In this paper, we propose a framework that protects the communication for programming logic controllers (PLCs) and sensors in a supervisory control and data acquisition (SCADA) network with an improved moving target defense (MTD) scheme that thwarts attackers in the reconnaissance stage. Our framework changes the Internet Protocol (IP) addresses of each host based on specified time intervals, and the scheme does not need to transmit the IP address to the communication parties for notification. The scheme uses the Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) to improve existing MTD schemes, which may have synchronization problems or a single point of failure. Moreover, adding DNS and DHCP into the MTD scheme significantly lowers the cost of deployment compared with deploying MTD devices before each PLC, making it feasible for an enterprise to implement. Experimental results are presented to demonstrate that our framework can effectively protect a network and that its performance is acceptable.
