Moving Target Defense Based Security Framework Using Software Defined Networks (PhD Thesis)

By:

Hyder Muhammad Faraz [author]

Material type: Text

TextLanguage: English Publication details: Karachi : NED University of Engineering and Technology Department of Computer and Information Systems Engineering, 2020Description: XXVII, 28-170 p. : illSubject(s):

DDC classification:

005.8378242 HYD

Summary: Abstract : Cyber Security is an ever-going game between defender and attacker where most of the time attacker has the advantage over the defender. This advantage is due to static attack surface, time for exploration, vulnerabilities exploitation and launching of cyberattacks. A recent approach in the domain of cybersecurity is Moving Target Defense (MTD). The impetus behind MTD is to introduce dynamic behavior in cyber systems. This ensures that such systems are harder to predict, discover and attack. The continuous change in the attack surface neutralizes the asymmetric advantage of adversaries. MTD substantially increase the effort of attackers due to uncertainty in the identification of attack surface. This ensures that cybersecurity becomes an equal playing field for both players i.e. attacker and defender. Software Defined Networking (SON) is a popular choice for designing MTD solutions due to its programmability, centralized control and visibility. However, SDN security is itself a challenging task especially controllers are the active targets of attackers along with data plane resources. Existing SDN based MTD solutions are primarily limited to data planes. Moreover, these solutions consider a single controller for MTD design. Furthermore, these solutions don't take into account the digital forensics and privacy protection challenges in MTD based environment. There is a need to design a comprehensive framework that provides security for both planes of SDN i.e. control and data planes along with privacy protection and digital forensics capabilities. This thesis proposed an SDN based MTD solution for the protection of both control and data planes against the first stage of cyberattacks i.e. reconnaissance. The framework uses a distributed controllers-based approach for the design of the MTD solution. The distributed control plane not only improves the availability of SDN but also augments the MTD performance for the data plane. The control plane MTD comprises of main controllers along with shadow controllers to counter the reconnaissance attacks and deceive the attackers. These shadow controllers respond to the probing traffic directed against the SDN's brain i.e. controller. The data plane security is achieved using proactive and reactive MTD approaches. In the reactive approach, it capitalizes on the shadow servers-based technique against reconnaissance attacks. IP and Port shuffling techniques were incorporated at data plane servers as a proactive approach. Intent-based networking is also incorporated to achieve protection at data plane servers by dynamically redirecting the probing traffic. Moreover, the work also enhances the Domain Name System (DNS) privacy by exploiting the SDN based MTD and Intent-based networking solutions. The privacy module of the proposed framework substantially enhanced the DNS privacy by dynamically distributing DNS traffic across random ports. The framework proposed in this research also provided digital forensic capabilities which are highly important due to the constantly changing attack surface of MTD. The framework proposed in this thesis has been evaluated for control and data plane security, privacy enhancement and digital forensic capabilities. The framework achieved the desired goals of control plane and data plane security, DNS privacy enhancement and digital forensics capabilities at a low computational cost.

Holdings ( 2 )
Title notes ( 2 )

Holdings
Item type	Current library	Shelving location	Call number	Status	Date due	Barcode
Reference Collection	Government Document Section	Govt Publication Section	005.8378242 HYD	Available		96857
Reference Collection	Government Document Section	Govt Publication Section	005.8378242 HYD	Available		96858

Abstract :

Cyber Security is an ever-going game between defender and attacker where most of the time attacker has the advantage over the defender. This advantage is due to static attack surface, time for exploration, vulnerabilities exploitation and launching of cyberattacks. A recent approach in the domain of cybersecurity is Moving Target Defense (MTD). The impetus behind MTD is to introduce dynamic behavior in cyber systems. This ensures that such systems are harder to predict, discover and attack. The continuous change in the attack surface neutralizes the asymmetric advantage of adversaries. MTD substantially increase the effort of attackers due to uncertainty in the identification of attack surface. This ensures that cybersecurity becomes an equal playing field for both players i.e. attacker and defender. Software Defined Networking
(SON) is a popular choice for designing MTD solutions due to its programmability, centralized control and visibility. However, SDN security is itself a challenging task especially controllers are the active targets of attackers along with data plane resources. Existing SDN based MTD solutions are primarily limited to data planes. Moreover, these solutions consider a single controller for MTD design. Furthermore, these solutions don't take into account the digital forensics and privacy protection challenges in MTD based environment. There is a need to design a comprehensive framework that provides security for both planes of SDN i.e. control and data planes along with privacy protection and digital forensics capabilities.
This thesis proposed an SDN based MTD solution for the protection of both control and data planes against the first stage of cyberattacks i.e. reconnaissance. The framework uses a distributed controllers-based approach for the design of the MTD solution. The distributed control plane not only improves the availability of SDN but also augments the MTD performance for the data plane. The control plane MTD comprises of main controllers along with shadow controllers to counter the reconnaissance attacks and deceive the attackers. These shadow controllers respond to the probing traffic directed against the SDN's brain i.e. controller. The data plane security is achieved using proactive and reactive MTD approaches. In the reactive approach, it capitalizes on the shadow servers-based technique against reconnaissance attacks. IP and Port shuffling techniques were incorporated at data plane servers as a proactive approach. Intent-based networking is also incorporated to achieve protection at data plane servers by dynamically redirecting the probing traffic. Moreover, the work also enhances the Domain Name System (DNS) privacy by exploiting the SDN based MTD and Intent-based networking solutions. The privacy module of the proposed framework substantially enhanced the DNS privacy by dynamically distributing DNS traffic across random ports. The framework proposed in this research also provided digital forensic capabilities which are highly important due to the constantly changing attack surface of MTD. The framework proposed in this thesis has been evaluated for control and data plane security, privacy enhancement and digital forensic capabilities. The framework achieved the desired goals of control plane and data plane security, DNS privacy enhancement and digital forensics capabilities at a low computational cost.

Print
Suggest for purchase
Send to device
Save record
BIBTEX Dublin Core ISBD MARCXML RIS
More searches

Search for this title in:
Other Databases (Google Scholar) Open Library (openlibrary.org) Pakistan Union Catalogue (pastic.gov.pk) Other Libraries (WorldCat)