Moving Target Defense for Securing SCADA Communications
作者: Vahid Heydari
DOI: 10.1109/ACCESS.2018.2844542
关键词: Testbed 、 Network packet 、 SCADA 、 Host (network) 、 Server 、 Mobile IP 、 Computer network 、 Black hole (networking) 、 Denial-of-service attack 、 Peer-to-peer 、 Computer science 、 General Engineering 、 General Materials Science 、 General Computer Science
摘要: In this paper, we introduce a framework for building secure and private peer to communication used in supervisory control data acquisition networks with novel Mobile IPv6-based moving target defense strategy. Our approach aids combating remote cyber-attacks against hosts by thwarting any potential attacks at their reconnaissance stage. The IP address of each host is randomly changed certain interval creating make it difficult an attacker find the host. At same time, updated through use binding update procedure (standard IPv6 protocol). Compared existing results that can incur significant packet-loss during rotations, proposed solution loss-less. Improving privacy anonymity communicating removing permanent addresses from all packets also one major contributions paper. Another contribution preventing black hole bandwidth depletion DDoS extra paths between hosts. Recovering after rebooting new Lab-based simulation are presented demonstrate performance method action, including its overheads. testbed experiments show zero rate handoff delay.
sci-hub.se 参考文章(23)
Yulong Zhang, Min Li, Kun Bai, Meng Yu, Wanyu Zang, Incentive Compatible Moving Target Defense against VM-Colocation Attacks in Clouds information security conference. pp. 388- 399 ,(2012) , 10.1007/978-3-642-30436-1_32
Thomer M. Gil, Massimiliano Poletto, MULTOPS: a data-structure for bandwidth attack detection usenix security symposium. pp. 3- 3 ,(2001) , 10.21236/ADA401819
Samuel East, Jonathan Butts, Mauricio Papa, Sujeet Shenoi, A Taxonomy of Attacks on the DNP3 Protocol international conference on critical infrastructure protection. ,vol. 311, pp. 67- 81 ,(2009) , 10.1007/978-3-642-04798-5_5
E. Nordmark, T. Narten, W. Simpson, Neighbor Discovery for IP Version 6 (IPv6) RFC, Vol. rfc2461. ,vol. 2461, pp. 1- 82 ,(1998)
Boris Danev, Ramya Jayaram Masti, Ghassan O. Karame, Srdjan Capkun, Enabling secure VM-vTPM migration in private clouds annual computer security applications conference. pp. 187- 196 ,(2011) , 10.1145/2076732.2076759
Jafar Haadi Jafarian, Ehab Al-Shaer, Qi Duan, Openflow random host mutation: transparent moving target defense using software defined networking acm special interest group on data communication. pp. 127- 132 ,(2012) , 10.1145/2342441.2342467
Matthew Dunlop, Stephen Groat, William Urbanski, Randy Marchany, Joseph Tront, None, MT6D: A Moving Target IPv6 Defense military communications conference. pp. 1321- 1326 ,(2011) , 10.1109/MILCOM.2011.6127486
Bonnie Zhu, Anthony Joseph, Shankar Sastry, A Taxonomy of Cyber Attacks on SCADA Systems the internet of things. pp. 380- 388 ,(2011) , 10.1109/ITHINGS/CPSCOM.2011.34
Hamed Okhravi, Adam Comella, Eric Robinson, Joshua Haines, Creating a cyber moving target for critical infrastructure applications using platform diversity International Journal of Critical Infrastructure Protection. ,vol. 5, pp. 30- 39 ,(2012) , 10.1016/J.IJCIP.2012.01.002
Huangxin Wang, Quan Jia, Dan Fleck, Walter Powell, Fei Li, Angelos Stavrou, A moving target DDoS defense mechanism Computer Communications. ,vol. 46, pp. 10- 21 ,(2014) , 10.1016/J.COMCOM.2014.03.009