research-article

Public Access

MTD Analysis and evaluation framework in Software Defined Network (MASON)

Authors:

Ankur Chowdhary,

Adel Alshamrani,

Hongbin LiangAuthors Info & Claims

SDN-NFV Sec'18: Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization

Pages 43 - 48

https://doi.org/10.1145/3180465.3180473

Published: 14 March 2018 Publication History

Abstract

Security issues in a Software Defined Network (SDN) environment like system vulnerabilities and intrusion attempts can pose a security risk for multi-tenant network managed by SDN. In this research work, Moving target defense (MTD)technique based on shuffle strategy - port hopping has been employed to increase the difficulty for the attacker trying to exploit the cloud network. Our research workMASON, considers the problem of multi-stage attacks in a network managed using SDN. SDN controller can be used to dynamically reconfigure the network and render attacker»s knowledge in multi-stage attacks redundant. We have used a threat score based on vulnerability information and intrusion attempts to identify Virtual Machines (VMs) in systems with high-security risk and implement MTD countermeasures port hopping to assess threat score reduction in a cloud network.

References

[1]

A. Chowdhary, V. H. Dixit, N. Tiwari, S. Kyung, D. Huang, and G.-J. Ahn. Science dmz: Sdn based secured cloud testbed.

[2]

A. Chowdhary, S. Pisharody, and D. Huang. Sdn based scalable mtd solution in cloud network. In Proceedings of the 2016 ACM Workshop on Moving Target Defense, pages 27--36. ACM, 2016.

Digital Library

[3]

C.-J. Chung, P. Khatkar, T. Xing, J. Lee, and D. Huang. Nice: Network intrusion detection and countermeasure selection in virtual network systems. IEEE transactions on dependable and secure computing, 10(4):198--211, 2013.

Digital Library

[4]

A. Clark, K. Sun, and R. Poovendran. Effectiveness of ip address randomization in decoy-based moving target defense. In 52nd IEEE Conference on Decision and Control, pages 678--685. IEEE, 2013.

[5]

J. B. Hong and D. S. Kim. Assessing the effectiveness of moving target defenses using security models. IEEE Transactions on Dependable and Secure Computing, 13(2):163--177, 2016.

Digital Library

[6]

H. Hu, W. Han, G.-J. Ahn, and Z. Zhao. Flowguard: building robust firewalls for software-defined networks. In Proceedings of the third workshop on Hot topics in software defined networking, pages 97--102. ACM, 2014.

Digital Library

[7]

J. H. Jafarian, E. Al-Shaer, and Q. Duan. Openflow random host mutation: trans- parent moving target defense using software defined networking. In Proceedings of the first workshop on Hot topics in software defined networks, pages 127--132. ACM, 2012.

Digital Library

[8]

Q. Jia, K. Sun, and A. Stavrou. Motag: Moving target defense against internet denial of service attacks. In 2013 22nd International Conference on Computer Communication and Networks (ICCCN), pages 1--9. IEEE, 2013.

[9]

P. Kampanakis, H. Perros, and T. Beyene. Sdn-based solutions for moving target defense network protection. In World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2014 IEEE 15th International Symposium on a, pages 1--6. IEEE, 2014.

[10]

D. Kreutz, F. M. Ramos, P. E. Verissimo, C. E. Rothenberg, S. Azodolmolky, and S. Uhlig. Software-defined networking: A comprehensive survey. Proceedings of the IEEE, 103(1):14--76, 2015.

[11]

A. Newell, D. Obenshain, T. Tantillo, C. Nita-Rotaru, and Y. Amir. Increasing network resiliency by optimally assigning diverse variants to routing nodes. IEEE Transactions on Dependable and Secure Computing, 12(6):602--614, 2015.

[12]

NIST. CVSS. https://www.first.org/cvss, 2016. {Online; accessed 19-Nov-2016}.

