Rui Zhuang,Scott A. DeLoach,Xinming Ou

DOI: https://doi.org/10.1145/2663474.2663479

2014-01-01

Abstract:The static nature of cyber systems gives attackers the advantage of time. Fortunately, a new approach, called the Moving Target Defense (MTD) has emerged as a potential solution to this problem. While promising, there is currently little research to show that MTD systems can work effectively in real systems. In fact, there is no standard definition of what an MTD is, what is meant by attack surface, or metrics to define the effectiveness of such systems. In this paper, we propose an initial theory that will begin to answer some of those questions. The paper defines the key concepts required to formally talk about MTD systems and their basic properties. It also discusses three essential problems of MTD systems, which include the MTD Problem (or how to select the next system configuration), the Adaptation Selection Problem, and the Timing Problem. We then formalize the MTD Entropy Hypothesis, which states that the greater the entropy of the system's configuration, the more effective the MTD system.

Sushil Jajodia,Anup K. Ghosh,Vipin Swarup,Cliff Wang,X. Sean Wang

2013-01-01

Abstract:Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats was developed by a group of leading researchers. It describes the fundamental challenges facing the research community and identifies new promising solution paths. Moving Target Defense which is motivated by the asymmetric costs borne by cyber defenders takes an advantage afforded to attackers and reverses it to advantage defenders. Moving Target Defense is enabled by technical trends in recent years, including virtualization and workload migration on commodity systems, widespread and redundant network connectivity, instruction set and address space layout randomization, just-in-time compilers, among other techniques. However, many challenging research problems remain to be solved, such as the security of virtualization infrastructures, secure and resilient techniques to move systems within a virtualized environment, automatic diversification techniques, automated ways to dynamically change and manage the configurations of systems and networks, quantification of security improvement, potential degradation and more. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats is designed for advanced -level students and researchers focused on computer science, and as a secondary text book or reference. Professionals working in this field will also find this book valuable.

Hamed Okhravi,Thomas Hobson,David Bigelow,William Streilein

DOI: https://doi.org/10.1109/msp.2013.137

2014-03-01

Abstract:Protecting critical systems and assets against cyberattacks is an ever more difficult challenge that strongly favors attackers. Whereas defenders must protect a large, diverse set of cybersystems containing an unknown number of vulnerabilities of various types, attackers need only find one or a few exploitable vulnerabilities to mount a successful attack. One promising approach that can shift the balance in the defenders' favor is to create uncertainty for attackers by dynamically changing system properties in what is called a cyber moving target (MT). MT techniques seek to randomize system components to reduce the likelihood of a successful attack, add dynamics to a system to reduce the lifetime of an attack, and diversify otherwise homogeneous collections of systems to limit the damage of a large-scale attack. In this article, the authors review the five dominant domains of MT techniques available today as research prototypes and commercial solutions. They present the techniques' strengths and weaknesses and make recommendations for future research that will improve current capabilities.

computer science, information systems, software engineering

Sailik Sengupta,Ankur Chowdhary,Abdulhakim Sabur,Adel Alshamrani,Dijiang Huang,Subbarao Kambhampati

DOI: https://doi.org/10.1109/comst.2020.2982955

2020-01-01

Abstract:Network defenses based on traditional tools, techniques, and procedures (TTP) fail to account for the attacker's inherent advantage present due to the static nature of network services and configurations. To take away this asymmetric advantage, Moving Target Defense (MTD) continuously shifts the configuration of the underlying system, in turn reducing the success rate of cyberattacks. In this survey, we analyze the recent advancements made in the development of MTDs and highlight (1) how these defenses can be defined using common terminology, (2) can be made more effective with the use of artificial intelligence techniques for decision making, (3) be implemented in practice and (4) evaluated. We first define an MTD using a simple and yet general notation that captures the key aspects of such defenses. We then categorize these defenses into different sub-classes depending on what they move, when they move and how they move. In trying to answer the latter question, we showcase the use of domain knowledge and game-theoretic modeling can help the defender come up with effective and efficient movement strategies. Second, to understand the practicality of these defense methods, we discuss how various MTDs have been implemented and find that networking technologies such as Software Defined Networking and Network Function Virtualization act as key enablers for implementing these dynamic defenses. We then briefly highlight MTD test-beds and case-studies to aid readers who want to examine or deploy existing MTD techniques. Third, our survey categorizes proposed MTDs based on the qualitative and quantitative metrics they utilize to evaluate their effectiveness in terms of security and performance. We use well-defined metrics such as risk analysis and performance costs for qualitative evaluation and metrics based on Confidentiality, Integrity, Availability (CIA), attack representation, QoS impact, and target-d threat models for quantitative evaluation. Finally, we show that our categorization of MTDs is effective in identifying novel research areas and highlight directions for future research.

