Toward Network Configuration Randomization for Moving Target Defense
This chapter presents a moving target defense architecture called Mutable Networks or MUTE. MUTE enables networks to change their configurations such as IP address and routes randomly and dynamically while preserving the requirements and integrity of network operation. The main goal of MUTE is to hinder the adversary’s capabilities in scanning or discovering network targets, launching DoS attacks and creating botnets structure. This chapter presents the challenges and applications of moving target defense and it also presents a formal approach for creating valid mutation of network configurations.
Unable to display preview. Download preview PDF.
- 1.E. Al-Shaer,W. Marrero, A. El-Atway and K. AlBadani, Network Configuration in a Box: Towards End-to-End Verification of Network Reachability and Security, In Proceedings of 17th International Conference on Network Communications and Protocol (ICNP’09), pp. 123–132, Princeton, 2009.Google Scholar
- 2.H. Hamed, E. Al-Shaer and W. Marrero, Modeling and Verification of IPSec and VPN Security Policies, In Proceedings of International Conference on Netwrok Communications and Protocol (ICNP’05), 2005.Google Scholar
- 3.T. Samak, A. El-Atawy and E. Al-Shaer, A Framework for Inferring Firewall Policy Using Smart Probing, In Proceedings of International Conference on Netwrok Communications and Protocol (ICNP’07), 2007.Google Scholar
- 4.Network Vulnerability Scanner. http://www.nessus.org/nessus
- 5.Network Mapper. http://nmap.org