Chinese Journal of Network and Information Security ›› 2018, Vol. 4 ›› Issue (7): 1-12.doi: 10.11959/j.issn.2096-109x.2018061
• Comprehensive Reviews • Next Articles
Jinglei TAN1,2,Hongqi ZHANG1,2,Cheng LEI1,2,Xiaohu LIU1,Shuo WANG1
Revised:
2018-07-03
Online:
2018-07-15
Published:
2018-09-10
Supported by:
CLC Number:
Jinglei TAN, Hongqi ZHANG, Cheng LEI, Xiaohu LIU, Shuo WANG. Research progress on moving target defense for SDN[J]. Chinese Journal of Network and Information Security, 2018, 4(7): 1-12.
[1] | LANTZ B , HELLER B , Mckeown N . A network in a laptop:rapid prototyping for software-defined networks[C]// ACM Workshop on Hot Topics in Networks.HOTNETS 2010,Monterey,Ca,Usa October. DBLP, 2010: 1-6. |
[2] | KREUTZ D , RAMOS F M V ,et al. Software-defined networking:a comprehensive survey[J]. Proceedings of the IEEE, 2014,103(1): 10-13. |
[3] | SCOTT-HAYWARD S , O'CALLAGHAN G , SEZER S . SDN security:a survey[C]// Future Networks and Services. IEEE, 2013: 1-7. |
[4] | EATHERTON W , . The push of network processing to the top of the pyramid[C]// Architecture for Networking and Communications Systems. 2005. |
[5] | BENTON K , CAMP L J , SMALL C . OpenFlow vulnerability assessment[C]// ACM SIGCOMM Workshop on Hot Topics in Software Defined NETWORKING. ACM, 2013: 151-152. |
[6] | OpenFlow Switch Specification v1.3.0(2013)[S]. . |
[7] | JAJODIA S , GHOSH A K , SWARUP V ,et al. Moving target defense:creating asymmetric uncertainty for Cyber Threats[M]. Berlin: Springer,2011, 54. |
[8] | MANADHATA P K , WING J M . A formal model for a system’s attack surface[J]. Advances in Information Security, 2011,54: 1-28. |
[9] | ZHANG H G , HAN W B , LAI X J ,et al. Survey on cyberspace security[J]. Science China Information Sciences, 2015,58(11): 1-43. |
[10] | 雷程, 马多贺, 张红旗, 杨英杰, 王利明 . 基于网络攻击面自适应转换的移动目标防御技术[J]. 计算机学报, 2017(5): 1-23. |
LEI C , MA D , ZHANG H ,et al. Moving target defense technology based on network attack surface self-adaptive mutation[J]. Chinese Journal of Computers, 2017(5): 1-23. | |
[11] | MA D , LEI C , WANG L ,et al. A Self-adaptive hopping approach of moving target defense to thwart scanning attacks[C]// International Conference on Information and Communications,Security, 2016. |
[12] | PAPPA A C , ASHOK A , GOVINDARASU M . Moving target defense for securing smart grid communications:architecture,implementation & evaluation[C]// Power & Energy Society Innovative Smart Grid Technologies Conference. IEEE, 2017: 1-5. |
[13] | ZARGAR S T , JOSHI J , TIPPER D . A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks[J]. IEEE Communications Surveys & Tutorials, 2013,15(4): 2046-2069. |
[14] | TOOTOONCHIAN A , GORBUNOV S , SHERWOOD R ,et al. On controller performance in software-defined networks[C]// Usenix Conference on Hot Topics in Management of Internet,Cloud,and Enterprise Networks and Services. USENIX Association, 2012. |
[15] | FEGHALI A , KILANY R , CHAMOUN M . SDN security problems and solutions analysis[C]// International Conference on Protocol Engineering. IEEE, 2015: 1-5. |
[16] | ZHUANG R . A theory for understanding and quantifying moving target defense[J]. Dissertations & Theses - Gradworks, 2015. |
[17] | KAMPANAKIS P , PERROS H , BEYENE T . SDN-based solutions for moving target defense network protection[C]// World of Wireless,Mobile and Multimedia Networks. IEEE, 2014: 1-6. |
[18] | CHUN C J , XING T , HUANG D ,et al. SeReNe:on establishing secure and resilient networking services for an SDN-based multi-tenant datacenter environment[C]// IEEE International Conference on Dependable Systems and Networks Workshops. IEEE, 2015: 4-11. |
[19] | ZHOU H , WU C , JIANG M ,et al. Evolving defense mechanism for future network security[J]. IEEE Communications Magazine, 2015,53(4): 45-51. |
