Moving Target Defense Based Security Framework Using Software Defined Networks (PhD Thesis) (Record no. 364082)
[ view plain ]
| 000 -LEADER | |
|---|---|
| fixed length control field | 04155nam a2200205Ia 4500 |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION | |
| fixed length control field | 210226s2020||||xx |||||||||||||| ||eng|| |
| 022 ## - INTERNATIONAL STANDARD SERIAL NUMBER | |
| ISSN-L | phd |
| 041 ## - LANGUAGE CODE | |
| Language code of text/sound track or separate title | English |
| 082 ## - DEWEY DECIMAL CLASSIFICATION NUMBER | |
| Classification number | 005.8378242 |
| Item number | HYD |
| 100 ## - MAIN ENTRY--PERSONAL NAME | |
| Personal name | Hyder Muhammad Faraz, |
| Relator term | author |
| 245 #0 - TITLE STATEMENT | |
| Title | Moving Target Defense Based Security Framework Using Software Defined Networks (PhD Thesis) |
| 260 ## - PUBLICATION, DISTRIBUTION, ETC. | |
| Place of publication, distribution, etc. | Karachi : |
| Name of publisher, distributor, etc. | NED University of Engineering and Technology Department of Computer and Information Systems Engineering, |
| Date of publication, distribution, etc. | 2020 |
| 300 ## - PHYSICAL DESCRIPTION | |
| Extent | XXVII, 28-170 p. |
| Other physical details | : ill |
| 504 ## - BIBLIOGRAPHY, ETC. NOTE | |
| Bibliography, etc. note | Includes Bibliographical References |
| 520 ## - SUMMARY, ETC. | |
| Summary, etc. | Abstract :<br/><br/>Cyber Security is an ever-going game between defender and attacker where most of the time attacker has the advantage over the defender. This advantage is due to static attack surface, time for exploration, vulnerabilities exploitation and launching of cyberattacks. A recent approach in the domain of cybersecurity is Moving Target Defense (MTD). The impetus behind MTD is to introduce dynamic behavior in cyber systems. This ensures that such systems are harder to predict, discover and attack. The continuous change in the attack surface neutralizes the asymmetric advantage of adversaries. MTD substantially increase the effort of attackers due to uncertainty in the identification of attack surface. This ensures that cybersecurity becomes an equal playing field for both players i.e. attacker and defender. Software Defined Networking <br/>(SON) is a popular choice for designing MTD solutions due to its programmability, centralized control and visibility. However, SDN security is itself a challenging task especially controllers are the active targets of attackers along with data plane resources. Existing SDN based MTD solutions are primarily limited to data planes. Moreover, these solutions consider a single controller for MTD design. Furthermore, these solutions don't take into account the digital forensics and privacy protection challenges in MTD based environment. There is a need to design a comprehensive framework that provides security for both planes of SDN i.e. control and data planes along with privacy protection and digital forensics capabilities. <br/>This thesis proposed an SDN based MTD solution for the protection of both control and data planes against the first stage of cyberattacks i.e. reconnaissance. The framework uses a distributed controllers-based approach for the design of the MTD solution. The distributed control plane not only improves the availability of SDN but also augments the MTD performance for the data plane. The control plane MTD comprises of main controllers along with shadow controllers to counter the reconnaissance attacks and deceive the attackers. These shadow controllers respond to the probing traffic directed against the SDN's brain i.e. controller. The data plane security is achieved using proactive and reactive MTD approaches. In the reactive approach, it capitalizes on the shadow servers-based technique against reconnaissance attacks. IP and Port shuffling techniques were incorporated at data plane servers as a proactive approach. Intent-based networking is also incorporated to achieve protection at data plane servers by dynamically redirecting the probing traffic. Moreover, the work also enhances the Domain Name System (DNS) privacy by exploiting the SDN based MTD and Intent-based networking solutions. The privacy module of the proposed framework substantially enhanced the DNS privacy by dynamically distributing DNS traffic across random ports. The framework proposed in this research also provided digital forensic capabilities which are highly important due to the constantly changing attack surface of MTD. The framework proposed in this thesis has been evaluated for control and data plane security, privacy enhancement and digital forensic capabilities. The framework achieved the desired goals of control plane and data plane security, DNS privacy enhancement and digital forensics capabilities at a low computational cost. <br/> |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name entry element | Intent Based Networking Thesis |
| 9 (RLIN) | 882779 |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name entry element | Moving Target Defense Thesis |
| 9 (RLIN) | 158195 |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name entry element | SDN Security Thesis |
| 9 (RLIN) | 882780 |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) | |
| Koha item type | PHD Thesis |
| Source of classification or shelving scheme | Dewey Decimal Classification |
| Withdrawn status | Lost status | Physical Form | Damaged status | Not for loan | Home library | Current library | Shelving location | Date acquired | Stock Type | Total Checkouts | Full call number | Barcode | Date last seen | Accession Date | Koha item type |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Text, Hardcover | Government Document Section | Government Document Section | Govt Publication Section | 20/10/2022 | Donation | 005.8378242 HYD | 96857 | 20/10/2022 | 26/02/2021 | Reference Collection | |||||
| Text, Hardcover | Government Document Section | Government Document Section | Govt Publication Section | 20/10/2022 | Donation | 005.8378242 HYD | 96858 | 20/10/2022 | 26/02/2021 | Reference Collection |