INMTD: Intent-based Moving Target Defense Framework using Software Defined Networks

Authors

  • M. F. Hyder Department of Software Engineering, NED University of Engineering & Technology, Pakistan
  • M. A. Ismail Department of Computer and Information Systems Engineering, NED University of Engineering & Technology, Pakistan
Volume: 10 | Issue: 1 | Pages: 5142-5147 | February 2020 | https://doi.org/10.48084/etasr.3266
Corresponding author: M. F. Hyder

Abstract

Intent-Based Networking (IBN) is an emerging networking paradigm while Moving Target Defense (MTD) is an active security technique. In this paper, the Intent-based Moving Target Defense (INMTD) framework using Software Defined Networks is proposed. INMTD is the first effort in exploiting IBN for the design of an efficient Moving Target Defense (MTD) framework. INMTD uses the concept of shadow servers in order to counter the first stage of cyber-attacks, i.e. reconnaissance attacks targeted against servers running in SDN networks. INMTD comprises of an MTD application running on an SDN controller. The MTD application has reconnaissance detection, MTD movement, and MTD monitoring modules. The MTD application is integrated with the intent-based northbound API of SDN controller. INMTD not only provides protection against probing attacks, but it also provides high availability due to shadow servers. The proposed framework was implemented using Mininet and ONOS SDN controller. The proposed framework was assessed in terms of defender cost, attacker’s effort, and introduced complexity in the system. The results substantiate the efficient protection against reconnaissance attacks at lower computational cost.

Keywords:

cyber kill chain, intent-based networking, moving target defense, software defined networks, SDN security

Downloads

Download data is not yet available.

References

A. Aydeger, N. Saputro, K. Akkaya, “A moving target defense and network forensics framework for ISP networks using SDN and NFV”, Future Generation Computer Systems, Vol. 94, No. 1, pp. 496-509, 2019 DOI: https://doi.org/10.1016/j.future.2018.11.045

F. Chong, R. B. Lee, C. Vishik, A. Acquisti, W. Horne, C. Palmer, A. K. Ghosh, D. Pendarakis, W. Sanders, E. Fleischman, H. Teufel, G. Tsudik, D. Dasgupta, S. Hofmeyr, L. Weinberger, National cyber leap year summit 2009: Co-chairs’ report, NITRD Program, 2009

J. Zheng, A. S. Namin, “A survey on the moving target defense strategies: An architectural perspective”, Journal of Computer Science and Technology, Vol. 34, No. 1, pp. 207-233, 2019 DOI: https://doi.org/10.1007/s11390-019-1906-z

S. Nimmagadda, R. Kumar, P. T. Seshadri, Intent-based network security policy modification, US Patent Application Publication No. US 2019/0007453 A1, 2019

C. Janz, N. Davis, D. Hood, M. Lemay, D. Lenrow, L. Fengkai, F. Schneider, J. Strassner, A. Veitch, Intent nbi–definition and principles, Open Networking Foundation, 2015

B. G. Assefa, O. Ozkasap, “A survey of energy efficiency in SDN: Software-based methods and optimization models”, Journal of Network and Computer Applications, Vol. 137, No. 1, pp. 127-143, 2019 DOI: https://doi.org/10.1016/j.jnca.2019.04.001

F. Canellas, A. Mimidis, N. Bonjorn, J. Soler, “Policy framework prototype for ONOS”, IEEE Conference on Network Softwarization, Paris, France, June 24-28, 2019 DOI: https://doi.org/10.1109/NETSOFT.2019.8806691

T. Dargahi, A. Dehghantanha, P. N. Bahrami, M. Conti, G. Bianchi, L. Benedetto, “A cyber-kill-chain based taxonomy of crypto-ransomware features”, Journal of Computer Virology and Hacking Techniques, Vol. 15, No. 4, pp. 277-305, 2019 DOI: https://doi.org/10.1007/s11416-019-00338-7

P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O. Connor, P. Radoslavov, W. Snow, G. Parulkar, “ONOS: Towards an open, distributed SDN OS”, Hot Topics in Software Defined Networking, Chicago, USA, August 22, 2014

D. Comer, A. Rastegatnia, “OSDF: An intent-based software defined network programming framework”, 43rd Conference on Local Computer Networks, Chicago, USA, October 1-4, 2018 DOI: https://doi.org/10.1109/LCN.2018.8638149

R. Cohen, K. Barabash, B. Rochwerger, L. Schour, D. Crisan, R. Birke, C. Minkenberg, M. Gusat, R. Recio, V. Jain, “An intent-based approach for network virtualization”, IFIP/IEEE International Symposium on Integrated Network Management, Ghent, Belgium, May 27-31, 2013

G. Davoli, W. Cerroni, S. Tomovic, C. Buratti, C. Contoli, F. Callegati, “Intent-based service management for heterogeneous software defined infrastructure domains”, International Journal of Network Management, Vol. 29, No. 1, pp. 46-67, 2019 DOI: https://doi.org/10.1002/nem.2051

