Evaluating Moving Target Defense with PLADD

This project evaluates the effectiveness of moving target defense (MTD) techniques using a new game we have designed, called PLADD, inspired by the game FlipIt [28]. PLADD extends FlipIt by incorporating what we believe are key MTD concepts. We have analyzed PLADD and proven the existence of a defender strategy that pushes a rational attacker out of the game, demonstrated how limited the strategies available to an attacker are in PLADD, and derived analytic expressions for the expected utility of the game’s players in multiple game variants. We have created an algorithm for finding a defender’s optimal PLADD strategy. We show that in the special case of achieving deterrence in PLADD, MTD is not always cost effective and that its optimal deployment may shift abruptly from not using MTD at all to using it as aggressively as possible. We believe our effort provides basic, fundamental insights into the use of MTD, but conclude that a truly practical analysis requires model selection and calibration based on real scenarios and empirical data. We propose several avenues for further inquiry, including (1) agents with adaptive capabilities more reflective of real world adversaries, (2) the presence of multiple, heterogeneous adversaries, (3) computational game theory-based approaches such as coevolution to allow scaling to the real world beyond the limitations of analytical analysis and classical game theory, (4) mapping the game to real-world scenarios, (5) taking player risk into account when designing a strategy (in addition to expected payoff), (6) improving our understanding of the dynamic nature of MTD-inspired games by using a martingale representation, defensive forecasting, and techniques from signal processing, and (7) using adversarial games to develop inherently resilient cyber systems.

[1]  Michael P. Wellman,et al.  Empirical Game-Theoretic Analysis of an Adaptive Cyber-Defense Scenario (Preliminary Report) , 2014, GameSec.

[2]  Sushil Jajodia,et al.  Moving Target Defense II: Application of Game Theory and Adversarial Modeling , 2012 .

[3]  David H. Ackley,et al.  Randomized instruction set emulation , 2005, TSEC.

[4]  Richard K. Belew,et al.  Coevolutionary search among adversaries , 1997 .

[5]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[6]  Ronald L. Rivest,et al.  Chaffing and Winnowing: Confidentiality without Encryption , 2012 .

[7]  Herbert Bos,et al.  SoK: P2PWNED - Modeling and Evaluating the Resilience of Peer-to-Peer Botnets , 2013, 2013 IEEE Symposium on Security and Privacy.

[8]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[9]  Milind Tambe,et al.  Monotonic Maximin: A Robust Stackelberg Solution against Boundedly Rational Followers , 2013, GameSec.

[10]  Bruce Schneier,et al.  Yarrow-160: Notes on the Design and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator , 1999, Selected Areas in Cryptography.

[11]  Dawn Song,et al.  Mitigating buffer overflows by operating system randomization , 2002 .

[12]  Akimichi Takemura,et al.  Defensive Forecasting , 2005, AISTATS.

[13]  Peter,et al.  Game-theoretic probability and its uses , especially defensive forecasting , 2007 .

[14]  N. Taleb Antifragile: Things That Gain from Disorder , 2012 .

[15]  Evangelos P. Markatos,et al.  Defending against hitlist worms using network address space randomization , 2007, Comput. Networks.

[16]  Carlos Cid,et al.  Are We Compromised? Modelling Security Assessment Games , 2012, GameSec.

[17]  Anh Nguyen-Tuong,et al.  Effectiveness of Moving Target Defenses , 2011, Moving Target Defense.

[18]  Daniel R. Tauritz INCREASING INFRASTRUCTURE RESILIENCE THROUGH COMPETITIVE COEVOLUTION , 2009 .

[19]  Ronald L. Rivest,et al.  Defending against the Unknown Enemy: Applying FlipIt to System Security , 2012, GameSec.

[20]  Aron Laszka,et al.  Mitigating Covert Compromises - A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks , 2013, WINE.

[21]  David Evans,et al.  N-Variant Systems: A Secretless Framework for Security through Diversity , 2006, USENIX Security Symposium.

[22]  Michael P. Wellman Methods for Empirical Game-Theoretic Analysis , 2006, AAAI.

[23]  Gábor Horváth,et al.  FlipThem: Modeling Targeted Attacks with FlipIt for Multiple Resources , 2014, GameSec.

[24]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[25]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[26]  George Candea,et al.  Microreboot - A Technique for Cheap Recovery , 2004, OSDI.