An Evolutionary Strategy for Resilient Cyber Defense

Many cyber attacks can be attributed to poorly configured software, where administrators are often unaware of insecure settings due to the configuration complexity or the novelty of an attack. A resilient configuration management approach would address this problem by updating configuration settings based on current threats while continuing to render useful services. This responsive and adaptive behavior can be obtained using an evolutionary algorithm, where security measures of current configurations are employed to evolve new configurations. Periodically, these configurations are applied across a collection of computers, changing the systems' attack surfaces and reducing their exposure to vulnerabilities. The effectiveness of this evolutionary strategy for defending RedHat Linux Apache web-servers is analyzed experimentally through a study of configuration fitness, population diversity, and resiliency observations. Configuration fitness reflects the level of system confidentiality, integrity and availability; whereas, population diversity gauges the heterogeneous nature of the configuration sets. The computers' security depends upon the discovery of a diverse set of highly fit parameter configurations. Resilience reflects the evolutionary algorithm's adaptability to new security threats. Experimental results indicate the approach is able to determine and maintain secure parameter settings when confronted with a variety of simulated attacks over time.

[1]  Robert Walter Smith Evolutionary strategies for secure moving target configuration discovery , 2014 .

[2]  David J. John,et al.  Evolutionary based moving target cyber defense , 2014, GECCO.

[3]  Ricardo Bianchini,et al.  Mojave: A Recommendation System for Software Upgrades , 2012, MAD.

[4]  Yuanyuan Zhou,et al.  Do not blame users for misconfigurations , 2013, SOSP.

[5]  Emre Kiciman,et al.  Discovering correctness constraints for self-management of system configuration , 2004 .

[6]  Luc Beaudoin Autonomic computer network defence using risk states and reinforcement learning , 2009 .

[7]  Richard Ford,et al.  Moving-Target Defenses for Computer Networks , 2014, IEEE Security & Privacy.

[8]  Farnam Jahanian,et al.  If It Ain't Broke, Don't Fix It: Challenges and New Directions for Inferring the Impact of Software Patches , 2009, HotOS.

[9]  Brett Benyo,et al.  A3: An Environment for Self-Adaptive Diagnosis and Immunization of Novel Attacks , 2012, 2012 IEEE Sixth International Conference on Self-Adaptive and Self-Organizing Systems Workshops.

[10]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[11]  Xin Zhou Measurements associated with learning more secure computer configuration parameters , 2015 .

[12]  Karen A. Scarfone,et al.  A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST , 2007 .

[13]  Steven D. Gribble,et al.  Configuration Debugging as Search: Finding the Needle in the Haystack , 2004, OSDI.

[14]  David J. John,et al.  An initial framework for evolving computer configurations as a moving target defense , 2014, CISR '14.

[15]  Brett Benyo,et al.  Managed Execution Environment as a Moving-Target Defense Infrastructure , 2014, IEEE Security & Privacy.

[16]  Helen J. Wang,et al.  Strider: a black-box, state-based approach to change and configuration management and support , 2003, Sci. Comput. Program..

[17]  Salvatore J. Stolfo,et al.  Symbiotes and defensive Mutualism: Moving Target Defense , 2011, Moving Target Defense.

[18]  David J. Musliner,et al.  FUZZBUSTER: Towards Adaptive Immunity from Cyber Threats , 2011, 2011 Fifth IEEE Conference on Self-Adaptive and Self-Organizing Systems Workshops.

[19]  Gary Stoneburner,et al.  Underlying technical models for information technology security :: recommendations of the National Institute of Standards and Technology , 2001 .

[20]  Carsten Eiram The CVSSv 2 Shortcomings , Faults , and Failures Formulation Subject : An Open Letter to FIRST From : , 2013 .

[21]  Cheng Zhang,et al.  Automated Test Oracles: A Survey , 2015, Adv. Comput..

[22]  Junfeng Yang,et al.  Context-based Online Configuration-Error Detection , 2011, USENIX Annual Technical Conference.