A Self-adaptive Hopping Approach of Moving Target Defense to thwart Scanning Attacks

  • Duohe Ma
  • Cheng LeiEmail author
  • Liming Wang
  • Hongqi Zhang
  • Zhen Xu
  • Meng Li
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9977)


End-point hopping is one of important moving target defense (MTD) mechanisms to kill the attacker’s reconnaissance. This method involves periodically changing the network configuration in use by communicating end points. Since without the awareness of attack strategies, existing end-point hopping mechanisms is blind which leads the network defense to low security effectiveness and high overhead. In this paper we propose a novel MTD approach named self-adaptive end-point hopping, which is based on adversary strategy awareness and implemented by Software Defined Networking (SDN) technique. It can greatly counterpoise the defense benefit of end-point hopping and service quality of network system. Directed at the blindness problem of hopping mechanism in the course of defense, hopping trigger based on adversary strategy awareness is proposed for guiding the choice of hopping mode by discriminating the scanning attack strategy, which enhances targeted defense. Aimed at the low availability problem caused by limited network resource and high hopping overhead, satisfiability modulo theories and are used to formally describe the constraints of hopping, so as to ensure the low-overhead of hopping. Theoretical and experimental analysis shows the ability to thwart scanning attacks in a relatively reasonable hopping cost.


Moving target defense Software defined networking Self-adaptive hopping Scanning attack strategy 



This paper is supported by the National Basic Research Program of 973 Program of China (2011CB311801); the National High-Tech Research and Development Plan of China (863 Program) (2012AA012704, 2015AA016106); the Strategic Priority Research Program of the Chinese Academy of Sciences, Grants No. XDA06010701, XDA06010306. Zhengzhou Science and Technology Talents (131PLKRC644).


