• Journal of the Korea Society of Computer and Information
• /
• v.24 no.9
• /
• pp.35-42
• /
• 2019

In this paper, we propose an approach to apply network-based moving target defense into Internet of Things (IoT) networks. The IoT is a technology that provides the high interconnectivity of things like electronic devices. However, cyber security risks are expected to increase as the interconnectivity of such devices increases. One recent study demonstrated a man-in-the-middle attack in the statically configured IoT network. In recent years, a new approach to cyber security, called the moving target defense, has emerged as a potential solution to the challenge of static systems. The approach continuously changes system's attack surface to prevent attacks. After analyzing IPv4 / IPv6-based moving target defense schemes and IoT network-related technologies, we present our approach in terms of addressing systems, address mutation techniques, communication models, network configuration, and node mobility. In addition, we summarize the direction of future research in relation to the proposed approach.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.3
• /
• pp.1063-1075
• /
• 2022

In recent years, container techniques have been broadly applied to cloud computing systems to maximize their efficiency, flexibility, and economic feasibility. Concurrently, studies have also been conducted to ensure the security of cloud computing. Among these studies, moving-target defense techniques using the high agility and flexibility of cloud-computing systems are gaining attention. Moving-target defense (MTD) is a technique that prevents various security threats in advance by proactively changing the main attributes of the protected target to confuse the attacker. However, an analysis of existing MTD techniques revealed that, although they are capable of deceiving attackers, MTD techniques have practical limitations when applied to an actual cloud-computing system. These limitations include resource wastage, management complexity caused by additional function implementation and system introduction, and a potential increase in attack complexity. Accordingly, this paper proposes a software-defined MTD system that can flexibly apply and manage existing and future MTD techniques. The proposed software-defined MTD system is designed to correctly define a valid mutation range and cycle for each moving-target technique and monitor system-resource status in a software-defined manner. Consequently, the proposed method can flexibly reflect the requirements of each MTD technique without any additional hardware by using a software-defined approach. Moreover, the increased attack complexity can be resolved by applying multiple MTD techniques.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.10
• /
• pp.4157-4175
• /
• 2020

Moving target defense, as a 'game-changing' security technique for network warfare, realizes proactive defense by increasing network dynamics, uncertainty and redundancy. How to select the best countermeasure from the candidate countermeasures to maximize defense payoff becomes one of the core issues. In order to improve the dynamic analysis for existing decision-making, a novel approach of selecting the optimal countermeasure using game theory is proposed. Based on the signal game theory, a multi-stage adversary model for dynamic defense is established. Afterwards, the payoffs of candidate attack-defense strategies are quantified from the viewpoint of attack surface transfer. Then the perfect Bayesian equilibrium is calculated. The inference of attacker type is presented through signal reception and recognition. Finally the countermeasure for selecting optimal defense strategy is designed on the tradeoff between defense cost and benefit for dynamic network. A case study of attack-defense confrontation in small-scale LAN shows that the proposed approach is correct and efficient.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.9
• /
• pp.57-64
• /
• 2018

In recent years, a new approach to cyber security, called the moving target defense, has emerged as a potential solution to the challenge of static systems. In this paper, we design a protected server network with a large number of decoys to anonymize the protected servers that dynamically mutate their IP address and port numbers according to Hidden Tunnel Networking, which is a network-based moving target defense scheme. In the network, a protected server is one-to-one mapped to a decoy-bed that generates a number of decoys, and the decoys share the same IP address pool with the protected server. First, the protected server network supports mutating the IP address and port numbers of the protected server very frequently regardless of the number of decoys. Second, it provides independence of the decoy-bed configuration. Third, it allows the protected servers to freely change their IP address pool. Lastly, it can reduce the possibility that an attacker will reuse the discovered attributes of a protected server in previous scanning. We believe that applying Hidden Tunnel Networking to protected servers in the proposed network can significantly reduce the probability of the protected servers being identified and compromised by attackers through deploying a large number of decoys.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.20 no.3
• /
• pp.369-375
• /
• 2017

One of good DF(Direction Finding) methods is based on TDOA(Time Difference of Arrival) estimation when finding underwater moving target. For small DF error, high time resolution A/D(Analog-to-digital) conversion board and long baseline are needed. But the result of sea trial about close-range and high speed moving target, spatial correlation coefficient and appeared poor properties below 0.3 when hydrophone arrangement are separated over 6 ${\lambda}$ because of underwater fading channel. And we also find out that the distance between hydrophone should be under 4 ${\lambda}$ apart to take advantage of spatial correlation coefficient gain and performance of DF in underwater moving channel environments.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.10
• /
• pp.83-92
• /
• 2017

