The static and homogeneous nature of the existing state-of-the-art networked systems provides asy... more The static and homogeneous nature of the existing state-of-the-art networked systems provides asymmetric advantages to attackers that make them easy for reconnaissance and launching the attacks. The advanced cyberattacks (e.g., APT, DDoS, malware) cause tremendous socioeconomic impact and losses; therefore, there is an immediate need to not only respond (Army Research Lab, USA), Seunghyun Yoon, and Dr. Hyuk Lim (GIST, South Korea) for their invaluable comments, ideas, reviews, advice and suggestions during my research. Thank you all for their insightful comments and suggestions that allowed me to greatly improve the quality of the work vii presented in this thesis. My special gratitude goes to Dr. Jin B. Hong and Dr. Mengmeng Ge, for their invaluable advice, discussion, and feedback on my research. I am also indebted to my friend Dr. Simon Yusuf Enoch, for his invaluable insights and suggestions. I appreciate his willingness to help and meet me whenever I need it. Thank you all the members of the UC Cybersecurity Lab, Cole,
Security issues in a distributed system are always crucial and existing distributed computing sec... more Security issues in a distributed system are always crucial and existing distributed computing security technologies do not adequately address for its scalability, performance and heterogeneity. In this paper, an agent-based authentication model is designed and uses a mobile agent which is an object that migrates through many nodes of a heterogeneous network of computers, under its own control in order to perform designated tasks using local resources of the nodes. A mobile agent is called authentication mobile agent that can migrate from machine to machine in the agent-enabled network and responsible for providing the authentication service in the distributed system. The authentication mobile agent uses digital signature algorithm for the authentication of the mobile code, and password encrypted with a secret key for the user authentication. The agent maintains a small database file that also migrated with it. It may again move towards the other machines on demand. This approach pro...
ICC 2019 - 2019 IEEE International Conference on Communications (ICC), 2019
Moving target defense (MTD) is a proactive defense mechanism of changing the attack surface to in... more Moving target defense (MTD) is a proactive defense mechanism of changing the attack surface to increase an attacker's confusion and/or uncertainty, which invalidates its intelligence gained through reconnaissance and/or network scanning attacks. In this work, we propose software-defined networking (SDN)-based MTD technique using the shuffling of IP addresses and port numbers aiming to obfuscate both network and transport layers' real identities of the host and the service for defending against the network reconnaissance and scanning attacks. We call our proposed MTD technique Random Host and Service Multiplexing, namely RHSM. RHSM allows each host to use random, multiple virtual IP addresses to be dynamically and periodically shuffled. In addition, it uses short-lived, multiple virtual port numbers for an active service running on the host. Our proposed RHSM is novel in that we employ multiplexing (or de-multiplexing) to dynamically change and remap from all the virtual IPs ...
With the interconnection of services and customers, network attacks are capable of large amounts ... more With the interconnection of services and customers, network attacks are capable of large amounts of damage. Flexible Random Virtual IP Multiplexing (FRVM) is a Moving Target Defence (MTD) technique that protects against reconnaissance and access with address mutation and multiplexing. Security techniques must be trusted, however, FRVM, along with past MTD techniques, have gaps in realistic evaluation and thorough analysis of security and performance. FRVM, and two comparison techniques, were deployed on a virtualised network to demonstrate FRVM's security and performance trade-offs. The key results include the security and performance trade-offs of address multiplexing and address mutation. The security benefit of IP address multiplexing is much greater than its performance overhead, deployed on top of address mutation. Frequent address mutation significantly increases an attackers' network scan durations as well as effectively obfuscating and hiding network configurations.
2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
Network address shuffling is one of moving target defense (MTD) techniques that can invalidate th... more Network address shuffling is one of moving target defense (MTD) techniques that can invalidate the address information attackers have collected based on the current network IP configuration. We propose a software-defined networking-based MTD technique called Flexible Random Virtual IP Multiplexing, namely FRVM, which aims to defend against network reconnaissance and scanning attacks. FRVM enables a host machine to have multiple, random, time-varying virtual IP addresses, which are multiplexed to a real IP address of the host. Multiplexing or de-multiplexing event dynamically remaps all the virtual network addresses of the hosts. Therefore, at the end of a multiplexing event, FRVM aims to make the attackers lose any knowledge gained through the reconnaissance and to disturb their scanning strategy. In this work, we analyze and evaluate our proposed FRVM in terms of the attack success probability under scanning attacks and target host discovery attacks.
