The Design and Research for Network Address Space Randomization in OpenFlow Network

Wei  Liu; Yuanbo  Guo; Ziyu  Zhao

doi:10.4236/jcc.2015.35026

Ziyu Zhao, Yuanbo Guo, Wei Liu

Abstract: By allocating IP address and changing IP address in source and destination hosts, network address space randomization is committed to construct a dynamic and heterogeneous network to decrease the attacking possibility and predictability. The research mainly deploys the features of OpenFlow network including data plane and control plane decoupling, centralized control of the network and dynamic updating of forwarding rules, combines the advantages of the network address space randomization technology with the features of the OpenFlow network, and designs a novel resolution towards IP conversion in Floodlight controller. The research can help improve the unpredictability and decrease the possibility of worm attacking and IP sniffing by IP allocation.

Keywords: IP Conversion, OpenFlow, Moving Target Defense, Floodlight, Hitlist Worms

Cite this paper: Zhao, Z. , Guo, Y. and Liu, W. (2015) The Design and Research for Network Address Space Randomization in OpenFlow Network. Journal of Computer and Communications, 3, 203-211. doi: 10.4236/jcc.2015.35026.

References

[1] Sushil, J., Anup, K.G., Vipin, S., et al. (2011) Moving Target Defense—Creating Asymmetric Uncertainty for Cyber Threats. Springer Press, 1.

[2] Atighetchi, M., Pal, P., Webber, F. and Jones, C. (2003) Adaptive Use of Network-Centric Mechanisms in Cyber-Defense. In ISORC’03, IEEE Computer Society, 183.

[3] Kewley, D., Fink, R., Lowry, J. and Dean, M. (2001) Dynamic Approaches to Thwart Adversary Intelligence Gathering. Proceedings of DARPA Information Survivability Conference and Exposition II. DISCEX’01, 1, 176-185. http://dx.doi.org/10.1109/discex.2001.932214

[4] Antonatos, S., Akritidis, P., Markatos, E.P. and Anagnostakis, K.G. (2007) Defending against Hitlist Worms Using Network Address-Space-Randomization. Computer Networks, 51, 3471-3490. http://dx.doi.org/10.1016/j.comnet.2007.02.006

[5] Al-Shaer, E. and Duan, Q. (2011) Random Host. IP Mutation for Moving Target Defense. Technical Report UNCCCYBERDN A-0728, University of North Carolina at Charlotte, NC, July.

[6] Jafar, H.J., Ehab, A. and Duan, Q. (2012) OpenFlow Random Host Mutation: Transparent Moving Target Defense Using Software Defined Network. HotSDN, 12, 127-132.

[7] Zou, C.C., Towsley, D. and Gong, W. (2003) On the Performance of Internet Worm Scanning Strategies. Elsevier Journal of Performance Evaluation, 63, 700-723.

[8] Moore, D., Shanning, C. and Claffy, K. (2002) Code-Red: A Case Study on the Spread and Victims of an Internet worm. In: Proceedings of the 2nd Internet Measurement Workshop (IMW), ACM, New York, 273-284. http://dx.doi.org/10.1145/637201.637244

[9] Benton, K., Camp, L.J. and Small, C. (2013) OpenFlow Vulnerability Assessment. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, ACM, New York, 151-152. http://dx.doi.org/10.1145/2491185.2491222

[10] Nadeau, T.D. and Pan, P. (2011) Software Driven Networks Problem Statement. IETF Internet-Draft (Work-in- Progress) Draft-Nadeau-SDN-Problem-Statement-01, Oct. 2011.

[11] Kreutz, D., Ramos, F. and Verissimo, P. (2013) Towards Secure and Dependable Software-Defined Networks. In Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, ACM, New York, 55-60. http://dx.doi.org/10.1145/2491185.2491199

[12] Yadav, N. (2011) SDNs, OpenFlow 1.x, Open-Flow 2.0..., December.

[13] The OpenFlow Switch Consortium. OpenFlow SwitchSpecification Version 1.0.0, December 2009.

[14] Erickson, D. (2012) Floodlight Java Based OpenFlowController. Last Accessed, Ago.