ETRI-Knowledge Sharing Plaform



논문 검색
구분 SCI
연도 ~ 키워드


학술지 Analysis of Threat Model and Requirements in Network-based Moving Target Defense
Cited - time in scopus Download 3 time Share share facebook twitter linkedin kakaostory
강구홍, 박태근, 문대성
한국컴퓨터정보학회논문지, v.22 no.10, pp.83-92
17HH4100, 능동적 사전보안을 위한 사이버 자가변이 기술 개발, 문대성
Reconnaissance is performed gathering information from a series of scanning probes where the objective is to identify attributes of target hosts. Network reconnaissance of IP addresses and ports is prerequisite to various cyber attacks. In order to increase the attacker’s workload and to break the attack kill chain, a few proactive techniques based on the network-based moving target defense (NMTD) paradigm, referred to as IP address mutation/randomization, have been presented. However, there are no commercial or trial systems deployed in real networks. In this paper, we propose a threat model and the request for requirements for developing NMTD techniques. For this purpose, we first examine the challenging problems in the NMTD mechanisms that were proposed for the legacy TCP/IP network. Secondly, we present a threat model in terms of attacker’s intelligence, the intended information scope, and the attacker’s location. Lastly, we provide seven basic requirements to develop an NMTD mechanism for the legacy TCP/IP network: 1) end-host address mutation, 2) post tracking, 3) address mutation unit, 4) service transparency, 5) name and address access, 6) adaptive defense, and 7) controller operation. We believe that this paper gives some insight into how to design and implement a new NMTD mechanism that would be deployable in real network.
KSP 제안 키워드
Cyber attacks, IP address mutation, Kill chain, Moving Target Defense, Real networks, TCP/IP network, Threat model, challenging problems, network-based, proactive techniques