|
|
A Proactive Network Defense Method Based on Address Hopping for C/S Model |
LIU Jiang ZHANG Hongqi YANG Yingjie WANG Yigong |
(Information Engineering University, Zhengzhou 450001, China) (Henan Key Laboratory of Information Security, Zhengzhou 450001, China) |
|
|
Abstract The existing address hopping methods need to design a new protocol of address exchanging and the scalability is usually limited. Also, its hopping cycle is difficult to make self-adaption. This paper proposes an address hopping method based on an improved Dynamic Host Configuration Protocol (DHCP). The number of hopping addresses is calculated by fitting and predicting network traffic which uses the auto regression integration moving average model. The hopping addresses are selected according to the address vacant time. The address lease time is adjusted dynamically according to the network anomaly which is detected by using the time series similarity measure algorithm based on dynamic time warping distance. Clients and application server are able to complete hopping communication based on the address mapping relationships. The proposed method can adjust hopping address and cycle dynamically without to modify the existing DHCP protocol, which not only increases attacker’s difficult of intercepting traffic and launching denial of service attack but also enhances the attacker’s overhead.
|
Received: 19 May 2016
Published: 24 February 2017
|
|
Fund: The National 863 Program of China (2012AA012704), The Scientific and Technological Leading Talent Project of Zhengzhou (131PLJRC644) |
Corresponding Authors:
LIU Jiang
E-mail: liujiang2333@163.com
|
|
|
|
[1] |
ZHUANG Rui, BARDAS A G, DELOACH S A, et al. A theory of cyber attacks: A step towards analyzing MTD systems[C]. Proceedings of the Second ACM Workshop on Moving Target Defense, Denver, Colorado, 2015: 11-20.
|
[2] |
GREEN M, MACFARLAND D C, SMESTAD D R, et al. Characterizing network-based moving target defenses[C]. Proceedings of the Second ACM Workshop on Moving Target Defense, Denver, Colorado, 2015: 31-35.
|
[3] |
JAFARIAN J H, AL-SHAER E, and QI Duan. An effective address mutation approach for disrupting reconnaissance attacks[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(12): 2562-2577. doi: 10.1109/TIFS.2015. 2467358.
|
[4] |
石乐义, 贾春福, 吕述望. 基于端信息跳变的主动网络防护研究[J]. 通信学报, 2008, 29(2): 106-110.
|
|
SHI Leyi, JIA Chunfu, and LÜShuwang. Research on end hopping for active network confrontation[J]. Journal on Communications, 2008, 29(2): 106-110.
|
[5] |
ATIGHETCHI M, PAL P, WEBBER F, et al. Adaptive use of network-centric mechanisms in cyber-defense[C]. Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, Cambridge, MA, 2003: 183-192.
|
[6] |
SIFALAKIS M, SCHMID S, and HUTCHISON D. Network address hopping: A mechanism to enhance data protection for packet communications[C]. 2005 IEEE International Conference on Communications, London, 2005: 1518-1523.
|
[7] |
ANTONATOS S, AKRITIDIS P, MARKATOS E P, et al. Defending against hitlist worms using network address space randomization[J]. Computer Networks, 2007, 51(12): 3471-3490.
|
[8] |
DUNLOP M, GROAT S, URBANSKI W, et al. MT6D: A moving target IPv6 defense[C]. 2011 IEEE Military Communications Conference, Baltimore, MD, 2011: 1321-1326.
|
[9] |
刘慧生, 王振兴, 郭毅. 一种基于多穴跳变的IPv6主动防御模型[J]. 电子与信息学报, 2012, 34(7): 1715-1720. doi: 10.3724/SP.J.1146.2011.01350.
|
|
LIU Huisheng, WANG Zhenxing, and GUO Yi. An IPv6 proactive network defense model based on multi-homing hopping[J]. Journal of Electronics & Information Technology, 2012, 34(7): 1715-1720. doi: 10.3724/SP.J.1146.2011.01350.
|
[10] |
姜明, 吴春明, 张旻, 等. 网络流量预测中的时间序列模型比较[J]. 电子学报, 2009, 37(11): 2353-2358.
|
|
JIANG Ming, WU Chunming, ZHANG Min, et al. Research on the comparison of time series models for network traffic prediction[J]. Acta Electronica Sinica, 2009, 37(11): 2353-2358.
|
[11] |
LI Junkui and WANG Yuanzhen. EA DTW: Early abandon to accelerate exact dynamic time warping[C]. 2007 International Conference on Intelligent Systems and Knowledge Engineering, Chengdu, China, 2007: 144-152.
|
[12] |
赵春蕾. 端信息跳变系统自适应策略研究[D]. [博士论文], 南开大学, 2012.
|
|
ZHAO Chunlei. Research on adaptive strategies for end- hopping system[D]. [Ph.D. dissertation], Nankai University, 2012.
|
|
|
|