Abstract
Existing address hopping technologies are hard to be deployed and implemented, at the same time, they only randomly hop IP address information of one communication node or both communication nodes, so they can’t protect their identifications on data link layer. In order to deal with these problems, a SDN proactive defense scheme based on IP and MAC address mutation is proposed, which realizes IP and MAC address mutation along the transmission path by installing corresponding address mutation flow entries to intermediate OpenFlow switches. Theoretical analysis and experimental results show that this scheme can resist network interception and analysis attack with a relatively low transmission and processing costs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Xia, W., Wen, Y., Foh, C.H., Niyato, D., Xie, H.: A survey on software-defined networking. IEEE Commun. Surv. Tutorials 17, 27–51 (2015)
Farhady, H., Lee, H., Nakao, A.: Software-defined networking: a survey. Comput. Netw. 81, 79–95 (2015)
Akhunzada, A., Ahmed, E., Gani, A., Khan, M.K., Imran, M., Guizani, S.: Securing software defined networks: taxonomy, requirements, and open issues. IEEE Commun. Mag. 53, 36–44 (2015)
Alsmadi, I., Xu, D.: Security of software defined networks: a survey. Comput. Secur. 53, 79–108 (2015)
Hu, H., Han, W., Ahn, G., Zhao, Z.: FlowGuard: building robust firewalls for software- defined networks. In: ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 97–102. ACM Press, Chicago (2014)
Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., Maglaris, V.: Combining openflow and sflow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput. Netw. 62, 122–136 (2014)
Wang, B., Zheng, Y., Lou, W., Hou, Y.T.: DDoS attack protection in the era of cloud computing and software-defined networking. Comput. Netw. 81, 308–319 (2015)
Wang, H., Xu, L., Gu, G.: FloodGuard: a DoS attack prevention extension in software- defined networks. In: Proceedings of the 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 239–250. IEEE Press, Rio de Janeiro (2015)
Shin, S., Yegneswaranz, V., Porrasz, P., Gu, G.: AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks. In: 20th ACM Conference on Computer and Communications Security, pp. 413–424. ACM Press, Berlin (2013)
Kreutz, D., Ramos, F.M.V., Verissimo, P.: Towards secure and dependable software- defined networks. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 55–60. ACM Press, Hong Kong (2013)
Sifalakis, M., Schmid, S., Hutchison, D.: Network address hopping: a mechanism to enhance data protection for packet communications. In: Proceedings of 40th Annual IEEE International Conference on Communications, pp. 1518–1523. IEEE Press, Seoul (2005)
Kewley, D., Lowry, J., Fink, R., Dean, M.: Dynamic approaches to thwart adversary intelligence gathering. In: Proceedings of DARPA Information Survivability Conference and Exposition II, pp. 176–185. IEEE Press, Anaheim (2001)
Antonatos, S., Anagnostakis, K.G.: TAO: protecting against hitlist worms using transparent address obfuscation. In: Leitold, H., Markatos, E.P. (eds.) CMS 2006. LNCS, vol. 4237, pp. 12–21. Springer, Heidelberg (2006). https://doi.org/10.1007/11909033_2
Atighetchi, M., Pal, P., Webber, F., Jones, C.: Adaptive use of network-centric mechanisms in cyber-defense. In: 6th IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, pp. 183–192. IEEE Press, Hakodate (2003)
Shi, L., Jia, C., Lv, S.: Research on end hopping for active network confrontation. J. Commun. 29, 106–110 (2008)
Al-Shaer, E., Duan, Q., Jafarian, J.H.: Random host mutation for moving target defense. In: Keromytis, Angelos D., Di Pietro, R. (eds.) SecureComm 2012. LNICST, vol. 106, pp. 310–327. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36883-7_19
Jafarian, J.H., Al-Shaer, E., Duan, Q.: OpenFlow random host mutation: transparent moving target defense using software defined networking. In: Proceedings of the 1st Workshop on Hot Topics in Software Defined Networks, pp. 127–132. ACM Press, Helsinki (2012)
Oliveira, R.L.S., Schweitzer, C.M., Shinoda, A.A., Prete, L.R.: Using mininet for emulation and prototyping software-defined networks. In: 2014 IEEE Colombian Conference on Communications and Computing, pp. 1–6. IEEE Press, Bogota (2014)
Acknowledgments
This work was supported in part by National Natural Science Foundation of China under grant 61402526, 61402525 and 61502528, and in part by National High Technology Research and Development Program of China under grant 2012AA012902.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Zhang, L., Wang, Z., Fang, J., Guo, Y. (2018). A SDN Proactive Defense Scheme Based on IP and MAC Address Mutation. In: Huang, M., Zhang, Y., Jing, W., Mehmood, A. (eds) Wireless Internet. WICON 2016. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 214. Springer, Cham. https://doi.org/10.1007/978-3-319-72998-5_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-72998-5_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72997-8
Online ISBN: 978-3-319-72998-5
eBook Packages: Computer ScienceComputer Science (R0)