A Moving Target Defense Approach for the Distributed Dynamic Network.

The distributed dynamic network is vulnerable to scanning attacks due to the openness of wireless channels. Traditional defense systems tend to be passive and exhibit delayed responses. A moving target defense approach, namely Distributed Network Address Shuffling (DNAS), is proposed to thwart attackers’ network scanning through the shuffling of network addresses. To resolve address conflicts resulting from this shuffling, DNAS employs a dynamic diffusion method of allocated addresses before the shuffling process to reduce the probability of conflict generation, and utilizes a passive detection based conflict elimination algorithm after the shuffling process to eliminate any generated conflicts. To select low-risk addresses, DNAS leverages an artificial feature selection based Fully Connected Neural Network (FCNN) to recognize the attacker’s scanning policy, and identifies low-risk addresses based on the scanning range of the policy. Empirical experiments and theoretical analysis indicate that DNAS significantly reduces the probability of address conflict generation at a minimal cost. It effectively eliminates all generated address conflicts within an average conflict resolution time of less than 500ms. Furthermore, DNAS exhibits an accuracy of 99.45% in recognizing scanning policies, surpassing pseudorandom address hopping in diminishing the success rate of sequential, local random, and mixed scanning.