Dynamic Hopping Technology of Double Virtual IP Address for SDN Data Layer

doi:10.3969/j.issn.1671-1122.2022.02.009

Abstract

Abstract:

Sniffing attack is a common and highly concealed network attack, and it poses a serious threat to the confidentiality of communication data. However, the traditional defense means are limited by the serious asymmetry of the network offensive and defensive countermeasures, and it is difficult to deal with this threat effectively. The dynamic hopping technology of double bogus IP address for SDN data layer was proposed. Firstly, the double bogus IP address was used to destroy the spatial correlation of communication data. Secondly, the correlation of communication data was destroyed in time dimension by periodic IP address hopping, to increase the level and cost of sniffing the attacker’s recombination of communication data. The analysis of anti-attack effectiveness and simulation experiments results show that the technology can improve the ability of anti-sniffing attack, and it can also ensure the lower CPU consumption and communication delay.

Key words: sniffing attack, moving target defense, IP hopping, SDN

CLC Number:

TP309

HU Ruiqin, TAN Jinglei, PENG Xinhe, ZHANG Hongqi. Dynamic Hopping Technology of Double Virtual IP Address for SDN Data Layer[J]. Netinfo Security, 2022, 22(2): 76-85.

Figures/Tables 8

References 22

[1]	WANG Juan, YANG Hongyuan, FAN Chengyang. A SDN Dynamic Honeypot with Multi-phase Attack Response[J]. Netinfo Security, 2021, 21(1):27-40.
	王鹃, 杨泓远, 樊成阳. 一种基于多阶段攻击响应的SDN动态蜜罐[J]. 信息网络安全, 2021, 21(1):27-40.
[2]	FU Yu, LI Hongcheng, WU Xiaoping, et al. Detecting APT Attacks: A Survey from the Perspective of Big Data Analysis[J]. Journal on Communications. 2015, 36(11):1-14.
	付钰, 李洪成, 吴晓平, 等. 基于大数据分析的APT攻击检测研究综述[J]. 通信学报, 2015, 36(11):1-14.
[3]	YANG Wentao. A Study on the Attacks to Networks[D]. Chengdu: Sichuan University, 2004.
	杨文涛. 网络攻击技术研究[D]. 成都: 四川大学, 2004.
[4]	JAJODIA S, GHOSH A K, SWARUP V, et al. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats[M]. Heidelberg: Springer Science & Business Media, 2011.
[5]	CHO J H, SHARMA D P, ALAVIZADEH H, et al. Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense[J]. IEEE Communications Surveys & Tutorials, 2020, 22(1):709-745.
[6]	XU Xiaoyu, HU Hao, ZHANG Hongqi, et al. Moving Target Defense Method of Random Routing Based on Deep Deterministic Policy Gradient[J]. Journal on Communications, 2021, 42(6):41-51.
	徐潇雨, 胡浩, 张红旗, 等. 基于深度确定性策略梯度的随机路由移动目标防御方法[J]. 通信学报, 2021, 42(6):41-51.
[7]	CAI Guilin, WANG Baosheng, WANG Tianzuo, et al. Research and Development of Moving Target Defense Technology[J]. Journal of Computer Research and Development, 2016, 53(5):968-987.
	蔡桂林, 王宝生, 王天佐, 等. 移动目标防御技术研究进展[J]. 计算机研究与发展, 2016, 53(5):968-987.
[8]	KRYLOV V, KRAVTSOV K. Interception Resistance IP Fast Hopping Based Protocol[EB/OL]. https://arxiv.org/abs/1403.7371, 2014-03-28.
[9]	JAFARIAN J H, AL-SHAER E, DUAN Qi. OpenFlow Random Host Mutation: Transparent Moving Target Defense Using Software Defined Networking[C]//ACM. 1st Workshop on Hot Topics in Software Defined Networks, August 13-14, 2012, Helsinki, Finland. New York: ACM, 2012: 127-132.
[10]	MCKEOWN N, ANDERSON T, BALAKRISHNAN H, et al. OpenFlow: Enabling Innovation in Campus Networks[J]. ACM SIGCOMM Computer Communication Review, 2008, 38(2):69-74.
[11]	BJORNER N, MOURA L D. Z310: Applications, Enablers, Challenges and Directions[EB/OL]. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.147.5558, 2009-10-16.
[12]	DUNLOP M, GROAT S, URBANSKI W, et al. MT6D: A Moving Target Ipv6 Defense[C]//IEEE. 2011-MILCOM 2011 Military Communications Conference, November 7-10, 2011, Baltimore, MD, USA. Piscataway: IEEE, 2011: 1321-1326.
[13]	SHARMA D P, KIM D S, YOON S, et al. FRVM: Flexible Random Virtual IP Multiplexing in Software-defined Networks[C]//IEEE. 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, August 1-3, 2018, New York, USA. Piscataway: IEEE, 2018: 579-587.
[14]	JAFARIAN J H, AL-SHAER E, DUAN Qi. Spatio-temporal Address Mutation for Proactive Cyber Agility Against Sophisticated Attackers[C]//ACM. Proceedings of the First ACM Workshop on Moving Target Defense, November 7-8, 2014, Scottsdale, Arizona, USA. New York: ACM, 2014: 69-78.
[15]	WANG Pengkun, ZHOU Momiao, DING Zhizhong. A Two-layer IP Hopping-based Moving Target Defense Approach to Enhancing the Security of Mobile Ad-hoc Networks[J]. Sensors, 2021, 21(7):2355-2369. doi: 10.3390/s21072355 URL
[16]	MATSUMOTO M, NISHIMURA T. Mersenne Twister: A 623-dimensionally Equidistributed Uniform Pseudo-random Number Generator[J]. ACM Transactions on Modeling and Computer Simulation (TOMACS), 1998, 8(1):3-30. doi: 10.1145/272991.272995 URL
[17]	HE Yun, ZHANG Min, YANG Xiaolong, et al. The Intelligent Offense and Defense Mechanism of Internet of Vehicles Based on the Differential Game-IP Hopping[J]. IEEE Access, 2020, 8(99):115217-115227. doi: 10.1109/Access.6287639 URL
[18]	LI Chaoyang, TAN Jinglei, HU Ruiqin, et al. Moving Target Defense Method Based on Double Address Hopping[J]. Netinfo Security, 2021, 21(2):24-33.
	李朝阳, 谭晶磊, 胡瑞钦, 等. 基于双重地址跳变的移动目标防御方法[J]. 信息网络安全, 2021, 21(2):24-33.
[19]	HU Fei, HAO Qi, BAO Ke. A Survey on Software-defined Network and OpenFlow: From Concept to Implementation[J]. IEEE Communications Surveys & Tutorials, 2014, 16(4):2181-2206.
[20]	ZHANG Chaokun, CUI Yong, TANG Hehe, et al. State-of-the-art Survey on Software-defined Networking(SDN)[J]. Journal of Software, 2015, 26(1):62-81.
	张朝昆, 崔勇, 唐翯翯, 等. 软件定义网络(SDN)研究进展[J]. 软件学报, 2015, 26(1):62-81.
[21]	LI Yuanchen, LIU Weiqun. Analysis of the Shortest Route in Network on Dijkstra Algorithm[J]. Microcomputer Applications, 2004, 25(3):295-298, 362.
	李元臣, 刘维群. 基于Dijkstra算法的网络最短路径分析[J]. 微计算机应用, 2004, 25(3):295-298, 362.
[22]	LI Yan, HAO Zhian, LI Ning, et al. Research on SDN Architecture Simulation Based on Mininet[J]. Computer & Network, 2014, 40(5):57-59.
	李艳, 郝志安, 李宁, 等. 基于mininet的SDN架构仿真研究[J]. 计算机与网络, 2014, 40(5):57-59.

