Measuring Connectivity Performance Thresholds for Moving Target Defenses

Nicholas Greiner and Dr. Jason Pittman, Department of Computer Science, High Point University, One University Parkway, High Point, NC 27268

Reconnaissance is a standard prelude to cyber attacks. Such activity normally constitutes using a software tool to scan networks for available systems and, more specifically, connectable services on such systems. Even in the event such services are not vulnerable, attackers may glean critical information which can inform future operations. The scope of this problem is not trivial- existing research suggests cyber criminals spend upwards of half of their time conducting reconnaissance. Thus, any network defensive measures capable of preventing, detecting, or otherwise mitigating reconnaissance scans may be of great importance. One mechanism growing in popularity is moving target defense which is a technique to move services around on a network. In doing so, the value imparted by reconnaissance is reduced since services are not in the same network location later on. However, the literature does not indicate what the connectivity performance requirements may be for moved services. As a result, new connection attempts may timeout as a service is moving or has recently moved. Thus, we conducted a series of experiments were designed to test the connectivity performance thresholds of a common network service, SSH. The experimental environment consisted of three host systems. One host served as the SSH client, one served as a SSH host, while the third functioned as a firewall separating the two other hosts. The experiments included three broad phases: first, an intentional failure, followed by a normal connection, and then a connection attempt with IP masquerading enabled during the attempt.

Additional Abstract Information

Presenter: Nicholas Greiner

Institution: High Point University

Type: Poster

Subject: Computer Science

Status: Approved

Time and Location

Session: Poster 5
Date/Time: Tue 12:30pm-1:30pm
Session Number: 4011