Duohe Ma,Zhimin Tang,Xiaoyan Sun,Lu Guo,Liming Wang,Kai Chen

DOI: https://doi.org/10.1145/3560828.3563995

2022-01-01

Abstract:Moving target defense (MTD) is a proactive defensive mechanism proposed to disrupt and disable potential attacks, thus reversing the defender's disadvantages. Cyber deception is a complementary technique that is often used to enhance MTD by utilizing misinformation to deceive and mislead attackers. Deception elements, such as honeypot, honey bait, honey token, breadcrumb, and well-constructed deception scenes, can significantly increase the uncertainties for attackers. Deception-based MTD techniques can change the asymmetry situation between defenders and attackers through affecting the attacker's perception of the system. However, there is still a lack of understanding about the role of cyber deception in MTD, and few research works have evaluated the effectiveness of cyber deception. In this paper, we propose a concept of deception attack surface to illustrate deception-based moving target defense. Moreover, we propose a quantitative method to measure deception, which includes two core concepts: exposed falseness degree and hidden truth degree. We further formulate a deception game model between an attacker and a defender, in which the defender attempts to protect the entry points on the attack surface by creating or changing a deception attack surface. Furthermore, we provide a detailed example scenario and analyze the deception game's equilibrium. Finally We verify the effectiveness of our proposed method through a real attack and defense experiment.

Marco Zambianco,Claudio Facchinetti,Domenico Siracusa

DOI: https://doi.org/10.1016/j.cose.2024.104144

2024-10-16

Abstract:Cyber deception allows compensating the late response of defenders countermeasures to the ever evolving tactics, techniques, and procedures (TTPs) of attackers. This proactive defense strategy employs decoys resembling legitimate system components to lure stealthy attackers within the defender environment, slowing and/or denying the accomplishment of their goals. In this regard, the selection of decoys that can expose the techniques used by malicious users plays a central role to incentivize their engagement. However, this is a difficult task to achieve in practice, since it requires an accurate and realistic modeling of the attacker capabilities and his possible targets. In this work, we tackle this challenge and we design a decoy selection scheme that is supported by an adversarial modeling based on empirical observation of real-world attackers. We take advantage of a domain-specific threat modelling language using MITRE ATT&CK framework as source of attacker TTPs targeting enterprise systems. In detail, we extract the information about the execution preconditions of each technique as well as its possible effects on the environment to generate attack graphs modeling the adversary capabilities. Based on this, we formulate a graph partition problem that minimizes the number of decoys detecting a corresponding number of techniques employed in various attack paths directed to specific targets. We compare our optimization-based decoy selection approach against several benchmark schemes that ignore the preconditions between the various attack steps. Results reveal that the proposed scheme provides the highest interception rate of attack paths using the lowest amount of decoys.

Cryptography and Security

Paul Griffioen,Sean Weerakkody,Bruno Sinopoli

DOI: https://doi.org/10.1109/tac.2020.3005686

IF: 6.549

2021-05-01

IEEE Transactions on Automatic Control

Abstract:This article considers the design and analysis of multiple moving target defenses for recognizing and isolating attacks on cyber-physical systems. We consider attackers who perform integrity attacks on some set of sensors and actuators in a control system. In such cases, it has been shown that a model aware adversary can carefully design attack vectors to bypass bad data detection and identification filters while causing damage to the control system. To counter such an attacker, we propose the moving target defense which introduces stochastic, time-varying parameters in the control system. The underlying random dynamics of the system limit an attacker's knowledge of the model and inhibit his or her ability to construct stealthy attack sequences. Moreover, the time-varying nature of the dynamics thwarts adaptive adversaries. We explore three main designs. First, we consider a hybrid system where parameters within the existing plant are switched among multiple modes. We demonstrate how such an approach can enable both the detection and identification of malicious nodes. Next, we investigate the addition of an extended system with dynamics that are coupled to the original plant but do not affect the system performance. Here, an attack on the original system will affect the authenticating subsystem and in turn be revealed by a set of sensors measuring the extended plant. Finally, we propose the use of sensor nonlinearities to enhance the effectiveness of the moving target defense. The nonlinear dynamics act to conceal normal operational behavior from an attacker who has tampered with the system state, further hindering an attacker's ability to glean information about the time-varying dynamics. In all cases mechanisms for analysis and design are proposed. Finally, we analyze attack detectability for each moving target defense by investigating expected lower bounds on the detection statistic. Our contributions are also tested via simulation.

