On the Resilience of Network-based Moving Target Defense Techniques Against Host Profiling Attacks

Abstract

Researchers propose Moving Target Defense (MTD) strategies for networking infrastructures as a countermeasure to impede attackers from identifying and exploiting vulnerable network hosts. In this paper, we investigate the weaknesses of Network-based Moving Target Defense (NMTD) against passive host profiling attacks. In particular, we consider periodical and reactive approaches to change hosts’ identifiers. To evaluate the capabilities of a host profiling attack, we design Hostbuster, a tool that reidentifies hosts based on network flow data. We experimentally evaluate its effectiveness using real-world network traffic from the University of Oxford. We show the robustness of learned host profiles, which are valid for more than two months. On average, our experiments result in 80% classification performance given by the F1 score. As a result of these analyses, we provide guidelines to strengthen NMTD against these types of attacks.

Publication
the 6th ACM Workshop on Moving Target Defense”

Related