Note that: Communication between real IP address is blocked & allows only communication on virtual IP addresses.

Mechanism: Randomization of IP addresses

  1. Randomly sample an integer, termed as pseudo_ran_num from 0 - 32, where 32 is the number of available virtual IP addresses.
  2. Let the h1, h2, h3, h4’s IP addresses to be the virtual IP addresses starting from pseudo_ran_num to pseudo_ran_num + 3
  3. Wait until time out and go to the step 1.

In the future: we can predefine a set of real-virtual IP addresses mapping. We can introduce an probabilistic transition system, where each state of the transition system represents a predefined real-virtual IP addresses mapping.

Step 1:

Build topology

  1. Use the MiniEdit to build the topology of the network. To run MiniEdit, execute the command:

    $ sudo ~/mininet/examples/miniedit.py
    

    Note that: controller c0 needs to be configured as remote controller, which you can modify in its property.

Step 2:

Dump flow rules to show no flow rules.

$ sudo ovs-ofctl dump-flows s1

The output of above command is:

cookie=0x0, duration=2.345s, table=0, n_packets=0, n_bytes=0, priority=0 actions=CONTROLLER:65535

Step 3:

Step 4:

mininet> h1 ping 10.0.0.14

Note that IP address 10.0.0.14 is the virtual IP address for the h3.

Step 5:

Step 6:

Step 7:

Step 8:

References:

  1. Jafarian, J. H., Al-Shaer, E., & Duan, Q. (2012, August). Openflow random host mutation: transparent moving target defense using software defined networking. In Proceedings of the first workshop on Hot topics in software defined networks (pp. 127-132).
  1. https://github.com/girishsg24/Moving-Target-Defense-RHM-using-SDN: I modified their controller for the IP address randomization
  2. https://github.com/saberfeng/attack_mtd_emulation:
  3. https://github.com/itswindtw/mtd