Weiqiao Zhu,Yang,Yipin Zhang,Xiaolin Chang

DOI: https://doi.org/10.1109/access.2024.3457763

IF: 3.9

2024-01-01

IEEE Access

Abstract:Migration-based Dynamic Platform (MdyPlat) is a type of Moving Target Defense (MTD) techniques to protect the task executed on the platform. MdyPlat actively hinders sophisticated attacks through randomly and dynamically setting up a platform for executing the task. This paper aims to investigate how MdyPlat-related factors make quantitative impact on the capability of MdyPlat technique. We develop a semi-Markov model for describing the system dynamics and then derive metric calculation formulas for investigation. Compared to the existing analytical-modeling-based evaluation methods, our modeling approach can work even the times of all MdyPlat-related events follow any type of distribution. The comparison between simulation and numerical results validates the approximate accuracy of the model and formulas. Numerical experiment results uncover that (1) MdyPlat technique can effectively enhance the task security, particularly under high attack intensity; (2) The security risk of the executed task varies in different task-execution scenarios, which are denoted by the number of platforms and the probability distribution of the times of MDP-related events; and (3) Different cumulative distribution function of event time under the same mean value leads to different analysis result of the task security.

Xiaolin Chang,Yu Shi,Zhenjiang Zhang,Zhen Xu,Kishor S. Trivedi,xiaolin Chang,zhenjiang zhang,Zhen xu,Kishor Trivedi

DOI: https://doi.org/10.1109/tsc.2020.2989215

IF: 11.019

2020-01-01

IEEE Transactions on Services Computing

Abstract:Migration-based Dynamic Platform (MDP) technique, a type of Moving Target Defense (MTD) techniques, defends against sophisticated cyber-attacks by randomly and dynamically selecting a platform for executing service/job. Security defense mechanisms protect service/job usually at the cost of degrading its performance. Therefore, it is valuable to make a trade-off between service/job security and its performance. However, previous researches on MTD techniques either focused on analyzing MTD effectiveness of protecting service/job or studied service/job performance with the assumption that attacks on service/job make no influence on its execution. This article aims to apply analytical modeling techniques to investigate the impact of MDP technique on job completion time in a system under attack. We use Stochastic Reward Nets (SRNs) to develop a Markov chain-based model for capturing typical behaviors of the adversary, the vulnerable system and a job. The formulas are derived for calculating the metrics of interest. Numerical analysis is conducted to study the impact of key parameters on job completion time and job security loss.

computer science, information systems, software engineering

Yaguan Qian,Yankai Guo,Qiqi Shao,Jiamin Wang,Bin Wang,Zhaoquan Gu,Xiang Ling,Chunming Wu

DOI: https://doi.org/10.1145/3517806

2021-01-01

Abstract:Edge intelligence has played an important role in constructing smart cities, but the vulnerability of edge nodes to adversarial attacks becomes an urgent problem. A so-called adversarial example can fool a deep learning model on an edge node for misclassification. Due to the transferability property of adversarial examples, an adversary can easily fool a black-box model by a local substitute model. Edge nodes in general have limited resources, which cannot afford a complicated defense mechanism like that on a cloud data center. To address the challenge, we propose a dynamic defense mechanism, namely EI-MTD. The mechanism first obtains robust member models of small size through differential knowledge distillation from a complicated teacher model on a cloud data center. Then, a dynamic scheduling policy, which builds on a Bayesian Stackelberg game, is applied to the choice of a target model for service. This dynamic defense mechanism can prohibit the adversary from selecting an optimal substitute model for black-box attacks. We also conduct extensive experiments to evaluate the proposed mechanism, and results show that EI-MTD could protect edge intelligence effectively against adversarial attacks in black-box settings.

Runkai Yang,Xiaolin Chang,Jelena Misic,Vojislav B. Misic,Zhi Chen,Bo Liu

DOI: https://doi.org/10.1109/globecom38437.2019.9013921

2019-01-01

Abstract:Moving Target Defense (MTD) technology protects a target system by complicating the attacking process of adversaries. It has been gaining more and more attention with the massive growth of vulnerabilities and the widespread deployment of critical network services. This paper aims to analyze service Mean Time To Failure (MTTF) in a vulnerable network system which suffers attacks from adversaries. The system consists of multiple Physical Machines (PM) and each PM can support Docker Containers (DC) to run service. It applies Dynamic Platform Protection Technique (DPT), a kind of MTD techniques, to reduce the impact of attacks on service. A DC can be live migrated among these PMs in order to provision continuous service to users. We propose a model which captures the service behaviors during the service execution in the system. Our model allows both service residency/execution time at a PM and service migration time to be generally distributed. We also derive the formula for calculating MTTF and its approximate accuracy is validated through comparing analytical results with simulation results. Moreover, a formula is proposed to predict the total cost of the system, which helps administrators manage the network system effectively.