[13]

H. Okhravi, M. Rabe, T. Mayberry, W. Leonard, T. Hobson, D. Bigelow, and W. Streilein. Survey of cyber moving target techniques. Technical report, MASSACHUSETTS INST OF TECH LEXINGTON LINCOLN LAB, 2013.

[14]

L. Page, S. Brin, R. Motwani, and T. Winograd. The pagerank citation ranking: Bringing order to the web. Technical report, Stanford InfoLab, 1999.

[15]

W. Peng, F. Li, C.-T. Huang, and X. Zou. A moving-target defense strategy for cloud-based services with heterogeneous and dynamic attack surfaces. In 2014 IEEE International Conference on Communications (ICC), pages 804--809. IEEE, 2014.

[16]

S. Pisharody, J. Natarajan, A. Chowdhary, A. Alshalan, and D. Huang. Brew: A security policy analysis framework for distributed sdn-based cloud environments. IEEE Transactions on Dependable and Secure Computing, PP(99):1--1, 2017.

[17]

M. Roesch et al. Snort: Lightweight intrusion detection for networks. In Lisa, volume 99, pages 229--238, 1999.

Digital Library

[18]

S. Scott-Hayward, G. O'Callaghan, and S. Sezer. Sdn security: A survey. In Future Networks and Services (SDN4FNS), 2013 IEEE SDN For, pages 1--7. IEEE, 2013.

[19]

J. Xu, P. Guo, M. Zhao, R. F. Erbacher, M. Zhu, and P. Liu. Comparing different moving target defense techniques. In Proceedings of the First ACM Workshop on Moving Target Defense, pages 97--107. ACM, 2014.

Digital Library

[20]

Q. Zhu and T. Basar. Feedback-driven multi-stage moving target defense. In Proc. Conf. Decision Game Theory Security.

Digital Library

[21]

R. Zhuang, S. A. DeLoach, and X. Ou. Towards a theory of moving target defense. In Proceedings of the First ACM Workshop on Moving Target Defense, pages 31--40. ACM, 2014.

Digital Library

[22]

R. Zhuang, S. Zhang, A. Bardas, S. A. DeLoach, X. Ou, and A. Singhal. Investigat- ing the application of moving target defenses to network security. In Resilient Control Systems (ISRCS), 2013 6th International Symposium on, pages 162--169. IEEE, 2013.

Cited By

Su YXiong DQian KWang Y(2024)A Comprehensive Survey of Distributed Denial of Service Detection and Mitigation Technologies in Software-Defined NetworkElectronics10.3390/electronics1304080713:4(807)Online publication date: 19-Feb-2024
https://doi.org/10.3390/electronics13040807
Shayegan MDamghanian A(2024)A Method for DDoS Attacks Prevention Using SDN and NFVIEEE Access10.1109/ACCESS.2024.343853812(108176-108184)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3438538
Polónio JMoura JNeto Marinheiro R(2024)On the Road to Proactive Vulnerability Analysis and Mitigation Leveraged by Software Defined Networks: A Systematic ReviewIEEE Access10.1109/ACCESS.2024.342926912(98546-98566)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3429269
Show More Cited By

Index Terms

MTD Analysis and evaluation framework in Software Defined Network (MASON)

Recommendations

Dynamic Game based Security framework in SDN-enabled Cloud Networking Environments
SDN-NFVSec '17: Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization

SDN provides a way to manage complex networks by introducing programmability and abstraction of the control plane. All networks suffer from attacks to critical infrastructure and services such as DDoS attacks. We make use of the programmability provided ...
Analyzing effective mitigation of DDoS attack with software defined networking
Abstract
Distributed Denial of Service (DDoS) attack prevention research is mostly focused upon attack detection. Early attack detection facilitates the network administrator to quickly manage these attacks with least impact on the legitimate users. The ...
Toward an optimal solution against Denial of Service attacks in Software Defined Networks
Abstract
Software Defined Networking (SDN) separates the control logic from data forwarding and shifts the whole decision power to the controller, making the switch a dumb device. SDNs are becoming more and more important due to the key ...
Highlights
- Software Defined Networking (SDN) separates control logic from data forwarding.

