Cargando…
Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks
Network address shuffling is a novel moving target defense (MTD) that invalidates the address information collected by the attacker by dynamically changing or remapping the host’s network addresses. However, most network address shuffling methods are limited by the limited address space and rely on...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Public Library of Science
2017
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5425197/ https://www.ncbi.nlm.nih.gov/pubmed/28489910 http://dx.doi.org/10.1371/journal.pone.0177111 |
| _version_ | 1783235266017755136 |
|---|---|
| author | Wang, Kai Chen, Xi Zhu, Yuefei |
| author_facet | Wang, Kai Chen, Xi Zhu, Yuefei |
| author_sort | Wang, Kai |
| collection | PubMed |
| description | Network address shuffling is a novel moving target defense (MTD) that invalidates the address information collected by the attacker by dynamically changing or remapping the host’s network addresses. However, most network address shuffling methods are limited by the limited address space and rely on the host’s static domain name to map to its dynamic address; therefore these methods cannot effectively defend against random scanning attacks, and cannot defend against an attacker who knows the target’s domain name. In this paper, we propose a network defense method based on random domain name and address mutation (RDAM), which increases the scanning space of the attacker through a dynamic domain name method and reduces the probability that a host will be hit by an attacker scanning IP addresses using the domain name system (DNS) query list and the time window methods. Theoretical analysis and experimental results show that RDAM can defend against scanning attacks and worm propagation more effectively than general network address shuffling methods, while introducing an acceptable operational overhead. |
| format | Online Article Text |
| id | pubmed-5425197 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2017 |
| publisher | Public Library of Science |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-54251972017-05-15 Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks Wang, Kai Chen, Xi Zhu, Yuefei PLoS One Research Article Network address shuffling is a novel moving target defense (MTD) that invalidates the address information collected by the attacker by dynamically changing or remapping the host’s network addresses. However, most network address shuffling methods are limited by the limited address space and rely on the host’s static domain name to map to its dynamic address; therefore these methods cannot effectively defend against random scanning attacks, and cannot defend against an attacker who knows the target’s domain name. In this paper, we propose a network defense method based on random domain name and address mutation (RDAM), which increases the scanning space of the attacker through a dynamic domain name method and reduces the probability that a host will be hit by an attacker scanning IP addresses using the domain name system (DNS) query list and the time window methods. Theoretical analysis and experimental results show that RDAM can defend against scanning attacks and worm propagation more effectively than general network address shuffling methods, while introducing an acceptable operational overhead. Public Library of Science 2017-05-10 /pmc/articles/PMC5425197/ /pubmed/28489910 http://dx.doi.org/10.1371/journal.pone.0177111 Text en © 2017 Wang et al http://creativecommons.org/licenses/by/4.0/ This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. |
| spellingShingle | Research Article Wang, Kai Chen, Xi Zhu, Yuefei Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks |
| title | Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks |
| title_full | Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks |
| title_fullStr | Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks |
| title_full_unstemmed | Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks |
| title_short | Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks |
| title_sort | random domain name and address mutation (rdam) for thwarting reconnaissance attacks |
| topic | Research Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5425197/ https://www.ncbi.nlm.nih.gov/pubmed/28489910 http://dx.doi.org/10.1371/journal.pone.0177111 |
| work_keys_str_mv | AT wangkai randomdomainnameandaddressmutationrdamforthwartingreconnaissanceattacks AT chenxi randomdomainnameandaddressmutationrdamforthwartingreconnaissanceattacks AT zhuyuefei randomdomainnameandaddressmutationrdamforthwartingreconnaissanceattacks |