This paper proposes a Software-Defined Network (SDN)-based Moving Target Defense (MTD) to protect the network from potential scans in a compromised network. As a unique feature, contrary to traditional MTDs, the proposed MTD can work alongside other tools and countermeasures already deployed in the network (e.g., Intrusion Protection and Detection Systems) without affecting its behavior. Through extensive evaluation, we showed the effectiveness of the proposed mechanism compared to existing solutions in preventing scans of different rates without affecting the network and controller performance.

The number of Web applications handling online transaction is increasing, but verification of the correctness of Web application development has been done manually. This paper proposes a method for modeling, verifying and testing Web applications. In our method, a Web application is modeled using two finite-state automata, i.e., a page automaton which specifies Web page transitions, and an internal state automaton which specifies internal state transitions of the Web application. General properties for checking the Web application design are presented in LTL formulae and they are verified using the model checker Spin. Test cases examining the behavior of the Web application are also generated by utilizing the counterexamples obtained as the result of model checking. We applied our method to an example Web application to confirm its effectiveness.