Analysis of Network Address Shuffling as a Moving Target Defense
Address shuffling is a type of moving target defense that prevents an attacker from reliably contacting a system by periodically remapping network addresses. Although limited testing has demonstrated it to be effective, little research has been conducted to examine the theoretical limits of address shuffling. As a result, it is difficult to understand how effective shuffling is and under what circumstances it is a viable moving target defense. This paper introduces probabilistic models that can provide insight into the performance of address shuffling. These models quantify the probability of attacker success in terms of network size, quantity of addresses scanned, quantity of vulnerable systems, and the frequency of shuffling. Theoretical analysis will show that shuffling is an acceptable defense if there is a small population of vulnerable systems within a large network address space, however shuffling has a cost for legitimate users. These results will also be shown empirically using simulation and actual traffic traces.
- Research Organization:
- Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-76RL01830
- OSTI ID:
- 1156989
- Report Number(s):
- PNNL-SA-98303
- Resource Relation:
- Conference: 2014 IEEE International Conference on Communications, June 10-14, 2014, Sydney, Australia, 701-706
- Country of Publication:
- United States
- Language:
- English
Similar Records
Game theory-based attack and defense analysis in virtual wireless networks with jammers and eavesdroppers
A symmetric address translation approach for a network layer moving target defense to secure power grid networks