End-host address mutation is one of the key network moving target defense mechanisms to defend against reconnaissance.However,frequently changing host addresses increases the transmission de-lay of active sessions,whi...End-host address mutation is one of the key network moving target defense mechanisms to defend against reconnaissance.However,frequently changing host addresses increases the transmission de-lay of active sessions,which may cause serious ram-ifications.In this paper,by leveraging the advanced DPDK technology,we proposed a high-performance MTD gateway framework,called HPMG,which can not only prevent adversaries from reconnaissance ef-fectively,but also retain high-speed data packet pro-cessing capabilities.Firstly,every moving target host is assigned three different IP addresses,called real IP,virtual IP,and external IP,to realize multi-level net-work address architecture.To delay the scanning tech-niques of adversaries,HPMG mutates virtual IP and virtual MAC addresses,and replies with fake host re-sponses.Besides,to be transparent to the end-hosts,HPMG keeps real IP and real MAC unchanged.Fi-nally,we optimized the forwarding and processing performance of the HPMG based on the fast path framework of DPDK.Our theoretical analysis,imple-mentation,and evaluation show that HPMG can effec-tively defend against reconnaissance attacks and de-crease the processing delay caused by address muta-tion.展开更多
基金supported by National Natural Science Foundation of China(No.61821001)Science and Tech-nology Key Project of Guangdong Province,China(2019B010157001).
文摘End-host address mutation is one of the key network moving target defense mechanisms to defend against reconnaissance.However,frequently changing host addresses increases the transmission de-lay of active sessions,which may cause serious ram-ifications.In this paper,by leveraging the advanced DPDK technology,we proposed a high-performance MTD gateway framework,called HPMG,which can not only prevent adversaries from reconnaissance ef-fectively,but also retain high-speed data packet pro-cessing capabilities.Firstly,every moving target host is assigned three different IP addresses,called real IP,virtual IP,and external IP,to realize multi-level net-work address architecture.To delay the scanning tech-niques of adversaries,HPMG mutates virtual IP and virtual MAC addresses,and replies with fake host re-sponses.Besides,to be transparent to the end-hosts,HPMG keeps real IP and real MAC unchanged.Fi-nally,we optimized the forwarding and processing performance of the HPMG based on the fast path framework of DPDK.Our theoretical analysis,imple-mentation,and evaluation show that HPMG can effec-tively defend against reconnaissance attacks and de-crease the processing delay caused by address muta-tion.
