Proactive Host Mutation in Software Defined Networking
Abstract
With Software-Defined Networking (SDN), hosts can be assigned a virtual IP address that changes at random intervals, allowing hosts to maintain their real IP Address, while presenting a moving target to network scanners. The original concept comes from the University of North Carolina. Their testing was performed in an SDN emulator without any statistical analysis. To further this field of research, a testbed with fifty hosts and one attack machine controlled by an SDN controller is established on physical servers. Experiments are conducted with different possible configurations (i.e.,5, 10, ... 50 hosts; and 30 sec, 1 min, 5 min, and 15 min mutation rates). Results show there is a statistically measurable difference between a traditional network and a software-defined network running host mutation software, with the same configuration. Comparing the scan times and number of hosts found from scans of both networks with a t-test, resulted in low P-Values, approximately 0.05 or lower. In addition, as the number of hosts increased from five to fifty, the difference between the number of hosts found in the traditional network and the SDN increased.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 23, 2017
- Accession Number
- AD1054315
Entities
People
- Matthew E. Aust
Organizations
- Air Force Institute of Technology