Modeling Network Based Moving Target Defense Impacts Through Simulation In Ns-3

Network-based moving target defense systems are a valuable addition to the world of computer security and privacy. Ongoing research attempts to push the boundaries of network-based moving target defenses by adding client/server functionality to the Moving Target IPv6 Defense (MT6D) system. While this additional functionality provides a great many benefits, it is important to fully understand the impact to the network of implementing an MT6D server, which by definition greatly increases the amount of management traffic on a network segment. IPv6 relies on the Neighbor Discovery Protocol (NDP) for all network management functions, including the discovery of currently active addresses. Each address that is bound requires a number of NDP messages to be exchanged before a host can begin using said address. When an MT6D server requires the binding of a large number of IPv6 addresses to a single interface, there is likely to be some negative impact to the network due to the amount of NDP traffic that is generated. This work attempts to quantify the specific impact to the network from NDP traffic generation through the use of ns-3 simulations and live experiments.