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SDN-NFV Sec'18: Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization

March 2018

64 pages

ISBN:9781450356350

DOI:10.1145/3180465

General Chairs:
Gail-Joon Ahn
Arizona State University, USA and Samsung Research, Korea
,
Guofei Gu
Texas A&M University, USA
,
Program Chairs:
Hongxin Hu
Clemson University, USA
,
Seungwon Shin
KAIST, Korea

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 March 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

NSFC
NSF

Conference

CODASPY '18

Sponsor:

SIGSAC

CODASPY '18: Eighth ACM Conference on Data and Application Security and Privacy

March 21, 2018

AZ, Tempe, USA

Acceptance Rates

Overall Acceptance Rate 11 of 30 submissions, 37%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
861
Total Downloads

Downloads (Last 12 months)169
Downloads (Last 6 weeks)5

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Su YXiong DQian KWang Y(2024)A Comprehensive Survey of Distributed Denial of Service Detection and Mitigation Technologies in Software-Defined NetworkElectronics10.3390/electronics1304080713:4(807)Online publication date: 19-Feb-2024
https://doi.org/10.3390/electronics13040807
Shayegan MDamghanian A(2024)A Method for DDoS Attacks Prevention Using SDN and NFVIEEE Access10.1109/ACCESS.2024.343853812(108176-108184)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3438538
Polónio JMoura JNeto Marinheiro R(2024)On the Road to Proactive Vulnerability Analysis and Mitigation Leveraged by Software Defined Networks: A Systematic ReviewIEEE Access10.1109/ACCESS.2024.342926912(98546-98566)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3429269
Javadpour AJa'fari FTaleb TShojafar MYang B(2023)SCEMA: An SDN-Oriented Cost-Effective Edge-Based MTD ApproachIEEE Transactions on Information Forensics and Security10.1109/TIFS.2022.322093918(667-682)Online publication date: 2023
https://doi.org/10.1109/TIFS.2022.3220939
D'Ambrosio NMelluso EPerrone GRomano S(2023)A Software-Defined Approach for Mitigating Insider and External Threats via Moving Target Defense2023 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)10.1109/NFV-SDN59219.2023.10329613(213-219)Online publication date: 7-Nov-2023
https://doi.org/10.1109/NFV-SDN59219.2023.10329613
Shayegan MDamghanian A(2023)A Review of Methods to Prevent DDOS Attacks Using NFV and SDN2023 9th International Conference on Web Research (ICWR)10.1109/ICWR57742.2023.10139112(346-355)Online publication date: 3-May-2023
https://doi.org/10.1109/ICWR57742.2023.10139112
Etxezarreta XGaritano IIturbe MZurutuza U(2023)Low delay network attributes randomization to proactively mitigate reconnaissance attacks in industrial control systemsWireless Networks10.1007/s11276-022-03212-530:6(5077-5091)Online publication date: 6-Jan-2023
https://dl.acm.org/doi/10.1007/s11276-022-03212-5
Jalowski ŁZmuda MRawski M(2022)A Survey on Moving Target Defense for Networks: A Practical ViewElectronics10.3390/electronics1118288611:18(2886)Online publication date: 12-Sep-2022
https://doi.org/10.3390/electronics11182886
Nguyen MDebroy S(2022)Moving Target Defense-Based Denial-of-Service Mitigation in Cloud EnvironmentsSecurity and Communication Networks10.1155/2022/22230502022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/2223050
Chang XShi YZhang ZXu ZTrivedi K(2022)Job Completion Time Under Migration-Based Dynamic Platform TechniqueIEEE Transactions on Services Computing10.1109/TSC.2020.298921515:3(1345-1357)Online publication date: 1-May-2022
https://doi.org/10.1109/TSC.2020.2989215
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten