Algorithm and Technical Solutions for Dynamic Configuration of Client-Server Computing Networks

R. V Maximov; Максимов Р. В; S. P Sokolovsky; Соколовский С. П; I. S Voronchikhin; Ворончихин И. С

doi:10.15622/ia.2020.19.5.5

Algorithm and Technical Solutions for Dynamic Configuration of Client-Server Computing Networks

Authors: Maximov R.V¹, Sokolovsky S.P¹, Voronchikhin I.S¹
Affiliations:
1. Krasnodar Higher Military School named after General of the Army S.M. Shtemenko
Issue: Vol 19, No 5 (2020)
Pages: 1018-1049
Section: Digital information telecommunication technologies
URL: https://journals.rcsi.science/2713-3192/article/view/266285
DOI: https://doi.org/10.15622/ia.2020.19.5.5
ID: 266285

Cite item

Full Text

Abstract
About the authors
References
Supplementary files
Statistics

Abstract

The main factors that determine the expansion of capabilities and increase the effectiveness of network intelligence to identify the composition and structure of client-server computer networks due to the stationarity of their structural and functional characteristics are analyzed. The substantiation of an urgent problem of dynamic management of structurally-functional characteristics of the client-server computer networks functioning in the conditions of network reconnaissance is resulted on the grounds of the revealed protection features of client-server computer networks at the present stage that is based on realization of principles of spatial safety maintenance, and also formalization and introduction of forbidding regulations.
The mathematical model allowing to find optimum modes for dynamic configuration of structurally-functional characteristics of client-server computer networks for various situations is presented. Calculation results are given. An algorithm is presented that makes it possible to solve the problem of dynamic configuration of the structural and functional characteristics of a client-server computer network, which reduces the reliability time of data obtained by network intelligence. The results of practical tests of software developed on the basis of the dynamic configuration algorithm of client-server computer networks are shown. The obtained results show that the use of the presented solution for the dynamic configuration of client-server computer networks allows to increase the effectiveness of protection by changing the structural and functional characteristics of client-server computer networks within several subnets without breaking critical connections through time intervals that are adaptively changed depending on the functioning conditions and the attacker’s actions.
The novelty of the developed model lies in the application of the mathematical apparatus of the Markov’s theory of random processes and Kolmogorov’s solution of equations to justify the choice of dynamic configuration modes for the structural and functional characteristics of client-server computer networks. The novelty of the developed algorithm is the use of a dynamic configuration model for the structural and functional characteristics of client-server computer networks for the dynamic control of the structural and functional characteristics of a client-server computer network in network intelligence.

Keywords

Network Intelligence, Client-server Computer Networks, Moving Target Technology, Computer Attack, Cybermaneuvering

