Experimental Evaluation of the IP Address Space Randomisation (IASR) Technique and Its Disruption to Selected Network Services
Abstract
In recent years, some CND researchers and experts have been suggesting the use of MTD as a proactive cyber security approach. MTD is a set of network defense techniques such as randomization, deception, etc., that significantly increases the attackers work effort. One randomization technique, called IASR, periodically or a periodically makes random changes to the networks IP addresses. This makes it harder for attackers to achieve their goals. However, despite its security benefits, this defense technique disrupts the functioning of some network services. It is therefore important to understand the level of disruption that comes with the technique. In this work, we experimentally evaluate IASR and its disruptive effects on selected network services. Using VMs, we carried out this experiment by setting up a typical computer network that supports selected network services, namely ping, mail, web, and streaming video. We transformed a typical zoned computer network into a flat network and implemented IASR on it. Then, we executed the four selected network services during IASR and made observations on how disruptive the technology could be on these services. The results of our experimental evaluation show variations in performance degradation in some of the selected services when hosts IP addresses are changed during IASR, suggesting the need for IASR-aware services if this technology is to be effectively adopted for CND.
Document Details
- Document Type
- Technical Report
- Publication Date
- Nov 01, 2014
- Accession Number
- AD1004299
Entities
People
- Maxwell Dondo
Organizations
- Defence Research and Development Canada