[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.9708/jksci.2019.24.10.025

Attack Surface Expansion through Decoy Trap for Protected Servers in Moving Target Defense

Park, Tae-Keun (Dept. of Applied Computer Engineering, Dankook University)
Park, Kyung-Min (Information Security Research Division, ETRI)
Moon, Dae-Sung (Information Security Research Division, ETRI)

Publication Information

Journal of the Korea Society of Computer and Information / v.24, no.10, 2019 , pp. 25-32 More about this Journal

Abstract

In this paper, we propose a method to apply the attack surface expansion through decoy traps to a protected server network. The network consists of a large number of decoys and protected servers. In the network, each protected server dynamically mutates its IP address and port numbers based on Hidden Tunnel Networking that is a network-based moving target defense scheme. The moving target defense is a new approach to cyber security and continuously changes system's attack surface to prevent attacks. And, the attack surface expansion is an approach that uses decoys and decoy groups to protect attacks. The proposed method modifies the NAT table of the protected server with a custom chain and a RETURN target in order to make attackers waste all their time and effort in the decoy traps. We theoretically analyze the attacker success rate for the protected server network before and after applying the proposed method. The proposed method is expected to significantly reduce the probability that a protected server will be identified and compromised by attackers.

Keywords

Network-based moving target defense; attack surface; cyber security; decoy trap;

Citations & Related Records

Times Cited By KSCI : 2 (Citation Analysis)

Reference
Cited By KSCI

1	T. Al-Salah, L. Hong, and S. Shetty, "Attack Surface Expansion Using Decoys to Protect Virtualized Infrastructure," Proceedings of the 2017 IEEE International Conference on Edge Computing, pp. 216-219, June 2017.
2	K. Kang, T. Park, and D. Moon, "Analysis of Threat Model and Requirements in Network-based Moving Target Defense," Journal of The Korea Society of Computer and Information, Vol. 22, No. 10, pp. 83-92, October 2017. DOI
3	T. Park, K. Park, and D. Moon, "Design of a Protected Server Network with Decoys for Network-based Moving Target Defense," Journal of The Korea Society of Computer and Information, Vol. 23, No. 9, pp. 57-64, September 2018. DOI
4	D. Kewley, R. Fink, J. Lowry and M. Dean, "Dynamic Approaches to Thwart Adversary Intelligence Gathering," Proceedings of the DARPA Information Survivability Conference and Exposition, pp. 176-185, August 2001.
5	M. Atighetchi, P. Pal, F. Webber and C. Hones, "Adaptive Use of Network-Centric Mechanisms in Cyber-Defense," Proceedings of the sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, pp. 183-192, 2003.
6	S. Antonatos, P. Akritidis, E. P. Markatos, K. G. Anagnostakis, "Defending against histlist worms using network address space randomization," Computer Networks, vol.51, no.12, pp.3471-3490. 2007. DOI
7	J. H. Jafarian, E. Al-Shaer and Q. Duan, "An Effective Address Mutation Approach for Distructing Reconnaissance Attacks," IEEE Transactions on Information Forensics, vol.10, no.12, pp. 2562-2577, 2015. DOI
8	J. Sun and K. Sun, "DESIR: Decoy-enhanced seamless IP randomization," Proceedings of the IEEE INFOCOM, 2016.
9	J. H. Jafarian, A. Niakankahiji, E. Al-Shaer and Q. Duan, "Multi-dimensional Host Identity Anonymization for Defeating Skilled Attacks," Proceedings of the 2016 ACM Workshop on Moving Target Defense, pp. 47-58, 2016.
10	T. Park, K. Kang, and D. Moon, "A Scalable and Seamless Connection Migration Scheme for Moving Target Defense in Legacy Networks," IEICE Trans. Inf. & Syst., In Press, Vol.E101-D, No.11, November 2018.
11	K. Park, S. Woo, D. Moon, K. Koo, I. Kim, and J. Lee "Pseudonym Address based Hidden Tunnel Networking for Network Address Mutation," KOREA Patent App. No. 10-2018-0076029, 2018.
12	Fred Cohen, "The Use of Deception Techniques: Honeypots and Decoys", Fred Cohen & Associates, at http://all.net/journal/deception/Deception_Techniques_.pdf, accessed 23 March 2018.
13	K. Borders, L. Falk, and A. Prakash, "OpenFire: Using Deception to Reduce Network Attacks", 2007 Third International Conference on Security and Privacy in Communications Networks and the