagation worm [24]. Is paper proposes a novel adaptive IP hopping defense method in SDN. Experiments show that our proposed method can significantly improve the survival rate of protected hosts under scanning attack while reducing the average lifetime of targets in attackers’ hit list to avoid DDoS and other subsequent attacks.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