T. Szyrkowiec, M. Santuari, M. Chamania, D. Siracusa, A. Autenrieth, V. Lopez, J. Cho, W. Kellerer, “Automatic intent-based secure service creation through a multilayer SDN network orchestration”, IEEE/OSA Journal of Optical Communications and Networking, Vol. 10, No. 4, pp. 289-297, 2018 DOI: https://doi.org/10.1364/JOCN.10.000289

Y. Tsuzaki, Y. Okabe, “Reactive configuration updating for intent-based networking”, International Conference on Information Networking, Da Nang, Vietnam, January 11-13, 2017 DOI: https://doi.org/10.1109/ICOIN.2017.7899484

M. Pham, D. B. Hoang, “SDN applications-the intent-based northbound interface realisation for extended applications”, IEEE NetSoft Conference and Workshops, Seoul, South Korea, June 6-10, 2016 DOI: https://doi.org/10.1109/NETSOFT.2016.7502469

J. H. Jafarian, E. A. Shaer, Q. Duan, “Openflow random host mutation: Transparent moving target defense using software defined networking”, First Workshop on Hot Topics in Software Defined Networks, Helsinki, Finland, August 13-17, 2012 DOI: https://doi.org/10.1145/2342441.2342467

H. Q. Zhang, C. Lei, D. Chang, Y. J. Yang, “Network moving target defense technique based on collaborative mutation”, Computers & Security, Vol. 70, No. 1, pp. 51-71, 2017 DOI: https://doi.org/10.1016/j.cose.2017.05.007

A. Chowdhary, A. Alshamrani, D. Huang, H. Liang, “MTD analysis and evaluation framework in software defined network (MASON)”, ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Tempe, USA, March 19-21, 2018 DOI: https://doi.org/10.1145/3180465.3180473

J. Wang, F. Xiao, J. Huang, D. Zha, H. Hu, H. Zhang, “Chaos: An SDN-based moving target defense system”, Security and Communication Networks, Vol. 1, Article ID 3659167, 2017 DOI: https://doi.org/10.1155/2017/3659167

Z. Zhao, F. Liu, D. Gong, “An SDN-based fingerprint hopping method to prevent fingerprinting attacks”, Security and Communication Networks, Vol. 2017, Article ID 1560594, 2017 DOI: https://doi.org/10.1155/2017/1560594

D. P. Sharma, D. S. Kim, S. Yoon, H. Lim, J. H. Cho, T. J. Moore, “FRVM: Flexible random virtual IP multiplexing in software-defined networks”, 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/ 12th IEEE International Conference on Big Data Science and Engineering, New York, USA, August 1-3, 2018 DOI: https://doi.org/10.1109/TrustCom/BigDataSE.2018.00088

S. Achleitner, T. F. L. Porta, P. McDaniel, S. Sugrim, S. V. Krishnamurthy, R. Chadha, “Deceiving network reconnaissance using SDN-based virtual topologies”, IEEE Transactions on Network and Service Management, Vol. 14, No. 4, pp. 1098-1112, 2017 DOI: https://doi.org/10.1109/TNSM.2017.2724239

M. H. H. Khairi, S. H. S. Ariffin, N. M. A. Latiff, A. S. Abdullah, M. K. Hassan, “A review of anomaly detection techniques and distributed denial of service (DDoS) on software defined network (SDN)”, Engineering, Technology & Applied Science Research, Vol. 8, No. 2, pp. 2724-2730, 2018 DOI: https://doi.org/10.48084/etasr.1840

M. Ramzan, M. S. Farooq, A. Zamir, W. Akhtar, M. Ilyas, H. U. Khan, “An analysis of issues for adoption of cloud computing in telecom industries”, Engineering, Technology & Applied Science Research, Vol. 8, No. 4, pp. 3157-3161, 2018 DOI: https://doi.org/10.48084/etasr.2101

M. Roesch, “Snort: Lightweight intrusion detection for networks”, 13th Systems Administration Conference, Seattle, USA, November 7–12, 1999

B. Lantz, B. Heller, N. McKeown, “A network in a laptop: Rapid prototyping for software-defined networks”, 9th ACM SIGCOMM Workshop on Hot Topics in Networks, Monterey, USA, October 20-21, 2010 DOI: https://doi.org/10.1145/1868447.1868466

G. F. Lyon, Nmap network scanning: The official Nmap project guide to network discovery and security scanning, Insecure, 2009

Downloads

How to Cite

[1]
M. F. Hyder and M. A. Ismail, “INMTD: Intent-based Moving Target Defense Framework using Software Defined Networks”, Eng. Technol. Appl. Sci. Res., vol. 10, no. 1, pp. 5142–5147, Feb. 2020.

Metrics

Abstract Views: 1050
PDF Downloads: 609

Metrics Information

License

Authors who publish with this journal agree to the following terms:

- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.

Crossref
Scopus
Google Scholar
Europe PMC

Most read articles by the same author(s)