Megha Bose,Praveen Paruchuri,Akshat Kumar

2024-08-16

Abstract:Moving Target Defense (MTD) has emerged as a proactive and dynamic framework to counteract evolving cyber threats. Traditional MTD approaches often rely on assumptions about the attackers knowledge and behavior. However, real-world scenarios are inherently more complex, with adaptive attackers and limited prior knowledge of their payoffs and intentions. This paper introduces a novel approach to MTD using a Markov Decision Process (MDP) model that does not rely on predefined attacker payoffs. Our framework integrates the attackers real-time responses into the defenders MDP using a dynamic Bayesian Network. By employing a factored MDP model, we provide a comprehensive and realistic system representation. We also incorporate incremental updates to an attack response predictor as new data emerges. This ensures an adaptive and robust defense mechanism. Additionally, we consider the costs of switching configurations in MTD, integrating them into the reward structure to balance execution and defense costs. We first highlight the challenges of the problem through a theoretical negative result on regret. However, empirical evaluations demonstrate the frameworks effectiveness in scenarios marked by high uncertainty and dynamically changing attack landscapes.

Cryptography and Security,Artificial Intelligence,Machine Learning

Yuyang Zhou,Guang Cheng,Shanqing Jiang,Yuyu Zhao,Zihan Chen

DOI: https://doi.org/10.1016/j.cose.2020.101976

IF: 5.105

2020-01-01

Computers & Security

Abstract:Moving Target Defense (MTD) has emerged as a game changer to reverse the asymmetric situation between attackers and defenders, and as one of the most effective countermeasures to mitigate DDoS attacks, shuffling-based MTD has gained ever-growing attention in cyber security. Despite the increased security, frequent shuffles would significantly bring heavy burden to the system. Moreover, most existing work has not adequately considered the impact of MTD techniques on the defender, and especially ignored that on legitimate users. Due to the lack of cost-effective shuffling methods, it is difficult to reach the optimal balance between the performance and overhead associated with the MTD deployment. Building on our preliminary work in this field, we propose a novel cost-effective shuffling method, which involves common users as a trilateral game for strategy generation and resists DDoS attacks with several MTh mechanisms. The novel game model extends our previous work to further describe the interaction among the attacker, the defender and users in detail, and we exploit Multi-Objective Markov Decision Processes to find the optimal MTh strategy by solving the trade-off problem between the effectiveness and cost of shuffling. By designing a trilateral game cost-effective shuffling algorithm, we capture the best MTD strategy and reach a balance between them in a given shuffling scenario. Simulation and experiments on an experimental software-defined network (SDN) indicate that our approach can effectively mitigate DDoS attacks with an acceptable overload, and exhibit better performance than other related and state of the art approaches. (C) 2020 Elsevier Ltd. All rights reserved.

Yi-xi Xie,Li-xin Ji,Ling-shu Li,Zehua Guo,Thar Baker

DOI: https://doi.org/10.1080/09540091.2020.1832960

2020-01-01

Connection Science

Abstract:The expansion of information technology infrastructure is encountered with Advanced Persistent Threats (APTs), which can launch data destruction, disclosure, modification, and/or Denial of Service attacks by drawing upon vulnerabilities of software and hardware. Moving Target Defense (MTD) is a promising risk mitigation technique that replies to APTs via implementing randomisation and dynamic strategies on compromised assets. However, some MTD techniques adopt the blind random mutation, which causes greater performance overhead and worse defense utility. In this paper, we formulate the cyber-attack and defense as a dynamic partially observable Markov process based on dynamic Bayesian inference. Then we develop an Inference-Based Adaptive Attack Tolerance (IBAAT) system , which includes two stages. In the first stage, a forward–backward algorithm with a time window is employed to perform a security risk assessment. To select the defense strategy, in the second stage, the attack and defense process is modelled as a two-player general-sum Markov game and the optimal defense strategy is acquired by quantitative analysis based on the first stage. The evaluation shows that the proposed algorithm has about 10% security utility improvement compared to the state-of-the-art.