Reconnaissance is performed gathering information from a series of scanning probes where the objective is to identify attributes of target hosts. Network reconnaissance of IP addresses and ports is prerequisite to various cyber attacks. In order to increase the attacker's workload and to break the attack kill chain, a few proactive techniques based on the network-based moving target defense (NMTD) paradigm, referred to as IP address mutation/randomization, have been presented. However, there are no commercial or trial systems deployed in real networks. In this paper, we propose a threat model and the request for requirements for developing NMTD techniques. For this purpose, we first examine the challenging problems in the NMTD mechanisms that were proposed for the legacy TCP/IP network. Secondly, we present a threat model in terms of attacker's intelligence, the intended information scope, and the attacker's location. Lastly, we provide seven basic requirements to develop an NMTD mechanism for the legacy TCP/IP network: 1) end-host address mutation, 2) post tracking, 3) address mutation unit, 4) service transparency, 5) name and address access, 6) adaptive defense, and 7) controller operation. We believe that this paper gives some insight into how to design and implement a new NMTD mechanism that would be deployable in real network.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.10
• /
• pp.25-32
• /
• 2019

In this paper, we propose a method to apply the attack surface expansion through decoy traps to a protected server network. The network consists of a large number of decoys and protected servers. In the network, each protected server dynamically mutates its IP address and port numbers based on Hidden Tunnel Networking that is a network-based moving target defense scheme. The moving target defense is a new approach to cyber security and continuously changes system's attack surface to prevent attacks. And, the attack surface expansion is an approach that uses decoys and decoy groups to protect attacks. The proposed method modifies the NAT table of the protected server with a custom chain and a RETURN target in order to make attackers waste all their time and effort in the decoy traps. We theoretically analyze the attacker success rate for the protected server network before and after applying the proposed method. The proposed method is expected to significantly reduce the probability that a protected server will be identified and compromised by attackers.

• Korean Journal of Remote Sensing
• /
• v.22 no.3
• /
• pp.229-234
• /
• 2006

In tactical theater, it is crucial to detect ground moving targets and to locate them precisely. This problem can be resolved by using SAR (Synthetic Aperture Radar) sensors providing GMTI (Ground Moving Target Indication) capability. In general, to implement a robust GMTI sensor is not simple because of the strong competitions between target signals and clutter signals from the ground, and low speed of moving targets. Contrary to the case that a delay canceller is mostly suitable for ground surveillance radars, DPCA (Displaced Phase Centered Antenna) or STAP (Space Time Adaptive Processing) techniques have been widely adapted for GMTI function of modern airborne radars. In this paper, a new scheme of DPCA using two passive antennas with vertical separation is proposed, which also provides good clutter cancellation performance. The proposed scheme realizes full azimuth coverage for DPCA operation on an airborne platform, which is impossible with classical DPCA configuration. Simulations using various conditions have been performed to validate the proposed scheme, and the results are acceptable.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.21 no.2
• /
• pp.141-146
• /
• 2018

The Ground Moving Target Indication(GMTI) technique can detect the moving targets on land using its Doppler returns. Also, the GMTI system can work in night regardless of the weather condition because it is an active sensor that uses the electromagnetic waves as its source. In order to develop the GMTI system, Constant False Alarm Rate(CFAR) threshold optimization is important because the main performances like detection probability, false alarm rate and Minimum Detectable Velocity(MDV) are related deeply with CFAR threshold. These key variables are used to calculate CFAR threshold and then trade-off between the variables is performed. In this paper, CFAR threshold optimization procedures are introduced, and the optimization results are demonstrated.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.158-161
• /
• 2018

2011년 미국에서 최초로 소개된 후 기존 보안 기술과 다른 새로운 정보시스템 보호 기술로 Moving Target Defense(MTD)가 활발히 연구 되고 있다. MTD는 시스템의 구성 요소들을 뷸규칙적이고 동적으로 변화시켜 공격표면(Attack surface)을 줄임으로써 외부 공격에 대한 보안성을 높인다. 주로 시스템 정보를 수집 및 분석하여 공격하는 보안 위협들에 효과적이며 특히 지능형 지속 보안 위협(Advanced Persistent Threat), 킬 체인(Kill-Chain) 보안에 뛰어난 성능을 기대할 수 있다. 최근 MTD 시스템 구현 및 개발로 상용화가 시작되었으나 MTD 활용을 통해 어느 정도의 보안성 및 효율성을 가지는지에 대한 성능 평가인증, 시험지침 등이 표준화 되어있지 않아 기준이 모호한 실정이다. 본 논문에서는 이러한 최근 MTD 이슈에 대해 살펴보고 MTD와 연관 되어있는 각 분야에 어떤 평가인증 요구사항들이 있는지 분석한다. 이를 통해 MTD에 어떠한 평가인증 요구사항이 있는지 도출하여 앞으로 MTD 평가인증 표준화 참고 및 활용에 기여 할 수 있을 것으로 전망한다.