Premium
An SDN‐based MTD model
Author(s) -
Yang Yubin,
Cheng Liming
Publication year - 2018
Publication title -
concurrency and computation: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.309
H-Index - 67
eISSN - 1532-0634
pISSN - 1532-0626
DOI - 10.1002/cpe.4897
Subject(s) - computer science , ipv4 , network security , identification (biology) , ipv6 , protocol (science) , basis (linear algebra) , space (punctuation) , data mining , computer network , distributed computing , the internet , mathematics , medicine , botany , alternative medicine , geometry , pathology , world wide web , biology , operating system
Summary An SDN‐based moving target defense (MTD) model maps the physical network elements to a considerably larger space than the original address space and creates different times of validity randomly to generate mapping addresses on the basis of the security level of the targets accessed, making it more difficult for attackers to find the targets. The methods used to make the MTD technique work include generating different times of validity and coefficients of difficulty for the address mapping randomly based on the security level of the targets accessed, changing the mapping destination IPv4 to IPv6 (to increase the target space by several orders of magnitude), transforming the IP, MAC addresses, and the protocol ports, and mapping the SDN network elements. All of these measures increase the difficulty of network reconnaissance, making it more difficult for attackers to obtain authentic target information. In this paper, we present the relevant technological background, discuss the design of a new security adaptive system model based on SDN, and propose a target security level identification algorithm and a network element information mapping algorithm.