Zhimin Tang,Duohe Ma,Xiaoyan Sun,Kai Chen,Liming Wang,Junye Jiang

DOI: https://doi.org/10.1109/iscc58397.2023.10218253

2023-01-01

Abstract:Traditional defense methods are hard to change the inherent vulnerabilities of static data storage, single data access, and deterministic data content, leading to frequent data leakage incidents. Moving target defense (MTD) techniques can increase data diversity and unpredictability by dynamically shifting the data attack surface. However, in the existing methods, the data lacks sufficient dynamics due to insufficient shifting space and shifting frequency of attack surface, and legitimate users are inevitably greatly affected. This study proposes a data MTD method that the data changes dynamically based on real-time multi-source user access information. Through the multidimensional user stratification mechanism, we establish a novel dynamic data model that uses the combination of random deception strategies to convert metadata properties and content of data based on the user risk levels, while data remains unchanged for legitimate users. Multiple sets of experiments demonstrate the effectiveness and low consumption of our data dynamic defense approach.

Huan Zhang,Kangfeng Zheng,Xiujuan Wang,Shoushan Luo,Bin Wu

DOI: https://doi.org/10.1109/access.2019.2918319

IF: 3.9

2019-01-01

IEEE Access

Abstract:In a real network environment, multiple types of attacks can occur. The more important the service or network, the more attacks it may suffer simultaneously. Moving target defense (MTD) technology is a revolutionary game-changing cyberspace technology that has found various applications in recent years. However, the existing strategies are targeted at defending against specific types of attacks and do not meet the security requirements for multiple attacks. Therefore, we propose a joint defense strategy based on the MTD that can select one or multiple mutant elements to defend against different types of attacks. In addition, we use the analytic hierarchy process (AHP) to quantify the factors affecting the attack and defense costs. After comprehensively analyzing the effects of the different MTD technologies against different attacks, we propose an efficient strategy selection algorithm based on joint defense. Finally, we conduct experiments to evaluate the selection of a joint defense strategy under multiple attacks. The experimental results demonstrate the feasibility and effectiveness of the proposed joint defense strategy selection approach.

Hooman Alavizadeh,Samin Aref,Dong Seong Kim,Julian Jang-Jaccard

DOI: https://doi.org/10.48550/arXiv.2009.02030

2021-06-19

Abstract:Moving Target Defense (MTD) is a proactive security mechanism which changes the attack surface aiming to confuse attackers. Cloud computing leverages MTD techniques to enhance cloud security posture against cyber threats. While many MTD techniques have been applied to cloud computing, there has not been a joint evaluation of the effectiveness of MTD techniques with respect to security and economic metrics. In this paper, we first introduce mathematical definitions for the combination of three MTD techniques: \emph{Shuffle}, \emph{Diversity}, and \emph{Redundancy}. Then, we utilize four security metrics including system risk, attack cost, return on attack, and reliability to assess the effectiveness of the combined MTD techniques applied to large-scale cloud models. Secondly, we focus on a specific context based on a cloud model for E-health applications to evaluate the effectiveness of the MTD techniques using security and economic metrics. We introduce (1) a strategy to effectively deploy Shuffle MTD technique using a virtual machine placement technique and (2) two strategies to deploy Diversity MTD technique through operating system diversification. As deploying Diversity incurs cost, we formulate the \emph{Optimal Diversity Assignment Problem (O-DAP)} and solve it as a binary linear programming model to obtain the assignment which maximizes the expected net benefit.

Cryptography and Security

Yuyang Zhou,Guang Cheng,Shanqing Jiang,Ying Hu,Yuyu Zhao,Zihan Chen

DOI: https://doi.org/10.1145/3338468.3356824

2019-09-18

Abstract:Moving Target Defense (MTD) has emerged as a newcomer into the asymmetric field of attack and defense, and shuffling-based MTD has been regarded as one of the most effective ways to mitigate DDoS attacks. However, previous work does not acknowledge that frequent shuffles would significantly intensify the overhead. MTD requires a quantitative measure to compare the cost and effectiveness of available adaptations and explore the best trade-off between them. In this paper, therefore, we propose a new cost-effective shuffling method against DDoS attacks using MTD. By exploiting Multi-Objective Markov Decision Processes to model the interaction between the attacker and the defender, and designing a cost-effective shuffling algorithm, we study the best trade-off between the effectiveness and cost of shuffling in a given shuffling scenario. Finally, simulation and experimentation on an experimental software defined network (SDN) indicate that our approach imposes an acceptable shuffling overload and is effective in mitigating DDoS attacks.

