TY - GEN
T1 - Securing critical infrastructure by moving target defense
AU - Heydari, Vahid
AU - Yoo, Seong Moo
PY - 2016
Y1 - 2016
N2 - One of the most important areas of information security is industrial system security. Cyber-attacks on critical infrastructure networks causing an outage quickly escalate into the worst case scenario. Remote attackers can start an attack from all around the world. During the reconnaissance step, attackers need to gather information about the victim. One of the most important information in this regard is the IP address of the victim. Static IP addresses can help attackers in two aspects. First, they are easily discoverable. Second, after accessing the victim, the attacker can maintain this access for a long time. So an effective defense is a mechanism to change the IP addresses randomly and dynamically. By using Mobile IPv6 we can have both a permanent IP address to avoid disrupting TCP sessions and a temporary IP address for connecting to other nodes. Therefore, we developed a Moving Target Mobile IPv6 Defense (MTM6D) to dynamically change the IP address of critical infrastructure servers. The main goals of our method are using a combination of available standards to defend targeted attacks and eliminating packet loss because of address collision during address rotations. The feasibility and performance evaluation of MTM6D are demonstrated by real network implementation.
AB - One of the most important areas of information security is industrial system security. Cyber-attacks on critical infrastructure networks causing an outage quickly escalate into the worst case scenario. Remote attackers can start an attack from all around the world. During the reconnaissance step, attackers need to gather information about the victim. One of the most important information in this regard is the IP address of the victim. Static IP addresses can help attackers in two aspects. First, they are easily discoverable. Second, after accessing the victim, the attacker can maintain this access for a long time. So an effective defense is a mechanism to change the IP addresses randomly and dynamically. By using Mobile IPv6 we can have both a permanent IP address to avoid disrupting TCP sessions and a temporary IP address for connecting to other nodes. Therefore, we developed a Moving Target Mobile IPv6 Defense (MTM6D) to dynamically change the IP address of critical infrastructure servers. The main goals of our method are using a combination of available standards to defend targeted attacks and eliminating packet loss because of address collision during address rotations. The feasibility and performance evaluation of MTM6D are demonstrated by real network implementation.
UR - http://www.scopus.com/inward/record.url?scp=84969277597&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84969277597&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84969277597
T3 - Proceedings of the 11th International Conference on Cyber Warfare and Security, ICCWS 2016
SP - 382
EP - 390
BT - Proceedings of the 11th International Conference on Cyber Warfare and Security, ICCWS 2016
A2 - Zlateva, Tanya
A2 - Greiman, Virginia A.
PB - Academic Conferences Limited
T2 - 11th International Conference on Cyber Warfare and Security, ICCWS 2016
Y2 - 17 March 2016 through 18 March 2016
ER -