computer science, information systems,telecommunications

Vignesh Viswanathan,Megha Bose,Praveen Paruchuri

DOI: https://doi.org/10.48550/arXiv.2301.09892

2023-01-24

Computer Science and Game Theory

Abstract:Moving Target Defense (MTD) has emerged as a key technique in various security applications as it takes away the attacker's ability to perform reconnaissance for exploiting a system's vulnerabilities. However, most of the existing research in the field assumes unrealistic access to information about the attacker's motivations and/or actions when developing MTD strategies. Many of the existing approaches also assume complete knowledge regarding the vulnerabilities of a system and how each of these vulnerabilities can be exploited by an attacker. In this work, we aim to create algorithms that generate effective Moving Target Defense strategies that do not rely on prior knowledge about the attackers. Our work assumes that the only way the defender receives information about its own reward is via interaction with the attacker in a repeated game setting. Depending on the amount of information that can be obtained from the interactions, we devise two different algorithms using multi-armed bandit formulation to identify efficient strategies. We then evaluate our algorithms using data mined from the National Vulnerability Database to showcase that they match the performance of the state-of-the-art techniques, despite using a lot less amount of information.

Gui-lin Cai,Bao-sheng Wang,Wei Hu,Tian-zuo Wang

DOI: https://doi.org/10.1631/fitee.1601321

2016-11-01

Abstract:Moving target defense (MTD) has emerged as one of the game-changing themes to alter the asymmetric situation between attacks and defenses in cyber-security. Numerous related works involving several facets of MTD have been published. However, comprehensive analyses and research on MTD are still absent. In this paper, we present a survey on MTD technologies to scientifically and systematically introduce, categorize, and summarize the existing research works in this field. First, a new security model is introduced to describe the changes in the traditional defense paradigm and security model caused by the introduction of MTD. A function-and-movement model is provided to give a panoramic overview on different perspectives for understanding the existing MTD research works. Then a systematic interpretation of published literature is presented to describe the state of the art of the three main areas in the MTD field, namely, MTD theory, MTD strategy, and MTD evaluation. Specifically, in the area of MTD strategy, the common characteristics shared by the MTD strategies to improve system security and effectiveness are identified and extrapolated. Thereafter, the methods to implement these characteristics are concluded. Moreover, the MTD strategies are classified into three types according to their specific goals, and the necessary and sufficient conditions of each type to create effective MTD strategies are then summarized, which are typically one or more of the aforementioned characteristics. Finally, we provide a number of observations for the future direction in this field, which can be helpful for subsequent researchers.

engineering, electrical & electronic,computer science, information systems, software engineering

Jinglei Tan,Hui Jin,Hongqi Zhang,Yuchen Zhang,Dexian Chang,Xiaohu Liu,Hengwei Zhang

DOI: https://doi.org/10.1016/j.cosrev.2023.100544

IF: 8.757

2023-02-24

Computer Science Review

Abstract:Moving target defense (MTD) can break through asymmetry between attackers and defenders. To improve the effectiveness of cybersecurity defense techniques, defense requires not only advanced and practical defense technologies but effective, scientific decision-making methods. Due to complex attacker–defender interaction, autonomous, automatic, accurate, and effective selection of the optimal strategy is a challenging topic in the field of MTD. The essence of cybersecurity lies in the interaction between the attacker and defender. Game theory is a useful mathematical tool for strategy selection in a competitive environment. It provides strong theoretical support for the analysis of cyberattack and defense behaviors and subsequent decision-making, and can significantly improve the decision-making ability of MTD. This study presents the basic concepts of MTD and game theory, followed by a literature review, to study MTD decision-making methods based on game theory from the dimensions of space, time, space–time, and bounded rationality. Limitations of MTD game decision-making studies are discussed, as well as research directions, to provide references for future research.

