Analysis of Concurrent Moving Target Defenses

While Moving Target Defenses (MTDs) have been increasingly recognized as a promising direction for cyber security, quantifying the effects of MTDs remains mostly an open problem. Each MTD has its own set of advantages and disadvantages. No single MTD provides an effective defense against the entire range of possible threats. One of the challenges facing MTD quantification efforts is predicting the cumulative effect of implementing multiple MTDs. We present a scenario where two MTDs are deployed in an experimental testbed created to model a realistic use case. This is followed by a probabilistic analysis of the effectiveness of both MTDs against a multi-step attack, along with the MTDs' impact on availability to legitimate users. Our work is essential to providing decision makers with the knowledge to make informed choices regarding cyber defense.

[1]  Yih Huang,et al.  Introducing Diversity and Uncertainty to Create Moving Attack Surfaces for Web Services , 2011, Moving Target Defense.

[2]  Eric Michael Hutchins,et al.  Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains , 2010 .

[3]  George Cybenko,et al.  Quantification of moving target cyber defenses , 2015, Defense + Security Symposium.

[4]  William W. Streilein,et al.  Finding Focus in the Blur of Moving-Target Techniques , 2014, IEEE Security & Privacy.

[5]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[6]  Shanell Shanay Frazer Analyzing Security Incidents Reported by The United States Computer Emergency Readiness Team , 2015 .

[7]  Azer Bestavros,et al.  Markov Modeling of Moving Target Defense Games , 2016, MTD@CCS.

[8]  Sushil Jajodia,et al.  A Moving Target Defense Approach to Disrupting Stealthy Botnets , 2016, MTD@CCS.

[9]  Angelos Stavrou,et al.  MOTAG: Moving Target Defense against Internet Denial of Service Attacks , 2013, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[10]  Kevin M. Carter,et al.  Quantitative Evaluation of Dynamic Platform Techniques as a Defensive Mechanism , 2014, RAID.

[11]  Massimiliano Albanese,et al.  A Framework for Moving Target Defense Quantification , 2017, SEC.

[12]  Thomas E. Carroll,et al.  Analysis of network address shuffling as a moving target defense , 2014, 2014 IEEE International Conference on Communications (ICC).

[13]  Sushil Jajodia,et al.  A moving target defense mechanism for MANETs based on identity virtualization , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[14]  Arun K. Sood,et al.  Securing Web Servers Using Self Cleansing Intrusion Tolerance (SCIT) , 2009, 2009 Second International Conference on Dependability.

[15]  Minghui Zhu,et al.  Comparing Different Moving Target Defense Techniques , 2014, MTD '14.

[16]  Wei Hu,et al.  Moving target defense: state of the art and characteristics , 2016, Frontiers of Information Technology & Electronic Engineering.

[17]  George Kesidis,et al.  Changing proxy-server identities as a proactive moving-target defense against reconnaissance for DDoS attacks , 2017, ArXiv.

[18]  Fei Li,et al.  Catch Me If You Can: A Cloud-Enabled DDoS Defense , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[19]  Jin B. Hong,et al.  Assessing the Effectiveness of Moving Target Defenses Using Security Models , 2016, IEEE Transactions on Dependable and Secure Computing.

[20]  William W. Streilein,et al.  Survey of Cyber Moving Target Techniques , 2013 .

[21]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[22]  Ehab Al-Shaer,et al.  Random Host Mutation for Moving Target Defense , 2012, SecureComm.

[23]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[24]  Joshua Taylor,et al.  Automated Effectiveness Evaluation of Moving Target Defenses: Metrics for Missions and Attacks , 2016, MTD@CCS.

[25]  Daniel A. Menascé Security Performance , 2003, IEEE Internet Comput..

[26]  Angelos D. Keromytis,et al.  SQLrand: Preventing SQL Injection Attacks , 2004, ACNS.