Random Host and Service Multiplexing for Moving Target Defense in Software-Defined Networks

Abstract

Moving target defense (MTD) is a proactive defense mechanism of changing the attack surface to increase an attacker's confusion and/or uncertainty, which invalidates its intelligence gained through reconnaissance and/or network scanning attacks. In this work, we propose software-defined networking (SDN)-based MTD technique using the shuffling of IP addresses and port numbers aiming to obfuscate both network and transport layers' real identities of the host and the service for defending against the network reconnaissance and scanning attacks. We call our proposed MTD technique Random Host and Service Multiplexing, namely RHSM. RHSM allows each host to use random, multiple virtual IP addresses to be dynamically and periodically shuffled. In addition, it uses short-lived, multiple virtual port numbers for an active service running on the host. Our proposed RHSM is novel in that we employ multiplexing (or de-multiplexing) to dynamically change and remap from all the virtual IPs of the host to the real IP or the virtual ports of the services to the real port, respectively. Via extensive simulation experiments, we prove how effectively and efficiently RHSM outperforms a baseline counterpart (i.e., a static network without RHSM) in terms of the attack success probability and defense cost.