WO2021049806A1 - Procédé d'attribution d'adresse de nœud de réseau - Google Patents

Procédé d'attribution d'adresse de nœud de réseau Download PDF

Info

Publication number
WO2021049806A1
WO2021049806A1 PCT/KR2020/011725 KR2020011725W WO2021049806A1 WO 2021049806 A1 WO2021049806 A1 WO 2021049806A1 KR 2020011725 W KR2020011725 W KR 2020011725W WO 2021049806 A1 WO2021049806 A1 WO 2021049806A1
Authority
WO
WIPO (PCT)
Prior art keywords
node
address
network
attack
importance
Prior art date
Application number
PCT/KR2020/011725
Other languages
English (en)
Korean (ko)
Inventor
임혁
윤승현
Original Assignee
광주과학기술원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 광주과학기술원 filed Critical 광주과학기술원
Publication of WO2021049806A1 publication Critical patent/WO2021049806A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/146Tracing the source of attacks

Definitions

  • the present invention relates to a method for allocating addresses of network nodes. Preferably, it relates to a method of allocating virtual addresses for nodes placed in a network based on a software defined network.
  • MTD Manufacturing Target Defense
  • the MTD technology is an active method that prevents preparation and attempts of attack by amplifying the analysis complexity of the attacker and the uncertainty of the attack target selection by actively changing the main attributes of the system (protected target) that is the target of a cyber attack. It is a pre-security technology.
  • the software defined network is an approach for controlling/managing the traffic delivery operation of the network through an open API in a software-based controller. It is characterized in that a control plane for designating a traffic path and a data plane for performing traffic transmission are separated.
  • Non-Patent Document 1 D. C. MacFarland et al., “The SDN shuffle: Creating a moving-target defense using host-based software-defined networking,” in ACM Workshop on Moving Target Defense, 2015, pp. 37-41
  • the present invention is proposed under the above-described background, and proposes an address allocation method of a network node to which MTD technology is intensively applied to a network node vulnerable to external attacks.
  • the present invention discovers a network node on a path vulnerable to external attacks, and proposes a method for allocating an address of the vulnerable network node.
  • the present invention proposes an address allocation method for a network node capable of controlling overhead in response to a system load.
  • An address allocation method of a network node includes providing an attack graph for a network; Analyzing the explotability of the attack graph; And selecting a node to be shuffling from among nodes included in the network, and allocating a new address to the node to be shuffling. According to the present invention, by shuffling a specific node on the attack graph, the security of the network can be improved by utilizing minimum resources.
  • Analyzing the attack graph, analyzing the exploitability, and selecting a shuffling target node and allocating a new address may be repeated at a predetermined period. Accordingly, it is possible to adaptively maintain the security of the network in response to the addition or deletion of a new node to the network.
  • the attack graph includes: a first layer related to network connectivity related to a network topology; A second layer related to a vulnerability disclosed to a remote node outside the network; And a multi-level attack graph provided using a third layer related to a vulnerability that is not disclosed to the remote node and is disclosed only to an internal node within the network. According to this, attack graphs of various networks can be more accurately provided, so that the attack path from the outside can be accurately known.
  • the analysis of the exploitability may be provided by analyzing the vulnerability of each layer. According to this, it is possible to more accurately determine the path through which the external node intrudes and the node with high vulnerability in the path.
  • the selection of a node to be shuffled may include predicting an attack path by a reverse attack path prediction technique that tracks the attack graph in a reverse direction starting from a node having a high asset importance; And selecting a node having a large influence on other nodes from among nodes included in the attack path. According to this, since it is possible to selectively shuffle network nodes in an attack path with a high possibility of attack, complexity is lowered and system resources can be used more efficiently.
  • At least one of the attack paths is provided for any one node, so that any one node can be included in the attack path, and a plurality of attack paths can be provided for any one node.
  • the asset importance may be evaluated as a role importance based on the role of the node. In this case, based on the role of the node, it is possible to more actively protect the node with a high probability of intrusion by responding to the role of the network.
  • the asset importance may be evaluated as an impact importance based on an impact of a node on an adjacent node. In this case, not only the role of the node, but also the influence of one node on other nodes in the network is considered together, so that the importance of the node's asset can be more accurately evaluated.
  • the new address is provided as a virtual address provided in the SDN environment, it can be more adaptively used in the SDN environment.
  • the virtual address is a MAC address
  • the SDN controller may transmit a flow rule including the MAC address to a switch corresponding to the node to be shuffled. Accordingly, it is possible to smoothly use the virtual MAC address of the node to be shuffled.
  • the virtual address is a virtual IP address
