Towards Network Level Moving Target Defense with Software Defined Networking
Open Access
- Author:
- Wang, Li
- Graduate Program:
- Information Sciences and Technology
- Degree:
- Doctor of Philosophy
- Document Type:
- Dissertation
- Date of Defense:
- May 03, 2021
- Committee Members:
- Mary Beth Rosson, Program Head/Chair
Linhai Song, Chair & Dissertation Advisor
Sencun Zhu, Outside Unit & Field Member
Anna Squicciarini, Major Field Member
Mary Beth Rosson, Major Field Member - Keywords:
- network security
moving target defense
software-defined networking
network reconnaissance protection
network reflector
shadow network
SDN
SDN security application - Abstract:
- Current computer systems are built in a relatively static nature. Once deployed, computer systems will keep running unchanged. They will use the fixed operating systems, a set of fixed software stacks, and the same network configurations, which keep them easy to operate and manage. However, their static nature makes them easy targets of cyber attacks as well. Attackers are able to spend as much time as they can to find an effective way to compromise a target system. Moving Target Defense was proposed as a promising defense paradigm to break the static nature of current computer systems. It tries to introduce uncertainty and unpredictability into computer systems, which can greatly raise the bar for attackers. Software Defined Networking (SDN) is a new network paradigm, which provides unprecedented flexibility and programmability to computer networks. In this dissertation, we propose to achieve a Moving Target Defense at the network level with SDN. First, we present Sniffer Reflector, a new method to practice Moving Target Defense against network reconnaissance. Network reconnaissance is usually regarded as the very first step of most attacks. The basic idea is to employ SDN programming capability and virtualization technologies to defend against malicious network reconnaissance. We use SDN and network node virtualization technologies to provide an obfuscated reconnaissance result for the attackers. Our experiment results show that Sniffer Reflector is effective and efficient in blurring malicious network reconnaissance. Then, we propose Shoal, a network-level Moving Target Defense engine over SDN networks. Shoal seeks to build a comprehensive Moving Target Defense engine with multiple MTD strategies over SDN networks. It is designed to fit the need of various security protections and defend against diverse attacks in software defined networks and other virtual network environments. Our experiment shows the effectiveness of Shoal protection and demonstrates it is able to provide complicated protections and mitigate advanced attacks. Finally, we propose SecControl, a practical security protection framework combining the existing security tools and SDN technologies, to produce a comprehensive network security solution in an SDN network environment. SecControl provides a traditional-security-tool-friendly security solution for SDN networks. Our experiment shows that SecControl can cooperate with many mainstream security tools and provide effective defense responses over SDN-supported networks.