实验环境	配置信息
虚拟机	Ubantu 14.04,Intel i7-7500U 2Core,4 GB内存
控制器	Ryu 4.34
主机、交换机、服务器	Mininet 2.2.1

防御策略		嗅探到的IP地址	关联后的数据包
单个跳变周期	无IP地址跳变	10.0.0.1、10.0.0.20	(10.0.0.1,10.0.0.20)
	DAH	10.0.0.78、10.0.0.64	(10.0.0.78,10.0.0.64)
	双虚假IP地址跳变	10.0.0.230、10.0.0.159、10.0.0.144、10.0.0.67	(10.0.0.230,10.0.0.67)、(10.0.0.144,10.0.0.159)
多个跳变周期	无IP地址跳变	10.0.0.1、10.0.0.20	(10.0.0.1,10.0.0.20)
	DAH	10.0.0.78、10.0.0.64、10.0.0.45、10.0.0.88、10.0.0.253、10.0.0.79、10.0.0.158、10.0.0.243、10.0.0.153、10.0.0.22	(10.0.0.78,10.0.0.64)、 (10.0.0.45,10.0.0.88)、(10.0.0.253,10.0.0.79)、(10.0.0.158,10.0.0.243)、(10.0.0.153,10.0.0.22)
	双虚假IP地址跳变	10.0.0.230、10.0.0.67、10.0.0.144、10.0.0.159、10.0.0.183、10.0.0.115、10.0.0.94、10.0.0.131、10.0.0.244、10.0.0.120、10.0.0.125、10.0.0.204、10.0.0.68、10.0.0.134、10.0.0.32、10.0.0.218、10.0.0.52、10.0.0.163、10.0.0.128、10.0.0.90	(10.0.0.230,10.0.0.67)、(10.0.0.144,10.0.0.159)、(10.0.0.183,10.0.0.115)、(10.0.0.94,10.0.0.131)、(10.0.0.244,10.0.0.120)、(10.0.0.125,10.0.0.204)、(10.0.0.68,10.0.0.134)、(10.0.0.32,10.0.0.218)、(10.0.0.52,10.0.0.163)、(10.0.0.128,10.0.0.90)