Towards Countering the Insider Reconnaissance Using a Combination of Shuffling and Diversity Moving Target Defense Techniques
Received: 21 August 2021 | Revised: 4 September 2021 | Accepted: 11 September 2021 | Online: 13 October 2021
Corresponding author: M. F. Hyder
Abstract
Moving Target Defense (MTD) has recently emerged as a significant cybersecurity technique. Software-Defined Networking (SDN) has the capability to design efficient network architecture due to its programmability and centralized control management. In this paper, a mechanism for the protection against insider reconnaissance has been proposed using a combination of diversity and a shuffling-based approach of MTD. In order to implement the shuffling technique, IP shuffling is used in the insider network. The IP addresses of internal hosts are mapped via real to virtual IP mapping through random IP generation from a pseudo-random mechanism. For the diversity, a multiple servers’ platform is incorporated for different critical LAN services like Domain Name System (DNS), internal web services, etc. This combined diversity and shuffling approach significantly counters the insider reconnaissance targeting critical LAN services. The proposed scheme also exploited open-source IDS to block insider reconnaissance. The proposed solution was implemented using ONOS SDN controller, Mininet simulator, Snort IDS systems. The experimental results substantiate effective protection against insider network reconnaissance at a low computational cost.
Keywords:
diversity, IP shuffling, sider reconiccance moving target defense, software defined networking, virtual IPDownloads
References
L. Liu, O. De Vel, Q.-L. Han, J. Zhang, and Y. Xiang, "Detecting and Preventing Cyber Insider Threats: A Survey," IEEE Communications Surveys Tutorials, vol. 20, no. 2, pp. 1397–1417, 2018, https://doi.org/10.1109/COMST.2018.2800740.
T. Yadav and A. M. Rao, "Technical Aspects of Cyber Kill Chain," in International Symposium on Security in Computing and Communication, Kochi, India, Aug. 2015, pp. 438–452, https://doi.org/10.1007/978-3-319-22915-7_40.
M. I. Al-Saleh, Z. A. Al-Sharif, and L. Alawneh, "Network Reconnaissance Investigation: A Memory Forensics Approach," in 10th International Conference on Information and Communication Systems, Irbid, Jordan, Jun. 2019, pp. 36–40, https://doi.org/10.1109/IACS.2019.8809084.
S. Sengupta, A. Chowdhary, A. Sabur, A. Alshamrani, D. Huang, and S. Kambhampati, "A Survey of Moving Target Defenses for Network Security," IEEE Communications Surveys Tutorials, vol. 22, no. 3, pp. 1909–1941, 2020, https://doi.org/10.1109/COMST.2020.2982955.
M. F. Hyder and M. A. Ismail, "INMTD: Intent-based Moving Target Defense Framework using Software Defined Networks," Engineering, Technology & Applied Science Research, vol. 10, no. 1, pp. 5142–5147, Feb. 2020, https://doi.org/10.48084/etasr.3266.
M. H. H. Khairi, S. H. S. Ariffin, N. M. A. Latiff, A. S. Abdullah, and M. K. Hassan, "A Review of Anomaly Detection Techniques and Distributed Denial of Service (DDoS) on Software Defined Network (SDN)," Engineering, Technology & Applied Science Research, vol. 8, no. 2, pp. 2724–2730, Apr. 2018, https://doi.org/10.48084/etasr.1840.
B. Potteiger, Z. Zhang, and X. Koutsoukos, "Integrated moving target defense and control reconfiguration for securing Cyber-Physical systems," Microprocessors and Microsystems, vol. 73, Mar. 2020, Art. no. 102954, https://doi.org/10.1016/j.micpro.2019.102954.
M. Higgins, K. Mayes, and F. Teng, "Enhanced Cyber-Physical Security Using Attack-resistant Cyber Nodes and Event-triggered Moving Target Defence," arXiv:2010.14173 [cs, eess], Oct. 2020, Accessed: Oct. 03, 2021. [Online]. Available: http://arxiv.org/abs/2010.14173.
M. Torquato and M. Vieira, "Moving target defense in cloud computing: A systematic mapping study," Computers & Security, vol. 92, May 2020, Art. no. 101742, https://doi.org/10.1016/j.cose.2020.101742.
R. E. Navas, F. Cuppens, N. Boulahia Cuppens, L. Toutain, and G. Z. Papadopoulos, "MTD, Where Art Thou? A Systematic Review of Moving Target Defense Techniques for IoT," IEEE Internet of Things Journal, vol. 8, no. 10, pp. 7818–7832, May 2021, https://doi.org/10.1109/JIOT.2020.3040358.
Y. Djeldjeli and M. Zoubir, "CP-SDN: A New Approach for the Control Operation of 5G Mobile Networks to Improve QoS," Engineering, Technology & Applied Science Research, vol. 11, no. 2, pp. 6857–6863, Apr. 2021, https://doi.org/10.48084/etasr.4016.
S. Debroy et al., "Frequency-Minimal Utility-Maximal Moving Target Defense Against DDoS in SDN-Based Systems," IEEE Transactions on Network and Service Management, vol. 17, no. 2, pp. 890–903, Jun. 2020, https://doi.org/10.1109/TNSM.2020.2978425.
D. P. Sharma et al., "Dynamic Security Metrics for Software-Defined Network-based Moving Target Defense," Journal of Network and Computer Applications, vol. 170, Nov. 2020, Art. no. 102805, https://doi.org/10.1016/j.jnca.2020.102805.
R. Zhuang, S. A. DeLoach, and X. Ou, "Towards a Theory of Moving Target Defense," in First ACM Workshop on Moving Target Defense, Scottsdale, AR, USA, Nov. 2014, pp. 31–40, https://doi.org/10.1145/2663474.2663479.
