“…As mentioned in Section 3, attack surface can be viewed as a set of all the properties of the system that can be used for attack. Attack surface reduction means reducing some of the properties, and the usual way to achieve attack surface reduction is to repair some vulnera- (Azab et al, 2011), end-to-end software randomly chosen to replace the current candidate) diversity (Christodorescu et al, 2011), practical software diversification (Pappas et al, 2013), SEM (Cui and Stolfo, 2011), proactive obfuscation (Roeder and Schneider, 2010), HMS (le Goues et al, 2013), NOMAD (Vikram et al, 2013), adaptive JIT code diversification (Jangda et al, 2015), OF-RHM (Jafarian et al, 2012), spatio-temporal address mutation (Jafarian et al, 2014), and MOTAG (Jia et al, 2013) Choosing by rotation (the next candidate is chosen SCIT (Bangalore and Sood, 2009), MAS (Huang and Ghosh, by turns) 2011), and MORE (Thompson et al, 2014) Choosing according to function (the next MT6D (Dunlop et al, 2011), RHM (Al-Shaer et al, 2013), candidate is calculated by a function) MTD-MANETs (Albanese et al, 2013), the SDN shuffle approach (MacFarland and Shue, 2015), the SDN-based frequency-minimal MTD approach (Debroy et al, 2016), and RPAH (Luo et al, 2015) Choosing according to game theory (this method Manadhata (2013), Zhu and Başar (2013), is used to provide a general method for attack and Carter et al (2014) surface shifting, and there can be multiple specific strategies under the guidance of this method) Choosing according to the attack behavior observed Spatio-temporal address mutation (Jafarian et al, 2014), and or perceived (the next candidate is chosen to TALENT (Okhravi et al, 2011b) meet some specific security requirements) * (The next candidate is chosen based on an MTD MTD strategy for cloud-based services (Peng et al, 2014) service deployment strategy proposed by authors) * (The selection probability for each candidate OF-RHM (Jafarian et al, 2012) directly relates to the weight that is associated with each candidate based on a certain criterion) * (The next candidate (new configuration) is chosen…”