On the resilience of network-based moving target defense techniques against host profiling atacks

Researchers propose Moving Target Defense (MTD) strategies for networking infrastructures as a countermeasure to impede attackers from identifying and exploiting vulnerable network hosts. In this paper, we investigate the weaknesses of Network-based Moving Target Defense (NMTD) against passive host profiling attacks. In particular, we consider periodical and reactive approaches to change hosts' identifiers. To evaluate the capabilities of a host profiling attack, we design Hostbuster, a tool that reidentifies hosts based on network flow data. We experimentally evaluate its effectiveness using real-world network trafic from the University of Oxford. We show the robustness of learned host profiles, which are valid for more than two months. On average, our experiments result in 80% classification performance given by the F1 score. As a result of these analyses, we provide guidelines to strengthen NMTD against these types of attacks.