상세정보
학술지
Analysis of Threat Model and Requirements in Network-based Moving Target Defense
Cited - time in 
Download 3 time
Share 
Download 3 time
Share
- 저자
- 강구홍, 박태근, 문대성
- 발행일
- 201710
- 출처
- 한국컴퓨터정보학회논문지, v.22 no.10, pp.83-92
- ISSN
- 1598-849X
- 출판사
- 한국컴퓨터정보학회
- 협약과제
- 17HH4100, 능동적 사전보안을 위한 사이버 자가변이 기술 개발, 문대성
- 초록
- Reconnaissance is performed gathering information from a series of scanning probes where the objective is to identify attributes of target hosts. Network reconnaissance of IP addresses and ports is prerequisite to various cyber attacks. In order to increase the attacker’s workload and to break the attack kill chain, a few proactive techniques based on the network-based moving target defense (NMTD) paradigm, referred to as IP address mutation/randomization, have been presented. However, there are no commercial or trial systems deployed in real networks. In this paper, we propose a threat model and the request for requirements for developing NMTD techniques. For this purpose, we first examine the challenging problems in the NMTD mechanisms that were proposed for the legacy TCP/IP network. Secondly, we present a threat model in terms of attacker’s intelligence, the intended information scope, and the attacker’s location. Lastly, we provide seven basic requirements to develop an NMTD mechanism for the legacy TCP/IP network: 1) end-host address mutation, 2) post tracking, 3) address mutation unit, 4) service transparency, 5) name and address access, 6) adaptive defense, and 7) controller operation. We believe that this paper gives some insight into how to design and implement a new NMTD mechanism that would be deployable in real network.
- KSP 제안 키워드
- Cyber attacks, IP address mutation, Kill chain, Moving Target Defense, Real networks, TCP/IP network, Threat model, challenging problems, network-based, proactive techniques