[20] | WANG J , XIAO F , HUANG J ,et al. CHAOS:an SDN-based moving target defense system[J]. arXiv:1704.01482, 2017. |
[21] | KOPONEN T , CASADO M , GUDE N ,et al. Onix:a distributed control platform for large-scale production networks[C]// Usenix Conference on Operating Systems Design and Implementation. USENIX Association, 2010: 351-364. |
[22] | JAFARIAN J H , AL-SHAER E , DUAN Q . Openflow random host mutation:transparent moving target defense using software defined networking[C]// The Workshop on Hot Topics in Software Defined Networks. ACM, 2012: 127-132. |
[23] | CORBETT C , UHER J , COOK J ,et al. Countering intelligent jamming with full protocol stack agility[J]. IEEE Security & Privacy, 2014,12(2): 44-50. |
[24] | JAFARIAN J H H , AL-SHAER JE , DUAN Q . Spatio-temporal address mutation for proactive cyber agility against sophisticated attackers[C]// ACM Workshop. ACM, 2014: 69-78. |
[25] | JAFARIAN J H , AL-SHAER E , DUAN Q . Adversary-aware IP address randomization for proactive agility against sophisticated attackers[C]// Computer Communications. IEEE, 2015: 738-746. |
[26] | JAFARIAN J H , AL-SHAER E , DUAN Q . An effective address mutation approach for disrupting reconnaissance attacks[J]. IEEE Transactions on Information Forensics & Security, 2015,10(12): 2562-2577. |
[27] | CHAVEZ A R , STOUT W M S , Peisert S . Techniques for the dynamic randomization of network attributes[C]// International Carnahan Conference on Security Technology. IEEE, 2016: 1-6. |
[28] | SMITH R J , ZINCIR-HEYWOOD A N , JACOBS J T ,et al. Initiating a moving target network defense with a real-time neuro-evolutionary detector[C]// Genetic and Evolutionary Computation Conference Companion. ACM, 2016: 1095-1102. |
[29] | NOJOUMIAN M , GOLCHUBIAN A , SAPUTRO N ,et al. Preventing collusion between SDN defenders anc attackers using a game theoretical approach[C]// Computer Communications Workshops. IEEE, 2017. |
[30] | MACFARLAND D C , SHUE C A . The SDN Shuffle:creating a moving-target defense using host-based software-defined networking[C]// ACM Workshop on Moving Target Defense. ACM, 2015: 37-41. |
[31] | CHAVEZ A R , STOUT W M S , PEISERT S . Techniques for the dynamic randomization of network attributes[C]// International Carnahan Conference on Security Technology. IEEE, 2016: 1-6. |
[32] | WANG S , ZHANG L , TANG C . A new dynamic address solution for moving target defense[C]// Information Technology,Networking,Electronic and Automation Control Conference,IEEE, 2016: 1149-1152. |
[33] | AYDEGER A , SAPUTRO N , AKKAYA K ,et al. Mitigating crossfire attacks using sdn-based moving target defense[C]// Local Computer Networks. IEEE, 2016: 627-630. |
[34] | MIN S K , LEE S B , GLIGOR V D . The crossfire attack[C]// IEEE Symposium on Security and Privacy. IEEE Computer Society, 2013: 127-141. |
[35] | WANG Q , XIAO F , ZHOU M ,et al. Linkbait:active link obfuscation to thwart link-flooding attacks[J]. arXiv:1703.09521, 2017. |
[36] | ASEERI A , NETJINDA N , HEWETT R . Alleviating eavesdropping attacks in software-defined networking data plane[C]// Conference on Cyber and Information Security Research. ACM, 2017:1. |
[37] | FEAMSTER N , REXFORD J , ZEGURA E . The road to SDN:an intellectual history of programmable networks[M]. ACM, 2014. |
[38] | LIU J , ZHANG H , GUO Z . A Defense mechanism of random routing mutation in SDN[J]. Ieice Transactions on Information & Systems, 2017,100(5): 1046-1054. |
[39] | DUAN Q , AL-SHAER E , JAFARIAN H . Efficient random route mutation considering flow and network constraints[C]// Communications and Network Security. IEEE, 2013: 260-268. |
[40] | 雷程, 马多贺, 张红旗 ,等. 基于最优路径跳变的网络移动目标防御技术[J]. 通信学报, 2017,38(3): 133-143. |