computer science, information systems, theory & methods, software engineering

Sailik Sengupta,Satya Gautam Vadlamudi,Subbarao Kambhampati,Marthony Taguinod,Adam Doupé,Ziming Zhao,Gail-Joon Ahn

DOI: https://doi.org/10.48550/arXiv.1602.07024

2016-02-23

Cryptography and Security

Abstract:The present complexity in designing web applications makes software security a difficult goal to achieve. An attacker can explore a deployed service on the web and attack at his/her own leisure. Moving Target Defense (MTD) in web applications is an effective mechanism to nullify this advantage of their reconnaissance but the framework demands a good switching strategy when switching between multiple configurations for its web-stack. To address this issue, we propose modeling of a real-world MTD web application as a repeated Bayesian game. We then formulate an optimization problem that generates an effective switching strategy while considering the cost of switching between different web-stack configurations. To incorporate this model into a developed MTD system, we develop an automated system for generating attack sets of Common Vulnerabilities and Exposures (CVEs) for input attacker types with predefined capabilities. Our framework obtains realistic reward values for the players (defenders and attackers) in this game by using security domain expertise on CVEs obtained from the National Vulnerability Database (NVD). We also address the issue of prioritizing vulnerabilities that when fixed, improves the security of the MTD system. Lastly, we demonstrate the robustness of our proposed model by evaluating its performance when there is uncertainty about input attacker information.

Megha Bose,Praveen Paruchuri,Akshat Kumar

2024-08-16

Abstract:Moving Target Defense (MTD) has emerged as a proactive and dynamic framework to counteract evolving cyber threats. Traditional MTD approaches often rely on assumptions about the attackers knowledge and behavior. However, real-world scenarios are inherently more complex, with adaptive attackers and limited prior knowledge of their payoffs and intentions. This paper introduces a novel approach to MTD using a Markov Decision Process (MDP) model that does not rely on predefined attacker payoffs. Our framework integrates the attackers real-time responses into the defenders MDP using a dynamic Bayesian Network. By employing a factored MDP model, we provide a comprehensive and realistic system representation. We also incorporate incremental updates to an attack response predictor as new data emerges. This ensures an adaptive and robust defense mechanism. Additionally, we consider the costs of switching configurations in MTD, integrating them into the reward structure to balance execution and defense costs. We first highlight the challenges of the problem through a theoretical negative result on regret. However, empirical evaluations demonstrate the frameworks effectiveness in scenarios marked by high uncertainty and dynamically changing attack landscapes.

Cryptography and Security,Artificial Intelligence,Machine Learning

Cheng Lei,Hong-Qi Zhang,Jing-Lei Tan,Yu-Chen Zhang,Xiao-Hu Liu

DOI: https://doi.org/10.1155/2018/3759626

IF: 1.968

2018-07-22

Security and Communication Networks

Abstract:As an active defense technique to change asymmetry in cyberattack-defense confrontation, moving target defense research has become one of the hot spots. In order to gain better understanding of moving target defense, background knowledge and inspiration are expounded at first. Based on it, the concept of moving target defense is analyzed. Secondly, literature analysis method is adopted to explain the design principles and system architecture of moving target defense. In addition, some relevant key techniques are introduced from the aspects of strategy generation, shuffling implementation, and performance evaluation. After that, the applications of moving target defense in different network architectures are illustrated. Finally, existing problems and future trend in this field are elaborated so as to provide a basis for further study.

