Scalable Security Models for Assessing Effectiveness of Moving Target Defenses

Moving Target Defense (MTD) changes the attack surface of a system that confuses intruders to thwart attacks. Various MTD techniques are developed to enhance the security of a networked system, but the effectiveness of these techniques is not well assessed. Security models (e.g., Attack Graphs (AGs)) provide formal methods of assessing security, but modeling the MTD techniques in security models has not been studied. In this paper, we incorporate the MTD techniques in security modeling and analysis using a scalable security model, namely Hierarchical Attack Representation Models (HARMs), to assess the effectiveness of the MTD techniques. In addition, we use importance measures (IMs) for scalable security analysis and deploying the MTD techniques in an effective manner. The performance comparison between the HARM and the AG is given. Also, we compare the performance of using the IMs and the exhaustive search method in simulations.

[1]  David Evans,et al.  N-Variant Systems: A Secretless Framework for Security through Diversity , 2006, USENIX Security Symposium.

[2]  KimDong Seong,et al.  Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees , 2012 .

[3]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[4]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[5]  Bradley R. Schmerl,et al.  Architecture-based self-protecting software systems , 2013, QoSA '13.

[6]  Dijiang Huang,et al.  NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems , 2013, IEEE Transactions on Dependable and Secure Computing.

[7]  Scott A. DeLoach,et al.  Mission-oriented moving target defense based on cryptographically strong network dynamics , 2013, CSIIRW '13.

[8]  Paul Jones,et al.  Secrets and Lies: Digital Security in a Networked World , 2002 .

[9]  Brett Benyo,et al.  Moving target defense (MTD) in an adaptive execution environment , 2013, CSIIRW '13.

[10]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[11]  Yulong Zhang,et al.  Incentive Compatible Moving Target Defense against VM-Colocation Attacks in Clouds , 2012, SEC.

[12]  Laurent Gallon,et al.  Using CVSS in Attack Graphs , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[13]  Richard P. Lippmann,et al.  An Annotated Review of Past Papers on Attack Graphs , 2005 .

[14]  Dong Seong Kim,et al.  Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees , 2012, Secur. Commun. Networks.

[15]  Sushil Jajodia,et al.  Time-efficient and cost-effective network hardening using attack graphs , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[16]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[17]  Pratyusa K. Manadhata,et al.  Game Theoretic Approaches to Attack Surface Shifting , 2013, Moving Target Defense.

[18]  Richard Lippmann,et al.  Modeling Modern Network Attacks and Countermeasures Using Attack Graphs , 2009, 2009 Annual Computer Security Applications Conference.

[19]  Angelos Stavrou,et al.  MOTAG: Moving Target Defense against Internet Denial of Service Attacks , 2013, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[20]  Hamed Okhravi,et al.  Creating a Cyber Moving Target for Critical Infrastructure Applications , 2011, Critical Infrastructure Protection.

[21]  Salim Hariri,et al.  Resilient Dynamic Data Driven Application Systems (rDDDAS) , 2013, ICCS.

[22]  Cristina Nita-Rotaru,et al.  Increasing Network Resiliency by Optimally Assigning Diverse Variants to Routing Nodes , 2013, IEEE Transactions on Dependable and Secure Computing.

[23]  Zhong Chen,et al.  Evaluating Network Security With Two-Layer Attack Graphs , 2009, 2009 Annual Computer Security Applications Conference.

[24]  William H. Sanders,et al.  Ieee Transactions on Parallel and Distributed Systems Rre: a Game-theoretic Intrusion Response and Recovery Engine , 2022 .

[25]  Jin B. Hong,et al.  Scalable Attack Representation Model Using Logic Reduction Techniques , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[26]  Sushil Jajodia,et al.  An efficient approach to assessing the risk of zero-day vulnerabilities , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[27]  Dong Seong Kim,et al.  Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[28]  Anh Nguyen-Tuong,et al.  Effectiveness of Moving Target Defenses , 2011, Moving Target Defense.

[29]  Abdul Jabbar,et al.  Path diversification for future internet end-to-end resilience and survivability , 2014, Telecommun. Syst..

[30]  Jack W. Davidson,et al.  Security through redundant data diversity , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[31]  Sushil Jajodia,et al.  Minimum-cost network hardening using attack graphs , 2006, Comput. Commun..

[32]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[33]  Indrajit Ray,et al.  Using Attack Trees to Identify Malicious Attacks from Authorized Insiders , 2005, ESORICS.

[34]  Valentina Casola,et al.  A moving target defense approach for protecting resource-constrained distributed devices , 2013, 2013 IEEE 14th International Conference on Information Reuse & Integration (IRI).

[35]  Sushil Jajodia,et al.  k-Zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks , 2010, ESORICS.

[36]  Sushil Jajodia,et al.  k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities , 2014, IEEE Transactions on Dependable and Secure Computing.

[37]  Jin B. Hong,et al.  Scalable security analysis in hierarchical attack representation model using centrality measures , 2013, 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W).

[38]  Chao Yang,et al.  NOMAD: Towards non-intrusive moving-target defense against web bots , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[39]  Scott A. DeLoach,et al.  Investigating the application of moving target defenses to network security , 2013, 2013 6th International Symposium on Resilient Control Systems (ISRCS).

[40]  Evangelos P. Markatos,et al.  Defending against hitlist worms using network address space randomization , 2005, WORM '05.

[41]  Jin B. Hong,et al.  Performance Analysis of Scalable Attack Representation Models , 2013, SEC.

[42]  Michael Franz,et al.  Compiler-Generated Software Diversity , 2011, Moving Target Defense.

[43]  Yih Huang,et al.  Introducing Diversity and Uncertainty to Create Moving Attack Surfaces for Web Services , 2011, Moving Target Defense.

[44]  Jin B. Hong,et al.  Scalable Security Model Generation and Analysis Using k-importance Measures , 2013, SecureComm.

[45]  George Cybenko,et al.  Security Analytics and Measurements , 2012, IEEE Security & Privacy.

[46]  Ghassan O. Karame,et al.  Enabling secure VM-vTPM migration in private clouds , 2011, ACSAC '11.

[47]  Jack W. Davidson,et al.  Security through Diversity: Leveraging Virtual Machine Technology , 2009, IEEE Security & Privacy.

[48]  Michael B. Crouse,et al.  A moving target environment for computer configurations using Genetic Algorithms , 2011, 2011 4th Symposium on Configuration Analytics and Automation (SAFECONFIG).

[49]  Scott A. DeLoach,et al.  Simulation-based Approaches to Studying Effectiveness of Moving-Target Network Defense | NIST , 2012 .