  • the SDN controller obtains a real IP address of a node to be shuffled from a DNS server; And transmitting a flow rule in which the virtual IP address and the real IP address are matched to a switch corresponding to a node to be shuffled. Accordingly, it is possible to smoothly use the virtual IP address of the node to be shuffled.
  • a network node on a weak path can be accurately identified, so that a system can be more stably protected from an intruder.
  • the present invention can cope with the load of the system, it is possible to fully utilize the resources of the network without deteriorating the quality of service felt by the user.
  • FIG. 1 is a flowchart illustrating an address allocation method of a network node according to an embodiment.
  • FIG. 2 is a diagram showing an example of a network topology.
  • FIG. 3 is a diagram illustrating a multi-level attack graph for the network of FIG. 2;
  • FIG. 4 is a diagram illustrating reverse attack path prediction.
  • 5 is a diagram showing the possibility of exposing user privileges, role importance, and impact importance of each node in the network.
  • Fig. 6 is a diagram for explaining shuffling of MAC addresses.
  • Fig. 7 is a diagram for explaining shuffling of IP addresses.
  • FIG. 1 is a flowchart illustrating a method of allocating an address of a network node according to an embodiment. A method of allocating an address of a network node according to an embodiment will be briefly described with reference to FIG. 1.
  • a network is first analyzed at a current time point (S1).
  • Allocating the address of the network node may be for shuffling an address previously allocated to each network node.
  • At least a network topology may be analyzed.
  • the node may include a workstation, a database server, a firewall, and an intrusion detection system (IDS).
  • IDS intrusion detection system
  • the node may include a computer and an IOT device.
  • the node may include all devices connected to a network having at least one of a MAC address, an IP address, and a port address.
  • the node is a device that is assigned an address in a network and can perform a predetermined role, and may preferably refer to a network host. However, all devices provided to the network and having an address may be included in a node according to the present invention.
  • a multi-level attack graph for the analyzed network may be provided (S2).
  • the attack graph (AG) may define a path through which an intruder intrudes from outside the network to a target node.
  • the attack graph may be individually produced in different ways for each layer classified for each attack stage according to the characteristics and types of each node. For example, it may be divided into three layers, and the first layer may be divided into network connectivity, the second layer may be divided into a remote vulnerability, and the third layer may be divided into a local vulnerability. The specific operation of each layer will be described later.
  • At least one node to be shuffled is selected (S4).
  • at least one of the following determinations may be specifically performed.
  • an intruder predicts an intrusion path from the outside to a target node, and in this case, a backward attack path prediction may be performed in the prediction direction.
  • a node with a large role-based criticality can be selected from among a number of nodes.
  • an address may be allocated to a node to be shuffled (S5).
  • the address of the node to be shuffled may be a new address different from the original address.
  • the address of the node to be shuffled may be that a real address is not changed, and a virtual address is newly given or changed.
  • the method of allocating addresses of the network nodes may be continuously performed at a predetermined period. According to this, even if the network topology is changed due to the addition or deletion of nodes, it is possible to continuously maintain the security of the system.
  • the network analysis step (S1) is first performed.
  • FIG. 2 shows the analyzed network topology as an example.
  • the network includes a workstation 2, a web server 3, and a DB server 4.
  • the workstation 2, the web server 3, and the DB server 4 may be connected by a switch 11, 12, 13, 14.
  • firewalls 21 and 22 are provided to block entry into the network from the outside (21 is performed), or to separately protect important nodes, for example, the DB server 4 (22 performed).
  • the network may further include an intrusion detection system 5.
  • an SDN controller (shown in FIGS. 6 and 7) may be further provided.
  • the SDN control may have information on a real IP address, a real MAC address, and a real port address of each node, and a corresponding virtual IP address, a virtual MAC address, and a virtual port address.
  • Different nodes know only the virtual address and can communicate with each other using only the virtual address.
  • address-related information can be delivered to switches and the like using flow rules.
  • S2 a multi-level attack graph is provided for the analyzed network (S2).
  • 3 is a diagram illustrating a multi-level attack graph for the network of FIG. 2.
  • the attacker's attack can be mainly performed in the order of analyzing and identifying a target's vulnerability, identifying a vulnerability component and an attack target, and stealing data.
  • the vulnerability refers to a weakness against external intrusion, and as an example, a database of the National Vulnerability DB (NVD) owned by the US government can be used.
  • NDV National Vulnerability DB
  • CVE information security vulnerability standard code
  • CVSS Common Vulnerabilities Scoring system
  • the information security evaluation system evaluates each node according to the information security vulnerability standard code and provides an evaluation result of 1 to 10.
