INMTD: Intent-based Moving Target Defense Framework using Software Defined Networks

Authors

  • M. F. Hyder Department of Software Engineering, NED University of Engineering & Technology, Pakistan
  • M. A. Ismail Department of Computer and Information Systems Engineering, NED University of Engineering & Technology, Pakistan
Volume: 10 | Issue: 1 | Pages: 5142-5147 | February 2020 | https://doi.org/10.48084/etasr.3266

Abstract

Intent-Based Networking (IBN) is an emerging networking paradigm while Moving Target Defense (MTD) is an active security technique. In this paper, the Intent-based Moving Target Defense (INMTD) framework using Software Defined Networks is proposed. INMTD is the first effort in exploiting IBN for the design of an efficient Moving Target Defense (MTD) framework. INMTD uses the concept of shadow servers in order to counter the first stage of cyber-attacks, i.e. reconnaissance attacks targeted against servers running in SDN networks. INMTD comprises of an MTD application running on an SDN controller. The MTD application has reconnaissance detection, MTD movement, and MTD monitoring modules. The MTD application is integrated with the intent-based northbound API of SDN controller. INMTD not only provides protection against probing attacks, but it also provides high availability due to shadow servers. The proposed framework was implemented using Mininet and ONOS SDN controller. The proposed framework was assessed in terms of defender cost, attacker’s effort, and introduced complexity in the system. The results substantiate the efficient protection against reconnaissance attacks at lower computational cost.

Keywords:

cyber kill chain, intent-based networking, moving target defense, software defined networks, SDN security

Downloads

Download data is not yet available.

Metrics

Metrics Loading ...

References

A. Aydeger, N. Saputro, K. Akkaya, “A moving target defense and network forensics framework for ISP networks using SDN and NFV”, Future Generation Computer Systems, Vol. 94, No. 1, pp. 496-509, 2019 DOI: https://doi.org/10.1016/j.future.2018.11.045

F. Chong, R. B. Lee, C. Vishik, A. Acquisti, W. Horne, C. Palmer, A. K. Ghosh, D. Pendarakis, W. Sanders, E. Fleischman, H. Teufel, G. Tsudik, D. Dasgupta, S. Hofmeyr, L. Weinberger, National cyber leap year summit 2009: Co-chairs’ report, NITRD Program, 2009

J. Zheng, A. S. Namin, “A survey on the moving target defense strategies: An architectural perspective”, Journal of Computer Science and Technology, Vol. 34, No. 1, pp. 207-233, 2019 DOI: https://doi.org/10.1007/s11390-019-1906-z

S. Nimmagadda, R. Kumar, P. T. Seshadri, Intent-based network security policy modification, US Patent Application Publication No. US 2019/0007453 A1, 2019

C. Janz, N. Davis, D. Hood, M. Lemay, D. Lenrow, L. Fengkai, F. Schneider, J. Strassner, A. Veitch, Intent nbi–definition and principles, Open Networking Foundation, 2015

B. G. Assefa, O. Ozkasap, “A survey of energy efficiency in SDN: Software-based methods and optimization models”, Journal of Network and Computer Applications, Vol. 137, No. 1, pp. 127-143, 2019 DOI: https://doi.org/10.1016/j.jnca.2019.04.001

F. Canellas, A. Mimidis, N. Bonjorn, J. Soler, “Policy framework prototype for ONOS”, IEEE Conference on Network Softwarization, Paris, France, June 24-28, 2019 DOI: https://doi.org/10.1109/NETSOFT.2019.8806691

T. Dargahi, A. Dehghantanha, P. N. Bahrami, M. Conti, G. Bianchi, L. Benedetto, “A cyber-kill-chain based taxonomy of crypto-ransomware features”, Journal of Computer Virology and Hacking Techniques, Vol. 15, No. 4, pp. 277-305, 2019 DOI: https://doi.org/10.1007/s11416-019-00338-7

P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O. Connor, P. Radoslavov, W. Snow, G. Parulkar, “ONOS: Towards an open, distributed SDN OS”, Hot Topics in Software Defined Networking, Chicago, USA, August 22, 2014

D. Comer, A. Rastegatnia, “OSDF: An intent-based software defined network programming framework”, 43rd Conference on Local Computer Networks, Chicago, USA, October 1-4, 2018 DOI: https://doi.org/10.1109/LCN.2018.8638149

R. Cohen, K. Barabash, B. Rochwerger, L. Schour, D. Crisan, R. Birke, C. Minkenberg, M. Gusat, R. Recio, V. Jain, “An intent-based approach for network virtualization”, IFIP/IEEE International Symposium on Integrated Network Management, Ghent, Belgium, May 27-31, 2013

G. Davoli, W. Cerroni, S. Tomovic, C. Buratti, C. Contoli, F. Callegati, “Intent-based service management for heterogeneous software defined infrastructure domains”, International Journal of Network Management, Vol. 29, No. 1, pp. 46-67, 2019 DOI: https://doi.org/10.1002/nem.2051