LEI C , MA D H , ZHANG H Q ,et al. Network moving target defense technique based on optimal forwarding path migration[J]. Journal on Communications, 2017,38(3): 133-143. | |
[41] | JAFARIAN J H , AL-SHAER E , DUAN Q . Formal approach for route agility against persistent attackers[C]// European Symposium on Research in Computer Security. Springer,Berlin,Heidelberg, 2013: 237-254. |
[42] | RAUF U , GILLANI F , AL-SHAER E ,et al. Formal approach for resilient reachability based on end-system route agility[C]// ACM Workshop on Moving Target Defense. ACM, 2016: 117-127. |
[43] | HAACK J N , FINK G A , MAIDEN W M ,et al. Ant-based cyber security[C]// Eighth International Conference on Information Technology:New Generations. IEEE, 2011: 918-926. |
[44] | FINK G A , HAACK J N , MCKINNON A D ,et al. Defense on the move:ant-based cyber defense[J]. IEEE Security & Privacy, 2014,12(2): 36-43. |
[45] | MIYAZAKI R , KAWAMOTO J , MATSUMOTO S ,et al. Host independent and distributed detection system of the network attack by using OpenFlow[C]// International Conference on Information NETWORKING. IEEE, 2017: 236-241. |
[46] | LEI C , ZHANG H Q , MA D H ,et al. Network moving target defense technique based on self-adaptive end-point hopping[J]. Arabian Journal for Science & Engineering, 2017,42(8): 1-14. |
[47] | ZHANG H Q , LEI C , CHANG D X ,et al. Network moving target defense technique based on collaborative mutation[J]. Computers &Security, 2017,70: 51-71. |
[48] | LEE H C J , THING V L L . Port hopping for resilient networks[C]// Vehicular Technology Conference,IEEE, 2004: 3291-3295. |
[49] | BADISHI G , HERZBERG A , KEIDAR I . Keeping denial-of-service attackers in the dark[J]. IEEE Transactions on Dependable & Secure Computing, 2007,4(3): 191-204. |
[50] | SHI L , JIA C , Lü S ,et al. Port and address hopping for active cyber-defense[M]// Intelligence and Security Informatics. Springer Berlin Heidelberg, 2007: 295-300. |
[51] | LUO Y B , WANG B S , WANG X F ,et al. A keyed-hashing based self-synchronization mechanism for port address hopping communication[J]. Frontiers of Information Technology and Electronic Engineering, 2017,18(5): 719-728. |
[52] | ZHANG L , WANG Z , GU K ,et al. Transparent synchronization based port mutation scheme in SDN network[C]// International Conference on Computer Science and Network Technology. 2016: 581-585. |
[53] | ZHANG L , GUO Y , YUWEN H ,et al. A port hopping based dos mitigation scheme in SDN network[C]// International Conference on Computational Intelligence and Security. IEEE, 2017: 314-317. |
[54] | MA D , XU Z , LIN D . Defending blind DDoS attack on SDN based on moving target defense[C]// International Conference on Security and Privacy in Communication Networks. 2014: 463-480. |
[55] | WU Z , WEI Q , REN K ,et al. A dynamic defense using client puzzle for identity-forgery attack on the south-bound of software defined networks[J]. Ksii Transactions on Internet & Information Systems, 2017,11(2): 846-864. |
[56] | CHOWDHARY A , PISHARODY S , ALSHAMRANI A ,et al. Dynamic game based security framework in SDN-enabled cloud networking environments[C]// ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. ACM, 2017: 53-58. |
[57] | JANTILA S , CHAIPAH K . A Security analysis of a hybrid mechanism to defend DDoS attacks in SDN[J]. Procedia Computer Science, 2016,86: 437-440. |
[58] | DEVI S R , YOGESH P . A Hybrid approach to counter application layer DDoS attacks[J]. International Journal on Cryptography &Information Security, 2012. |
[59] | DEBROY S , CALYAM P , NGUYEN M ,et al. Frequency-minimal moving target defense using software-defined networking[C]// International Conference on Computing,Networking and Communications. IEEE, 2016: 1-6. |
