One way to combat denial-of-service attacks on cloud-based virtual networks is to use unpredictable network addresses, aiming to increase attacker effort by requiring attackers to search a large IP address space to find a target host. IP address randomization is used by several moving target defenses, relying on the assumption that it is difficult for an attacker to predict newly allocated IP addresses. This paper analyzes whether IP addresses used by cloud providers are unpredictable enough in practice. We analyze the IP address allocation behaviors in two major cloud computing providers (Amazon Web Services and Google Cloud Platform) and find that the actual entropy provided by allocated IP addresses is limited. We evaluate several prediction models, including a simple frequency-based model as well as a Markov process model that produces an address prediction set from time series data of collected IP addresses. Our results show that simple models can reduce the search space for allocated IP addresses and diminish the effectiveness of randomization defenses.

中文翻译：

---

云计算平台的IP地址分配的可预测性

应对基于云的虚拟网络上的拒绝服务攻击的一种方法是使用不可预测的网络地址，旨在通过要求攻击者搜索较大的IP地址空间来找到目标主机，从而增加攻击者的工作量。IP地址随机化由几个移动目标防御使用，它基于这样的假设，即攻击者很难预测新分配的IP地址。本文分析了云提供商使用的IP地址在实践中是否足够不可预测。我们分析了两个主要的云计算提供商（Amazon Web Services和Google Cloud Platform）中的IP地址分配行为，发现分配的IP地址提供的实际熵是有限的。我们评估了几种预测模型，包括一个简单的基于频率的模型以及一个从收集的IP地址的时间序列数据中生成地址预测集的Markov过程模型。我们的结果表明，简单的模型可以减少分配的IP地址的搜索空间，并降低随机防御的有效性。