Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2017 (2017), Article ID 3659167, 11 pages
https://doi.org/10.1155/2017/3659167
Research Article

CHAOS: An SDN-Based Moving Target Defense System

1Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, Computer School of Wuhan University, Wuhan, China
2Division of Computer Science, School of Computing, Clemson University, Clemson, SC 29634, USA

Correspondence should be addressed to Juan Wang; nc.ude.uhw@gnawj

Received 2 August 2017; Accepted 11 September 2017; Published 16 October 2017

Academic Editor: Zhiping Cai

Copyright © 2017 Yuan Shi et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. Open Networking Foundation, “OpenFlow1.1.0 specification,” 2011, http://www.openflow.org/documents/openflow-spec-v1.1.0.pdf.
  2. J. H. Jafarian, E. Al-Shaer, and Q. Duan, “Adversary-aware IP address randomization for proactive agility against sophisticated attackers,” in Proceedings of the IEEE Conference on Computer Communications (INFOCOM '15), pp. 738–746, IEEE, April 2015. View at Publisher · View at Google Scholar
  3. Y. Wang, J. Bi, and K. Zhang, “A tool for tracing network data plane via SDN/OpenFlow,” Science China Information Sciences, vol. 60, no. 2, Article ID 022304, 2017. View at Publisher · View at Google Scholar · View at Scopus
  4. R. Zhuang, S. Zhang, A. Bardas, S. A. DeLoach, X. Ou, and A. Singhal, “Investigating the application of moving target defenses to network security,” in Proceedings of the 2013 6th International Symposium on Resilient Control Systems, ISRCS 2013, pp. 162–169, San Francisco, Calif, USA, August 2013. View at Publisher · View at Google Scholar · View at Scopus
  5. E. Al-Shaer, “Toward network configuration randomization for moving target defense,” in Moving Target Defense, vol. 54 of Advances in Information Security, pp. 153–159, Springer, New York, NY, USA, 2011. View at Publisher · View at Google Scholar
  6. J. Sun and K. Sun, “DESIR: Decoy-enhanced seamless IP randomization,” in Proceedings of the 35th Annual IEEE International Conference on Computer Communications, IEEE INFOCOM 2016, April 2016. View at Publisher · View at Google Scholar · View at Scopus
  7. S. Hong, R. Baykov, L. Xu, S. Nadimpalli, and G. Gu, “Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security,” in Proceedings of the Network and Distributed System Security Symposium, San Diego, Calif, USA, February 2016. View at Publisher · View at Google Scholar
  8. T. Yu, S. K. Fayaz, M. Collins, V. Sekar, and S. Seshan, “PSI: Precise Security Instrumentation for Enterprise Networks,” in Proceedings of the 2017 Network and Distributed System Security Symposium (NDSS ’17), San Diego, Calif, USA, February 2017. View at Publisher · View at Google Scholar
  9. N. McKeown, T. Anderson, H. Balakrishnan et al., “OpenFlow: enabling innovation in campus networks,” Computer Communication Review, vol. 38, no. 2, pp. 69–74, 2008. View at Publisher · View at Google Scholar
  10. J. Sonchack, A. J. Aviv, E. Keller, and J. M. Smith, “Enabling Practical Software-defined Networking Security Applications with OFX,” in Proceedings of the Network and Distributed System Security Symposium (NDSS ’16), San Diego, Calif, USA, February 2016. View at Publisher · View at Google Scholar
  11. Stanford University, “Clean slate program,” http://cleanslate.stanford.edu/.
  12. Open Networking Foundation, “OpenFlow switch specification,” https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-spec-v1.3.0.pdf.
  13. Flowgrammable Team, “Packet in messages,” 2014, http://flowgrammable.org/sdn/openow/message-layer/packetin.
  14. P. Mell, K. Scarfone, and S. Romanosky, “A Complete Guide to the Common Vulnerability Scoring System Version 2.0,” 2007, https://www.nist.gov/publications/complete-guide-common-vulnerability-scoring-system-version-20. View at Publisher · View at Google Scholar