  • the evaluation result may mean a degree to which the corresponding node is vulnerable to external intrusion.
  • Table 1 exemplifies the evaluation results of the network shown in FIGS. 1 and 2.
  • each node of the network may be identified based on the national vulnerability database.
  • an attacker can exploit the vulnerability of CVE2001-1180 to steal data from the DB server 4 (N3(h3)). This is because the main attack of network intrusion is data theft or manipulation. In the following description, it is exemplified by attacking the DB server 4 (N3(h3)).
  • N is an abbreviation of a node and h is an abbreviation of a host.
  • each node has at least one vulnerability.
  • the attacker can reach the target by combining the vulnerabilities of each node as much as possible.
  • the vulnerability of each node is divided into multiple stages, and as an example, three stages.
  • Each step may be made of a layer (layer).
  • the first layer L1 is a layer related to network connectivity. This layer can be determined by the network topology (eg, firewall configuration). The first layer may be determined as accessibility of information. For example, referring to FIGS. 2 and 3, the workstation (N1) (2) and the web server (N2) (3) are external nodes (Hex), and the DB server (N3) (4) is an internal note ( Hin).
  • the workstation (N1) (2) and the web server (N2) (3) are external nodes (Hex)
  • the DB server (N3) (4) is an internal note ( Hin).
  • the external node can be accessed through the first firewall 21 that blocks an intruder from entering the network from outside the network. Even after passing through the first firewall 21, the intruder cannot directly access the internal node. This is because it must pass through the second firewall 22. In other words, the possibility that an intruder can access the external node and the internal node is different.
  • the second layer L2 is a layer related to a remote vulnerability.
  • This layer refers to a vulnerability disclosed in a remote node so that a node included in the network can be directly accessed.
  • a vulnerability included in this layer refers to a vulnerability that can be exploited without permission by a remote node that is not included in the network.
  • the workstation (N1) (2) may have three vulnerabilities (v1, v2, and v3).
  • the path through which the attacker must pass may be determined according to the characteristics of the three vulnerabilities. For example, an attacker who successfully exploited vulnerability v1 would have to go through v2 to gain user privileges on the workstation (N1)(2).
  • the third layer L3 is a layer related to local vulnerability. This layer is a vulnerability that is disclosed only inside the node that has the vulnerability. Therefore, the attacker must first obtain the user privileges of the target node to exploit the root privilege of the node.
  • the attacker could reach the target through each vulnerability.
  • the intruder can go through any attack path and reach the target. It is assumed that the attacker does not have prior knowledge of the network and uses the following vulnerabilities uniformly and randomly.
  • Equation 1 The possibility of abuse of the first layer may be given by Equation 1.
  • V r (h) means the vulnerability of the node (h) that can access the network.
  • two nodes h1 and h2 may be provided as the external node Hex.
  • S v (h i ) can be the sum of the vulnerabilities of nodes (h) that can access the network from outside.
  • P UE user privilege exploitability
  • APV(v, U(h j )) refers to a set of vulnerabilities that exist in all possible attack vectors from vulnerability v to user privilege of host h j.
  • P e (u) refers to the possibility of exploitation of the vulnerability (u) placed in the vulnerability set (APV(v, U(h j ))).
  • node h 1 has three vulnerabilities v1, v2, and v3 that can be accessed remotely, and the possibility of exploiting the vulnerability P e (u) is P e (v 1 )P e (v 2 )+P e (v 2 )+P e (v 3 ).
  • Equation 4 The likelihood P R (h i ) of exposing the root privilege of the node h i may be given by Equation 4.
  • V rt (h i ) is a set of vulnerabilities associated with the root privilege of node h i.
  • APV(v, R(h j )) refers to the set of vulnerabilities that exist in all possible attack vectors from vulnerability v to the root privilege of node h j.
  • Equations 3 and 4 may be accumulated for each attack step.
  • the accumulated probability can dictate each probability that an intruder can reach its final goal.
  • the selection step (S4) of at least one node to be shuffled may be performed.
  • a backward attack path prediction (BAP) technique may be applied.
  • the reverse attack path prediction technique is a technique for tracking backwards from the last node of the attack path, as well as finding the most vulnerable node with high asset criticality.
  • FIG. 4 is a diagram illustrating reverse attack path prediction.
  • h9 is first selected among nodes having a high asset importance.
  • the node with the greatest probability (P UC (h j )) of successfully exposing user privilege is h6. Therefore, h6 may be selected as the node before h9.
  • h9 may be a node having a high asset importance.
  • h4 can be obtained by re-applying the reverse attack path prediction technique to h6.
  • the overall predicted attack path for h9 may be h2 -> h4 -> h6 -> h9.
  • the attack path predicted by the reverse attack path prediction technique may be performed for a node whose asset importance is equal to or greater than a certain value ( ⁇ ).
  • k number of attack paths may be provided for any one node having high asset importance.
  • k selections may select a path having a large sum of the probability that the user privilege is successfully exposed (P UC (h j )).
  • P UC (h j ) Preferably, k may be set to 1.