computer science, information systems,telecommunications

Jiangxing Wu

DOI: https://doi.org/10.1007/978-3-030-29844-9_5

IF: 2.701

2019-01-01

Wireless Networks

Abstract:As mentioned earlier, moving target defense (MTD) [1] adopts multiple security technologies featuring diversity, dynamicity, and randomness, aiming to change the passive cyber defense situation by greatly increasing the cost of attack and vulnerability exploitation through the deployment and operation of networks, platforms, systems, devices, and even components that are subject to apparent uncertainty and random dynamics. In fact, such basic defense methods or technical elements as diversity, randomness, redundancy, and dynamicity are not exclusively for MTD or certain security defense systems. They have been widely used in all aspects of the related fields, and the purpose is nothing but how to endow the target system with security attributes, such as diversity, randomness, and dynamicity, to build a survivable, recoverable, and fault-tolerant self-adaptive system in the harsh context of an elusive operating environment, asymmetrical threats, or uncertain failures. For example, the biodiversity mechanism in natural communities guarantees the stability of the ecosystems, while the dynamic multipath forwarding mechanism in communication networks guarantees the anti-interception of data transmission. Various encryption technologies are applying pseudo-random properties or methods, and the redundancy technology is a “talisman” in the field of reliability. This chapter will elaborate on the concepts, characteristics, and applications of diversity, randomness, and dynamicity technologies themselves and analyze the possible engineering challenges for introducing these underlying defense technologies into information systems, with an attempt to comb the ties among the three technologies and propose the relevant arguments.

Jianjun Zheng,Akbar Siami Namin

DOI: https://doi.org/10.1007/s11390-019-1906-z

IF: 1.871

2019-01-01

Journal of Computer Science and Technology

Abstract:As the complexity and the scale of networks continue to grow, the management of the network operations and security defense has become a challenging task for network administrators, and many network devices may not be updated timely, leaving the network vulnerable to potential attacks. Moreover, the static nature of our existing network infrastructure allows attackers to have enough time to study the static configurations of the network and to launch well-crafted attacks at their convenience while defenders have to work around the clock to defend the network. This asymmetry, in terms of time and money invested, has given attackers greater advantage than defenders and has made the security defense even more challenging. It calls for new and innovative ideas to fix the problem. Moving Target Defense (MTD) is one of the innovative ideas which implements diverse and dynamic configurations of network systems with the goal of puzzling the exact attack surfaces available to attackers. As a result, the system status with the MTD strategy is unpredictable to attackers, hard to exploit, and is more resilient to various forms of attacks. There are existing survey papers on various MTD techniques, but to the best of our knowledge, insufficient focus was given on the architectural perspective of MTD strategies or some new technologies such as Internet of Things (IoT). This paper presents a comprehensive survey on MTD and implementation strategies from the perspective of the architecture of the complete network system, covering the motivation for MTD, the explanation of main MTD concepts, ongoing research efforts of MTD and its implementation at each level of the network system, and the future research opportunities offered by new technologies such as Software-Defined Networking (SDN) and Internet of Things (IoT).

computer science, software engineering, hardware & architecture

M. L. Winterrose,K. M. Carter,N. Wagner,W. W. Streilein

DOI: https://doi.org/10.48550/arXiv.1407.8540

2014-08-01

Abstract:A model of strategy formulation is used to study how an adaptive attacker learns to overcome a moving target cyber defense. The attacker-defender interaction is modeled as a game in which a defender deploys a temporal platform migration defense. Against this defense, a population of attackers develop strategies specifying the temporal ordering of resource investments that bring targeted zero-day exploits into existence. Attacker response to two defender temporal platform migration scheduling policies are examined. In the first defender scheduling policy, the defender selects the active platform in each match uniformly at random from a pool of available platforms. In the second policy the defender schedules each successive platform to maximize the diversity of the source code presented to the attacker. Adaptive attacker response strategies are modeled by finite state machine (FSM) constructs that evolve during simulated play against defender strategies via an evolutionary algorithm. It is demonstrated that the attacker learns to invest heavily in exploit creation for the platform with the least similarity to other platforms when faced with a diversity defense, while avoiding investment in exploits for this least similar platform when facing a randomization defense. Additionally, it is demonstrated that the diversity-maximizing defense is superior for shorter duration attacker-defender engagements, but performs sub-optimally in extended attacker-defender interactions.