  15. E. Al-Shaer, Q. Duan, and J. H. Jafarian, “Random host mutation for moving target defense,” in Security and Privacy in Communication Networks, A. D. Keromytis and R. Di Pietro, Eds., vol. 106 of Lecture Notes of the Institute for Computer Sciences, pp. 310–327, Springer, Berlin, Germany, 2013. View at Publisher · View at Google Scholar · View at Scopus
  16. P. Kampanakis, H. Perros, and T. Beyene, “SDN-based solutions for Moving Target Defense network protection,” in Proceedings of the 15th IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM '14), pp. 1–6, Sydney, Australia, June 2014. View at Publisher · View at Google Scholar · View at Scopus
  17. G. Lyon, Network mapper, 2017, https://nmap.org/.
  18. Rapid7 LLC, Metasploit, 2009, https://www.offensive-security.com/metasploit-unleashed/vulnerabilityscanning.
  19. Tenable, Nessus, 2017, http://www.tenable.com.
  20. The CloudLab Team, CloudLab, 2014, http://www.cloudlab.us.project.
  21. D. Kewley, R. Fink, J. Lowry, and M. Dean, “Dynamic approaches to thwart adversary intelligence gathering,” in Proceedings of the DARPA Information Survivability Conference and Exposition II, DISCEX 2001, pp. 176–185, Anaheim, Calif, USA, June 2001. View at Publisher · View at Google Scholar · View at Scopus
  22. R. Zhuang, S. A. DeLoach, and X. Ou, “A model for analyzing the effect of moving target defenses on enterprise networks,” in Proceedings of the 9th Annual Cyber and Information Security Research Conference (CISRC '14), pp. 73–76, April 2014. View at Publisher · View at Google Scholar · View at Scopus
  23. R. Zhuang, S. A. DeLoach, and X. Ou, “Towards a theory of moving target defense,” in Proceedings of the First ACM Workshop on Moving Target Defense (MTD ’14), pp. 31–40, ACM, November 2014.
  24. Y. Zhang, M. Li, K. Bai, M. Yu, and W. Zang, “Incentive compatible moving target defense against VM-colocation attacks in clouds,” in Information Security and Privacy Research, pp. 388–399, Springer, Berlin, Germany, 2012. View at Publisher · View at Google Scholar · View at Scopus
  25. F. Gillani, E. Al-Shaer, S. Lo, Q. Duan, M. Ammar, and E. Zegura, “Agile virtualized infrastructure to proactively defend against cyber attacks,” in Proceedings of the 34th IEEE Annual Conference on Computer Communications and Networks, IEEE INFOCOM 2015, pp. 729–737, May 2015. View at Publisher · View at Google Scholar · View at Scopus
  26. F. P. Miller, A. F. Vandome, and J. McBrewster, Address space layout randomization, Alphascript Publishing, 2010.
  27. K. Chongkyung, J. Jinsuk, C. Bookholt, X. Jun, and N. Peng, “Address Space Layout Permutation (ASLP): Towards fine-grained randomization of commodity software,” in Proceedings of the 22nd Annual Computer Security Applications Conference, ACSAC 2006, pp. 339–348, December 2006. View at Publisher · View at Google Scholar · View at Scopus
  28. H. Shacham, M. Page, B. Pfaff, E. Goh, N. Modadugu, and D. Boneh, “On the effectiveness of address-space randomization,” in Proceedings of the 11th ACM conference on Computer and communications security (CCS ’04), p. 298, Washington, DC, USA, October 2004. View at Publisher · View at Google Scholar
  29. S. W. Boyd, G. S. Kc, M. E. Locasto, A. D. Keromytis, and V. Prevelakis, “On the general applicability of instruction-set randomization,” IEEE Transactions on Dependable and Secure Computing, vol. 7, no. 3, pp. 255–270, 2010. View at Publisher · View at Google Scholar · View at Scopus
  30. Y. Huang and A. K. Ghosh, “Introducing diversity and uncertainty to create moving attack surfaces for web services,” in Moving Target Defense, vol. 54 of Advances in Information Security, pp. 131–151, Springer, New York, NY, USA, 2011. View at Publisher · View at Google Scholar
  31. M. Christodorescu, M. Fredrikson, S. Jha, and J. Giffin, “End-to-end software diversification of internet services,” in Moving Target Defense, vol. 54 of Advances in Information Security, pp. 117–130, Springer, New York, NY, USA, 2011. View at Publisher · View at Google Scholar