Reactive defense mechanisms, such as intrusion detection systems, have made significant efforts t... more Reactive defense mechanisms, such as intrusion detection systems, have made significant efforts to secure a system or network for the last several decades. However, the nature of reactive security mechanisms has limitations because potential attackers cannot be prevented in advance. We are facing a reality with the proliferation of persistent, advanced, intelligent attacks while defenders are often way behind attackers in taking appropriate actions to thwart potential attackers. The concept of moving target defense (MTD) has emerged as a proactive defense mechanism aiming to prevent attacks. In this work, we conducted a comprehensive, in-depth survey to discuss the following aspects of MTD: key roles, design principles, classifications, common attacks, key methodologies, important algorithms, metrics, evaluation methods, and application domains. We discuss the pros and cons of all aspects of MTD surveyed in this work. Lastly, we highlight insights and lessons learned from this study and suggest future work directions. The aim of this paper is to provide the overall trends of MTD research in terms of critical aspects of defense systems for researchers who seek for developing proactive, adaptive MTD mechanisms.
International Journal of Computer Applications, Feb 18, 2015
Security issues in a distributed system are always crucial and existing distributed computing sec... more Security issues in a distributed system are always crucial and existing distributed computing security technologies do not adequately address for its scalability, performance and heterogeneity. In this paper, an agent-based authentication model is designed and uses a mobile agent which is an object that migrates through many nodes of a heterogeneous network of computers, under its own control in order to perform designated tasks using local resources of the nodes. A mobile agent is called authentication mobile agent that can migrate from machine to machine in the agent-enabled network and responsible for providing the authentication service in the distributed system. The authentication mobile agent uses digital signature algorithm for the authentication of the mobile code, and password encrypted with a secret key for the user authentication. The agent maintains a small database file that also migrated with it. It may again move towards the other machines on demand. This approach provides many benefits to the development of distributed applications.
The static and homogeneous nature of the existing state-of-the-art networked systems provides asy... more The static and homogeneous nature of the existing state-of-the-art networked systems provides asymmetric advantages to attackers that make them easy for reconnaissance and launching the attacks. The advanced cyberattacks (e.g., APT, DDoS, malware) cause tremendous socioeconomic impact and losses; therefore, there is an immediate need to not only respond (Army Research Lab, USA), Seunghyun Yoon, and Dr. Hyuk Lim (GIST, South Korea) for their invaluable comments, ideas, reviews, advice and suggestions during my research. Thank you all for their insightful comments and suggestions that allowed me to greatly improve the quality of the work vii presented in this thesis. My special gratitude goes to Dr. Jin B. Hong and Dr. Mengmeng Ge, for their invaluable advice, discussion, and feedback on my research. I am also indebted to my friend Dr. Simon Yusuf Enoch, for his invaluable insights and suggestions. I appreciate his willingness to help and meet me whenever I need it. Thank you all the members of the UC Cybersecurity Lab, Cole,
Security issues in a distributed system are always crucial and existing distributed computing sec... more Security issues in a distributed system are always crucial and existing distributed computing security technologies do not adequately address for its scalability, performance and heterogeneity. In this paper, an agent-based authentication model is designed and uses a mobile agent which is an object that migrates through many nodes of a heterogeneous network of computers, under its own control in order to perform designated tasks using local resources of the nodes. A mobile agent is called authentication mobile agent that can migrate from machine to machine in the agent-enabled network and responsible for providing the authentication service in the distributed system. The authentication mobile agent uses digital signature algorithm for the authentication of the mobile code, and password encrypted with a secret key for the user authentication. The agent maintains a small database file that also migrated with it. It may again move towards the other machines on demand. This approach pro...
