Network-based Moving Target Defense Research Articles

Strengthening Network-Based Moving Target Defense with Disposable Identifiers

Strengthening Network-Based Moving Target Defense with Disposable Identifiers

Moving Target Defense Based on Adaptive Forwarding Path Migration for Securing the SCADA Network

Static characteristics of supervisory control and data acquisition (SCADA) system are often exploited to perform malicious activities on smart grids. Most of the time, the success of cyberattacks begins with the profiling of the target system and follows by the analysis of the limited resources. To alleviate the asymmetry between attack and defense, network-based moving target defense (MTD) techniques have been applied in the network system to defend against cyberattacks by constructing a dynamic attack surface to the adversary. In this paper, we propose a novel MTD technique based on adaptive forwarding path migration (AFPM) that focuses on improving the defense capability and optimizing the network performance of path mutation. Considering the transient problems present in path mutation caused by the dynamic switching of the forwarding path, we formalize the mutation constraints based on the satisfiability modulo theory (SMT) to select the mutation path. Considering the limited defense capability of path mutation owing to the traditional mutation selection mechanism, we design the mutation path generation algorithm based on the network security capacity matrix to obtain an optimal combination of mutation path and mutation period. Finally, we compare and analyze various cyber defense techniques used in the SCADA network and demonstrate experimentally that our MTD technique can prevent more than 92% of passive monitoring under specified conditions while ensuring the quality of service (QoS) to be almost the same as the static network.

Dynamic Security Metrics for Software-Defined Network-based Moving Target Defense

We propose a suite of dynamic security metrics that timely, dynamically, and adaptively assess the effectiveness of the software-defined network (SDN)-based moving target defense (MTD) techniques. The security metrics are developed to measure the dynamics of a network and a host state's information (e.g., IP address, port, software stacks, vulnerabilities, or network topology) introduced by various types of MTD techniques shuffling them. The key aspect of our proposed metrics is to capture variability that keeps track of changing patterns of the network and the host states upon every MTD triggering event. In this work, we propose the following security metrics capturing the variability based on the changes made by the MTD: (1) Network and host address-based metrics measuring variability of the network and host addresses based on a degree of uncertainty and unpredictability on the assigned IP address to the hosts in a network; (2) Attack path-based metrics measuring variability of attack paths using graphical models estimated based on the network state transitions from one topology to another topology upon triggering a network topology and/or IP shuffling MTD; and (3) Attack stage-based success metrics measuring the chances of discovering a vulnerable target host's information, exploiting the target host's vulnerability, and compromising the target host. Via extensive simulation study, we investigated the key parameters that can significantly affect the MTD performance based on the proposed security metrics. Our simulation results show that the metrics are viable to measure the effectiveness of deploying the MTD techniques.

Ghost-MTD: Moving Target Defense via Protocol Mutation for Mission-Critical Cloud Systems

Research on various security technologies has been actively underway to protect systems from attackers. However, attackers can secure enough time to reconnoiter and attack the target system owing to its static nature. This develops asymmetric warfare in which attackers outwit defenders. Moving target defense (MTD) technologies, which obfuscate the attack surface by modifying the main properties of the potential target system, have been gaining attention as an active cyber security technology. Particularly, network-based MTD (NMTD) technologies, which dynamically mutate the network configuration information, such as IP and ports of the potential target system, can dramatically increase the time required for an attacker to analyze the system. Therefore, this system defense technology has been actively researched. However, increasing the analysis complexity of the target system is limited in conventional NMTD because the variation of system properties (e.g., IP, port) that can be mutated is restricted by the system configuration environment. Therefore, there is a need for an MTD technique that effectively delays an attacker during the system analysis by increasing the variation of system properties. Additionally, in terms of practicality, minimizing the computational overhead arising by the MTD technology and solving the compatibility problem with existing communication protocols are critical issues that cannot be overlooked. In this study, we propose a technology called Ghost-MTD (gMTD). gMTD allows only the user who is aware of protocol mutation patterns to correctly communicate with the service modules of the server system through protocol mutation using the pre-shared one-time bit sequence. Otherwise, gMTD deceives the attackers who attempt to infiltrate the system by redirecting their messages to a decoy-hole module. The experimental results show that the proposed technology enables protocol mutation and validation with a very low performance overhead of only 3.28% to 4.97% using an m-bit (m ≥ 4) length one-time bit sequence and can be applied to real systems regardless of the specific communication protocols.

An Approach for Applying Network-based Moving Target Defense into Internet of Things Networks

An Approach for Applying Network-based Moving Target Defense into Internet of Things Networks

Design of a Protected Server Network with Decoys for Network-based Moving Target Defense

Design of a Protected Server Network with Decoys for Network-based Moving Target Defense

Analysis of Threat Model and Requirements in Network-based Moving Target Defense

Analysis of Threat Model and Requirements in Network-based Moving Target Defense