Full Service Hopping for Proactive Cyber-Defense

Author

Shi, Leyi ; Jia, Chunfu ; Lu, Shuwang

Author_Institution

China Univ. of Pet., Dongying

fYear

2008

fDate

6-8 April 2008

Firstpage

1337

Lastpage

1342

Abstract

Inspired by deceptive and evasive countermeasures for military environment, a proactive cyber defense tactic of full service hopping is proposed which changes all the service information pseudo-randomly, including service port, network address, service slot, cryptographic algorithm and even the service protocol. A novel concept of dynamic honey pot is presented which mimics the ancient battle diagrams to bewilder the adversary by changing the role of every hopping station pseudo-randomly. Thereafter a full service hopping framework and synchronization scheme of Spokesman are introduced. Then a distributed prototype is carried out through mobile Java agent. Our experimental works demonstrate that full hopping tactic has better performance for active cyber-defense. Moreover, the overheads of handover and synchronization during service hopping are also discussed in this paper.

Keywords

Java; computer networks; cryptography; mobile agents; Spokesman; cryptographic algorithm; distributed prototype; dynamic honey pot; full service hopping; hopping station pseudo-randomly; mobile Java agent; network address; proactive cyber defense tactic; proactive cyber-defense; service information pseudo-randomly; service port; service protocol; service slot; Computer security; Cryptographic protocols; Cryptography; Information security; Internet; Intrusion detection; Java; National security; Prototypes; Radio communication countermeasures;

fLanguage

English

Publisher

ieee

Conference_Titel

Networking, Sensing and Control, 2008. ICNSC 2008. IEEE International Conference on

Conference_Location

Sanya

Print_ISBN

978-1-4244-1685-1

Electronic_ISBN

978-1-4244-1686-8

Type

conf

DOI

10.1109/ICNSC.2008.4525425

Filename

4525425