automation & control systems,engineering, electrical & electronic

Sang Seo,Heaeun Moon,Sunho Lee,Donghyeon Kim,Jaeyeon Lee,Byeongjin Kim,Woojin Lee,Dohoon Kim

DOI: https://doi.org/10.1109/access.2023.3278744

IF: 3.9

2023-01-01

IEEE Access

Abstract:Based on the paradigm shift in modern warfare, ground forces conduct pilot operations of wireless unmanned maneuvering systems, such as tactical drones, in the form of manned and unmanned cooperative tactics after deploying the relevant systems in the battlefield. However, security considerations for relevant systems are limited to the scope of using only the existing end-to-end encryption and public key authentication modules, and no defense strategy to actively respond to specialized cyber-electronic warfare threats has been officially established. To drastically reduce both the potential attack surface and security vulnerabilities of drones employed in network-centric-warfare, a proactive defense technology that expires the effectiveness of attacks by avoiding invasive action at the target is expected to be essential. Accordingly, this paper proposes the concept of active moving-target-defense (MTD), an element of cyber deception that minimizes the rate of success of cyber-attacks while conversely maximizing both defense predominance and attack complexity asymmetrically, exclusive according to partially observable Markov decision process (POMDP)-based threat modeling that considers both the internal and external operation sequences of target drones. To optimally design the proposed drone-type MTD based on the Pareto frontier, we additionally advanced and simulated a drone-based defensive deception game framework (D3GF), which represents a general-sum combat framework reflecting decision logics such as the perfect Bayesian Nash equilibrium, stochastic Stackelberg, and partial signal game. This study was conducted to compare and calculate the efficiencies of the drone-type MTD’s deceptive defense, which had not been considered in prior studies, by unique environmental features inside and outside the drone. Furthermore, we conducted a detailed performance evaluation considering game metrics based on sensitivity analysis. Hereafter, the drone-type MTD will be extended into an actual active drone protection technology combining cyber flare-type avoidance strategies and cyber camouflage-type disarrangement strategies by expanding its optimization domain as a hypergame, while integrating it with drone decoy elements.

computer science, information systems,telecommunications,engineering, electrical & electronic

Narges Babadi,Ali Doustmohammadi

DOI: https://doi.org/10.1016/j.compeleceng.2022.107931

2022-05-01

Abstract:Cyber-physical systems have posed new challenges, affecting their users. The information security of these systems against cyber-attacks is considered one of the most complex issues in a wide range of defences. The present study proposes a new approach for detecting deception attacks based on moving target defence (MTD). The existing MTD algorithms can only recognize few attacks, including integrity attacks on the cyber-physical system, by limiting the adversary's knowledge of the original system. However, the proposed approach detects replay attacks as well. Moreover, a robust defence system is developed to mislead the adversary and make the attack identifiable from the defender's perspective by introducing a chaotic, hybrid, and extended MTD. Thus, three primary deception attacks, including False Data Injection (FDI), covert, and replay attacks, are detectable based on the proposed approach. The effectiveness of the proposed approach is validated by comparing it with continuous watermarking defence in a cyber-physical testbed.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Mengxiang Liu,Chengcheng Zhao,Jinhui Xia,Ruilong Deng,Peng Cheng,Jiming Chen

DOI: https://doi.org/10.1109/tsg.2022.3188489

IF: 10.275

2022-01-01

IEEE Transactions on Smart Grid

Abstract:With the rapid development of the information and communication technology in DC microgrids (DCmGs), the threat of deception attacks has been widely recognized. However, the stealthy deception attacks, which can hide the actual attack impact from the system operator as in the Stuxnet accident, have not yet been well studied. Towards this end, this paper proposes a proactive distributed detection and localization (PDDL) framework to defend against the stealthy deception attacks. The attack detection is achieved by observing the attack impact that is quantified as the voltage balancing deviation (VBD) and current sharing deviation (CSD) in DCmGs. Once any anomaly is perceived, the proactive perturbation on primary control gains (PCGs) will be activated to invalidate the previously inferred PCGs of the attacker, under which the constructed stealthy deception attacks may be located by the unknown input observer (UIO) based locators. To maximize the locatability of attacks while limiting the induced transient fluctuations on system states, an optimization problem is formulated to determine the PCG perturbation magnitude. Finally, the effectiveness of the PDDL framework is verified through extensive hardware-in-the-loop (HIL) based simulations and systematic full-hardware experimental studies.

