Abstract:
Moving target defense (MTD) is becoming popular
with the advancements in Software Defined Networking (SDN)
technologies. With centralized management through SDN, changing
the network attributes such as routes to escape from attacks is
simple and fast. Yet, the available alternate routes are bounded by
the network topology, and a persistent attacker that continuously
perform the reconnaissance can extract the whole link-map of the
network. To address this issue, we propose to use virtual shadow
networks (VSNs) by applying Network Function Virtualization
(NFV) abilities to the network in order to deceive attacker with
the fake topology information and not reveal the actual network
topology and characteristics. We design this approach under a
formal framework for Internet Service Provider (ISP) networks
and apply it to the recently emerged indirect DDoS attacks,
namely Crossfire, for evaluation. The results show that attacker
spends more time to figure out the network behavior while the
costs on the defender and network operations are negligible until
reaching a certain network size.
