Moving Target Defense Reimagined: Protocol Morphing with Programmable Data Planes

Abdi et al. survey Moving Target Defense (MTD) in SDN, but current approaches are mostly static or limited to periodic changes. Leveraging the real-time programmability of data planes (e.g., P4), this idea introduces protocol morphing, where header fields, flow tables, and even application-level identifiers are dynamically randomized based on traffic patterns or threat intelligence. Unlike traditional MTD, programmable data planes can make these changes at line speed and on a per-flow or per-packet basis, making it much harder for attackers to fingerprint or exploit the network. Integration with ML-based anomaly detection (as in Sahin et al.) could trigger more aggressive morphing during suspected attacks. This approach challenges the assumption that protocol fields are static or only slowly reconfigurable, and opens the door for a new class of adaptive, proactive defenses.

References:

1. Leveraging In-band Network Telemetry for Automated DDoS Detection in Production Programmable Networks: The AmLight Use Case. Hadi Sahin, Jeronimo Bezerra, I. Brito, Renata Frez, Vasilka Chergarova, Luis Fernandez Lopez, J. Ibarra (2024). SC24-W: Workshops of the International Conference for High Performance Computing, Networking, Storage and Analysis.
2. Security Control and Data Planes of SDN: A Comprehensive Review of Traditional, AI, and MTD Approaches to Security Solutions. Abdinasir Hirsi Abdi, L. Audah, Adeb Salh, Mohammed A. Alhartomi, H. Rasheed, Salman Ahmed, Ahmed Tahir (2024). IEEE Access.