東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

FindBook

Google Book

Amazon

博客來

Towards Network Level Moving Target Defense with Software Defined Networking.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Towards Network Level Moving Target Defense with Software Defined Networking./
作者:	Wang, Li.
出版者:	Ann Arbor : ProQuest Dissertations & Theses, : 2021,
面頁冊數:	122 p.
附註:	Source: Dissertations Abstracts International, Volume: 83-03, Section: B.
Contained By:	Dissertations Abstracts International83-03B.
標題:	Operating systems. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=28841734
ISBN:	9798460447961

Towards Network Level Moving Target Defense with Software Defined Networking.
Wang, Li.

Towards Network Level Moving Target Defense with Software Defined Networking. - Ann Arbor : ProQuest Dissertations & Theses, 2021 - 122 p.

Source: Dissertations Abstracts International, Volume: 83-03, Section: B.

Thesis (Ph.D.)--The Pennsylvania State University, 2021.

This item must not be sold to any third party vendors.

Current computer systems are built in a relatively static nature. Once deployed, computer systems will keep running unchanged. They will use the fixed operating systems, a set of fixed software stacks, and the same network configurations, which keep them easy to operate and manage. However, their static nature makes them easy targets of cyber attacks as well. Attackers are able to spend as much time as they can to find an effective way to compromise a target system. Moving Target Defense was proposed as a promising defense paradigm to break the static nature of current computer systems. It tries to introduce uncertainty and unpredictability into computer systems, which can greatly raise the bar for attackers. Software Defined Networking (SDN) is a new network paradigm, which provides unprecedented flexibility and programmability to computer networks. In this dissertation, we propose to achieve a Moving Target Defense at the network level with SDN. First, we present Sniffer Reflector, a new method to practice Moving Target Defense against network reconnaissance. Network reconnaissance is usually regarded as the very first step of most attacks. The basic idea is to employ SDN programming capability and virtualization technologies to defend against malicious network reconnaissance. We use SDN and network node virtualization technologies to provide an obfuscated reconnaissance result for the attackers. Our experiment results show that Sniffer Reflector is effective and efficient in blurring malicious network reconnaissance. Then, we propose Shoal, a network-level Moving Target Defense engine over SDN networks. Shoal seeks to build a comprehensive Moving Target Defense engine with multiple MTD strategies over SDN networks. It is designed to fit the need of various security protections and defend against diverse attacks in software defined networks and other virtual network environments. Our experiment shows the effectiveness of Shoal protection and demonstrates it is able to provide complicated protections and mitigate advanced attacks. Finally, we propose SecControl, a practical security protection framework combining the existing security tools and SDN technologies, to produce a comprehensive network security solution in an SDN network environment. SecControl provides a traditional-security-tool-friendly security solution for SDN networks. Our experiment shows that SecControl can cooperate with many mainstream security tools and provide effective defense responses over SDN-supported networks.

ISBN: 9798460447961Subjects--Topical Terms:

3681934
Operating systems.
Subjects--Index Terms:

Software defined networking

Towards Network Level Moving Target Defense with Software Defined Networking.
LDR:03674nmm a2200349 4500 001 2343378
005 20220502104240.5
008 241004s2021 ||||||||||||||||| ||eng d
020 $a 9798460447961
035 $a (MiAaPQ)AAI28841734
035 $a (MiAaPQ)PennState_23664lzw158
035 $a AAI28841734
040 $a MiAaPQ $c MiAaPQ
100 1 $a Wang, Li. $3 1278373
245 1 0 $a Towards Network Level Moving Target Defense with Software Defined Networking.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2021
300 $a 122 p.
500 $a Source: Dissertations Abstracts International, Volume: 83-03, Section: B.
500 $a Advisor: Song, Linhai.
502 $a Thesis (Ph.D.)--The Pennsylvania State University, 2021.
506 $a This item must not be sold to any third party vendors.
520 $a Current computer systems are built in a relatively static nature. Once deployed, computer systems will keep running unchanged. They will use the fixed operating systems, a set of fixed software stacks, and the same network configurations, which keep them easy to operate and manage. However, their static nature makes them easy targets of cyber attacks as well. Attackers are able to spend as much time as they can to find an effective way to compromise a target system. Moving Target Defense was proposed as a promising defense paradigm to break the static nature of current computer systems. It tries to introduce uncertainty and unpredictability into computer systems, which can greatly raise the bar for attackers. Software Defined Networking (SDN) is a new network paradigm, which provides unprecedented flexibility and programmability to computer networks. In this dissertation, we propose to achieve a Moving Target Defense at the network level with SDN. First, we present Sniffer Reflector, a new method to practice Moving Target Defense against network reconnaissance. Network reconnaissance is usually regarded as the very first step of most attacks. The basic idea is to employ SDN programming capability and virtualization technologies to defend against malicious network reconnaissance. We use SDN and network node virtualization technologies to provide an obfuscated reconnaissance result for the attackers. Our experiment results show that Sniffer Reflector is effective and efficient in blurring malicious network reconnaissance. Then, we propose Shoal, a network-level Moving Target Defense engine over SDN networks. Shoal seeks to build a comprehensive Moving Target Defense engine with multiple MTD strategies over SDN networks. It is designed to fit the need of various security protections and defend against diverse attacks in software defined networks and other virtual network environments. Our experiment shows the effectiveness of Shoal protection and demonstrates it is able to provide complicated protections and mitigate advanced attacks. Finally, we propose SecControl, a practical security protection framework combining the existing security tools and SDN technologies, to produce a comprehensive network security solution in an SDN network environment. SecControl provides a traditional-security-tool-friendly security solution for SDN networks. Our experiment shows that SecControl can cooperate with many mainstream security tools and provide effective defense responses over SDN-supported networks.
590 $a School code: 0176.
650 4 $a Operating systems. $3 3681934
650 4 $a Software. $2 gtt. $3 619355
650 4 $a Network security. $3 3680530
650 4 $a Computer peripherals. $3 659962
650 4 $a Computer networks. $3 539554
650 4 $a Flexibility. $3 3560705
650 4 $a Design. $3 518875
650 4 $a Defense. $3 3681633
650 4 $a Firewalls. $3 3681935
650 4 $a Traffic congestion. $3 706812
650 4 $a Computer science. $3 523869
653 $a Software defined networking
653 $a Cyber attacks
653 $a Computer security
690 $a 0389
690 $a 0984
710 2 $a The Pennsylvania State University. $3 699896
773 0 $t Dissertations Abstracts International $g 83-03B.
790 $a 0176
791 $a Ph.D.
792 $a 2021
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=28841734