Cryptography and Security

z zhang,y tian,r deng,j ma

DOI: https://doi.org/10.1109/JIOT.2022.3161790

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:The smart grid (SG), as one of the largest evolutionary critical infrastructures, witnesses the deep integration of electricity facilities and Internet of Things (IoT). But recent events show that the vulnerabilities exposed in IoT devices can be exploited by adversaries to construct the cyberattacks on SG. To address this threat, plenty of countermeasures have been proposed to enhance the SG’s security. However, the additional costs introduced by some countermeasures make the utilities hesitate to implement them practically. To alleviate this concern, in this article, we propose a double-benefit moving target defense (dB-MTD) to protect the SG from cyber–physical attacks (CPAs) and also gain generation-cost benefits. The dB-MTD enables the prevention of stealthy CPAs on the transmission lines by perturbing the reactances with the distributed flexible AC transmission system (D-FACTS). To reduce the infrastructure cost, we minimize the number of required D-FACTS devices for a specific protection goal. Although it needs investment on D-FACTS, we find that the utility can make profits from the generation costs by appropriately setting the reactance perturbations. Therefore, we formulate an optimization problem to compute the optimal reactance perturbations to maximize the generation-cost benefits, without sacrificing the protection performance of dB-MTD. Finally, using the real-world load profiles, we conduct extensive simulations to evaluate the impact of CPA on the system operation and the benefits obtained by the dB-MTD from the aspects of the D-FACTS deployment and the generation-cost profits.

Hanyi Xu,Guozhen Cheng,Xiaohan Yang,Wenyan Liu,Dacheng Zhou,Wei Guo

DOI: https://doi.org/10.3390/electronics13030487

IF: 2.9

2024-01-25

Electronics

Abstract:Due to the fine-grained splitting of microservices and frequent communication between microservices, the exposed attack surface of microservices has exploded, facilitating the lateral movement of attackers between microservices. To solve this problem, a multi-dimensional moving target defense method based on an adaptive simulated annealing genetic algorithm (MD2RS) is proposed. Firstly, according to the characteristics of microservices in the cloud, a microservice attack graph is proposed to quantify the attack scenario of microservices in the cloud so as to conveniently and intuitively observe the vulnerability of microservices in the cloud and the dependency relationship between microservices. Secondly, the security gain and resource cost are quantified for the key nodes selected by measuring the degree of dependence of each node according to the degree centrality. Finally, the Adaptive Simulated Annealing Genetic Algorithm (ASAGA) is used to solve the optimal security configuration information of the moving target defense, that is, the combination of the number of copies of the multi-copy deployment and the rotation cycle of the dynamic rotation of microservices, in order to quickly evaluate the security risks of microservices and optimize the security policy. Experiments show that the defense return rate of MD2RS is 85.95% higher than that of the mainstream methods, and the experimental results are conducive to applying this method to the dynamic defense of microservices in the cloud.

engineering, electrical & electronic,computer science, information systems,physics, applied

Cai Guilin,Wang Baosheng,Wang Tianzuo,Luo Yuebin,Wang Xiaofeng,Cui XinWu

DOI: https://doi.org/10.7544/issn1000-1239.2016.20150225

2016-01-01

Journal of Computer Research and Development

Abstract:Nowadays ,network configurations are typically deterministic ,static ,and homogeneous . These features reduce the difficulties for cyber attackers scanning the network to identify specific targets and gather essential information ,which gives the attackers asymmetric advantages of building up ,launching and spreading attacks .Thus the defenders are always at a passive position ,and the existing defense mechanisms and approaches cannot reverse this situation . Moving target defense (M TD) is proposed as a new revolutionary technology to alter the asymmetric situation of attacks and defenses .It keeps moving the attack surface of the protected target through dynamic shifting ,which can be controlled and managed by the administrator . In this way , the attack surface exposed to attackers appears chaotic and changes over time . Therefore , the work effort ,i .e ., the cost and complexity ,for the attackers to launch a successful attack ,will be greatly increased .As a result ,the probability of successful attacks will be decreased ,and the resiliency and security of the protected target will be enhanced effectively .In this paper ,we firstly introduce the basic concepts of M TD ,and classify the related works into categories according to their research field .Then ,under each category , we give a detailed description on the existing work ,and analyze and summarize them separately . Finally ,we present our understandings on M TD ,and summarize the current research status ,and further discuss the development trends in this field .