  • a plurality of attack paths that can be generated by the reverse attack prediction technique may be provided in correspondence with the threshold of the asset importance and the number of attack paths.
  • the importance of an asset may mean a degree of importance among network nodes.
  • the embodiment may select a node having a large role-based criticality from among a plurality of nodes. That is, when the role of a specific node is important in light of the role of the network, it can be selected as a node with high asset importance.
  • the network is a cloud data center
  • the asset importance of the DB server is higher than that of other virtual machines (VMs).
  • VMs virtual machines
  • the importance of h8, h9, and h10 corresponding to the DB server may be set to 8, 10, and 6, respectively.
  • the effect of a specific node on other nodes may be ignored.
  • a specific node may participate in the attack path of many nodes even if the role importance is low. In this case, the specific node can be ignored even though the influence on other nodes is large.
  • a node having a high influence-based criticality among a plurality of nodes may be selected as a node having a high asset importance.
  • the influence can be said to mean the degree to which a node has a large influence on an adjacent node. This is defined as an influence criticality (IC) and can be expressed by Equation 5.
  • IC denotes the impact importance
  • RC denotes role importance
  • P R denotes the possibility that the root privilege of the node h i shown in Equation 4 is exposed.
  • the influence importance is a value in which the role importance is considered.
  • IC h2 is 3.9, which is calculated higher than that of other nodes. This is because two paths pass through the h2 node.
  • a node to be shuffled may be selected based on the role importance and the influence importance.
  • Equation 6 shows that a node to be shuffled is selected based on the importance of the role.
  • F RC becomes 1 when executed for all nodes of a given network.
  • AG is a set of nodes determined by the backward prediction path technique.
  • RC represents role importance.
  • F RC becomes 1 when executed for all nodes of a given network.
  • AG is a set of nodes determined by the backward prediction path technique.
  • IC represents the importance of the impact.
  • At a period of a predetermined time Ts at least one node may be selected as a shuffling target node for shuffling the network.
  • a node having a high role importance or the influence importance may be selected.
  • the impact importance is a value that includes more factors and evaluates the asset importance in a broad sense compared to the role importance.
  • an address of a node to be shuffled may be allocated (S5).
  • the entire configuration of the network can be shuffled by reallocating the address of the node to be shuffled.
  • the address of the node to be shuffled may be a reassignment of a new address different from the original address.
  • the address of the node to be shuffled may be that the real address is not changed by the SDN controller, and the virtual address is changed.
  • the address of the node to be shuffled may include any one of an IP address, a MAC address, and a port address.
  • FIG. 6 is a diagram illustrating shuffling of MAC addresses.
  • Node A requests a MAC address of Node B using an Address Resolution Protocol (ARP).
  • ARP Address Resolution Protocol
  • the SDN controller receives the actual MAC address from Node B. In this case, the SDN controller may not know the MAC address of the Node B.
  • the SDN controller which has received the actual MAC address of the Node B, may match the actual MAC address of the Node B with the shuffled virtual MAC address.
  • the SDN controller may newly determine a flow rule according to the rules of the SDN using the matched address, and transmit the modified flow rule to the switch 2 corresponding to the node B.
  • the SDN controller may transmit the virtual MAC address of Node B to Node A.
  • a real MAC address and a virtual MAC address may be matched.
  • the node A can directly send the packet to the node B.
  • the address of the Node B may be identified as a virtual MAC address according to a modified flow rule.
  • a new virtual MAC address may be allocated according to the method shown in FIG. 6.
  • FIG. 7 is a diagram illustrating shuffling of IP addresses.
  • node A requests the IP address of node B.
  • the SDN controller receives the real IP address of Node B from the DNS server (Domain Nmae Server).
  • the SDN controller receiving the real IP address of the Node B may match the real IP address of the Node B with the shuffled virtual IP address.
  • the SDN controller modifies the flow rule according to the rules of the SDN, delivers the modified flow rule to switch 2 connected to node B, and transfers the virtual IP address of node B to node A.
  • I can.
  • a real IP address and a virtual IP address may be matched to the modified flow rule.
  • the node A can directly send the packet to the node B.
  • the address of the Node B may be identified as a virtual IP address according to a modified flow rule.
  • a new virtual IP address may be allocated according to the method shown in FIG. 7.
  • the embodiment it is possible to actively protect the system by analyzing each node of the network in advance, and as a new node is added, the security performance of the system can be continuously increased. It has the advantage of being used to further increase the security efficiency.
  • the present invention can be applied to a corporate data center network, a corporate network to provide a cloud service, and a campus network.
  • security can be improved by being applied to various existing SDN-based network networks.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