Cryptography and Security,Computer Science and Game Theory

Zhimin Tang,Duohe Ma,Xiaoyan Sun,Kai Chen,Liming Wang,Junye Jiang

DOI: https://doi.org/10.1109/iscc58397.2023.10218253

2023-01-01

Abstract:Traditional defense methods are hard to change the inherent vulnerabilities of static data storage, single data access, and deterministic data content, leading to frequent data leakage incidents. Moving target defense (MTD) techniques can increase data diversity and unpredictability by dynamically shifting the data attack surface. However, in the existing methods, the data lacks sufficient dynamics due to insufficient shifting space and shifting frequency of attack surface, and legitimate users are inevitably greatly affected. This study proposes a data MTD method that the data changes dynamically based on real-time multi-source user access information. Through the multidimensional user stratification mechanism, we establish a novel dynamic data model that uses the combination of random deception strategies to convert metadata properties and content of data based on the user risk levels, while data remains unchanged for legitimate users. Multiple sets of experiments demonstrate the effectiveness and low consumption of our data dynamic defense approach.

Yujuan Han,Wenlian Lu,Shouhuai Xu

DOI: https://doi.org/10.48550/arXiv.1404.6785

2014-04-28

Abstract:Moving Target Defense (MTD) can enhance the resilience of cyber systems against attacks. Although there have been many MTD techniques, there is no systematic understanding and {\em quantitative} characterization of the power of MTD. In this paper, we propose to use a cyber epidemic dynamics approach to characterize the power of MTD. We define and investigate two complementary measures that are applicable when the defender aims to deploy MTD to achieve a certain security goal. One measure emphasizes the maximum portion of time during which the system can afford to stay in an undesired configuration (or posture), without considering the cost of deploying MTD. The other measure emphasizes the minimum cost of deploying MTD, while accommodating that the system has to stay in an undesired configuration (or posture) for a given portion of time. Our analytic studies lead to algorithms for optimally deploying MTD.

Systems and Control,Cryptography and Security,Social and Information Networks,Dynamical Systems,Physics and Society

Hooman Alavizadeh,Samin Aref,Dong Seong Kim,Julian Jang-Jaccard

DOI: https://doi.org/10.48550/arXiv.2009.02030

2021-06-19

Abstract:Moving Target Defense (MTD) is a proactive security mechanism which changes the attack surface aiming to confuse attackers. Cloud computing leverages MTD techniques to enhance cloud security posture against cyber threats. While many MTD techniques have been applied to cloud computing, there has not been a joint evaluation of the effectiveness of MTD techniques with respect to security and economic metrics. In this paper, we first introduce mathematical definitions for the combination of three MTD techniques: \emph{Shuffle}, \emph{Diversity}, and \emph{Redundancy}. Then, we utilize four security metrics including system risk, attack cost, return on attack, and reliability to assess the effectiveness of the combined MTD techniques applied to large-scale cloud models. Secondly, we focus on a specific context based on a cloud model for E-health applications to evaluate the effectiveness of the MTD techniques using security and economic metrics. We introduce (1) a strategy to effectively deploy Shuffle MTD technique using a virtual machine placement technique and (2) two strategies to deploy Diversity MTD technique through operating system diversification. As deploying Diversity incurs cost, we formulate the \emph{Optimal Diversity Assignment Problem (O-DAP)} and solve it as a binary linear programming model to obtain the assignment which maximizes the expected net benefit.

Cryptography and Security

Doğanalp Ergenç,Florian Schneider,Peter Kling,Mathias Fischer

2023-03-17

Abstract:Modern mission-critical systems (MCS) are increasingly softwarized and interconnected. As a result, their complexity increased, and so their vulnerability against cyber-attacks. The current adoption of virtualization and service-oriented architectures (SOA) in MCSs provides additional flexibility that can be leveraged to withstand and mitigate attacks, e.g., by moving critical services or data flows. This enables the deployment of strategies for moving target defense (MTD), which allows stripping attackers of their asymmetric advantage from the long reconnaissance of MCSs. However, it is challenging to design MTD strategies, given the diverse threat landscape, resource limitations, and potential degradation in service availability. In this paper, we combine two optimization models to explore feasible service configurations for SOA-based systems and to derive subsequent MTD actions with their time schedule based on an attacker-defender game. Our results indicate that even for challenging and diverse attack scenarios, our models can defend the system by up to 90% of the system operation time with a limited MTD defender budget.

