An international team of researchers have adopted a novel defense mechanism to end cyberattacks on computer systems.
The collaboration involves scientists from the U.S. Army Research Laboratory (ARL); New Zealand’s University of Canterbury (UC); and Korea’s Gwangju Institute of Science and Technology (GIST).
Cyberattacks have been growing at an alarming rate of late; All a hacker has to do is discover the IP addresses of the computers he thinks might have valuable information and attack them using computer viruses or worms.
The international team has however come up with a new proactive approach – Moving Target Defense (MTD) – to help protect important information in computer systems.
The basic idea is to change the IP address of the computer frequently enough so the attacker loses sight of where his victim is.
Nevertheless, such an approach has proven to be expensive; the researchers have thus turned to something known as Software-Defined Networking (SDN).
SDN along with MTD lets computers keep their real IP addresses fixed, but masks them from the rest of the internet with virtual IP addresses that are frequently changing, making it harder to hit a moving target.
“MTD increases uncertainty and confuses the adversary, as time is no longer an advantage,” says ARL’s Dr. Terrence J. Moore. “The adversary has to expend more resources, such as time and/or computational power, to discover vulnerabilities of a target system, but will experience more difficulty in exploiting any vulnerabilities found in the past since their location or accessibility is constantly changing.”
The UC team in New Zealand led the effort of developing the MTD technology called Flexible Random Virtual IP Multiplexing (FRVM).
“In FRVM, while the real IP address of a server-host remains unchanged but stays hidden, a virtual IP address of the server-host keeps being randomly and periodically changed where the IP mapping/remapping is performed by an SDN controller,” said UC doctoral student Dilli P. Sharma.
“This effectively forces the adversary to play the equivalent of an honest shell game. However, instead of guessing among three shells (IP addresses) to find a pea (a running network service), the adversary must guess among 65,536 shells, given address space2^16.”
Image credits and content: Pexel/U.S. Army Research Laboratory