Design of a Protected Server Network with Decoys for Network-based Moving Target Defense

• Published in: 韓國컴퓨터情報學會論文誌 Vol. 23; no. 9; pp. 57 - 64
• Main Authors: 박태근(Tae-Keun Park), 박경민(Kyung-Min Park), 문대성(Dae-Sung Moon)
• Format: Journal Article
• Language: Korean
• Published: 한국컴퓨터정보학회 2018
• Subjects: 컴퓨터학; protected server; mutation; cyber security; decoy; Network-based moving target defense
• ISSN: 1598-849X; 2383-9945
• DOI: 10.9708/jksci.2018.23.09.057

In recent years, a new approach to cyber security, called the moving target defense, has emerged as a potential solution to the challenge of static systems. In this paper, we design a protected server network with a large number of decoys to anonymize the protected servers that dynamically mutate their IP address and port numbers according to Hidden Tunnel Networking, which is a network-based moving target defense scheme. In the network, a protected server is one-to-one mapped to a decoy-bed that generates a number of decoys, and the decoys share the same IP address pool with the protected server. First, the protected server network supports mutating the IP address and port numbers of the protected server very frequently regardless of the number of decoys. Second, it provides independence of the decoy-bed configuration. Third, it allows the protected servers to freely change their IP address pool. Lastly, it can reduce the possibility that an attacker will reuse the discovered attributes of a protected server in previous scanning. We believe that applying Hidden Tunnel Networking to protected servers in the proposed network can significantly reduce the probability of the protected servers being identified and compromised by attackers through deploying a large number of decoys.