Moving Target Detection and Prediction towards Cyber Agile Cellular Networks

Abstract

Agile networks such as cellular networks are often prone to attacks emanating from various loopholes. The security loopholes increase the vulnerability of a network whereby the attackers are able to utilize the attack surface to execute an attack. One of the best approach of eliminating the security loopholes is to reduce the attack surface that in the network. An approach known as Moving Target Defense (MTD) is a robust mechanism aimed at reducing the attack surface in a cyber-agile network. This paper proposes the development of an MTD framework aimed at reducing the attack surface in a cloud- based network. The approach aims to formulate how multiple virtual machines can be migrated from one network layer to another with the aim of minimizing the chances of an attacker exploiting the network vulnerabilities. The proposed framework also addresses the mechanism of transforming the I.P addresses of the virtual machines after successful migration to the new network layer. The framework is simulated with the OpenStack platform whereby the network layer is implemented using nova- compute while the hardware is implemented using neuron framework. The algorithmic framework is further supported and implemented using Python programming platform. The experimental results indicate that the migration process is attained within a maximum duration of 0.3 seconds, which is adequate enough to prevent an attacker from executing an attack on the network. The proposed MTD framework is capable of improving the security of a cyber-agile network by minimizing the attack surface. For enhancing the security of the system, the IP mutation methodology has also been proposed along with MTD. For checking the efficiency of proposed IP mutation methodology, two metrics were defined i.e. assurance and avoidance. The results for IP mutation methodology suggested that it uses flexible and elastic characteristics of SDN and helps to enhance the security of the system.