Towards Enhancing the Endpoint Security using Moving Target Defense (Shuffle-based Approach) in Software Defined Networking

Authors

  • M. F. Hyder Department of Software Engineering, NED University of Engineering & Technology, Pakistan
  • . Waseemullah Department of Computer Science & Information Technology, NED University of Engineer and Technology, Pakistan
  • M. U. Farooq Department of Computer Science & Information Technology, NED University of Engineer and Technology, Pakistan
  • U. Ahmed Department of Computer Science & Information Technology, NED University of Engineer and Technology, Pakistan
  • W. Raza Department of Computer Science & Information Technology, NED University of Engineer and Technology, Pakistan
Volume: 11 | Issue: 4 | Pages: 7483-7488 | August 2021 | https://doi.org/10.48084/etasr.4316

Abstract

Static IP addresses make the network vulnerable to different attacks and once the machines are compromised, any sensitive information within the network can be spoofed. Moving Target Defense (MTD) provides an efficient mechanism for proactive security by constantly changing different system attributes. Software Defined Networks (SDNs) provide greater flexibility in designing security solutions due to their centralized management and programming capabilities. In this paper, a mechanism for the protection of endpoint security is developed using IP address host shuffling. In the proposed approach, the real IP address of the host is masked and a virtual IP address is assigned. The virtual IPs are mined from the pool of unassigned IP addresses. The address pool is created using a pseudo-random number generator to guarantee high randomness. This approach helps in invalidating the intelligence gathered by the adversaries through the changes in the network configuration that will disturb attack execution, eventually leading to attack failure. Transparency is attained via preserving the actual IP intact and mapping a virtual IP to it. The proposed solution is implemented using the RYU Controller and Mininet. The efficient results obtained from the experiments substantiate the effectiveness of the MTD approach for enhancing endpoint security.

Keywords:

IP shuffling, endpoint security, moving target defense, software defined networking, virtual IP

Downloads

Download data is not yet available.

References

S. Sengupta, A. Chowdhary, A. Sabur, A. Alshamrani, D. Huang, and S. Kambhampati, "A Survey of Moving Target Defenses for Network Security," IEEE Communications Surveys Tutorials, vol. 22, no. 3, pp. 1909-1941, 2020. https://doi.org/10.1109/COMST.2020.2982955

M. F. Hyder and M. A. Ismail, "INMTD: Intent-based Moving Target Defense Framework using Software Defined Networks," Engineering, Technology & Applied Science Research, vol. 10, no. 1, pp. 5142-5147, Feb. 2020. https://doi.org/10.48084/etasr.3266

S. Tedeschi, C. Emmanouilidis, J. Mehnen, and R. Roy, "A Design Approach to IoT Endpoint Security for Production Machinery Monitoring," Sensors, vol. 19, no. 10, Jan. 2019, Art. no. 2355. https://doi.org/10.3390/s19102355

T. Fujita, "Introduction to Ryu SDN framework," 2013, Accessed: Aug. 01, 2021. [Online]. Available: https://ryu-sdn.org/slides/ONS2013-april-ryu-intro.pdf.

Y. Djeldjeli and M. Zoubir, "CP-SDN: A New Approach for the Control Operation of 5G Mobile Networks to Improve QoS," Engineering, Technology & Applied Science Research, vol. 11, no. 2, pp. 6857-6863, Apr. 2021. https://doi.org/10.48084/etasr.4016

R. Zhuang, S. A. DeLoach, and X. Ou, "Towards a Theory of Moving Target Defense," in Proceedings of the First ACM Workshop on Moving Target Defense, New York, NY, USA, Nov. 2014, pp. 31-40. https://doi.org/10.1145/2663474.2663479

J.-H. Cho et al., "Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense," arXiv:1909.08092 [cs], Sep. 2019, Accessed: Aug. 01, 2021. [Online]. Available: http://arxiv.org/abs/1909.08092.