[60] | GILLANI F , AL-SHAER E , LO S ,et al. Agile virtualized infrastructure to proactively defend against cyber attacks[C]// Computer Communications. IEEE, 2015: 729-737. |
[61] | SHIN S , PORRAS P , YEGNESWARAN V ,et al. FRESCO:modular composable security services for software defined networks[J]. Proceedings of Network & Distributed Security Symposium, 2013. |
[62] | SHIN S , GU G . CloudWatcher:network security monitoring using openflow in dynamic cloud networks (or:How to provide security monitoring as a service in clouds?)[C]// IEEE International Conference on Network Protocols. IEEE Computer Society, 2012: 1-6. |
[63] | ZAALOUK A , KHONDOKER R , MARX R ,et al. OrchSec:anorchestrator-based architecture for enhancing network-security using Network Monitoring and SDN Control functions[C]// Noms. IEEE, 2014: 1-9. |
[1] | Genlin XIE, Guozhen CHENG, Yawen WANG, Qingfeng WANG. Software diversity evaluating method based on gadget feature analysis [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 161-173. |
[2] | Benwei HE, Yunfei GUO, Yawen WANG, Qingfeng WANG, Hongchao HU. Software diversification method based on binary rewriting [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 94-103. |
[3] | Fenghua LI, Hui LI, Ben NIU, Weidong QIU. Academic connotation and research trends of privacy computing [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 1-8. |
[4] | Zuobin YING, Yichen FANG, Yiwen ZHANG. Privacy-preserving federated learning framework with dynamic weight aggregation [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 56-65. |
[5] | Tao JIANG, Hang XU, Liangmin WANG, Jianfeng MA. Proof of storage with corruption identification and recovery for dynamic group users [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 75-87. |
[6] | Cong LI, Xinsheng JI, Ushuxin LI, Jinsong LI, Haitao LI. Link prediction method for dynamic networks based on matching degree of nodes [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 131-143. |
[7] | Fan GAO, Jian WANG, Jiqiang LIU. Research on link detection technology based on dynamic browser fingerprint [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 144-156. |
[8] | Zichi WANG, Guorui FENG, Xinpeng ZHANG. Steganography in NFT images [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 18-28. |
[9] | Weizhen HE, Fucai CHEN, Jie NIU, Jinglei TAN, Shumin HUO, Guozhen CHENG. Research progress on dynamic hopping technology for network layer [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 44-55. |
[10] | Xiang LI, Hao WANG, Qiange LIU, Chao WANG, Jian MAO, Jianwei LIU. Information service identity generation and management scheme for service supervision [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 169-177. |
[11] | Peijie LI, Li ZHANG, Yunfei XIA, Liming XU. Architecture design of re-configurable convolutional neural network on software definition [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 29-36. |
[12] | Haoyu CHEN, Deqing ZOU, Hai JIN. Verification on policies for network functions in SDN/NFV-based environment [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 59-71. |
[13] | Wei ZENG, Hongchao HU, Lingshu LI, Shumin HUO. Dynamic heterogeneous scheduling method based on Stackelberg game model in container cloud [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 95-104. |
[14] | Liming PU, Hongquan WEI, Xing LI, Yiming JIANG. Mimic cloud service architecture for cloud applications [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 101-112. |
[15] | Bin WANG, Liang CHEN, Yaguan QIAN, Yankai GUO, Qiqi SHAO, Jiamin WANG. Moving target defense against adversarial attacks [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 113-120. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|