Moving Target Defense Research Articles

Finding Optimal Moving Target Defense Strategies: A Resilience Booster for Connected Cars

During their life-cycle, modern connected cars will have to face various and changing security threats. As for any critical embedded system, security fixes in the form of software updates need to be thoroughly verified and cannot be deployed on a daily basis. The system needs to commit to a defense strategy, while attackers can examine vulnerabilities and prepare possible exploits before attacking. In order to break this asymmetry, it can be advantageous to use proactive defenses, such as reconfiguring parts of the system configuration. However, resource constraints and losses in quality of service need to be taken into account for such Moving Target Defenses (MTDs). In this article, we present a game-theoretic model that can be used to compute an optimal MTD defense for a critical embedded system that is facing several attackers with different objectives. The game is resolved using off-the-shelf MILP solvers. We validated the method with an automotive use case and conducted extensive experiments to evaluate its scalability and stability.

EVHS - Elastic Virtual Honeypot System for SDNFV-Based Networks

The SDNFV-based network has leveraged the advantages of software-defined networking (SDN) and network-function virtualization (NFV) to become the most prominent network architecture. However, with the advancement of the SDNFV-based network, more attack types have emerged. This research focuses on one of the methods (use of the honeypot system) of preventing these attacks on the SDNFV-based network. We introduce an SDNFV-based elastic virtual honeypot system (EVHS), which not only resolves problems of other current honeypot systems but also employs a new approach to efficiently manage and control honeypots. It uses a network-intrusion-detection system (NIDS) at the border of the network to detect attacks, leverages the advantages of SDN and NFV to flexibly generate honeypots, and connects attackers to these honeypots by using a moving-target defense mechanism. Furthermore, we optimize the system to efficiently reuse the available honeypots after the attacks are handled. Experimental results validate that the proposed system is a flexible and efficient approach to manage and provide virtual honeypots in the SDNFV-based network; the system can also resolve the problems encountered by current honeypot systems.

“MystifY”: A proactive Moving-Target Defense for a resilient SDN controller in Software Defined CPS

The recent devastating mission Cyber–Physical System (CPS) attacks, failures, and the desperate need to scale and to dynamically adapt to changes, revolutionized traditional CPS to what we name as Software Defined CPS (SD-CPS). SD-CPS embraces the concept of Software Defined (SD) everything where CPS infrastructure is more elastic, dynamically adaptable and online-programmable. However, in SD-CPS, the threat became more immanent, as the long-been physically-protected assets are now programmatically accessible to cyber attackers. In SD-CPSs, a network failure hinders the entire functionality of the system. In this paper, we present MystifY, a spatiotemporal runtime diversification for Moving-Target Defense (MTD) to secure the SD-CPS infrastructure. In this paper, we relied on Smart Grid networks as crucial SD-CPS application to evaluate our presented solution. MystifY’s MTD relies on a set of pillars to ensure the SDN controller resiliency against failures and attacks. The 1st pillar is a grid-aware algorithm that optimally allocates the most suitable controller–deployment​ location in large-scale grids. The 2nd pillar is a special diversifier that dynamically relocates the controller between heterogeneously configured hosts to avoid host-based attacks. The 3rd pillar is a temporal diversifier that dynamically detours controller–workload between multiple controllers to enhance their reliability and to detect and avoid controller intrusions. Our experimental results showed the efficiency and effectiveness of the presented approach.

Moving target defense for the security and resilience of mixed time and event triggered cyber–physical systems

Memory corruption attacks such as code injection, code reuse, and non-control data attacks have become widely popular for compromising safety-critical Cyber–Physical Systems (CPS). Moving target defense (MTD) techniques such as instruction set randomization (ISR), address space randomization (ASR), and data space randomization (DSR) can be used to protect systems against such attacks. CPS often use time-triggered architectures to guarantee predictable and reliable operation. MTD techniques can cause time delays with unpredictable behavior. To protect CPS against memory corruption attacks, MTD techniques can be implemented in a mixed time and event-triggered architecture that provides capabilities for maintaining safety and availability during an attack. This paper presents a mixed time and event-triggered MTD security approach based on the ARINC 653 architecture that provides predictable and reliable operation during normal operation and rapid detection and reconfiguration upon detection of attacks. We leverage a hardware-in-the-loop testbed and an advanced emergency braking system (AEBS) case study to show the effectiveness of our approach.