Rui Zhuang,Scott A. DeLoach,Xinming Ou

DOI: https://doi.org/10.1145/2663474.2663479

2014-01-01

Abstract:The static nature of cyber systems gives attackers the advantage of time. Fortunately, a new approach, called the Moving Target Defense (MTD) has emerged as a potential solution to this problem. While promising, there is currently little research to show that MTD systems can work effectively in real systems. In fact, there is no standard definition of what an MTD is, what is meant by attack surface, or metrics to define the effectiveness of such systems. In this paper, we propose an initial theory that will begin to answer some of those questions. The paper defines the key concepts required to formally talk about MTD systems and their basic properties. It also discusses three essential problems of MTD systems, which include the MTD Problem (or how to select the next system configuration), the Adaptation Selection Problem, and the Timing Problem. We then formalize the MTD Entropy Hypothesis, which states that the greater the entropy of the system's configuration, the more effective the MTD system.

Doğanalp Ergenç,Florian Schneider,Peter Kling,Mathias Fischer

2023-03-17

Abstract:Modern mission-critical systems (MCS) are increasingly softwarized and interconnected. As a result, their complexity increased, and so their vulnerability against cyber-attacks. The current adoption of virtualization and service-oriented architectures (SOA) in MCSs provides additional flexibility that can be leveraged to withstand and mitigate attacks, e.g., by moving critical services or data flows. This enables the deployment of strategies for moving target defense (MTD), which allows stripping attackers of their asymmetric advantage from the long reconnaissance of MCSs. However, it is challenging to design MTD strategies, given the diverse threat landscape, resource limitations, and potential degradation in service availability. In this paper, we combine two optimization models to explore feasible service configurations for SOA-based systems and to derive subsequent MTD actions with their time schedule based on an attacker-defender game. Our results indicate that even for challenging and diverse attack scenarios, our models can defend the system by up to 90% of the system operation time with a limited MTD defender budget.

Cryptography and Security,Networking and Internet Architecture

Mariusz Żal,Marek Michalski,Piotr Zwierzykowski

DOI: https://doi.org/10.3390/electronics13050918

IF: 2.9

2024-02-29

Electronics

Abstract:The contemporary world, dominated by information technologt (IT), necessitates sophisticated protection mechanisms against attacks that pose significant threats to individuals, companies, and governments alike. The unpredictability of human behavior, coupled with the scattered development of applications and devices, complicates supply chain maintenance, making it impossible to develop a system entirely immune to cyberattacks. Effective execution of many attack types hinges on prior network reconnaissance. Thus, hindering effective reconnaissance serves as a countermeasure to attacks. This paper introduces a solution within the moving target defense (MTD) strategies, focusing on the mutation of Internet protocol (IP) addresses in both edge and core network switches. The idea of complicating reconnaissance by continually changing IP addresses has been suggested in numerous studies. Nonetheless, previously proposed solutions have adversely impacted the quality of service (QoS) levels. Implementing these mechanisms could interrupt Transmission Control Protocol (TCP) connections and result in data losses. The IP address mutation algorithms presented in this study were designed to be fully transparent to transport layer protocols, thereby preserving the QoS for users without degradation. In this study, we leveraged the benefits of software-defined networking (SDN) and the Programming-Protocol-Ondependent Packet Processors (P4) language, which specifies packet processing methodologies in the data plane. Employing both SDN and P4 enables a dynamic customization of network device functionalities to meet network users' specific requirements, a feat unachievable with conventional computer networks. This approach not only enhances the adaptability of network configurations but also significantly increases the efficiency and effectiveness of network management and operation.

engineering, electrical & electronic,computer science, information systems,physics, applied

Scott Freitas,Andrew Wicker,Duen Horng Chau,Joshua Neil

DOI: https://doi.org/10.48550/arXiv.2001.11108

2020-01-30

Abstract:Given a large enterprise network of devices and their authentication history (e.g., device logons), how can we quantify network vulnerability to lateral attack and identify at-risk devices? We systematically address these problems through D2M, the first framework that models lateral attacks on enterprise networks using multiple attack strategies developed with researchers, engineers, and threat hunters in the Microsoft Defender Advanced Threat Protection group. These strategies integrate real-world adversarial actions (e.g., privilege escalation) to generate attack paths: a series of compromised machines. Leveraging these attack paths and a novel Monte-Carlo method, we formulate network vulnerability as a probabilistic function of the network topology, distribution of access credentials and initial penetration point. To identify machines at risk to lateral attack, we propose a suite of five fast graph mining techniques, including a novel technique called AnomalyShield inspired by node immunization research. Using three real-world authentication graphs from Microsoft and Los Alamos National Laboratory (up to 223,399 authentications), we report the first experimental results on network vulnerability to lateral attack, demonstrating D2M's unique potential to empower IT admins to develop robust user access credential policies.

