Skip to Main Content
Most networks today employ static network defenses. The problem with static defenses is that adversaries have unlimited time to circumvent them. This article proposes a moving-target defense based on the Internet Protocol version 6 (IPv6) that dynamically obscures network-layer and transport-layer addresses. This technique can be thought of as "frequency hopping" in the Internet Protocol space. By constantly moving the logical location of a host on a network, this technique prevents targeted attacks, host tracking, and eavesdropping. The authors demonstrate the design's feasibility and functionality using prototypes deployed on Virginia Tech's campuswide IPv6 network.
Date of Publication: July-Aug. 2012