The Design and Research for Network Address Space Randomization in OpenFlow Network

Abstract Full-Text HTML XML Download Download as PDF (Size:562KB) PP. 203-211
DOI: 10.4236/jcc.2015.35026    2,726 Downloads   3,168 Views   Citations

ABSTRACT

By allocating IP address and changing IP address in source and destination hosts, network address space randomization is committed to construct a dynamic and heterogeneous network to decrease the attacking possibility and predictability. The research mainly deploys the features of OpenFlow network including data plane and control plane decoupling, centralized control of the network and dynamic updating of forwarding rules, combines the advantages of the network address space randomization technology with the features of the OpenFlow network, and designs a novel resolution towards IP conversion in Floodlight controller. The research can help improve the unpredictability and decrease the possibility of worm attacking and IP sniffing by IP allocation.

Cite this paper

Zhao, Z. , Guo, Y. and Liu, W. (2015) The Design and Research for Network Address Space Randomization in OpenFlow Network. Journal of Computer and Communications, 3, 203-211. doi: 10.4236/jcc.2015.35026.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1] Sushil, J., Anup, K.G., Vipin, S., et al. (2011) Moving Target Defense—Creating Asymmetric Uncertainty for Cyber Threats. Springer Press, 1.
[2] Atighetchi, M., Pal, P., Webber, F. and Jones, C. (2003) Adaptive Use of Network-Centric Mechanisms in Cyber-Defense. In ISORC’03, IEEE Computer Society, 183.
[3] Kewley, D., Fink, R., Lowry, J. and Dean, M. (2001) Dynamic Approaches to Thwart Adversary Intelligence Gathering. Proceedings of DARPA Information Survivability Conference and Exposition II. DISCEX’01, 1, 176-185. http://dx.doi.org/10.1109/discex.2001.932214
[4] Antonatos, S., Akritidis, P., Markatos, E.P. and Anagnostakis, K.G. (2007) Defending against Hitlist Worms Using Network Address-Space-Randomization. Computer Networks, 51, 3471-3490. http://dx.doi.org/10.1016/j.comnet.2007.02.006
[5] Al-Shaer, E. and Duan, Q. (2011) Random Host. IP Mutation for Moving Target Defense. Technical Report UNCCCYBERDN A-0728, University of North Carolina at Charlotte, NC, July.
[6] Jafar, H.J., Ehab, A. and Duan, Q. (2012) OpenFlow Random Host Mutation: Transparent Moving Target Defense Using Software Defined Network. HotSDN, 12, 127-132.
[7] Zou, C.C., Towsley, D. and Gong, W. (2003) On the Performance of Internet Worm Scanning Strategies. Elsevier Journal of Performance Evaluation, 63, 700-723.
[8] Moore, D., Shanning, C. and Claffy, K. (2002) Code-Red: A Case Study on the Spread and Victims of an Internet worm. In: Proceedings of the 2nd Internet Measurement Workshop (IMW), ACM, New York, 273-284. http://dx.doi.org/10.1145/637201.637244
[9] Benton, K., Camp, L.J. and Small, C. (2013) OpenFlow Vulnerability Assessment. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, ACM, New York, 151-152. http://dx.doi.org/10.1145/2491185.2491222
[10] Nadeau, T.D. and Pan, P. (2011) Software Driven Networks Problem Statement. IETF Internet-Draft (Work-in- Progress) Draft-Nadeau-SDN-Problem-Statement-01, Oct. 2011.
[11] Kreutz, D., Ramos, F. and Verissimo, P. (2013) Towards Secure and Dependable Software-Defined Networks. In Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, ACM, New York, 55-60. http://dx.doi.org/10.1145/2491185.2491199
[12] Yadav, N. (2011) SDNs, OpenFlow 1.x, Open-Flow 2.0..., December.
[13] The OpenFlow Switch Consortium. OpenFlow SwitchSpecification Version 1.0.0, December 2009.
[14] Erickson, D. (2012) Floodlight Java Based OpenFlowController. Last Accessed, Ago.

  
comments powered by Disqus

Copyright © 2020 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.