The existing address hopping methods need to design a new protocol of address exchanging and the scalability is usually limited. Also, its hopping cycle is difficult to make self-adaption. This paper proposes an address hopping method based on an improved Dynamic Host Configuration Protocol (DHCP). The number of hopping addresses is calculated by fitting and predicting network traffic which uses the auto regression integration moving average model. The hopping addresses are selected according to the address vacant time. The address lease time is adjusted dynamically according to the network anomaly which is detected by using the time series similarity measure algorithm based on dynamic time warping distance. Clients and application server are able to complete hopping communication based on the address mapping relationships. The proposed method can adjust hopping address and cycle dynamically without to modify the existing DHCP protocol, which not only increases attacker’s difficult of intercepting traffic and launching denial of service attack but also enhances the attacker’s overhead.
刘江,张红旗,杨英杰,王义功. 一种面向C/S模式的地址跳变主动网络防御方法[J]. 电子与信息学报, 2017, 39(4): 1007-1011.
LIU Jiang, ZHANG Hongqi, YANG Yingjie, WANG Yigong. A Proactive Network Defense Method Based on Address Hopping for C/S Model. JEIT, 2017, 39(4): 1007-1011.
ZHUANG Rui, BARDAS A G, DELOACH S A, et al. A theory of cyber attacks: A step towards analyzing MTD systems[C]. Proceedings of the Second ACM Workshop on Moving Target Defense, Denver, Colorado, 2015: 11-20.
[2]
GREEN M, MACFARLAND D C, SMESTAD D R, et al. Characterizing network-based moving target defenses[C]. Proceedings of the Second ACM Workshop on Moving Target Defense, Denver, Colorado, 2015: 31-35.
[3]
JAFARIAN J H, AL-SHAER E, and QI Duan. An effective address mutation approach for disrupting reconnaissance attacks[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(12): 2562-2577. doi: 10.1109/TIFS.2015. 2467358.
SHI Leyi, JIA Chunfu, and LÜShuwang. Research on end hopping for active network confrontation[J]. Journal on Communications, 2008, 29(2): 106-110.
[5]
ATIGHETCHI M, PAL P, WEBBER F, et al. Adaptive use of network-centric mechanisms in cyber-defense[C]. Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, Cambridge, MA, 2003: 183-192.
[6]
SIFALAKIS M, SCHMID S, and HUTCHISON D. Network address hopping: A mechanism to enhance data protection for packet communications[C]. 2005 IEEE International Conference on Communications, London, 2005: 1518-1523.
[7]
ANTONATOS S, AKRITIDIS P, MARKATOS E P, et al. Defending against hitlist worms using network address space randomization[J]. Computer Networks, 2007, 51(12): 3471-3490.
[8]
DUNLOP M, GROAT S, URBANSKI W, et al. MT6D: A moving target IPv6 defense[C]. 2011 IEEE Military Communications Conference, Baltimore, MD, 2011: 1321-1326.
LIU Huisheng, WANG Zhenxing, and GUO Yi. An IPv6 proactive network defense model based on multi-homing hopping[J]. Journal of Electronics & Information Technology, 2012, 34(7): 1715-1720. doi: 10.3724/SP.J.1146.2011.01350.
JIANG Ming, WU Chunming, ZHANG Min, et al. Research on the comparison of time series models for network traffic prediction[J]. Acta Electronica Sinica, 2009, 37(11): 2353-2358.
[11]
LI Junkui and WANG Yuanzhen. EA DTW: Early abandon to accelerate exact dynamic time warping[C]. 2007 International Conference on Intelligent Systems and Knowledge Engineering, Chengdu, China, 2007: 144-152.
[12]
赵春蕾. 端信息跳变系统自适应策略研究[D]. [博士论文], 南开大学, 2012.
ZHAO Chunlei. Research on adaptive strategies for end- hopping system[D]. [Ph.D. dissertation], Nankai University, 2012.