L'invention concerne un procédé d'attribution d'une adresse d'un nœud de réseau, ledit procédé comprenant les étapes consistant : à fournir un graphe d'attaque destiné à un réseau ; à analyser l'exploitabilité du graphe d'attaque ; et à sélectionner un nœud à réarranger parmi des nœuds inclus dans le réseau et à attribuer une nouvelle adresse au nœud à réarranger. Selon la présente invention, un réarrangement est effectué pour un nœud spécifique sur le graphe d'attaque, et ainsi, il est possible d'augmenter la sécurité du réseau par l'utilisation de ressources minimales.
PCT/KR2020/011725 2019-09-09 2020-09-01 Procédé d'attribution d'adresse de nœud de réseau WO2021049806A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2019-0111276 2019-09-09
KR1020190111276A KR102212316B1 (ko) 2019-09-09 2019-09-09 네트워크 노드의 주소할당방법

Publications (1)

Publication Number Publication Date
WO2021049806A1 true WO2021049806A1 (fr) 2021-03-18

Family

ID=74558790

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2020/011725 WO2021049806A1 (fr) 2019-09-09 2020-09-01 Procédé d'attribution d'adresse de nœud de réseau

Country Status (2)

Country Link
KR (1) KR102212316B1 (fr)
WO (1) WO2021049806A1 (fr)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140137257A1 (en) * 2012-11-12 2014-05-15 Board Of Regents, The University Of Texas System System, Method and Apparatus for Assessing a Risk of One or More Assets Within an Operational Technology Infrastructure

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140137257A1 (en) * 2012-11-12 2014-05-15 Board Of Regents, The University Of Texas System System, Method and Apparatus for Assessing a Risk of One or More Assets Within an Operational Technology Infrastructure

