Proactive Host Mutation in Software-Defined Networking

Matthew E. Aust


Attacks against computer networks are on the rise as adversaries find new and creative ways to penetrate systems. Some leverage the use of static IP Addresses, slowly scanning the network until enough information is available for infiltration. A novel defense method utilizes Moving Target Defense (MTD) to change visible host IP Addresses fast enough that an attacker is forced to increase their scan rate to maintain a relevant map of a network, raising their visibility on the network. Until recently, this type of MTD would not have been possible without additional hardware and countless manhours of reconfiguration. However, with the development of Software-Defined Networking (SDN), hosts can be assigned a virtual IP Address at the network level that changes at random intervals, allowing hosts to maintain their real Dynamic Host Configuration Protocol (DHCP) assigned address. The original concept for host mutation was proposed in 2012 through research conducted at the University of North Carolina and although a promising proof of concept was developed, testing was performed in an SDN emulator without any statistical analysis. This does not negate the research, but does leave room for doubt about how such a system would perform on a real network.