Abstract
Network servers and applications commonly use static IP addresses and communication ports, making themselves easy targets for network reconnaissances and attacks. Moving target defense (MTD) is an innovatory and promising proactive defense technique. In this paper, we develop a novel MTD mechanism, called Random Port and Address Hopping (RPAH). The goal of RPAH is to hide network servers and applications and resist network reconnaissances and attacks by constantly changing their IP addresses and ports. In order to enhance the unpredictability, RPAH integrates source identity, service identity and temporal parameter in the hopping to provide three hopping frequencies, i.e., source hopping, service hopping and temporal hopping. RPAH provides high unpredictability and the maximum hopping diversities by introducing port and address demultiplexing mechanism, and provides a convenient attack detection mechanism with which the messages from attackers using invalid or inactive addresses/ports will be conveniently detected and denied. Our experiments and evaluation on campus network and PlanetLab show that RPAH is effective in resisting various network reconnaissance and attack models such as network scanning and worm propagation, while introducing an acceptable operation overhead.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