ICC 2019 - 2019 IEEE International Conference on Communications (ICC), 2019
Moving target defense (MTD) is a proactive defense mechanism of changing the attack surface to in... more Moving target defense (MTD) is a proactive defense mechanism of changing the attack surface to increase an attacker's confusion and/or uncertainty, which invalidates its intelligence gained through reconnaissance and/or network scanning attacks. In this work, we propose software-defined networking (SDN)-based MTD technique using the shuffling of IP addresses and port numbers aiming to obfuscate both network and transport layers' real identities of the host and the service for defending against the network reconnaissance and scanning attacks. We call our proposed MTD technique Random Host and Service Multiplexing, namely RHSM. RHSM allows each host to use random, multiple virtual IP addresses to be dynamically and periodically shuffled. In addition, it uses short-lived, multiple virtual port numbers for an active service running on the host. Our proposed RHSM is novel in that we employ multiplexing (or de-multiplexing) to dynamically change and remap from all the virtual IPs ...
With the interconnection of services and customers, network attacks are capable of large amounts ... more With the interconnection of services and customers, network attacks are capable of large amounts of damage. Flexible Random Virtual IP Multiplexing (FRVM) is a Moving Target Defence (MTD) technique that protects against reconnaissance and access with address mutation and multiplexing. Security techniques must be trusted, however, FRVM, along with past MTD techniques, have gaps in realistic evaluation and thorough analysis of security and performance. FRVM, and two comparison techniques, were deployed on a virtualised network to demonstrate FRVM's security and performance trade-offs. The key results include the security and performance trade-offs of address multiplexing and address mutation. The security benefit of IP address multiplexing is much greater than its performance overhead, deployed on top of address mutation. Frequent address mutation significantly increases an attackers' network scan durations as well as effectively obfuscating and hiding network configurations.
2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
Network address shuffling is one of moving target defense (MTD) techniques that can invalidate th... more Network address shuffling is one of moving target defense (MTD) techniques that can invalidate the address information attackers have collected based on the current network IP configuration. We propose a software-defined networking-based MTD technique called Flexible Random Virtual IP Multiplexing, namely FRVM, which aims to defend against network reconnaissance and scanning attacks. FRVM enables a host machine to have multiple, random, time-varying virtual IP addresses, which are multiplexed to a real IP address of the host. Multiplexing or de-multiplexing event dynamically remaps all the virtual network addresses of the hosts. Therefore, at the end of a multiplexing event, FRVM aims to make the attackers lose any knowledge gained through the reconnaissance and to disturb their scanning strategy. In this work, we analyze and evaluate our proposed FRVM in terms of the attack success probability under scanning attacks and target host discovery attacks.
Reactive defense mechanisms, such as intrusion detection systems, have made significant efforts t... more Reactive defense mechanisms, such as intrusion detection systems, have made significant efforts to secure a system or network for the last several decades. However, the nature of reactive security mechanisms has limitations because potential attackers cannot be prevented in advance. We are facing a reality with the proliferation of persistent, advanced, intelligent attacks while defenders are often way behind attackers in taking appropriate actions to thwart potential attackers. The concept of moving target defense (MTD) has emerged as a proactive defense mechanism aiming to prevent attacks. In this work, we conducted a comprehensive, in-depth survey to discuss the following aspects of MTD: key roles, design principles, classifications, common attacks, key methodologies, important algorithms, metrics, evaluation methods, and application domains. We discuss the pros and cons of all aspects of MTD surveyed in this work. Lastly, we highlight insights and lessons learned from this study and suggest future work directions. The aim of this paper is to provide the overall trends of MTD research in terms of critical aspects of defense systems for researchers who seek for developing proactive, adaptive MTD mechanisms.
International Journal of Computer Applications, Feb 18, 2015
Security issues in a distributed system are always crucial and existing distributed computing sec... more Security issues in a distributed system are always crucial and existing distributed computing security technologies do not adequately address for its scalability, performance and heterogeneity. In this paper, an agent-based authentication model is designed and uses a mobile agent which is an object that migrates through many nodes of a heterogeneous network of computers, under its own control in order to perform designated tasks using local resources of the nodes. A mobile agent is called authentication mobile agent that can migrate from machine to machine in the agent-enabled network and responsible for providing the authentication service in the distributed system. The authentication mobile agent uses digital signature algorithm for the authentication of the mobile code, and password encrypted with a secret key for the user authentication. The agent maintains a small database file that also migrated with it. It may again move towards the other machines on demand. This approach provides many benefits to the development of distributed applications.
Uploads
Papers by Dilli Sharma