Project aim is to reach Defensive Deception by mixing Moving Target Defense techniques and Active Deception ones, in order to fill the gap between attackers and defenders. Project architecture leverages on Software Defined Networking (SDN) paradigm, with the aim to facilitate the implementation of those novel security protection strategies. SDN has been created via two Open vSwitches and a Ryu Controller. Network hosts have been configured using both Docker Containers and Virtual Machines.
In order to execute the project on your machine you need to install Open vSwitch, Vagrant, Virtualbox, Docker and Docker Compose.
The following steps allow project running on a Linux (Ubuntu 20.04) machine.
In topology
folder:
- Execute the script create_net.sh.
$ ./create_net.sh
- Execute the script setup.sh.
$ ./setup.sh
Virtual Machines creation and configuration:
- In
vagrant/ubuntu
folder run vagrant up.
$ cd topology/vagrant/ubuntu
$ vagrant up
- VM username = vagrant. VM password = vagrant.
- Enter in ext_heralding VM (via VirtualBox Gui) and execute the script "start.sh" in
root
directory. - Enter in int_heralding VM and execute the script "start.sh" in
root
directory.
Containers building and setup:
- In
docker/docker-build
folder run docker compose up.
$ cd topology/docker/docker-build
$ docker compose up
- In
docker
folder execute the script setup_container.sh.
$ cd topology/docker
$ ./setup_container.sh
- In
docker
folder execute the script auth.sh.
$ cd topology/docker
$ ./auth.sh
- Open a command line and execute controller Container:
$ docker exec -it controller bash
- In controller Container, enter in /home/rest_controller directory and run the following command:
$ cd /home/rest_controller
$ ryu-manager rest_controller.py
- Enter in ELK Virtual Machine (via VirtualBox GUI) with username and password previously specified.
- In ELK Virtual Machine, enter in /elastalert directory and run:
$ cd elastalert
$ python3 -m elastalert.elastalert --verbose
Now it is possible to proceed with Attack Scenarios demonstrations. One of them is outlined in DEMO.md
. Project evaluation is introduced in README.md
file, in evaluation
folder.
- In
/docker/docker-build
run docker compose down.
$ cd topology/docker/docker-build
$ docker compose down
- In
/vagrant/ubuntu
run vagrant destroy.
$ cd topology/vagrant/ubuntu
$ vagrant destroy
- In
topology
execute the script reset.sh.
$ ./reset.sh
If you find this code useful in your research, please, consider citing our paper:
@INPROCEEDINGS{10329613,
author={d'Ambrosio, Nicola and Melluso, Emma and Perrone, Gaetano and Romano, Simon Pietro},
booktitle={2023 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)},
title={A Software-Defined Approach for Mitigating Insider and External Threats via Moving Target Defense},
year={2023},
volume={},
number={},
pages={213-219},
doi={10.1109/NFV-SDN59219.2023.10329613}}