Network Topology Mutation as Moving Target Defense for Corporate Networks



The paper introduces a topology mutation – the novel concept in Moving Target Defense (MTD). MTD is a new technique that represents a significant shift in cyber defense. Traditional cybersecurity techniques have primarily focused on the passive defense of static networks only. In MTD approach cyber attackers are confused by making the attack surface dynamic, and thus harder to probe and infiltrate. The emergence of Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) technology has opened up new possibilities in network architecture management. The application of combined NFV and SDN technologies provides a unique platform for implementing MTD techniques for securing the network infrastructure by morphing the logical view of the network topology.


E. M. Hutchins, M. J. Cloppert, and R. M. Amin, “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains,” Proc. 6th Int. Conf. Inf. Warf. Secur., 2011.

S. A. Shaikh, H. Chivers, P. Nobles, J. A. Clark, and H. Chen, “Network reconnaissance,” Netw. Secur., 2008.

N. Spring, R. Mahajan, D. Wetherall, and T. Anderson, “Measuring ISP Topologies With Rocketfuel,” IEEE/ACM Trans. Netw., 2004.

B. C. Ward et al., “Survey of Cyber Moving Targets Second Edition,” 2018.

M. Veeraraghavan, T. Sato, M. Buchanan, R. Rahimi, S. Okamoto, and N. Yamanaka, “Network Function Virtualization: A Survey,” IEICE Trans. Commun., vol. E100.B, no. 11, pp. 1978–1991, 2017.

P. K. Manadhata and J. M. Wing, “An Attack Surface Metric,” IEEE Trans. Softw. Eng., vol. 37, no. 3, pp. 371–386, May 2011.

R. Zhuang, S. A. DeLoach, and X. Ou, “Towards a Theory of Moving Target Defense,” Proc. First ACM Work. Mov. Target Def. - MTD ’14, pp. 31–40, 2014.

“NITRD’s Cyber Security and Information Assurance Interagency Working Group (CSIA IWG).” [Online]. Available: [Accessed: 04-Apr-2019].

S. Achleitner, T. F. La Porta, P. McDaniel, S. Sugrim, S. V Krishnamurthy, and R. Chadha, “Deceiving Network Reconnaissance Using SDN-Based Virtual Topologies,” IEEE Trans. Netw. Serv. Manag., vol. 14, no. 4, pp. 1098–1112, Dec. 2017.

E. Al-Shaer, Q. Duan, and J. H. Jafarian, “Random Host Mutation for Moving Target Defense,” Springer, Berlin, Heidelberg, 2013, pp. 310–327.

Q. Duan, E. Al-Shaer, and H. Jafarian, “Efficient random route mutation considering flow and network constraints,” 2013 IEEE Conf. Commun. Netw. Secur. CNS 2013, pp. 260–268, 2013.

D. Kewley, R. Fink, J. Lowry, and M. Dean, “Dynamic approaches to thwart adversary intelligence gathering,” in Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX’01, vol. 1, pp. 176–185.

Q. Jia, K. Sun, and A. Stavrou, “MOTAG: Moving target defense against internet denial of service attacks,” in Proceedings - International Conference on Computer Communications and Networks, ICCCN, 2013.

D. Huang, A. Chowdhary, and S. Pisharody, “SDN and NFV,” in Software-Defined Networking and Security, First edition. | Boca Raton, FL : CRC Press/Taylor & Francis Group, 2018. | Series: Data-enabled engineering: CRC Press, 2018, pp. 81–108.

C.-C. Liu, B.-S. Huang, C.-W. Tseng, Y.-T. Yang, and L.-D. Chou, “SDN/NFV-Based Moving Target DDoS Defense Mechanism,” 2019, pp. 548–556.

A. Aydeger, N. Saputro, and K. Akkaya, “A moving target defense and network forensics framework for ISP networks using SDN and NFV,” Futur. Gener. Comput. Syst., vol. 94, pp. 496–509, May 2019.

Q. Zhao, C. Zhang, and Z. Zhao, “A decoy chain deployment method based on SDN and NFV against penetration attack.,” PLoS One, vol. 12, no. 12, p. e0189095, 2017.

G. Gardikis et al., “SHIELD: A novel NFV-based cybersecurity framework,” in 2017 IEEE Conference on Network Softwarization: Softwarization Sustaining a Hyper-Connected World: en Route to 5G, NetSoft 2017, 2017.






Security, Safety, Military