Abstract:
An attacker’s success crucially depends on the
reconnaissance phase of Distributed Denial of Service (DDoS)
attacks, which is the first step to gather intelligence. Although
several solutions have been proposed against network reconnaissance
attacks, they fail to address the needs of legitimate users’
requests. Thus, we propose a cloud-based deception framework
which aims to confuse the attacker with reconnaissance replies
while allowing legitimate uses. The deception is based on forwarding
the reconnaissance packets to a cloud infrastructure
through tunneling and SDN so that the returned IP addresses to
the attacker will not be genuine. For handling legitimate requests,
we create a reflected virtual topology in the cloud to match any
changes in the original physical network to the cloud topology
using SDN. Through experimentations on GENI platform, we
show that our framework can provide reconnaissance responses
with negligible delays to the network clients while also reducing
the management costs significantly
