Analysis of Concurrent Moving Target Defenses

Connell, Warren; Pham, Luan Huy; Philip, Samuel

doi:10.1145/3268966.3268972

Cited by 6 publications

(2 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…us, although these single MTD mechanisms may result in some success in resisting automated worms and some low-level attackers, sophisticated attackers will make them invalid by combining multiple pieces of information (e.g., MAC address, operating system information, open ports, running services, and potential vulnerabilities) to identify these hosts whose single or limited system configuration parameters keep changing. To address this shortcoming, Connell et al [19] presented a concurrent MTDs model that combines service reconfiguration and IP reconfiguration to improve defense effectiveness. Unfortunately, the two MTDs tend to interfere with each other, which will affect the normal operation of the system.…”

Section: Related Workmentioning

confidence: 99%

A Hybrid Cyber Defense Mechanism to Mitigate the Persistent Scan and Foothold Attack

Wang

Pei

Zhang

et al. 2020

Security and Communication Networks

View full text Add to dashboard Cite

As the prerequisite for the attacker to invade the target network, Persistent Scan and Foothold Attack (PSFA) is becoming progressively more subtle and complex. Even worse, the static and predictable characteristics of traditional systems provide an asymmetric advantage for attackers in launching the PSFA. To reverse this asymmetric advantage and resist the PSFA, two new defense ideas, called moving target defense (MTD) and deception-based cyber defense (DCD), have been suggested to provide the proactive selectable measures to complement traditional defense. However, MTD is unable to defeat the sophisticated attacker with fingerprint tracking ability. Meanwhile, DCD is easy to be marked by the attacker, which will result in a great waste of defense resources and poor defense effectiveness. To address this shortcoming, we propose the hybrid cyber defense mechanism that combines the address mutation (belonging to MTD) and fingerprint camouflage (belonging to DCD) strategies. More specifically, we first introduce and formalize the attacker model of PSFA based on the cyber kill chain. Afterwards, the traffic direction technology is designed to realize the coordination between the strategy of address mutation and the strategy of fingerprint camouflage. Furthermore, we construct the fine-grained quantitative modeling of the attacker’s behaviors through an in-depth observation of actual network confrontation. Based on this, a dynamic defense strategy generation algorithm is presented to maximize the effectiveness of our hybrid mechanism. Finally, the experimental results show that our hybrid mechanism can greatly improve the time required for a successful attack and achieve a better defense effect than the single strategy.

show abstract

Section: Related Workmentioning

confidence: 99%

A Hybrid Cyber Defense Mechanism to Mitigate the Persistent Scan and Foothold Attack

Wang

Pei

Zhang

et al. 2020

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Okhravi et al [39] designed the Trusted Dynamic Logical Heterogeneity System (TALENT) to change its hardware platform and operating system. Connell et al [40] proposed a method to defend against multistep attacks by transforming the service platform and IP address, and they analyzed the effectiveness of the method. Although these searches integrated several MTD technologies, they did not consider the defense strategy when faced with multiple attacks.…”

Section: B Efficient Policy Selectionmentioning

confidence: 99%

Efficient Strategy Selection for Moving Target Defense Under Multiple Attacks

et al. 2019

View full text Add to dashboard Cite

In a real network environment, multiple types of attacks can occur. The more important the service or network, the more attacks it may suffer simultaneously. Moving target defense (MTD) technology is a revolutionary game-changing cyberspace technology that has found various applications in recent years. However, the existing strategies are targeted at defending against specific types of attacks and do not meet the security requirements for multiple attacks. Therefore, we propose a joint defense strategy based on the MTD that can select one or multiple mutant elements to defend against different types of attacks. In addition, we use the analytic hierarchy process (AHP) to quantify the factors affecting the attack and defense costs. After comprehensively analyzing the effects of the different MTD technologies against different attacks, we propose an efficient strategy selection algorithm based on joint defense. Finally, we conduct experiments to evaluate the selection of a joint defense strategy under multiple attacks. The experimental results demonstrate the feasibility and effectiveness of the proposed joint defense strategy selection approach. INDEX TERMS Moving target defense, efficient defensive strategy selection, multiple attack, joint defense, genetic algorithm.

show abstract