Social and Information Networks

Cheng Lei,Hong-Qi Zhang,Jing-Lei Tan,Yu-Chen Zhang,Xiao-Hu Liu

DOI: https://doi.org/10.1155/2018/3759626

IF: 1.968

2018-07-22

Security and Communication Networks

Abstract:As an active defense technique to change asymmetry in cyberattack-defense confrontation, moving target defense research has become one of the hot spots. In order to gain better understanding of moving target defense, background knowledge and inspiration are expounded at first. Based on it, the concept of moving target defense is analyzed. Secondly, literature analysis method is adopted to explain the design principles and system architecture of moving target defense. In addition, some relevant key techniques are introduced from the aspects of strategy generation, shuffling implementation, and performance evaluation. After that, the applications of moving target defense in different network architectures are illustrated. Finally, existing problems and future trend in this field are elaborated so as to provide a basis for further study.

computer science, information systems,telecommunications

Mengmeng Ge,Jin-Hee Cho,Dong Seong Kim,Gaurav Dixit,Ing-Ray Chen

DOI: https://doi.org/10.48550/arXiv.2005.04220

2020-05-08

Abstract:Resource constrained Internet-of-Things (IoT) devices are highly likely to be compromised by attackers because strong security protections may not be suitable to be deployed. This requires an alternative approach to protect vulnerable components in IoT networks. In this paper, we propose an integrated defense technique to achieve intrusion prevention by leveraging cyberdeception (i.e., a decoy system) and moving target defense (i.e., network topology shuffling). We verify the effectiveness and efficiency of our proposed technique analytically based on a graphical security model in a software defined networking (SDN)-based IoT network. We develop four strategies (i.e., fixed/random and adaptive/hybrid) to address "when" to perform network topology shuffling and three strategies (i.e., genetic algorithm/decoy attack path-based optimization/random) to address "how" to perform network topology shuffling on a decoy-populated IoT network, and analyze which strategy can best achieve a system goal such as prolonging the system lifetime, maximizing deception effectiveness, maximizing service availability, or minimizing defense cost. Our results demonstrate that a software defined IoT network running our intrusion prevention technique at the optimal parameter setting prolongs system lifetime, increases attack complexity of compromising critical nodes, and maintains superior service availability compared with a counterpart IoT network without running our intrusion prevention technique. Further, when given a single goal or a multi-objective goal (e.g., maximizing the system lifetime and service availability while minimizing the defense cost) as input, the best combination of "how" and "how" strategies is identified for executing our proposed technique under which the specified goal can be best achieved.

Cryptography and Security

Daniel Reti,Karina Elzer,Daniel Fraunholz,Daniel Schneider,Hans-Dieter Schotten

DOI: https://doi.org/10.1145/3560828.3564006

2023-01-25

Abstract:In the field of network security, with the ongoing arms race between attackers, seeking new vulnerabilities to bypass defense mechanisms and defenders reinforcing their prevention, detection and response strategies, the novel concept of cyber deception has emerged. Starting from the well-known example of honeypots, many other deception strategies have been developed such as honeytokens and moving target defense, all sharing the objective of creating uncertainty for attackers and increasing the chance for the attacker of making mistakes. In this paper a methodology to evaluate the effectiveness of honeypots and moving target defense in a network is presented. This methodology allows to quantitatively measure the effectiveness in a simulation environment, allowing to make recommendations on how many honeypots to deploy and on how quickly network addresses have to be mutated to effectively disrupt an attack in multiple network and attacker configurations. With this optimum, attacks can be detected and slowed down with a minimal resource and configuration overhead. With the provided methodology, the optimal number of honeypots to be deployed and the optimal network address mutation interval can be determined. Furthermore, this work provides guidance on how to optimally deploy and configure them with respect to the attacker model and several network parameters.

