A Moving Target Defense and Network Forensics Framework for ISP Networks using SDN and NFV

Show simple item record

dc.contributor.author Aydeger, Abdullah
dc.contributor.author Saputro, Nico
dc.date.accessioned 2023-04-03T07:53:09Z
dc.date.available 2023-04-03T07:53:09Z
dc.date.issued 2019
dc.identifier.issn 0167-739X
dc.identifier.other artsc629
dc.identifier.uri http://hdl.handle.net/123456789/14747
dc.description FUTURE GENERATION COMPUTER SYSTEMS JOURNAL; Vol.94 Mei 2019. p. 497-509. en_US
dc.description.abstract With the increasing diversity of network attacks, there is a trend towards building more agile networks that can defend themselves or prevent attackers to easily launch attacks. To this end, moving target defense (MTD) mechanisms have started to be pursued to dynamically change the structure and configuration of the networks not only during an attack but also before an attack so that conducting network reconnaissance will become much more difficult. Furthermore, various network forensics mechanisms are introduced to help locating the source and types of attacks as a reactive defense mechanism. Emerging Software Defined Networking (SDN) and Network Function Virtualization (NFV) provide excellent opportunities to implement these mechanisms efficiently. This paper considers MTD in the context of an Internet Service Provider (ISP) network and proposes an architectural framework that will enable it even at the reconnaissance phase while facilitating forensics investigations. We propose various virtual shadow networks through NFV to be used when implementing MTD mechanisms via route mutation. The idea is to dynamically change the routes for specific reconnaissance packets so that attackers will not be able to easily identify the actual network topologies for potential distributed denial of service attacks (DDoS) such as Crossfire while enabling the defender to store potential attacker’s information through a forensics feature. We present an integrated framework that encompasses these features. The proposed framework is implemented in Mininet to test its effectiveness and overheads. The results demonstrated the effectiveness in terms of failing the attackers at the expense of slightly increased path lengths, endto- end delay and storage for forensic purposes. en_US
dc.language.iso en en_US
dc.publisher Elsevier en_US
dc.subject MOVING TARGET DEFENSE en_US
dc.subject NETWORK FORENSICS en_US
dc.subject SDN en_US
dc.subject NFV en_US
dc.subject CROSSFIRE ATTACKS en_US
dc.title A Moving Target Defense and Network Forensics Framework for ISP Networks using SDN and NFV en_US
dc.type Journal Articles en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search UNPAR-IR


Advanced Search

Browse

My Account