References

Jajodia S. et al. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats // Springer. 2011. 184 p.
Ворончихин И.С., Иванов И.И., Максимов Р.В., Соколовский С.П. Маскирование структуры распределенных информационных систем в киберпространстве // Вопросы кибербезопасности. 2019. № 6(34). С. 92–101.
RFC 2131. Dynamic Host Configuration Protocol. 1997. URL: https://tools.ietf.org /html/rfc2131 (дата обращения: 04.04.2020).
RFC 826. An Ethernet Address Resolution Protocol. 1982. URL: https://tools.ietf.org /html/rfc826 (дата обращения: 05.04.2020).
Sokolovsky S.P., Telenga A.P., Voronchikhin I.S. Moving target defense for securing Distributed Information Systems // Информатика: проблемы, методология, технологии: Сб. материалов XIX междунар. научн.-методич. конф. 2019. С. 639–643.
Максимов Р.В., Соколовский С.П., Шарифуллин С.Р., Чернолес В.П. Инновационные информационные технологии в контексте обеспечения национальной безопасности государства // Инновации. 2018. № 3(233). С. 28–35.
Eskridge T.C. et al. Integrated decision engine for evolving defenses // Patent US 20180309794A1, pub. 25.10.2018.
Котенко И.В., Саенко И.Б., Коцыняк М.А., Лаута О.С. Оценка киберустойчивости компьютерных сетей на основе моделирования кибератак методом преобразования стохастических сетей // Труды СПИИРАН. 2017. Вып. 6(55). С. 160–184.
Jafarian J.H., Al-Shaer E., Duan Q. Spatio-temporal address mutation for proactive cyber agility against sophisticated attackers // Proceedings of the First ACM Workshop on Moving Target Defense. 2014. pp. 69–78.
MacFarland D.C., Shue C.A. The SDN shuffle: creating a moving-target defense using host-based software-defined networking // Proceedings of the Second ACM Workshop on Moving Target Defense. 2015. pp. 37–41.
Cyber Maneuvering and Morphing. 2012. URL: https://defense-update.com/20120721_raytheon-to-develop-cyber-maneuver-technology-for-us-army.html (дата обращения: 31.04.2020).
What is Moving Target Defense. 2017. URL: https://www.cryptomove.com/what-is-mtd.html (дата обращения: 31.04.2020).
Максимов Р.В., Соколовский С.П., Ворончихин И.С. Способ защиты вычислительных сетей // Патент на изобретение RU 2716220, опубл. 06.03.20. Бюл. № 7. 33 с.
Antonatos S., Akritidis P., Markatos E., Anagnostakis K. Defending against Hitlist Worms using Network Address Space Randomization // 2005 ACM Workshop on Rapid Malcode. 2005. pp. 30–40.
Cai G., Wang B., Wang X., Yuan Y., Li S. An introduction to network address shuffling // 2016 18th International Conference on Advanced Communication Technology (ICACT). 2016. pp. 185–190.
Luo Y.B. et al. RPAH: Random Port and Address Hopping for Thwarting Internal and External Adversaries // Trustcom/BigDataSE/ISPA. 2015. pp. 263–270.
Green M., MacFarland D.C., Smestad D.R., Shue C.A. Characterizing network-based moving target defenses // ACM CCS Workshop on Moving Target Defense. 2015. pp. 31–35.
Zhuang R., DeLoach S.A., Ou X. Towards a theory of moving target defense // Proceedings of the First ACM Workshop on Moving Target Defense. 2014. pp. 31–40.
Antonatos S., Anagnostakis K.G. Tao: Protecting against hitlist worms using transparent address obfuscation // Communications and Multimedia Security. 2006. pp. 12–21.
Wang A. et al. Scotch: Elastically scaling up SDN control-plane using vs witch based overlay // ACM International on Conference on Emerging Networking Experiments and Technologies. 2014. pp. 403–414.
Zhuang R., Bardas A.G., DeLoach S.A., Ou X. A Theory of Cyber Attacks: A Step Towards Analyzing MTD Systems // Proceedings of the Second ACM Workshop on Moving Target Defense. 2015. pp. 11–20.
Вентцель Е.С. Исследование операций: задачи, принципы, методология. 2-е изд. // М.: Наука. 1988. 208 с.
Максимов Р.В., Орехов Д.Н., Соколовский С.П. Модель и алгоритм функционирования клиент-серверной информационной системы в условиях сетевой разведки // Системы управления, связи и безопасности. 2019. № 4. С. 50–99.
Zhao Z.Y., Guo Y.B., Liu W. The Design and Research for Network Address Space Randomization in OpenFlow Network // Journal of Computer and Communications. 2015. № 3. pp. 203–211.
Ganga G. et al. Adaptor implementation for Internet Protocol address and port hopping // Patent US 20160036691A1. pub. 04.02.2016.
Cruz A. et al. Method for selection of unique next-time interval Internet Protocol address and port // Patent US 20150236752A1. pub. 20.08.2015.
Fink R.A., Bubnis E.A., Keller T.E. Method and apparatus for anonymous IP datagram exchange using dynamic network address translation // Patent US 20120117376A1. pub. 04.05.2012.
Kravcov K.N. Data transmission in networks with address space dynamic randomization // Selected Papers of the 17th International Conference on Data Analytics and Management in Data Intensive Domains. 2015. pp. 273–277.
Котенко И.В., Саенко И.Б., Кушнеревич А.Г. Архитектура системы параллельной обработки больших данных для мониторинга безопасности сетей интернета вещей // Труды СПИИРАН. 2018. Вып. 4(59). С. 5–30.
Ellard D.J. et al. Method for selection of unique next-time interval Internet Protocol address and port // Patent US 20150236752A1, pub. 20.08.2015.
Котенко И.В., Саенко И.Б., Полубелова О.В. Применение технологии управления информацией и событиями безопасности для защиты информации в критически важных инфраструктурах // Труды СПИИРАН. 2012. Вып.1 (20). C. 27–56.
Maximov R.V., Krupenin A.V., Sharifullin S.R., Sokolovsky S.P. Innovative development of tools and technologies to ensure the Russian information security and core protective guidelines // Вопросы кибербезопасности. 2019. № 1 (29). С. 10–17.
Крупенин А.В., Соколовский С.П., Хорев Г.А., Калач А.В. Маскирование идентификаторов канального уровня средств проактивной защиты интегрированных сетей связи специального назначения // Вестник Воронежского института ФСИН России. 2018. № 3. С. 81–89.
Шерстобитов Р.С., Шарифуллин С.Р., Максимов Р.В. Маскирование интегрированных сетей связи ведомственного назначения // Системы управления, связи и безопасности. 2018. № 4. С. 136–175.
Crouse M., Prosser B., Fulp E.W. Probabilistic Performance Analysis of Moving Target and Deception Reconnaissance Defenses // Proceedings of the Second ACM Workshop on Moving Target Defense. 2015. pp. 21–29.
Okhravi H. et al. Creating a cybermoving target for critical infrastructure applications using platform diversity // International Journal of Critical Infrastructure Protection. 2015. № 5(1). pp. 30–39.

Supplementary files

Supplementary Files

Action

1. JATS XML

Download

Username
Password
Remember me

Forgot password?	Register

Username
Password
Remember me

Forgot password?	Register

Vol 24, No 2 (2025)

Vol 24, No 2 (2025)

Algorithm and Technical Solutions for Dynamic Configuration of Client-Server Computing Networks

Full Text

Abstract

Keywords

About the authors

R. V Maximov

S. P Sokolovsky

I. S Voronchikhin

References

Supplementary files