J.-H. Cho et al., "Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense," IEEE Communications Surveys Tutorials, vol. 22, no. 1, pp. 709–745, 2020, https://doi.org/10.1109/COMST.2019.2963791.
O. Yurekten and M. Demirci, "SDN-based cyber defense: A survey," Future Generation Computer Systems, vol. 115, pp. 126–149, Feb. 2021, https://doi.org/10.1016/j.future.2020.09.006.
A. Chowdhary, A. Alshamrani, D. Huang, and H. Liang, "MTD Analysis and evaluation framework in Software Defined Network (MASON)," in ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, New York, NY, USA, Mar. 2018, pp. 43–48, https://doi.org/10.1145/3180465.3180473.
A. Chowdhary, S. Pisharody, and D. Huang, "SDN based Scalable MTD solution in Cloud Network," in ACM Workshop on Moving Target Defense, Vienna, Austria, Oct. 2016, pp. 27–36, https://doi.org/10.1145/2995272.2995274.
H. Alavizadeh, J. Jang-Jaccard, and D. S. Kim, "Evaluation for Combination of Shuffle and Diversity on Moving Target Defense Strategy for Cloud Computing," in 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), New York, NY, USA, Aug. 2018, pp. 573–578, https://doi.org/10.1109/TrustCom/BigDataSE.2018.00087.
D. C. Le and N. Zincir-Heywood, "Anomaly Detection for Insider Threats Using Unsupervised Ensembles," IEEE Transactions on Network and Service Management, vol. 18, no. 2, pp. 1152–1164, Jun. 2021, https://doi.org/10.1109/TNSM.2021.3071928.
K. Park, S. Woo, D. Moon, and H. Choi, "Secure Cyber Deception Architecture and Decoy Injection to Mitigate the Insider Threat," Symmetry, vol. 10, no. 1, Jan. 2018, Art. no. 14, https://doi.org/10.3390/sym10010014.
S. Achleitner, T. F. La Porta, P. McDaniel, S. Sugrim, S. V. Krishnamurthy, and R. Chadha, "Deceiving Network Reconnaissance Using SDN-Based Virtual Topologies," IEEE Transactions on Network and Service Management, vol. 14, no. 4, pp. 1098–1112, Dec. 2017, https://doi.org/10.1109/TNSM.2017.2724239.
A. Nicolaou, S. Shiaeles, and N. Savage, "Mitigating Insider Threats Using Bio-Inspired Models," Applied Sciences, vol. 10, no. 15, Jan. 2020, Art. no. 5046, https://doi.org/10.3390/app10155046.
S. Wasko et al., "Using alternate reality games to find a needle in a haystack: An approach for testing insider threat detection methods," Computers & Security, vol. 107, Aug. 2021, Art. no. 102314, https://doi.org/10.1016/j.cose.2021.102314.
P. Berde et al., "ONOS: towards an open, distributed SDN OS," in 3rd workshop on Hot topics in software defined networking, Chicago, IL, USA, Aug. 2014, pp. 1–6, https://doi.org/10.1145/2620728.2620744.
R. L. S. de Oliveira, C. M. Schweitzer, A. A. Shinoda, and L. R. Prete, "Using Mininet for emulation and prototyping Software-Defined Networks," in IEEE Colombian Conference on Communications and Computing, Bogota, Colombia, Jun. 2014, pp. 1–6, https://doi.org/10.1109/ColComCon.2014.6860404.
M. Roesch, "Snort – Lightweight Intrusion Detection for Networks," in Lisa, Washington, DC, USA, Nov. 1999, pp. 229–238.
R. R. Zebari, S. R. M. Zeebaree, and K. Jacksi, "Impact Analysis of HTTP and SYN Flood DDoS Attacks on Apache 2 and IIS 10.0 Web Servers," in International Conference on Advanced Science and Engineering, Duhok, Iraq, Oct. 2018, pp. 156–161, https://doi.org/10.1109/ICOASE.2018.8548783.
C. Nedelcu, Nginx HTTP Server, Second edition. Birmingham, UK: Packt Publishing, 2013.
Y. Yan, P. Guo, B. Cheng, and Z. Zheng, "An experimental case study on the relationship between workload and resource consumption in a commercial web server," Journal of Computational Science, vol. 25, pp. 183–192, Mar. 2018, https://doi.org/10.1016/j.jocs.2017.05.019.
T. Jinmei and P. Vixie, "Implementation and evaluation of moderate parallelism in the BIND9 DNS server," in USENIX Annual Technical Conference, Berkeley, CA, United States, Jun. 2006, pp. 115–128.
S. Son and V. Shmatikov, "The Hitchhiker’s Guide to DNS Cache Poisoning," in International Conference on Security and Privacy in Communication Systems, Singapore, Singapore, Sep. 2010, pp. 466–483, https://doi.org/10.1007/978-3-642-16161-2_27.
G. Lencse and S. Repas, "Performance analysis and comparison of four DNS64 implementations under different free operating systems," Telecommunication Systems, vol. 63, no. 4, pp. 557–577, Dec. 2016, https://doi.org/10.1007/s11235-016-0142-x.
K. Giotis, C. Argyropoulos, G. Androulidakis, D. Kalogeras, and V. Maglaris, "Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments," Computer Networks, vol. 62, pp. 122–136, Apr. 2014, https://doi.org/10.1016/j.bjp.2013.10.014.
G. F. Lyon, Nmap network scanning: Official Nmap project guide to network discovery and security scanning. Sunnyvale, CA, USA: Insecure. Com LLC, 2008.
Downloads
How to Cite
License
Copyright (c) 2021 M. F. Hyder, . Waseemullah, M. U. Farooq
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