  1. 1.
    Cybersecurity Game-Change Research Development Recommendations. NITRD CSIA IWG (2010).
  2. 2.
    Jajodia, S., Ghosh, A.K., Swarup, V., et al.: Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Springer Science & Business Media, New York (2011)CrossRefGoogle Scholar
  3. 3.
    Kewley, D., Fink, R., Lowry, J., et al.: Dynamic approaches to thwart adversary intelligence gathering. In: Proceedings of DARPA Information Survivability Conference & Exposition II, DISCEX 2001, vol. 1, pp. 176–185. IEEE (2001)Google Scholar
  4. 4.
    Lei, C., Ma, D., Zhang, H.: Moving target network defense effectiveness evaluation based on change-point detection. Math. Probl. Eng. 2016, 1–11 (2016). Article ID 6391502Google Scholar
  5. 5.
    Xu, J., Guo, P., Zhao, M., et al.: Comparing different moving target defense techniques. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Arizona, pp. 97–107 (2014)Google Scholar
  6. 6.
    Al-Shaer, E.: Toward network configuration randomization for moving target defense. In: Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Sean Wang, X. (eds.) Moving Target Defense, pp. 153–159. Springer, New York (2011)CrossRefGoogle Scholar
  7. 7.
    Atighetchi, M., Pal, P., Webber, F., et al.: Adaptive use of network-centric mechanisms in cyber-defense. In: Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, pp. 183–192. IEEE (2003)Google Scholar
  8. 8.
    Lee, H.C.J., Thing, V.L.L.: Port hopping for resilient networks. In: 2004 IEEE 60th Vehicular Technology Conference, VTC 2004-Fall, vol. 5, pp. 3291–3295. IEEE (2004)Google Scholar
  9. 9.
    Dunlop, M., Groat, S., Urbanski, W., et al.: MT6D: a moving target IPv6 defense. In: Military Communications Conference, 2011-Milcom, pp. 1321–1326. IEEE (2011)Google Scholar
  10. 10.
    Hari, K., Dohi, T.: Dependability modeling and analysis of random port hopping. In: 2012 9th International Conference on Ubiquitous Intelligence & Computing and 9th International Conference on Autonomic & Trusted Computing (UIC/ATC), pp. 586–593. IEEE (2012)Google Scholar
  11. 11.
    Lin, K., Jia, C.F., Shi, L.Y.: Improvement of distributed timestamp synchronization. J. Commun. 33(10), 110–116 (2012)Google Scholar
  12. 12.
    Malathi, P.: Mitigating distributed denial of service attacks in multiparty applications in the presence of clock drifts. In: 2013 Fourth International Conference on Computing, Communications and Networking Technologies (ICCCNT), pp. 1–6. IEEE (2013)Google Scholar
  13. 13.
    Kirkpatrick, K.: Software-defined networking. Commun. ACM 56(9), 16–19 (2013)CrossRefGoogle Scholar
  14. 14.
    Antonatos, S., Akritidis, P., Markatos, E.P., et al.: Defending against hitlist worms using network address space randomization. Comput. Netw. 51(12), 3471–3490 (2007)CrossRefzbMATHGoogle Scholar
  15. 15.
    Yackoski, J., Xie, P., Bullen, H., et al.: A self-shielding dynamic network architecture. In: Military Communications Conference, 2011-MILCOM, pp. 1381–1386. IEEE (2011)Google Scholar
  16. 16.
    Jafarian, J.H., Al-Shaer, E., Duan, Q.: Openflow random host mutation: transparent moving target defense using software defined networking. In: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pp. 127–132. ACM (2012)Google Scholar
  17. 17.
    Jafarian, J.H.H., Al-Shaer, E., Duan, Q.: Spatio-temporal address mutation for proactive cyber agility against sophisticated attackers. In: Proceedings of the First ACM Workshop on Moving Target Defense, pp. 69–78. ACM (2014)Google Scholar
  18. 18.
    Bjner, N., De Moura, L.: Z310: applications, enablers, challenges and directions. In: Sixth International Workshop on Constraints in Formal Verification (2009)Google Scholar
  19. 19.
    Ma, L.B., Li, X., Zhang, L.: On modeling and deploying an effective scan monitoring system. J. Softw. 20(4), 845–857 (2009)Google Scholar
  20. 20.
    Ma, D., Xu, Z., Lin, D.: Defending blind DDoS attack on SDN based on moving target defense. In: Tian, J., Jing, J., Srivatsa, M. (eds.) SecureComm 2014. LNICSSITE, vol. 152, pp. 463–480. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-23829-6_32 CrossRefGoogle Scholar
  21. 21.
    Wang, Y., Wen, S., Xiang, Y., et al.: Modeling the propagation of worms in networks: a survey. IEEE Commun. Surv. Tutor. 16(2), 942–960 (2014)CrossRefGoogle Scholar
  22. 22.
    Badishi, G., Herzberg, A., Keidar, I.: Keeping denial-of-service attackers in the dark. IEEE Trans. Dependable Secur. Comput. 4(3), 191–204 (2007)CrossRefzbMATHGoogle Scholar
  23. 23.
    Zhao, C.L., Jia, C.F., Weng, C., et al.: Research on adaptive strategies for end-hopping system. J. Commun. 32(11A), 7–57 (2013)Google Scholar
  24. 24.
    Sibson, R.: Information radius. Zeitschrift f Wahrscheinlichkeitstheorie und verwandte Gebiete 14(2), 149–160 (1969)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Yu, S., Thapngam, T., Liu, J., et al.: Discriminating DDoS flows from flash crowds using information distance. In: Third International Conference on Network and System Security, NSS 2009, pp. 351–356. IEEE (2009)Google Scholar
  26. 26.
    Kar, K., Kodialam, M., Lakshman, T.V., Tassiulas, L.: Routing for network capacity maximization in energy-constrained ad hoc networks. In: Proceedings of INFOCOM (2003)Google Scholar
  27. 27.
    Huang, M., Liang, W., Xu, Z., et al.: Dynamic routing for network throughput maximization in software-defined networks. In: IEEE INFOCOM The 35th Annual IEEE International Conference on Computer Communications, pp. 978–986. IEEE (2016)Google Scholar
  28. 28.
    Peng, B., Kemp, A.H., Boussakta, S.: QoS routing with bandwidth and hop-count consideration: a performance perspective. J. Commun. 1(2), 1–11 (2006)CrossRefGoogle Scholar
  29. 29.
    Carroll, T.E., Crouse, M., Fulp, E.W., et al.: Analysis of network address shuffling as a moving target defense. 2014 IEEE International Conference on Communications (ICC), pp. 701–706. IEEE (2014)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Duohe Ma
    • 1
  • Cheng Lei
    • 1
    • 2
    • 3
    Email author
  • Liming Wang
    • 1
  • Hongqi Zhang
    • 2
    • 3
  • Zhen Xu
    • 1
  • Meng Li
    • 4
  1. 1.State Key Laboratory of Information SecurityInstitute of Information Engineering of CASBeijingChina
  2. 2.China National Digital Switching System Engineering and Technological Research CenterZhengzhouChina
  3. 3.Henan Key Laboratory of Information SecurityZhengzhouChina
  4. 4.Department of Computer ScienceHong Kong Baptist UniversityHong KongChina

Personalised recommendations