Moving-target Defense against Botnet Reconnaissance and an Adversarial Coupon-Collection Model
Neda Nasiriani, Yuquan Shan, George Kesidis, Takis Konstantopoulos,, Daniel Fleck, Angelos Stavrou
TL;DR
This paper proposes a moving-target defense mechanism for cloud-based multiserver systems to prevent botnet reconnaissance and DDoS attacks, validated through AWS prototype testing and mathematical modeling.
Contribution
It introduces a dynamic proxy system that changes configurations to hinder attacker reconnaissance, combining practical implementation with analytical modeling.
Findings
Prototypes show reduced attack effectiveness in AWS environment.
Mathematical model predicts improved resilience at larger scales.
Dynamic proxies increase attacker difficulty in reconnaissance.
Abstract
We consider a cloud based multiserver system consisting of a set of replica application servers behind a set of proxy (indirection) servers which interact directly with clients over the Internet. We study a proactive moving-target defense to thwart a DDoS attacker's reconnaissance phase and consequently reduce the attack's impact. The defense is effectively a moving-target (motag) technique in which the proxies dynamically change. The system is evaluated using an AWS prototype of HTTP redirection and by numerical evaluations of an adversarial coupon-collector mathematical model, the latter allowing larger-scale extrapolations.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Spam and Phishing Detection · Advanced Malware Detection Techniques