FRVM: Flexible Random Virtual IP Multiplexing in Software-Defined Networks

Abstract: Network address shuffling is one of moving target defense (MTD) techniques that can invalidate the address information attackers have collected based on the current network IP configuration. We propose a software-defined networking-based MTD technique called Flexible Random Virtual IP Multiplexing, namely FRVM, which aims to defend against network reconnaissance and scanning attacks. FRVM enables a host machine to have multiple, random, time-varying virtual IP addresses, which are multiplexed to a real IP address of the host. Multiplexing or de-multiplexing event dynamically remaps all the virtual network addresses of the hosts. Therefore, at the end of a multiplexing event, FRVM aims to make the attackers lose any knowledge gained through the reconnaissance and to disturb their scanning strategy. In this work, we analyze and evaluate our proposed FRVM in terms of the attack success probability under scanning attacks and target host discovery attacks.