A. Chowdhary, A. Alshamrani, D. Huang, and H. Liang, "MTD Analysis and evaluation framework in Software Defined Network (MASON)," in Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, New York, NY, USA, Mar. 2018, pp. 43-48. https://doi.org/10.1145/3180465.3180473

A. Chowdhary, S. Pisharody, and D. Huang, "SDN based Scalable MTD solution in Cloud Network," in Proceedings of the 2016 ACM Workshop on Moving Target Defense, New York, NY, USA, Oct. 2016, pp. 27-36. https://doi.org/10.1145/2995272.2995274

H. Alavizadeh, J. Jang-Jaccard, and D. S. Kim, "Evaluation for Combination of Shuffle and Diversity on Moving Target Defense Strategy for Cloud Computing," in 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), Aug. 2018, pp. 573-578. https://doi.org/10.1109/TrustCom/BigDataSE.2018.00087

M. Torquato and M. Vieira, "Moving target defense in cloud computing: A systematic mapping study," Computers & Security, vol. 92, May 2020, Art. no. 101742. https://doi.org/10.1016/j.cose.2020.101742

B. Potteiger, Z. Zhang, and X. Koutsoukos, "Integrated moving target defense and control reconfiguration for securing Cyber-Physical systems," Microprocessors and Microsystems, vol. 73, Mar. 2020, Art. no. 102954. https://doi.org/10.1016/j.micpro.2019.102954

P. Wang, M. Zhou, and Z. Ding, "A Two-Layer IP Hopping-Based Moving Target Defense Approach to Enhancing the Security of Mobile Ad-Hoc Networks," Sensors, vol. 21, no. 7, Jan. 2021, Art. no. 2355. https://doi.org/10.3390/s21072355

E. M. Ghourab and M. Azab, "Benign false-data injection as a moving-target defense to secure mobile wireless communications," Ad Hoc Networks, vol. 102, May 2020, Art. no. 102064. https://doi.org/10.1016/j.adhoc.2019.102064

R. L. S. de Oliveira, C. M. Schweitzer, A. A. Shinoda, and L. R. Prete, "Using Mininet for emulation and prototyping Software-Defined Networks," in 2014 IEEE Colombian Conference on Communications and Computing (COLCOM), Bogota, Colombia, Jun. 2014, pp. 1-6. https://doi.org/10.1109/ColComCon.2014.6860404

K. Giotis, C. Argyropoulos, G. Androulidakis, D. Kalogeras, and V. Maglaris, "Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments," Computer Networks, vol. 62, pp. 122-136, Apr. 2014. https://doi.org/10.1016/j.bjp.2013.10.014

L. Liang, K. Zheng, Q. Sheng, and X. Huang, "A Denial of Service Attack Method for an IoT System," in 2016 8th International Conference on Information Technology in Medicine and Education (ITME), Fuzhou, China, Dec. 2016, pp. 360-364. https://doi.org/10.1109/ITME.2016.0087

M. Dujmić, D. Delija, G. Sirovatka, and M. Žagar, "Using FireEye Endpoint Security for educational purposes," in 2020 43rd International Convention on Information, Communication and Electronic Technology (MIPRO), Opatija, Croatia, Sep. 2020, pp. 1206-1211. https://doi.org/10.23919/MIPRO48935.2020.9245414

S. Chandel, S. Yu, T. Yitian, Z. Zhili, and H. Yusheng, "Endpoint Protection: Measuring the Effectiveness of Remediation Technologies and Methodologies for Insider Threat," in 2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), Guilin, China, Oct. 2019, pp. 81-89. https://doi.org/10.1109/CyberC.2019.00023

S. J. Yoo, "Study on Improving Endpoint Security Technology," Convergence Security Journal, vol. 18, pp. 19-25, 2018.

Downloads

How to Cite

[1]
M. F. Hyder, . Waseemullah, M. U. Farooq, U. Ahmed, and W. Raza, “Towards Enhancing the Endpoint Security using Moving Target Defense (Shuffle-based Approach) in Software Defined Networking”, Eng. Technol. Appl. Sci. Res., vol. 11, no. 4, pp. 7483–7488, Aug. 2021.

Metrics

Abstract Views: 570
PDF Downloads: 373

Metrics Information

Most read articles by the same author(s)