Toward Proactive and Efficient DDoS Mitigation in IIoT Systems: A Moving Target Defense Approach

Nowadays, a large number of intelligent devices involved in the industrial Internet of Things (IIoT) environment lead to unprecedented challenges in security. Due to limited resources with weak security protection, the IIoT devices can be easily compromised to launch distributed denial-of-service (DDoS) attacks, resulting in catastrophic results. Although there are many DDoS mitigations of traditional static schemes, the proactive defense method to resist attacks has not been well studied. Furthermore, existing proactive schemes ignored the delay-sensitive characteristic of applications under the IIoT environments. To address these issues, we first adopt two kinds of moving target defense (MTD) techniques that dynamically control the admission of devices and migrate service replicas to isolate attackers on limited edge clouds and mitigate DDoS attacks early near its source. Then, we formulate a multistage optimization problem of MTD mechanisms deployment and model it as constrained Markov decision processes in order to maximize the available resources of the system under the limitations of the IIoT environments. Besides, we present an MTD optimal strategy algorithm to solve decision problems in a cost-effective manner. In this article, the proposed algorithm can achieve an optimal admission allocation by means of attackers gathering within the same service where the service migration decisions are assisted by means of value iteration. The experimental results verify that the proposed algorithm, compared with existing strategies, can effectively mitigate DDoS attacks with acceptable degradation of the quality of service.

Intrinsic Security: A Robust Framework for Cloud-Native Network Slicing via a Proactive Defense Paradigm

Opening-up sharing has prompted the multi-tenancy architecture, whereby different vendors (including outsourcees) work together with network operators to form a vibrant service ecosystem, resulting in several advantages as well as risks. In particular, the static nature of existing architectures in network functions virtualization-based (NFV-based) clouds facilitate hacking. Thus, much attention has been focused on determining how to avoid the uncontrollable cloud security induced by complex production relations and non-trustworthy software/hardware sources when the two sets of security risks intersect. In this article, we investigate latent persistent threats against cloud environments and determine a high degree of complementarity and consistency between the NFV-based cloud environment and the dynamic defense concept. More specifically, new NFV-based cloud features provide an effective implementation for dynamic defense, while the generalized robustness of dynamic defense theory allows for high security gains. Intrinsic cloud security (iCS) is then proposed to align NFV-based clouds, mimicking defense and the moving target defense (MTD) paradigm to implement a seamless integration and symbiosis evolution between security and NFV-based clouds. We quantify the impact on system overhead to account for efficiency and cost issues. The simulation analysis demonstrates that the enhanced mode is able to consistently obtain a more beneficial and stable defense compared with the counterparts.

A moving target defence approach for detecting deception attacks on cyber-physical systems

Cyber-physical systems have posed new challenges, affecting their users. The information security of these systems against cyber-attacks is considered one of the most complex issues in a wide range of defences. The present study proposes a new approach for detecting deception attacks based on moving target defence (MTD). The existing MTD algorithms can only recognize few attacks, including integrity attacks on the cyber-physical system, by limiting the adversary's knowledge of the original system. However, the proposed approach detects replay attacks as well. Moreover, a robust defence system is developed to mislead the adversary and make the attack identifiable from the defender's perspective by introducing a chaotic, hybrid, and extended MTD. Thus, three primary deception attacks, including False Data Injection (FDI), covert, and replay attacks, are detectable based on the proposed approach. The effectiveness of the proposed approach is validated by comparing it with continuous watermarking defence in a cyber-physical testbed.

Moving Target Defense-Based Denial-of-Service Mitigation in Cloud Environments: A Survey

With the increased frequency and intensity of denial-of-service (DoS) attacks on critical cloud-hosted services, resource adaptation schemes adopted by the cloud service providers (CSPs) need to be intelligent. Specifically, they need to be adaptable to attack behavior and be dynamic to curb resource over-utilization. The concept of moving target defense (MTD) has recently emerged as an effective and agile defense mechanism against DoS attacks that particularly target cloud-hosted applications. However, the existing surveys that seek to explore this space either focus more on MTD for generic cyberattack mitigation or on DoS attack defense on cloud systems. In this survey, we particularly provide an in-depth analysis on how MTD can help recover critical cloud assets in the face of DoS attacks and how emerging programmable technologies such as software-defined networking (SDN) can be leveraged to achieve that goal. Unlike existing surveys, we categorize DoS attacks on cloud platforms based on their working mechanism. We also discuss the non-MTD-based DoS defense strategies for both cloud and non-cloud infrastructures in order to highlight the pros and cons of MTD-based strategies. We introduce MTD working mechanisms and present how existing research is envisioning MTD’s application in mitigating DoS attacks, both with and without SDN. We also take an in-depth look at the testbed implementations and resilience and performance evaluations of MTD approaches. Finally, we articulate the existing challenges in MTD for DoS mitigation in cloud systems and how these challenges are shaping the future research in this domain.

A Cyber Deception Defense Method Based on Signal Game to Deal with Network Intrusion

Increasingly, cyber security personnel are using cyber deception defense techniques to deal with network intrusions. However, traditional cyber deception techniques (such as honeypots and honeynets) are easily detected by attackers, thus leading to failure. Therefore, we propose a cyber deception defense method based on the signal game to improve the effectiveness of the defense. More specifically, first, we propose a moving target defense (MTD) enhanced cyber deception defense mechanism. Then, on the basis of the in-depth analysis of network attack and defense scenarios, a signal game model is constructed to describe the network attack and defense process, and a multistage attack and defense game equilibrium solution method is designed to guide the selection of the optimal deception defense strategy. Meanwhile, considering the actual network attack and defense, we quantify the game revenue based on a probabilistic model. The experimental results show that the defense method proposed in this paper could guide the defender to implement the optimal defense strategy and achieve a better defense effect.

Leveraging Computational Intelligence Techniques for Defensive Deception: A Review, Recent Advances, Open Problems and Future Directions.

With information systems worldwide being attacked daily, analogies from traditional warfare are apt, and deception tactics have historically proven effective as both a strategy and a technique for Defense. Defensive Deception includes thinking like an attacker and determining the best strategy to counter common attack strategies. Defensive Deception tactics are beneficial at introducing uncertainty for adversaries, increasing their learning costs, and, as a result, lowering the likelihood of successful attacks. In cybersecurity, honeypots and honeytokens and camouflaging and moving target defense commonly employ Defensive Deception tactics. For a variety of purposes, deceptive and anti-deceptive technologies have been created. However, there is a critical need for a broad, comprehensive and quantitative framework that can help us deploy advanced deception technologies. Computational intelligence provides an appropriate set of tools for creating advanced deception frameworks. Computational intelligence comprises two significant families of artificial intelligence technologies: deep learning and machine learning. These strategies can be used in various situations in Defensive Deception technologies. This survey focuses on Defensive Deception tactics deployed using the help of deep learning and machine learning algorithms. Prior work has yielded insights, lessons, and limitations presented in this study. It culminates with a discussion about future directions, which helps address the important gaps in present Defensive Deception research.

Circuit-Variant Moving Target Defense for Side-Channel Attacks

The security of cryptosystems involves preventing an attacker's ability to obtain information about plaintext. Traditionally, this has been done by prioritizing secrecy of the key through complex key selection and secure key exchange. With the emergence of side-channel analysis (SCA) attacks, bits of a secret key may be derived by correlating key values with physical properties of cryptographic process execution. Information such as power consumption and electromagnetic (EM) radiation side-channel properties can be observed during encryption or decryption. These signals reflect data-dependent system behaviours that may reveal secret key information. Power and EM SCA attacks require several measurements of the target process to amplify the signal of interest, filter out noise, and derive the secret key through statistical analysis methods. Differential power and EM analysis attacks rely on correlating actual side-channel measurements to hypothetical models. The goal of this research is to increase the complexity of both power and EM SCA by introducing structural and spatial randomization of the target hardware. We propose a System-on-a-Chip (SOC) countermeasure that will periodically reconfigure an AES scheme using randomly located S-box circuit variants. We hypothesize that changing the location of the target modules between encryption runs will result in a nonconstant EM signal strength for any given point on the chip, increasing the number of traces needed to perform a localized EM SCA attack. Further, each of the S-box circuit variants will consist of functionally equivalent, structurally diverse hardware. By diversifying the implementations at the gate-level, we aim to vary the power behaviour observed by the attacker and disrupt the correlation between the hypothetical and actual power consumption, increasing the complexity of power SCA. This moving target defense aims to disrupt side-channel collection and correlation needed to successfully implement an attack.

Strategic Protection Against FDI Attacks With Moving Target Defense in Power Grids

Moving target defense (MTD) is a new defensive strategy protecting the power system state estimation from cyberattacks. Using the distributed flexible ac transmission system (D-FACTS), MTD works by actively perturbing the branch parameters that are needed to construct the false data injection (FDI) attacks. Although there are many pioneer works on MTD, the relationship between the construction of MTD and detection of FDI attacks has not been revealed. In this article, we reveal the correlation between MTD design and FDI detection and optimize MTD’s performance in terms of detecting FDI attacks. We provide a sufficient condition for a specially designed MTD to detect and identify the FDI attack and a necessary condition for general MTDs to protect the state estimates from being independently modified. With the aim to reduce the number of measurements that can be manipulated by the attacker after MTD, we develop a heuristic algorithm to compute a near-optimal solution for the deployment of D-FACTS devices. Moreover, we prove that the coordinated design of consecutive perturbation schemes within an MTD cycle can improve the performance of MTD in terms of detecting FDI attacks. Finally, we conduct extensive simulations with the IEEE power system test cases to validate our findings.

A Tutorial on Moving Target Defense Approaches Within Automotive Cyber-Physical Systems

Moving Target Defenses (MTD) have become a popular and emerging defense strategy for the protection of traditional information technology systems. By their very nature, MTD strategies are designed to protect against adversary reconnaissance efforts on static platforms, essentially sitting back and having unlimited time to identify, craft, execute, and scale an exploit. With the rapid adoption of distributed automotive Cyber-Physical Systems (CPS) ranging from self driving cars, to connected transportation infrastructure, it is becoming more apparent that third party supply chains, increased remote communication interfaces, and legacy software stacks are making the traditionally designed standalone systems become more susceptible to safety-critical cyber-attacks. MTD strategies within the automotive CPS domain have to delicately balance the tradeoff between security and real time predictability, maintaining the safety constraints of the systems. In this paper, we explore the various MTD strategies presented within the literature while discussing potential applicability and strategies sufficient for the automotive CPS domain.

Moving target defense of routing randomization with deep reinforcement learning against eavesdropping attack

Eavesdropping attacks have become one of the most common attacks on networks because of their easy implementation. Eavesdropping attacks not only lead to transmission data leakage but also develop into other more harmful attacks. Routing randomization is a relevant research direction for moving target defense, which has been proven to be an effective method to resist eavesdropping attacks. To counter eavesdropping attacks, in this study, we analyzed the existing routing randomization methods and found that their security and usability need to be further improved. According to the characteristics of eavesdropping attacks, which are “latent and transferable”, a routing randomization defense method based on deep reinforcement learning is proposed. The proposed method realizes routing randomization on packet-level granularity using programmable switches. To improve the security and quality of service of legitimate services in networks, we use the deep deterministic policy gradient to generate random routing schemes with support from powerful network state awareness. In-band network telemetry provides real-time, accurate, and comprehensive network state awareness for the proposed method. Various experiments show that compared with other typical routing randomization defense methods, the proposed method has obvious advantages in security and usability against eavesdropping attacks.

Power economic dispatch against extreme weather conditions: The price of resilience

With climate change, we have been witnessing more frequent extreme weather events causing increasingly common large-scale power outages. It is essential and urgent to improve power system resilience, which also substantially impacts the resilience of dependent infrastructures, such as water and health systems. This work investigates the enhancement of power grid resilience using proactive network-constrained economic dispatch (NCED) strategies. An extreme weather event is modeled as an attacker interdicting a selected set of transmission lines to cause overloading of remaining lines, which potentially leads to cascading failures. We define a set of resilience metrics, with the first one being a weighted number of overloaded lines immediately after the attack to capture the potential cascading chain effect, the second one predicting the worst-case value of the first metric to provide a forward-looking evaluation, and the last one assessing whether each line can be overloaded in the worst case to supply more granular awareness. We also propose a defender–attacker–defender NCED model solved by a column-and-constraint generation algorithm to optimize the defined metrics. The model can generate strategies that (1) enhances resilience without additional NCED cost; (2) further enhances resilience with a budgeted extra NCED cost; and (3) achieves a moving target defense scheme shifting the grid’s vulnerable part(s). The associated price of resilience is specifically evaluated. Results on standard test systems demonstrate the proposed methods’ effectiveness. Overall, our methods and results provide insights on the establishment of social, economic and environmental resilience by contributing to the resolution of resilience-related power and energy issues.

Toward Automated Security Analysis and Enforcement for Cloud Computing Using Graphical Models for Security

Cloud computing has become widely adopted by businesses for hosting applications with improved performance at a fraction of the operational costs and complexity. The rise of cloud applications has been coupled with an increase in security threat vectors and vulnerabilities. In this paper, we propose a new security assessment and enforcement tool for the cloud named CloudSafe, which provides an automated security assessment and enforce best security control for the cloud by collating various security tools. To demonstrate the applicability and usability of CloudSafe, we implemented CloudSafe and conducted security assessment in Amazon AWS. Also, we analyzed four different security countermeasure options in depth; Vulnerability Patching, Virtual Patching, Network Hardening and Moving Target Defence. Virtual Patching, Network Hardening and Moving Target Defence were determined to be feasible with regards to deployment implementation for the project. Proof of concepts were developed demonstrating the effectiveness of each feasible countermeasure option. These results indicate that the proposed tool CloudSafe is effective and efficient in helping security administrators to select optimal countermeasures to secure their cloud by conducting an in-depth security assessment.

Compressing Deep Learning Model for Agile Moving Target Defense

The moving target defense achieves the effect of defending against network attacks by constantly changing the attack surface. IP hopping defense is a typical representative of network layer moving target defense technology. It has been verified to show considerable defense effect against DDoS attacks and scanning attacks. Aiming at the problems that the system resource overhead of the existing IP hopping defense technology is too large, an agile IP hopping defense technology based on compressed neural network is proposed in this paper. A convolutional neural network (CNN) is deployed to sense the attack. In the training, the CNN uses techniques of clipping and quantizing to make the trained model show low storage occupation and high processing efficiency. The lightweight CNN determines the current attack situation according to the flow table data uploaded regularly by each switch in the data plane. Then configure and trigger two different levels of IP hopping according to the judgment results. Experimental results show that compared with the current typical IP hopping defense methods, the proposed method can significantly reduce the system overhead, including storage occupation, channel occupation and so on. In terms of security, the performance of the proposed method is equivalent to the existing state-of-art method against DDoS attacks and scanning attacks.

A Novel Moving Target Defense Scheme With Physical Unclonable Functions-Based Authentication

Recent studies have discovered possible security issues on Supervisory Control and Data Acquisition systems (SCADA) in the critical architecture and focus on developing protection mechanisms on this system. Moving Target Mobile IPv6 Defense II is one of these schemes, in which the node in SCADA system employs the moving target’s mobile IPv6 mechanism to solve the possible security problem the attacker targeting the specific node and launching attacks. However, the node in this novel scheme still should need to send update binding message with its new IP address to other nodes, which still possibly causes IP leakage security problem. Hence, in our study, we propose a moving target defense scheme with Physical Unclonable Functions (PUF) based authentication in SCADA system. In our scheme, PUF based authentication scheme ensures the security of the whole IP updating process. Once the nodes finish authentication process, they can perform IP generation mechanism based on unique parameter resulting from PUF outputs. Hence, our proposed scheme can ensure the unique characteristic of our generated IP address and no packet loss in the duration of IP rotation. Compared with other MTD-based schemes, our performance evaluation also shows that our proposed scheme can achieve good security performance in SCADA systems.

Reinforcement Learning for feedback-enabled cyber resilience

The rapid growth in the number of devices and their connectivity has enlarged the attack surface and made cyber systems more vulnerable. As attackers become increasingly sophisticated and resourceful, mere reliance on traditional cyber protection, such as intrusion detection, firewalls, and encryption, is insufficient to secure the cyber systems. Cyber resilience provides a new security paradigm that complements inadequate protection with resilience mechanisms. A Cyber-Resilient Mechanism (CRM) adapts to the known or zero-day threats and uncertainties in real-time and strategically responds to them to maintain the critical functions of the cyber systems in the event of successful attacks. Feedback architectures play a pivotal role in enabling the online sensing, reasoning, and actuation process of the CRM. Reinforcement Learning (RL) is an important gathering of algorithms that epitomize the feedback architectures for cyber resilience. It allows the CRM to provide dynamic and sequential responses to attacks with limited or without prior knowledge of the environment and the attacker. In this work, we review the literature on RL for cyber resilience and discuss the cyber-resilient defenses against three major types of vulnerabilities, i.e., posture-related, information-related, and human-related vulnerabilities. We introduce moving target defense, defensive cyber deception, and assistive human security technologies as three application domains of CRMs to elaborate on their designs. The RL algorithms also have vulnerabilities themselves. We explain the major vulnerabilities of RL and present develop several attack models where the attacker target the information exchanged between the environment and the agent: the rewards, the state observations, and the action commands. We show that the attacker can trick the RL agent into learning a nefarious policy with minimum attacking effort. The paper introduces several defense methods to secure the RL-enabled systems from these attacks. However, there is still a lack of works that focuses on the defensive mechanisms for RL-enabled systems. Last but not least, we discuss the future challenges of RL for cyber security and resilience and emerging applications of RL-based CRMs.

Towards Countering the Insider Reconnaissance Using a Combination of Shuffling and Diversity Moving Target Defense Techniques

Moving Target Defense (MTD) has recently emerged as a significant cybersecurity technique. Software-Defined Networking (SDN) has the capability to design efficient network architecture due to its programmability and centralized control management. In this paper, a mechanism for the protection against insider reconnaissance has been proposed using a combination of diversity and a shuffling-based approach of MTD. In order to implement the shuffling technique, IP shuffling is used in the insider network. The IP addresses of internal hosts are mapped via real to virtual IP mapping through random IP generation from a pseudo-random mechanism. For the diversity, a multiple servers’ platform is incorporated for different critical LAN services like Domain Name System (DNS), internal web services, etc. This combined diversity and shuffling approach significantly counters the insider reconnaissance targeting critical LAN services. The proposed scheme also exploited open-source IDS to block insider reconnaissance. The proposed solution was implemented using ONOS SDN controller, Mininet simulator, Snort IDS systems. The experimental results substantiate effective protection against insider network reconnaissance at a low computational cost.