Dynamic Application Rotation Environment for Moving Target Defense

Owing to the ubiquity of web applications in modern computing, the server software that delivers these applications is an attractive attack vector for would-be malicious actors in cyberspace. Recently, Moving Target Defense (MTD) strategies have grown in popularity in the computer security community because of their ability to enhance resilience and force attackers into uncharacteristic behavior. The MTD prototype discussed in this paper acts as a proactive defense strategy that offers increased protection against an attacker's ability to probe for and exploit vulnerable web server software. The testing shows that web server diversity in an MTD reduces the ability to exploit vulnerabilities in a web server, reduces impacts of successfully exploited vulnerabilities, and increases the resilience of the protected application.

[1]  J. F. Meyer Defining and Evaluating Resilience : A Performability Perspective , 2009 .

[2]  Jin B. Hong,et al.  Scalable Security Models for Assessing Effectiveness of Moving Target Defenses , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[3]  Anh Nguyen-Tuong,et al.  Effectiveness of Moving Target Defenses , 2011, Moving Target Defense.

[4]  Nathaniel Evans,et al.  Multiple OS rotational environment an implemented Moving Target Defense , 2014, 2014 7th International Symposium on Resilient Control Systems (ISRCS).

[5]  Craig G. Rieger Notional examples and benchmark aspects of a resilient control system , 2010, 2010 3rd International Symposium on Resilient Control Systems.

[6]  Richard Colbaugh,et al.  Proactive defense for evolving cyber threats , 2011, Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics.