Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks
نویسندگان
چکیده
Network address shuffling is a novel moving target defense (MTD) that invalidates the address information collected by the attacker by dynamically changing or remapping the host's network addresses. However, most network address shuffling methods are limited by the limited address space and rely on the host's static domain name to map to its dynamic address; therefore these methods cannot effectively defend against random scanning attacks, and cannot defend against an attacker who knows the target's domain name. In this paper, we propose a network defense method based on random domain name and address mutation (RDAM), which increases the scanning space of the attacker through a dynamic domain name method and reduces the probability that a host will be hit by an attacker scanning IP addresses using the domain name system (DNS) query list and the time window methods. Theoretical analysis and experimental results show that RDAM can defend against scanning attacks and worm propagation more effectively than general network address shuffling methods, while introducing an acceptable operational overhead.
منابع مشابه
Random Host Mutation for Moving Target Defense
Exploiting static configuration of networks and hosts has always been a great advantage for design and launching of decisive attacks. Network reconnaissance of IP addresses and ports is prerequisite to many host and network attacks. At the same time, knowing IP addresses is required for service reachability in IP networks, which makes complete concealment of IP address for servers infeasible. I...
متن کاملA Defense Mechanism of Random Routing Mutation in SDN
Focused on network reconnaissance, eavesdropping, and DoS attacks caused by static routing policies, this paper designs a random routing mutation architecture based on the OpenFlow protocol, which takes advantages of the global network view and centralized control in a software-defined network. An entropy matrix of network traffic characteristics is constructed by using volume measurements and ...
متن کاملComparison of DDOS Attacks and Fast ICA Algorithms on The Basis of Time Complexity
In Distributed denial of service (DDOS) attack, an attacker may use your computer to attack another computer by taking security weakness an attacker could take control of your computer. He could then force your computer to send huge amounts of data to a website. Or send spam particular email address. The “Attack” is distributed because the attacker is using multiple computers including yours to...
متن کاملDetecting Turnarounds in Sentiment Analysis: Thwarting
Thwarting and sarcasm are two uncharted territories in sentiment analysis, the former because of the lack of training corpora and the latter because of the enormous amount of world knowledge it demands. In this paper, we propose a working definition of thwarting amenable to machine learning and create a system that detects if the document is thwarted or not. We focus on identifying thwarting in...
متن کاملScreening of DFNB3 in Iranian families with autosomal recessive non-syndromic hearing loss reveals a novel pathogenic mutation in the MyTh4 domain of the MYO15A gene in a linked family
Objective(s): Non-syndromic sensorineural hearing loss (NSHL) is a common disorder affecting approximately 1 in 500 newborns. This type of hearing loss is extremely heterogeneous and includes over 100 loci. Mutations in the GJB2 gene have been implicated in about half of autosomal recessive NSHL (ARNSHL) cases, making this the most common cause of ARNSHL. For the latter form of deafness, most f...
متن کامل