An SDN-Based Moving Target Defense as a Countermeasure to Prevent Network Scans

Shoya Chiba; Luis Guillen; Satoru Izumi; Toru Abe; Takuo Suganuma

doi:10.1587/transcom.2021TMP0020

An SDN-Based Moving Target Defense as a Countermeasure to Prevent Network Scans

Shoya Chiba, Luis Guillen, Satoru Izumi, Toru Abe, Takuo Suganuma

Tohoku University

Research output: Contribution to journal › Article › peer-review

1 Citation (Scopus)

Abstract

This paper proposes a Software-Defined Network (SDN)based Moving Target Defense (MTD) to protect the network from potential scans in a compromised network. As a unique feature, contrary to traditional MTDs, the proposed MTD can work alongside other tools and countermeasures already deployed in the network (e.g., Intrusion Protection and Detection Systems) without affecting its behavior. Through extensive evaluation, we showed the effectiveness of the proposed mechanism compared to existing solutions in preventing scans of different rates without affecting the network and controller performance.

Original language	English
Pages (from-to)	1400-1407
Number of pages	8
Journal	IEICE Transactions on Communications
Volume	E105B
Issue number	11
DOIs	https://doi.org/10.1587/transcom.2021TMP0020
Publication status	Published - 2022 Nov

Keywords

IPS
MTD
SDN
network scan

Access to Document

10.1587/transcom.2021TMP0020

Cite this

@article{aa63e5594c2c4480be97e75a49719d6d,

title = "An SDN-Based Moving Target Defense as a Countermeasure to Prevent Network Scans",

abstract = "This paper proposes a Software-Defined Network (SDN)based Moving Target Defense (MTD) to protect the network from potential scans in a compromised network. As a unique feature, contrary to traditional MTDs, the proposed MTD can work alongside other tools and countermeasures already deployed in the network (e.g., Intrusion Protection and Detection Systems) without affecting its behavior. Through extensive evaluation, we showed the effectiveness of the proposed mechanism compared to existing solutions in preventing scans of different rates without affecting the network and controller performance.",

keywords = "IPS, MTD, SDN, network scan",

author = "Shoya Chiba and Luis Guillen and Satoru Izumi and Toru Abe and Takuo Suganuma",

note = "Publisher Copyright: {\textcopyright} 2022 The Institute of Electronics, Information and Communication Engineers.",

year = "2022",

month = nov,

doi = "10.1587/transcom.2021TMP0020",

language = "English",

volume = "E105B",

pages = "1400--1407",

journal = "IEICE Transactions on Communications",

issn = "0916-8516",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "11",

}

TY - JOUR

T1 - An SDN-Based Moving Target Defense as a Countermeasure to Prevent Network Scans

AU - Chiba, Shoya

AU - Guillen, Luis

AU - Izumi, Satoru

AU - Abe, Toru

AU - Suganuma, Takuo

PY - 2022/11

Y1 - 2022/11

N2 - This paper proposes a Software-Defined Network (SDN)based Moving Target Defense (MTD) to protect the network from potential scans in a compromised network. As a unique feature, contrary to traditional MTDs, the proposed MTD can work alongside other tools and countermeasures already deployed in the network (e.g., Intrusion Protection and Detection Systems) without affecting its behavior. Through extensive evaluation, we showed the effectiveness of the proposed mechanism compared to existing solutions in preventing scans of different rates without affecting the network and controller performance.

AB - This paper proposes a Software-Defined Network (SDN)based Moving Target Defense (MTD) to protect the network from potential scans in a compromised network. As a unique feature, contrary to traditional MTDs, the proposed MTD can work alongside other tools and countermeasures already deployed in the network (e.g., Intrusion Protection and Detection Systems) without affecting its behavior. Through extensive evaluation, we showed the effectiveness of the proposed mechanism compared to existing solutions in preventing scans of different rates without affecting the network and controller performance.

KW - IPS

KW - MTD

KW - SDN

KW - network scan

UR - http://www.scopus.com/inward/record.url?scp=85141818768&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85141818768&partnerID=8YFLogxK

U2 - 10.1587/transcom.2021TMP0020

DO - 10.1587/transcom.2021TMP0020

M3 - Article

AN - SCOPUS:85141818768

SN - 0916-8516

VL - E105B

SP - 1400

EP - 1407

JO - IEICE Transactions on Communications

JF - IEICE Transactions on Communications

IS - 11

ER -

An SDN-Based Moving Target Defense as a Countermeasure to Prevent Network Scans

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this