Cryptography and Security,Networking and Internet Architecture

Cai Guilin,Wang Baosheng,Wang Tianzuo,Luo Yuebin,Wang Xiaofeng,Cui XinWu

DOI: https://doi.org/10.7544/issn1000-1239.2016.20150225

2016-01-01

Journal of Computer Research and Development

Abstract:Nowadays ,network configurations are typically deterministic ,static ,and homogeneous . These features reduce the difficulties for cyber attackers scanning the network to identify specific targets and gather essential information ,which gives the attackers asymmetric advantages of building up ,launching and spreading attacks .Thus the defenders are always at a passive position ,and the existing defense mechanisms and approaches cannot reverse this situation . Moving target defense (M TD) is proposed as a new revolutionary technology to alter the asymmetric situation of attacks and defenses .It keeps moving the attack surface of the protected target through dynamic shifting ,which can be controlled and managed by the administrator . In this way , the attack surface exposed to attackers appears chaotic and changes over time . Therefore , the work effort ,i .e ., the cost and complexity ,for the attackers to launch a successful attack ,will be greatly increased .As a result ,the probability of successful attacks will be decreased ,and the resiliency and security of the protected target will be enhanced effectively .In this paper ,we firstly introduce the basic concepts of M TD ,and classify the related works into categories according to their research field .Then ,under each category , we give a detailed description on the existing work ,and analyze and summarize them separately . Finally ,we present our understandings on M TD ,and summarize the current research status ,and further discuss the development trends in this field .

Paul Griffioen,Sean Weerakkody,Bruno Sinopoli

DOI: https://doi.org/10.1109/tac.2020.3005686

IF: 6.549

2021-05-01

IEEE Transactions on Automatic Control

Abstract:This article considers the design and analysis of multiple moving target defenses for recognizing and isolating attacks on cyber-physical systems. We consider attackers who perform integrity attacks on some set of sensors and actuators in a control system. In such cases, it has been shown that a model aware adversary can carefully design attack vectors to bypass bad data detection and identification filters while causing damage to the control system. To counter such an attacker, we propose the moving target defense which introduces stochastic, time-varying parameters in the control system. The underlying random dynamics of the system limit an attacker's knowledge of the model and inhibit his or her ability to construct stealthy attack sequences. Moreover, the time-varying nature of the dynamics thwarts adaptive adversaries. We explore three main designs. First, we consider a hybrid system where parameters within the existing plant are switched among multiple modes. We demonstrate how such an approach can enable both the detection and identification of malicious nodes. Next, we investigate the addition of an extended system with dynamics that are coupled to the original plant but do not affect the system performance. Here, an attack on the original system will affect the authenticating subsystem and in turn be revealed by a set of sensors measuring the extended plant. Finally, we propose the use of sensor nonlinearities to enhance the effectiveness of the moving target defense. The nonlinear dynamics act to conceal normal operational behavior from an attacker who has tampered with the system state, further hindering an attacker's ability to glean information about the time-varying dynamics. In all cases mechanisms for analysis and design are proposed. Finally, we analyze attack detectability for each moving target defense by investigating expected lower bounds on the detection statistic. Our contributions are also tested via simulation.

automation & control systems,engineering, electrical & electronic

Jin-Hee Cho,Dilli P. Sharma,Hooman Alavizadeh,Seunghyun Yoon,Noam Ben-Asher,Terrence J. Moore,Dong Seong Kim,Hyuk Lim,Frederica F. Nelson

DOI: https://doi.org/10.1109/comst.2019.2963791

2020-01-01

Abstract:Reactive defense mechanisms, such as intrusion detection systems, have made significant efforts to secure a system or network for the last several decades. However, the nature of reactive security mechanisms has limitations because potential attackers cannot be prevented in advance. We are facing a reality with the proliferation of persistent, advanced, intelligent attacks while defenders are often way behind attackers in taking appropriate actions to thwart potential attackers. The concept of moving target defense (MTD) has emerged as a proactive defense mechanism aiming to prevent attacks. In this work, we conducted a comprehensive, in-depth survey to discuss the following aspects of MTD: key roles, design principles, classifications, common attacks, key methodologies, important algorithms, metrics, evaluation methods, and application domains. We discuss the pros and cons of all aspects of MTD surveyed in this work. Lastly, we highlight insights and lessons learned from this study and suggest future work directions. The aim of this paper is to provide the overall trends of MTD research in terms of critical aspects of defense systems for researchers who seek to develop proactive, adaptive MTD mechanisms.

computer science, information systems,telecommunications