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
HONG JIN B.; ENOCH SIMON YUSUF; KIM DONG SEONG; NHLABATSI ARMSTRONG; FETAIS NOORA; KHAN KHALED M.: "Dynamic security metrics for measuring the effectiveness of moving target defense techniques", COMPUTERS & SECURITY., ELSEVIER SCIENCE PUBLISHERS. AMSTERDAM., NL, vol. 79, 23 August 2018 (2018-08-23), NL, pages 33 - 52, XP085500763, ISSN: 0167-4048, DOI: 10.1016/j.cose.2018.08.003 *
MARCUS PENDLETON ; RICHARD GARCIA-LEBRON ; JIN-HEE CHO ; SHOUHUAI XU: "A Survey on Systems Security Metrics", ACM COMPUTING SURVEYS., ACM, NEW YORK, NY, US., US, vol. 49, no. 4, 20 December 2016 (2016-12-20), US, pages 1 - 35, XP058307703, ISSN: 0360-0300, DOI: 10.1145/3005714 *
SENGUPTA SAILIK; CHOWDHARY ANKUR; SABUR ABDULHAKIM; ALSHAMRANI ADEL; HUANG DIJIANG; KAMBHAMPATI SUBBARAO: "A Survey of Moving Target Defenses for Network Security", IEEE COMMUNICATIONS SURVEYS & TUTORIALS, IEEE, USA, vol. 22, no. 3, 25 March 2020 (2020-03-25), USA, pages 1909 - 1941, XP011807014, DOI: 10.1109/COMST.2020.2982955 *
SHARMA DILLI P.; CHO JIN-HEE; MOORE TERRENCE J.; NELSON FREDERICA F.; LIM HYUK; KIM DONG SEONG: "Random Host and Service Multiplexing for Moving Target Defense in Software-Defined Networks", ICC 2019 - 2019 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC), IEEE, 20 May 2019 (2019-05-20), pages 1 - 6, XP033581996, DOI: 10.1109/ICC.2019.8761496 *

Also Published As

Publication number Publication date
KR102212316B1 (ko) 2021-02-05

Similar Documents

Publication Publication Date Title
Prokofiev et al. A method to detect Internet of Things botnets
Ali et al. Detecting ddos attack on sdn due to vulnerabilities in openflow
US11290484B2 (en) Bot characteristic detection method and apparatus
WO2017069348A1 (fr) Procédé et dispositif permettant de vérifier automatiquement un événement de sécurité
JP6138714B2 (ja) 通信装置および通信装置における通信制御方法
WO2012153913A1 (fr) Procédé de défense contre une attaque par usurpation d'identité à l'aide d'un serveur de blocage
WO2020013439A1 (fr) Dispositif et procédé de routage de commande dans un réseau sdn
WO2013055083A1 (fr) Procédé de classification de paquet et dispositif correspondant
WO2019231185A1 (fr) Procédé permettant de calculer un paramètre de fiabilité entre des nœuds dans un réseau sans fil, et procédé et dispositif permettant de configurer un chemin de routage à l'aide d'un paramètre de fiabilité
WO2023085791A1 (fr) Système de contrôle de l'accès au réseau basé sur un contrôleur et procédé associé
WO2014193158A1 (fr) Appareil et procédé pour détecter une attaque par déni de service dans un réseau centré sur le contenu
Prasad et al. Defending arp spoofing-based mitm attack using machine learning and device profiling
Csikor et al. Policy injection: A cloud dataplane dos attack
WO2021049806A1 (fr) Procédé d'attribution d'adresse de nœud de réseau
WO2024019506A1 (fr) Dispositif de traitement de sécurité de courrier de système de sécurité d'accès au courrier qui fournit une fonction de gestion et de blocage d'accès sur la base d'un protocole de communication de courrier électronique, et son procédé de fonctionnement
US12095809B2 (en) Suppressing virus propagation in a local area network
Fraunholz et al. Catch me if you can: Dynamic concealment of network entities
WO2019182219A1 (fr) Système de réseau de confiance basé sur une chaîne de blocs
CN111865876A (zh) 网络的访问控制方法和设备
Chiba et al. An SDN-based moving target defense as a countermeasure to prevent network scans
KR102046612B1 (ko) Sdn 기반의 dns 증폭 공격 방어시스템 및 그 방법
WO2024143744A1 (fr) Système et procédé de communication chiffrée basés sur une mutation d'adresse réseau
WO2019132056A1 (fr) Système de sécurité de réseau effectuant un réglage d'ensemble de règles adaptatif, et procédé associé
KR101812732B1 (ko) 보안 장치 및 이의 동작 방법
WO2024158069A1 (fr) Dispositif pare-feu de sécurité de courrier et son procédé de fonctionnement

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20862825

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 24/06/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 20862825

Country of ref document: EP

Kind code of ref document: A1