Toward Network Configuration Randomization for Moving Target Defense

Al-Shaer, Ehab

doi:10.1007/978-1-4614-0977-9_9

Ehab Al-Shaer⁶

Part of the book series: Advances in Information Security ((ADIS,volume 54))

2751 Accesses
69 Citations

Abstract

This chapter presents a moving target defense architecture called Mutable Networks or MUTE. MUTE enables networks to change their configurations such as IP address and routes randomly and dynamically while preserving the requirements and integrity of network operation. The main goal of MUTE is to hinder the adversary’s capabilities in scanning or discovering network targets, launching DoS attacks and creating botnets structure. This chapter presents the challenges and applications of moving target defense and it also presents a formal approach for creating valid mutation of network configurations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 79.99; Price excludes VAT (USA)

Softcover Book: USD 99.99; Price excludes VAT (USA)

Hardcover Book: USD 139.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

E. Al-Shaer,W. Marrero, A. El-Atway and K. AlBadani, Network Configuration in a Box: Towards End-to-End Verification of Network Reachability and Security, In Proceedings of 17th International Conference on Network Communications and Protocol (ICNP’09), pp. 123–132, Princeton, 2009.
Google Scholar
H. Hamed, E. Al-Shaer and W. Marrero, Modeling and Verification of IPSec and VPN Security Policies, In Proceedings of International Conference on Netwrok Communications and Protocol (ICNP’05), 2005.
Google Scholar
T. Samak, A. El-Atawy and E. Al-Shaer, A Framework for Inferring Firewall Policy Using Smart Probing, In Proceedings of International Conference on Netwrok Communications and Protocol (ICNP’07), 2007.
Google Scholar
Network Vulnerability Scanner. http://www.nessus.org/nessus
Network Mapper. http://nmap.org

Download references

Author information

Authors and Affiliations

Cyber Defense and Network Assurability (CyberDNA) Center, College of Computing and Informatics, University of North Carolina, Charlotte, USA
Ehab Al-Shaer

Authors

Ehab Al-Shaer
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ehab Al-Shaer .

Editor information

Editors and Affiliations

Center for Secure Information Systems, George Mason University, Fairfax, 22030-4444, Virginia, USA
Sushil Jajodia
Center for Secure Information Systems, George Mason University, Fairfax, 22030-4422, Virginia, USA
Anup K. Ghosh
The MITRE Corporation, McLean, 22102-7508, Virginia, USA
Vipin Swarup
Computing and Information Science Div., Engineering Sciences Directorate, Triangle Park, 27709-2211, North Carolina, USA
Cliff Wang
Division of Information & Intelligent Sy, National Science Foundation, Arlington, 22230, Virginia, USA
X. Sean Wang

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Al-Shaer, E. (2011). Toward Network Configuration Randomization for Moving Target Defense. In: Jajodia, S., Ghosh, A., Swarup, V., Wang, C., Wang, X. (eds) Moving Target Defense. Advances in Information Security, vol 54. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-0977-9_9

Download citation

DOI: https://doi.org/10.1007/978-1-4614-0977-9_9
Published: 05 August 2011
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-0976-2
Online ISBN: 978-1-4614-0977-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics