Performance Modeling of Moving Target Defenses with Reconfiguration Limits

Connell, Warren; Menascé, Daniel A.; Albanese, Massimiliano

doi:10.1109/tdsc.2018.2882825

Cited by 38 publications

(18 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Connell et al proposed a Markov chain analytic model to quantitatively analyze the resource availability and performance of MTD in [27]. Furthermore, in [28] they expanded their work to allow their models supporting the limitation of resources being reconfigured simultaneously. Different from our work, their models can only capture the behavior of the job and the computing resources under the MTD environment, but do not consider the impact or the attack on the system.…”

Section: Related Workmentioning

confidence: 99%

Numerical Evaluation of Job Finish Time Under MTD Environment

et al. 2020

View full text Add to dashboard Cite

Moving target defense (MTD) has recently emerged as a game-changer in the confrontation between cyberattack and defense. MTD mechanism constantly and randomly changes the system configurations to create uncertainty of the attack surface against cyber-adversaries. To date, researches on the evaluation of MTD techniques either focused on analyzing the effectiveness of MTD or studying the system performance loss due to the use of MTD. The impact on job/service running on the protected system is always ignored. In this paper, we propose an SRN (Stochastic reward net) based analytical modeling approach to investigate how MTD techniques influence the job running on protected system from the perspective of job finish time. The SRN model developed in this paper captures the behaviors of both the adversary and the job execution process. Furthermore, we carry out numerical analysis to study the impact of different system parameters on job finish time and other evaluation metrics. The results in this paper can help defenders choose a better MTD configuration to complete the job execution as soon as possible. INDEX TERMS Moving target defense, job migration, stochastic reward net, job finish time.

show abstract

Section: Related Workmentioning

confidence: 99%

Numerical Evaluation of Job Finish Time Under MTD Environment

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Jiang and Fang [45] analyzed the payoff and cost of attack and defense, respectively, but the authors did not analyze the factors that affect these returns and costs in detail. Connell et al [46] proposed a quantitative analytic model for assessing the availability and performance of resources that are reconfigured by an MTD, but the focus of their research was to determine the optimal reconfiguration rate that maximizes a utility function. Sun and Wei [47] defined the time for the defender to repair the damaged assets as the defender's loss.…”

Section: B Efficient Policy Selectionmentioning

confidence: 99%

Efficient Strategy Selection for Moving Target Defense Under Multiple Attacks

et al. 2019

View full text Add to dashboard Cite

In a real network environment, multiple types of attacks can occur. The more important the service or network, the more attacks it may suffer simultaneously. Moving target defense (MTD) technology is a revolutionary game-changing cyberspace technology that has found various applications in recent years. However, the existing strategies are targeted at defending against specific types of attacks and do not meet the security requirements for multiple attacks. Therefore, we propose a joint defense strategy based on the MTD that can select one or multiple mutant elements to defend against different types of attacks. In addition, we use the analytic hierarchy process (AHP) to quantify the factors affecting the attack and defense costs. After comprehensively analyzing the effects of the different MTD technologies against different attacks, we propose an efficient strategy selection algorithm based on joint defense. Finally, we conduct experiments to evaluate the selection of a joint defense strategy under multiple attacks. The experimental results demonstrate the feasibility and effectiveness of the proposed joint defense strategy selection approach. INDEX TERMS Moving target defense, efficient defensive strategy selection, multiple attack, joint defense, genetic algorithm.

show abstract

“…For example, in [30], a defender uses a random patrol strategy to capture attackers in many defense spots because the defender cannot patrol all patrol spots at the same time, and a fixed periodic patrol method can be easily avoided by attackers. As another effective defense method, moving target defense (MTD) has been actively studied to defend against attackers targeting our assets, such as network devices and data, by moving the assets (or changing the locations of the assets) randomly and frequently and to thus make it very difficult for attackers to accurately target assets when they want [31][32][33][34]. In this paper, we will use the former random defense strategy to detect the intelligent on-off web defacement attacks because our research focus is to detect attackers rather than avoiding attackers; we note that studying the latter MTD in this research problem is out of the scope of this paper, but MTD techniques can be very effective for protecting our assets from attackers.…”

Section: Defense Strategy: Random Monitoringmentioning

confidence: 99%

Intelligent On-Off Web Defacement Attacks and Random Monitoring-Based Detection Algorithms

Cho

2019

Electronics

View full text Add to dashboard Cite

Recent cyberattacks armed with various ICT (information and communication technology) techniques are becoming advanced, sophisticated and intelligent. In security research field and practice, it is a common and reasonable assumption that attackers are intelligent enough to discover security vulnerabilities of security defense mechanisms and thus avoid the defense systems’ detection and prevention activities. Web defacement attacks refer to a series of attacks that illegally modify web pages for malicious purposes, and are one of the serious ongoing cyber threats that occur globally. Detection methods against such attacks can be classified into either server-based approaches or client-based approaches, and there are pros and cons for each approach. From our extensive survey on existing client-based defense methods, we found a critical security vulnerability which can be exploited by intelligent attackers. In this paper, we report the security vulnerability in existing client-based detection methods with a fixed monitoring cycle and present novel intelligent on-off web defacement attacks exploiting such vulnerability. Next, we propose to use a random monitoring strategy as a promising countermeasure against such attacks, and design two random monitoring defense algorithms: (1) Uniform Random Monitoring Algorithm (URMA), and (2) Attack Damage-Based Random Monitoring Algorithm (ADRMA). In addition, we present extensive experiment results to validate our idea and show the detection performance of our random monitoring algorithms. According to our experiment results, our random monitoring detection algorithms can quickly detect various intelligent web defacement on-off attacks (AM1, AM2, and AM3), and thus do not allow huge attack damage in terms of the number of defaced slots when compared with an existing fixed periodic monitoring algorithm (FPMA).

show abstract

Performance Modeling of Moving Target Defenses with Reconfiguration Limits

Cited by 38 publications

References 29 publications

Numerical Evaluation of Job Finish Time Under MTD Environment

Numerical Evaluation of Job Finish Time Under MTD Environment

Efficient Strategy Selection for Moving Target Defense Under Multiple Attacks

Intelligent On-Off Web Defacement Attacks and Random Monitoring-Based Detection Algorithms

Contact Info

Product

Resources

About