Evolutionary based moving target cyber defense

A Moving Target (MT) defense constantly changes a system's attack surface, in an attempt to limit the usefulness of the reconnaissance the attacker has collected. One approach to this defense strategy is to intermittently change a system's configuration. These changes must maintain functionality and security, while also being diverse. Finding suitable configuration changes that form a MT defense is challenging. There are potentially a large number of individual configurations' settings to consider, without a full understanding of the settings' interdependencies. Evolution-based algorithms, which formulate better solutions from good solutions, can be used to create a MT defense. New configurations are created based on the security of previous configurations and can be periodically implemented to change the system's attack surface. This approach not only has the ability to discover new, more secure configurations, but is also proactive and resilient since it can continually adapt to the current environment in a fashion similar to systems found in nature. This article presents and compares two genetic algorithms to create a MT defense. The primary difference between the two is based on their approaches to mutation. One mutates values, and the other modifies the domains from which values are chosen.

[1]  Karen A. Scarfone,et al.  A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST , 2007 .

[2]  Salvatore J. Stolfo,et al.  Measuring Security , 2011, IEEE Security & Privacy.

[3]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[4]  Dorothea Heiss-Czedik,et al.  An Introduction to Genetic Algorithms. , 1997, Artificial Life.

[5]  D. Kewley,et al.  Dynamic approaches to thwart adversary intelligence gathering , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[6]  Nello Cristianini,et al.  An Introduction to Support Vector Machines and Other Kernel-based Learning Methods , 2000 .

[7]  Emre Kiciman,et al.  Discovering correctness constraints for self-management of system configuration , 2004 .

[8]  Erik Lee,et al.  Final Report for the Network Security Mechanisms Utilizing Network Address Translation LDRD Project , 2002 .

[9]  Evangelos P. Markatos,et al.  Defending against hitlist worms using network address space randomization , 2005, WORM '05.

[10]  Michael B. Crouse,et al.  A moving target environment for computer configurations using Genetic Algorithms , 2011, 2011 4th Symposium on Configuration Analytics and Automation (SAFECONFIG).

[11]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[12]  Matt Bishop,et al.  The Art and Science of Computer Security , 2002 .

[13]  Yi-Min Wang,et al.  Discovering correctness constraints for self-management of system configuration , 2004, International Conference on Autonomic Computing, 2004. Proceedings..

[14]  Steven D. Gribble,et al.  Configuration Debugging as Search: Finding the Needle in the Haystack , 2004, OSDI.

[15]  Stefan Berlik,et al.  Foundations of Directed Mutation , 2006, Integrated Intelligent Systems for Engineering Design.