Yuyang Zhou,Guang Cheng,Yuyu Zhao,Zihan Chen,Shanqing Jiang

DOI: https://doi.org/10.1109/tii.2021.3090719

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:Nowadays, a large number of intelligent devices involved in the industrial Internet of Things (IIoT) environment lead to unprecedented challenges in security. Due to limited resources with weak security protection, the IIoT devices can be easily compromised to launch distributed denial-of-service (DDoS) attacks, resulting in catastrophic results. Although there are many DDoS mitigations of traditional static schemes, the proactive defense method to resist attacks has not been well studied. Furthermore, existing proactive schemes ignored the delay-sensitive characteristic of applications under the IIoT environments. To address these issues, we first adopt two kinds of moving target defense (MTD) techniques that dynamically control the admission of devices and migrate service replicas to isolate attackers on limited edge clouds and mitigate DDoS attacks early near its source. Then, we formulate a multistage optimization problem of MTD mechanisms deployment and model it as constrained Markov decision processes in order to maximize the available resources of the system under the limitations of the IIoT environments. Besides, we present an MTD optimal strategy algorithm to solve decision problems in a cost-effective manner. In this article, the proposed algorithm can achieve an optimal admission allocation by means of attackers gathering within the same service where the service migration decisions are assisted by means of value iteration. The experimental results verify that the proposed algorithm, compared with existing strategies, can effectively mitigate DDoS attacks with acceptable degradation of the quality of service.

Zhi Chen,Xiaolin Chang,Jelena Misic,Vojislav B. Misic,Yang,Zhen Han

DOI: https://doi.org/10.1109/globecom42002.2020.9322609

2020-01-01

Abstract:Moving target defense (MTD), emerging as a game-changer in the cyber defense area, has got a lot of attention and development recently. As a proactive defense technique, MTD dynamically changes system attributes in order to create more uncertainties of the system and has been proved to be effective against cyber attacks. Beyond this, there is still a lack of researches with respect to the quantitative analysis of the effect of MTD on system performance. This paper aims to quantitatively investigate how MTD affects system performance while bringing security. We develop Markov process-based models for two different MTD strategies and derive the formulas for metrics of interest. We carry out simulation experiments to validate our proposed models with Mininet. Furthermore, numerical analysis is conducted for comparing these two different strategies in terms of system performance. The numerical results also show how different parameters affect the evaluation metrics. Our models can help defenders conFigure the MTD system in the most suitable way.

Doğanalp Ergenç,Florian Schneider,Peter Kling,Mathias Fischer

2023-03-17

Abstract:Modern mission-critical systems (MCS) are increasingly softwarized and interconnected. As a result, their complexity increased, and so their vulnerability against cyber-attacks. The current adoption of virtualization and service-oriented architectures (SOA) in MCSs provides additional flexibility that can be leveraged to withstand and mitigate attacks, e.g., by moving critical services or data flows. This enables the deployment of strategies for moving target defense (MTD), which allows stripping attackers of their asymmetric advantage from the long reconnaissance of MCSs. However, it is challenging to design MTD strategies, given the diverse threat landscape, resource limitations, and potential degradation in service availability. In this paper, we combine two optimization models to explore feasible service configurations for SOA-based systems and to derive subsequent MTD actions with their time schedule based on an attacker-defender game. Our results indicate that even for challenging and diverse attack scenarios, our models can defend the system by up to 90% of the system operation time with a limited MTD defender budget.

