Abstract
Moving target defense (MTD) has emerged as a proactive defense mechanism aiming to thwart a potential attacker. The key underlying idea of MTD is to increase uncertainty and confusion for attackers by changing the attack surface (i.e., system or network configurations) that can invalidate the intelligence collected by the attackers and interrupt attack execution; ultimately leading to attack failure. Recently, the significant advance of software-defined networking (SDN) technology has enabled several complex system operations to be highly flexible and robust; particularly in terms of programmability and controllability with the help of SDN controllers. Accordingly, many security operations have utilized this capability to be optimally deployed in a complex network using the SDN functionalities. In this paper, by leveraging the advanced SDN technology, we developed an attack graph-based MTD technique that shuffles a host’s network configurations (e.g., MAC/IP/port addresses) based on its criticality, which is highly exploitable by attackers when the host is on the attack path(s). To this end, we developed a hierarchical attack graph model that provides a network’s vulnerability and network topology, which can be utilized for the MTD shuffling decisions in selecting highly exploitable hosts in a given network, and determining the frequency of shuffling the hosts’ network configurations. The MTD shuffling with a high priority on more exploitable, critical hosts contributes to providing adaptive, proactive, and affordable defense services aiming to minimize attack success probability with minimum MTD cost. We validated the out performance of the proposed MTD in attack success probability and MTD cost via both simulation and real SDN testbed experiments.
Highlights
M OVING target defense (MTD) has emerged as a proactive defense technique to thwart and confuse potential attackers aiming to penetrate a system by exploiting system vulnerabilities [11]
To provide highly cost-effective security services, the approach proposed in this paper focuses on shuffling network configurations of highly critical, vulnerable hosts that can significantly attract attackers aiming to exploit the vulnerabilities on the attack paths with the hosts
To estimate an role-based criticality (RC), we identify attack sequences starting from externally accessible hosts (i.e., Hex ) to hosts with high RC by using the information from Layer 1 (L1) and Layer 2 (L2) in the tier attack graph (TAG) model
Summary
M OVING target defense (MTD) has emerged as a proactive defense technique to thwart and confuse potential attackers aiming to penetrate a system by exploiting system vulnerabilities [11]. To provide highly cost-effective security services, the approach proposed in this paper focuses on shuffling network configurations of highly critical, vulnerable hosts that can significantly attract attackers aiming to exploit the vulnerabilities on the attack paths with the hosts. The fundamental underlying idea is that given each host with a different level of asset criticality if more critical hosts are protected with high priority, it will significantly contribute to building highly secure and dependable systems with low defense cost To this end, we develop an exploitability prediction algorithm for each attack path and estimate an expected attack success probability (i.e., a likelihood of an attacker successfully compromising a critical target host). We propose an overhead-controllable address shuffling method that changes a host’s network configurations by selecting a single host based on the asset criticality at every shuffling interval This approach allows the security administrator to operate MTD without affecting system performance by controlling the shuffling interval.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IEEE Transactions on Network and Service Management
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
