000 04155nam a2200205Ia 4500
008 210226s2020||||xx |||||||||||||| ||eng||
022 _lphd
041 _aeng
082 _a005.8378242
_bHYD
100 _aHyder Muhammad Faraz,
_eAU
245 0 _aMoving Target Defense Based Security Framework Using Software Defined Networks (PhD Thesis)
260 _aKarachi :
_bNED University of Engineering and Technology Department of Computer and Information Systems Engineering,
_c2020
300 _aXXVII, 28-170 p.
_b: ill
504 _aYN
520 _aAbstract : Cyber Security is an ever-going game between defender and attacker where most of the time attacker has the advantage over the defender. This advantage is due to static attack surface, time for exploration, vulnerabilities exploitation and launching of cyberattacks. A recent approach in the domain of cybersecurity is Moving Target Defense (MTD). The impetus behind MTD is to introduce dynamic behavior in cyber systems. This ensures that such systems are harder to predict, discover and attack. The continuous change in the attack surface neutralizes the asymmetric advantage of adversaries. MTD substantially increase the effort of attackers due to uncertainty in the identification of attack surface. This ensures that cybersecurity becomes an equal playing field for both players i.e. attacker and defender. Software Defined Networking (SON) is a popular choice for designing MTD solutions due to its programmability, centralized control and visibility. However, SDN security is itself a challenging task especially controllers are the active targets of attackers along with data plane resources. Existing SDN based MTD solutions are primarily limited to data planes. Moreover, these solutions consider a single controller for MTD design. Furthermore, these solutions don't take into account the digital forensics and privacy protection challenges in MTD based environment. There is a need to design a comprehensive framework that provides security for both planes of SDN i.e. control and data planes along with privacy protection and digital forensics capabilities. This thesis proposed an SDN based MTD solution for the protection of both control and data planes against the first stage of cyberattacks i.e. reconnaissance. The framework uses a distributed controllers-based approach for the design of the MTD solution. The distributed control plane not only improves the availability of SDN but also augments the MTD performance for the data plane. The control plane MTD comprises of main controllers along with shadow controllers to counter the reconnaissance attacks and deceive the attackers. These shadow controllers respond to the probing traffic directed against the SDN's brain i.e. controller. The data plane security is achieved using proactive and reactive MTD approaches. In the reactive approach, it capitalizes on the shadow servers-based technique against reconnaissance attacks. IP and Port shuffling techniques were incorporated at data plane servers as a proactive approach. Intent-based networking is also incorporated to achieve protection at data plane servers by dynamically redirecting the probing traffic. Moreover, the work also enhances the Domain Name System (DNS) privacy by exploiting the SDN based MTD and Intent-based networking solutions. The privacy module of the proposed framework substantially enhanced the DNS privacy by dynamically distributing DNS traffic across random ports. The framework proposed in this research also provided digital forensic capabilities which are highly important due to the constantly changing attack surface of MTD. The framework proposed in this thesis has been evaluated for control and data plane security, privacy enhancement and digital forensic capabilities. The framework achieved the desired goals of control plane and data plane security, DNS privacy enhancement and digital forensics capabilities at a low computational cost.
650 0 _aIntent Based Networking Thesis
_9882779
650 0 _aMoving Target Defense Thesis
_9158195
650 0 _aSDN Security Thesis
_9882780
942 _cPHD
_2ddc
999 _c364082
_d364082