AHIP: An Adaptive IP Hopping Method for Moving Target Defense to Thwart Network Attacks

In a static network, attackers can easily launch network attacks on target hosts which have long-term constant IP addresses. In order to defend against attackers effectively, many defense approaches use IP hopping to dynamically transform IP configuration. However, these approaches usually focus on one type of network attacks, scanning attacks or Denial of Service (DoS) attacks, and cannot sense network situations. This paper proposes AHIP, an adaptive IP hopping method for moving target defense (MTD) to defend against different network attacks. We use a trained lightweight one-dimensional convolutional neural network (1D-CNN) detector to judge whether there are no attacks, scanning attacks or DoS attacks in the network, which can adaptively trigger corresponding IP hopping strategy. We use specific hardware and software to create the software defined network (SDN) environment for experiments. The experiments prove that AHIP performs better to thwart network attacks and has lower system overhead.