Random domain name and address mutation RDAM for thwarting reconnaissance attacksReport as inadecuate




Random domain name and address mutation RDAM for thwarting reconnaissance attacks - Download this document for free, or read online. Document in PDF available to download.

Network address shuffling is a novel moving target defense MTD that invalidates the address information collected by the attacker by dynamically changing or remapping the host’s network addresses. However, most network address shuffling methods are limited by the limited address space and rely on the host’s static domain name to map to its dynamic address; therefore these methods cannot effectively defend against random scanning attacks, and cannot defend against an attacker who knows the target’s domain name. In this paper, we propose a network defense method based on random domain name and address mutation RDAM, which increases the scanning space of the attacker through a dynamic domain name method and reduces the probability that a host will be hit by an attacker scanning IP addresses using the domain name system DNS query list and the time window methods. Theoretical analysis and experimental results show that RDAM can defend against scanning attacks and worm propagation more effectively than general network address shuffling methods, while introducing an acceptable operational overhead.



Author: Kai Wang , Xi Chen, Yuefei Zhu

Source: http://plos.srce.hr/



DOWNLOAD PDF




Related documents