Cryptography and Security

Juan Wang,Feng Xiao,Jianwei Huang,Daochen Zha,Hongxin Hu,Huanguo Zhan

DOI: https://doi.org/10.48550/arXiv.1704.01482

2017-04-05

Networking and Internet Architecture

Abstract:The static nature of current cyber systems has made them easy to be attacked and compromised. By constantly changing a system, Moving Target Defense (MTD) has provided a promising way to reduce or move the attack surface that is available for exploitation by an adversary. However, the current network- based MTD obfuscates networks indiscriminately that makes some networks key services, such as web and DNS services, unavailable, because many information of these services has to be opened to the outside and remain real without compromising their usability. Moreover, the indiscriminate obfuscation also severely reduces the performance of networks. In this paper, we propose CHAOS, an SDN (Software-defined networking)-based MTD system, which discriminately obfuscates hosts with different security levels in a network. In CHAOS, we introduce a Chaos Tower Obfuscation (CTO) method, which uses a Chaos Tower Structure (CTS) to depict the hierarchy of all the hosts in an intranet and provides a more unpredictable and flexible obfuscation method. We also present the design of CHAOS, which leverages SDN features to obfuscate the attack surface including IP obfuscation, ports obfuscation, and fingerprint obfuscation thereby enhancing the unpredictability of the networking environment. We develop fast CTO algorithms to achieve a different degree of obfuscation for the hosts in each layer. Our experimental results show that a network protected by CHAOS is capable of decreasing the percentage of information disclosure effectively to guarantee the normal flow of traffic.

Sailik Sengupta,Ankur Chowdhary,Abdulhakim Sabur,Adel Alshamrani,Dijiang Huang,Subbarao Kambhampati

DOI: https://doi.org/10.1109/comst.2020.2982955

2020-01-01

Abstract:Network defenses based on traditional tools, techniques, and procedures (TTP) fail to account for the attacker's inherent advantage present due to the static nature of network services and configurations. To take away this asymmetric advantage, Moving Target Defense (MTD) continuously shifts the configuration of the underlying system, in turn reducing the success rate of cyberattacks. In this survey, we analyze the recent advancements made in the development of MTDs and highlight (1) how these defenses can be defined using common terminology, (2) can be made more effective with the use of artificial intelligence techniques for decision making, (3) be implemented in practice and (4) evaluated. We first define an MTD using a simple and yet general notation that captures the key aspects of such defenses. We then categorize these defenses into different sub-classes depending on what they move, when they move and how they move. In trying to answer the latter question, we showcase the use of domain knowledge and game-theoretic modeling can help the defender come up with effective and efficient movement strategies. Second, to understand the practicality of these defense methods, we discuss how various MTDs have been implemented and find that networking technologies such as Software Defined Networking and Network Function Virtualization act as key enablers for implementing these dynamic defenses. We then briefly highlight MTD test-beds and case-studies to aid readers who want to examine or deploy existing MTD techniques. Third, our survey categorizes proposed MTDs based on the qualitative and quantitative metrics they utilize to evaluate their effectiveness in terms of security and performance. We use well-defined metrics such as risk analysis and performance costs for qualitative evaluation and metrics based on Confidentiality, Integrity, Availability (CIA), attack representation, QoS impact, and target-d threat models for quantitative evaluation. Finally, we show that our categorization of MTDs is effective in identifying novel research areas and highlight directions for future research.

computer science, information systems,telecommunications

Cai Guilin,Wang Baosheng,Wang Tianzuo,Luo Yuebin,Wang Xiaofeng,Cui XinWu

DOI: https://doi.org/10.7544/issn1000-1239.2016.20150225

2016-01-01

Journal of Computer Research and Development

Abstract:Nowadays ,network configurations are typically deterministic ,static ,and homogeneous . These features reduce the difficulties for cyber attackers scanning the network to identify specific targets and gather essential information ,which gives the attackers asymmetric advantages of building up ,launching and spreading attacks .Thus the defenders are always at a passive position ,and the existing defense mechanisms and approaches cannot reverse this situation . Moving target defense (M TD) is proposed as a new revolutionary technology to alter the asymmetric situation of attacks and defenses .It keeps moving the attack surface of the protected target through dynamic shifting ,which can be controlled and managed by the administrator . In this way , the attack surface exposed to attackers appears chaotic and changes over time . Therefore , the work effort ,i .e ., the cost and complexity ,for the attackers to launch a successful attack ,will be greatly increased .As a result ,the probability of successful attacks will be decreased ,and the resiliency and security of the protected target will be enhanced effectively .In this paper ,we firstly introduce the basic concepts of M TD ,and classify the related works into categories according to their research field .Then ,under each category , we give a detailed description on the existing work ,and analyze and summarize them separately . Finally ,we present our understandings on M TD ,and summarize the current research status ,and further discuss the development trends in this field .

