Moving Target Defense (MTD) consists of applying dynamic reconfiguration in the defensive side of the attack-defense cybersecurity game. Virtual Machine (VM) migration could be used as MTD against specific host-based attacks in the cloud computing environment by remapping the distribution of VMs in the existing physical hosts. This way, when the attacker’s VM is moved to a different machine, the attack has to be restarted. However, one significant gap here is how to select a proper VM migration-based MTD schedule to reach the desired levels of system protection. This paper develops a Stochastic Petri Net (SPN) model to address this issue. The model leverages empirical knowledge about the dynamics of the attack defense in a VM migration-enabled setup. First, we present the results of an experimental campaign to acquire knowledge about the system’s behavior. The experiments provide insights for the model design. Then, based on the model, we propose a tool named PyMTDEvaluator, which provides a graphical interface that serves as a wrapper for the simulation environment of the model. Finally, we exercise the tool using Multi-Criteria Decision-Making methods to aid the MTD policy selection. Hopefully, our results and methods will be helpful for system managers and cybersecurity professionals.
Read full abstract