Model-driven, Moving-Target Defense for Enterprise Network Security

This chapter presents the design and initial simulation results for a prototype moving-target defense (MTD) system, whose goal is to significantly increase the difficulty of attacks on enterprise networks. Most networks are static, which gives attacker’s a great advantage. Services are run on well-known ports at fixed, easily identifiable IP addresses. The goal of an MTD system is to eliminate the static nature of networks by continuously adapting their configuration over time in ways that seems random or chaotic to attackers, thus negating their advantage. The novelty of our approach lies in the use of runtime models that explicitly capture a network’s operational and security goals, the functionality required to achieve those goals, and the configuration of the system. The MTD system reasons over these models to determine how to make changes to the system that are invisible to users but appear chaotic to an attacker. Our system uses these runtime models to analyze both known and unknown vulnerabilities to ensure that adaptations occur often enough and in the right ways to protect the system against external attacks.

[1]  Stephen Fickas,et al.  Goal-Directed Requirements Acquisition , 1993, Sci. Comput. Program..

[2]  D. Kewley,et al.  DARPA Information Assurance Program dynamic defense experiment summary , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[3]  Scott A. DeLoach,et al.  Multiagent Systems Engineering , 2001, Int. J. Softw. Eng. Knowl. Eng..

[4]  Erik Lee,et al.  Final Report for the Network Security Mechanisms Utilizing Network Address Translation LDRD Project , 2002 .

[5]  Michael Atighetchi,et al.  Adaptive use of network-centric mechanisms in cyber-defense , 2003, Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, 2003..

[6]  Evangelos P. Markatos,et al.  Defending against hitlist worms using network address space randomization , 2005, WORM '05.

[7]  Robert K. Cunningham,et al.  Evaluating and Strengthening Enterprise Network Security Using Attack Graphs , 2005 .

[8]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[9]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[10]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[11]  Scott A. DeLoach,et al.  A capabilities-based model for adaptive organizations , 2008, Autonomous Agents and Multi-Agent Systems.

[12]  A. Greenberg,et al.  Towards highly reliable enterprise network services via inference of multi-level dependencies , 2007, SIGCOMM '07.

[13]  Sahin Albayrak,et al.  Application-level simulation for network security , 2008, SimuTools.

[14]  Xu Chen,et al.  Automating Network Application Dependency Discovery: Experiences, Limitations, and New Solutions , 2008, OSDI.

[15]  Xinming Ou,et al.  An Empirical Approach to Modeling Uncertainty in Intrusion Analysis , 2009, 2009 Annual Computer Security Applications Conference.

[16]  Scott A. DeLoach,et al.  A Goal Model for Adaptive Complex Systems , 2009 .

[17]  Michael R. Grimaila,et al.  Design Considerations for a Cyber Incident Mission Impact Assessment (CIMIA) Process , 2009, Security and Management.

[18]  May R. Chaffin,et al.  Empirical Estimates and Observations of 0Day Vulnerabilities , 2009, 2009 42nd Hawaii International Conference on System Sciences.

[19]  Nelly Bencomo,et al.  Requirements reflection: requirements as runtime entities , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[20]  Nikolai Joukov,et al.  Application-storage discovery , 2010, SYSTOR '10.

[21]  Fred B. Schneider,et al.  Proactive obfuscation , 2010, TOCS.

[22]  Nelly Bencomo,et al.  Requirements-Aware Systems: A Research Agenda for RE for Self-adaptive Systems , 2010, 2010 18th IEEE International Requirements Engineering Conference.

[23]  Xinming Ou,et al.  Practical IDS alert correlation in the face of dynamic threats , 2011 .