Zubaida Rehman,Iqbal Gondal,Mengmeng Ge,Hai Dong,Mark Gregory,Zahir Tari

DOI: https://doi.org/10.1016/j.cose.2023.103685

IF: 5.105

2024-01-05

Computers & Security

Abstract:The Internet of Things (IoT) has become increasingly prevalent in various aspects of our lives, enabling billions of devices to connect and communicate seamlessly. However, the intricate nature of IoT connections and device vulnerabilities exposes the devices to security threats. To address the security challenges, we propose a proactive defense framework that leverages a model-based approach for security analysis and facilitates the defense strategies. Our proposed approach incorporates proactive defense mechanisms that combine Moving Target Defense techniques with cyber deception. The proposed approach involves the use of a decoy nodes as a deception technique and operating system based diversity as a moving target defense strategy to change the attack surface area of IoT networks. Additionally, we introduce a technique known as Important Measure-based Operating System Diversity to reduce defense cost. The effectiveness of the defense mechanisms was evaluated by using a graphical security model in a Software Defined Networking-based IoT network. Simulation results demonstrate the effectiveness of our approach in mitigating the impact of attacks while maintaining high performance levels in IoT networks.

computer science, information systems

Sushil Jajodia,Anup K. Ghosh,Vipin Swarup,Cliff Wang,X. Sean Wang

2013-01-01

Abstract:Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats was developed by a group of leading researchers. It describes the fundamental challenges facing the research community and identifies new promising solution paths. Moving Target Defense which is motivated by the asymmetric costs borne by cyber defenders takes an advantage afforded to attackers and reverses it to advantage defenders. Moving Target Defense is enabled by technical trends in recent years, including virtualization and workload migration on commodity systems, widespread and redundant network connectivity, instruction set and address space layout randomization, just-in-time compilers, among other techniques. However, many challenging research problems remain to be solved, such as the security of virtualization infrastructures, secure and resilient techniques to move systems within a virtualized environment, automatic diversification techniques, automated ways to dynamically change and manage the configurations of systems and networks, quantification of security improvement, potential degradation and more. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats is designed for advanced -level students and researchers focused on computer science, and as a secondary text book or reference. Professionals working in this field will also find this book valuable.

Valentina Casola,Alessandra De Benedictis,Carlo Mazzocca,Rebecca Montanari

DOI: https://doi.org/10.1109/tetc.2022.3197464

2022-01-01

IEEE Transactions on Emerging Topics in Computing

Abstract:Cyber-physical systems (CPSs) rely upon the deep integration of computation and physical processes/systems, enabled by Internet of Things (IoT), edge computing, and cloud technologies. Noticeably, cybersecurity is a major concern in CPSs, since attacks may exploit both cyber and physical vulnerabilities and damage significantly physical equipment, compromise operational safety, and impact negatively on product quality and performance. In this context, CPS design should take both security and resilience requirements into account, by identifying the needed measures not only to prevent but also to withstand, recover from, and adapt to adverse conditions and attacks. The approach proposed in this paper aims at improving the security and resilience of a CPS deployment through a model-based design methodology leveraging security-by-design principles and Moving Target Defense (MTD) techniques, consisting in continually shifting a system configuration to reduce the attack success probability and survive attacks. Our methodology, in particular, is meant to support the threat modeling process of a CPS and the identification, based on spotted threats and on the properties of involved assets and data, of the security controls to include within the design to mitigate existing threats and of the MTD techniques to integrate in order to increase resilience.

computer science, information systems,telecommunications

Vignesh Viswanathan,Megha Bose,Praveen Paruchuri

DOI: https://doi.org/10.48550/arXiv.2301.09892

2023-01-24

Computer Science and Game Theory

Abstract:Moving Target Defense (MTD) has emerged as a key technique in various security applications as it takes away the attacker's ability to perform reconnaissance for exploiting a system's vulnerabilities. However, most of the existing research in the field assumes unrealistic access to information about the attacker's motivations and/or actions when developing MTD strategies. Many of the existing approaches also assume complete knowledge regarding the vulnerabilities of a system and how each of these vulnerabilities can be exploited by an attacker. In this work, we aim to create algorithms that generate effective Moving Target Defense strategies that do not rely on prior knowledge about the attackers. Our work assumes that the only way the defender receives information about its own reward is via interaction with the attacker in a repeated game setting. Depending on the amount of information that can be obtained from the interactions, we devise two different algorithms using multi-armed bandit formulation to identify efficient strategies. We then evaluate our algorithms using data mined from the National Vulnerability Database to showcase that they match the performance of the state-of-the-art techniques, despite using a lot less amount of information.