As the attack surface increases, the easier it gets to an adversary to compromise a system. Conversely, reducing the entry point may decrease the likelihood of an attack. Moving Target Defense (MTD) is about shifting the variables of the environment continuously, making it more complex for an attacker to be successful. This thesis will focus on the topics Network Address Shuffling (NAS) and Port Hopping (PH).
NAS constantly changes the relation of addresses to systems. In this case the network address is the moving parameter. Therefore, the usually static mapping of addresses to devices is transformed into a constantly changing mapping. This mapping can, in some approaches, rely on additional virtual addresses, which are chosen based on a defined set of candidates. The dynamic mapping can prevent an attacker from reliably contacting a certain system. This can make reconnaissance more difficult and can provide an effective defense strategy.
PH applies the changes to the relationship of ports and services. UPD and TCP communication rely on fixed port numbers. Especially protocols in the lower port range which are part of the IANA standard can be easily used for reconnaissance and detected by port scans. Thus, vulnerabilities can be discovered and attacks can be launched. This can be prevented if port associations are constantly changing.
Existing strategies have just been developed and evaluated separately, thus correct evaluation metrics and comparable benchmarks are missing and the evaluation of advantages and disadvantages is not always possible.
In this thesis an overview of the current state-of-the-art needs to be created. Based on this overview, a promising solution should be selected for NAS and PH. Both should be implemented and integrated in a test environment, which is able to check the suitability and advantages of the implementations. Common metrics should be developed to create a comparison of both systems.
Prof. Dr. D. Kranzlmüller
Dauer der Master-Arbeit: 6 Monate
Anzahl Bearbeiter: 1