Cryptography and Security,Networking and Internet Architecture

Yuyang Zhou,Guang Cheng,Zhi Ouyang,Zongyao Chen

DOI: https://doi.org/10.1109/tnsm.2024.3413685

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:Edge computing (EC) and container technology have been widely used to increase the flexibility of computing resources and meet the real-time requirements for delay-sensitive applications. However, it has been shown that edge clouds suffer from distributed denial-of-service (DDoS) attacks, especially low-rate DDoS (LDDoS) attacks, which can be stealthily crafted to evade detection. Unfortunately, the existing techniques cannot provide effective protection, and the amplifying resource consumption and service delay incurred by defense greatly diminish the efficiency of the security system. To tackle these problems, this paper exploits Moving Target Defense (MTD) techniques and deep reinforcement learning (DRL) for mitigating the impact of LDDoS attacks in a resource-efficient way by effectively partially invalidating, avoiding, and tolerating malicious traffic that improves the web services’ security and quality with lower overhead. We first design several lightweight MTD mechanisms by utilizing the built-in functionalities of container-based applications. To further optimize resource utilization, we formulate the interaction between attacks and MTD deployment as a Markov decision process (MDP), and adopt a deep Q-network (DQN) algorithm to achieve the best trade-off between effectiveness and overhead. The simulations prove the effectiveness of the proposed approach in LDDoS mitigation, with a significant improvement of up to 31.7% in security and 26.95% in service quality when compared with other practical strategies, and the experimental results also demonstrate that our method exhibits the lowest response time per request of 276.66 ms and the lowest webpage load time of 1.413 s with only 2.44% additional memory usage in comparison with previous works in the high workload scenario.

Jiawen Kang,Yibo Lian,Changqiao Xu,Haijiang Tian,Xiaohui Kuang,D. Niyato,Zhang Tao

DOI: https://doi.org/10.1109/JSAC.2023.3310072

IF: 16.4

2023-10-01

IEEE Journal on Selected Areas in Communications

Abstract:With rapid development of emerging technologies for Internet of Things (IoT), digital twins (DT) have been proposed to support a wide variety of applications. A mobile network is expected to be integrated with DT to form a DT mobile network (DTMN). Unfortunately, DTMN still faces security threats, which have attracted great research attention. Current defense mechanisms are mostly static, i.e., responding after attacks happening. To solve the aforementioned problem, moving target defense (MTD) has been proposed as an innovative solution. However, there exist three major challenges when applying MTD into DTMN. Firstly, less emphasis was paid to collaborative scheduling between multiple MTD schemes, which can improve the security of DTMN. Secondly, MTD schemes require lots of network resources, but few works focus on the time allocation of multiple MTD schemes to reduce network resource consumption. Thirdly, existing defense strategies only rely on current information, but do not consider future information. In this paper, we propose a collaborative mutation-based MTD (CM-MTD) in DTMN. We mainly consider two MTD schemes called host address mutation (HAM) and route mutation (RM), respectively, which adjust network properties and invalidate different stages of cyber kill chain. We firstly formulate a semi-Markov decision process (SMDP) to model time-varying security events and dynamic deployment of multiple MTD schemes. Then, security events are predicted by long short-term memory (LSTM), which are regarded as network states in SMDP. Next, infeasible actions that do not satisfy network constraints will be removed from the action space of the SMDP. Lastly, we design a hierarchical deep reinforcement learning algorithm for collaborative scheduling. Simulation results highlight the effectiveness of CM-MTD compared with baseline solutions.

Engineering,Computer Science

Tao Zhang,Changqiao Xu,Bingchi Zhang,Xinran Li,Xiaohui Kuang,Luigi Alfredo Grieco

DOI: https://doi.org/10.1109/tdsc.2023.3237604

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Network function virtualization (NFV) supports the rapid development of service function chain (SFC), which efficiently connects a sequence of network virtual function instances (VNFIs) placed into physical infrastructures. Current SFC migration mechanisms usually keep static SFC deployment after finishing certain objectives, and deployment methods mostly provide static resource allocation for VNFIs. Therefore, the adversary has enough time to plan for devastating attacks for in-service SFCs. Fortunately, moving target defense (MTD) was proposed as a game-changing solution to dynamically adjust network configurations. However, existing MTD methods mostly depend on attack-defense models, and lack adaptive mutation period. In this article, we propose an Intelligence-Driven Service Function Chain Migration (ID-SFCM) scheme. First, we model a Markov decision process (MDP) to formulate the dynamic arrival or departure of SFCs. To remove infeasible actions from the action space of MDP, we formalize the SFC deployment as a constrained satisfaction problem. Then, we design a deep reinforcement learning (DRL) algorithm named model-based adaptive proximal policy optimization (MA-PPO) to enable attack-resistant migration decisions and adaptive migration period. Finally, we evaluate the defense performance by multiple attack strategies and two realistic datasets called CICIDS-2017 and LYCOS-IDS2017 respectively. Simulation results highlight the effectiveness of ID-SFCM compared with representative solutions.