Design and implementation of decoy enhanced dynamic virtualization networks

Abstract

Sophisticated adversaries usually initiate their attacks with a reconnaissance phase to discover exploitablevulnerabilities on the targeted networks and systems. This attacking strategy works well due to the static nature of the network topology. To mitigate the effectiveness of reconnaissance attacks, we propose to develop a defensive mechanism that dynamically mutates network topology with a large number of decoys to invalidate the attacker~s knowledge from network scanning. In this work, we will focus on solving two major challenges associated with dynamic network topology, namely, service availability to legitimate users and service security against unauthorized users. First, we should guarantee a seamless connection migration so that all existing communication connections between the legitimate users and the servers are always kept alive even after the servers migrate to other network addresses multiple times. Moreover, legitimate users can always locate the servers and successfully initiate service requests. Second, we propose to minimize the probability of the real servers being identified and compromised by unauthorized users through deploying a large number of decoy nodes, which target at prolonging the scanning time of the attackers. We will implement a virtual machine based system prototype and perform both theoretical analysis and experimental study to evaluate the effectiveness of our proposed system on mitigating network reconnaissance attacks with continuous service availability.

Document Details

Document Type

DoD Grant Award

Publication Date

Nov 23, 2016

Source ID

N000141613214

Entities

Tags