T. Szyrkowiec, M. Santuari, M. Chamania, D. Siracusa, A. Autenrieth, V. Lopez, J. Cho, W. Kellerer, “Automatic intent-based secure service creation through a multilayer SDN network orchestration”, IEEE/OSA Journal of Optical Communications and Networking, Vol. 10, No. 4, pp. 289-297, 2018 DOI: https://doi.org/10.1364/JOCN.10.000289

Y. Tsuzaki, Y. Okabe, “Reactive configuration updating for intent-based networking”, International Conference on Information Networking, Da Nang, Vietnam, January 11-13, 2017 DOI: https://doi.org/10.1109/ICOIN.2017.7899484

M. Pham, D. B. Hoang, “SDN applications-the intent-based northbound interface realisation for extended applications”, IEEE NetSoft Conference and Workshops, Seoul, South Korea, June 6-10, 2016 DOI: https://doi.org/10.1109/NETSOFT.2016.7502469

J. H. Jafarian, E. A. Shaer, Q. Duan, “Openflow random host mutation: Transparent moving target defense using software defined networking”, First Workshop on Hot Topics in Software Defined Networks, Helsinki, Finland, August 13-17, 2012 DOI: https://doi.org/10.1145/2342441.2342467

H. Q. Zhang, C. Lei, D. Chang, Y. J. Yang, “Network moving target defense technique based on collaborative mutation”, Computers & Security, Vol. 70, No. 1, pp. 51-71, 2017 DOI: https://doi.org/10.1016/j.cose.2017.05.007

A. Chowdhary, A. Alshamrani, D. Huang, H. Liang, “MTD analysis and evaluation framework in software defined network (MASON)”, ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Tempe, USA, March 19-21, 2018 DOI: https://doi.org/10.1145/3180465.3180473

J. Wang, F. Xiao, J. Huang, D. Zha, H. Hu, H. Zhang, “Chaos: An SDN-based moving target defense system”, Security and Communication Networks, Vol. 1, Article ID 3659167, 2017 DOI: https://doi.org/10.1155/2017/3659167

Z. Zhao, F. Liu, D. Gong, “An SDN-based fingerprint hopping method to prevent fingerprinting attacks”, Security and Communication Networks, Vol. 2017, Article ID 1560594, 2017 DOI: https://doi.org/10.1155/2017/1560594

D. P. Sharma, D. S. Kim, S. Yoon, H. Lim, J. H. Cho, T. J. Moore, “FRVM: Flexible random virtual IP multiplexing in software-defined networks”, 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/ 12th IEEE International Conference on Big Data Science and Engineering, New York, USA, August 1-3, 2018 DOI: https://doi.org/10.1109/TrustCom/BigDataSE.2018.00088

S. Achleitner, T. F. L. Porta, P. McDaniel, S. Sugrim, S. V. Krishnamurthy, R. Chadha, “Deceiving network reconnaissance using SDN-based virtual topologies”, IEEE Transactions on Network and Service Management, Vol. 14, No. 4, pp. 1098-1112, 2017 DOI: https://doi.org/10.1109/TNSM.2017.2724239

M. H. H. Khairi, S. H. S. Ariffin, N. M. A. Latiff, A. S. Abdullah, M. K. Hassan, “A review of anomaly detection techniques and distributed denial of service (DDoS) on software defined network (SDN)”, Engineering, Technology & Applied Science Research, Vol. 8, No. 2, pp. 2724-2730, 2018 DOI: https://doi.org/10.48084/etasr.1840

M. Ramzan, M. S. Farooq, A. Zamir, W. Akhtar, M. Ilyas, H. U. Khan, “An analysis of issues for adoption of cloud computing in telecom industries”, Engineering, Technology & Applied Science Research, Vol. 8, No. 4, pp. 3157-3161, 2018 DOI: https://doi.org/10.48084/etasr.2101

M. Roesch, “Snort: Lightweight intrusion detection for networks”, 13th Systems Administration Conference, Seattle, USA, November 7–12, 1999

B. Lantz, B. Heller, N. McKeown, “A network in a laptop: Rapid prototyping for software-defined networks”, 9th ACM SIGCOMM Workshop on Hot Topics in Networks, Monterey, USA, October 20-21, 2010 DOI: https://doi.org/10.1145/1868447.1868466

G. F. Lyon, Nmap network scanning: The official Nmap project guide to network discovery and security scanning, Insecure, 2009

Downloads

How to Cite

[1]
M. F. Hyder and M. A. Ismail, “INMTD: Intent-based Moving Target Defense Framework using Software Defined Networks”, Eng. Technol. Appl. Sci. Res., vol. 10, no. 1, pp. 5142–5147, Feb. 2020.

Metrics

Abstract Views: 691
PDF Downloads: 415

Metrics Information
Bookmark and Share

Most read articles by the same author(s)