Efficient Strategy Selection for Moving Target Defense Under Multiple Attacks

In a real network environment, multiple types of attacks can occur. The more important the service or network, the more attacks it may suffer simultaneously. Moving target defense (MTD) technology is a revolutionary game-changing cyberspace technology that has found various applications in recent years. However, the existing strategies are targeted at defending against specific types of attacks and do not meet the security requirements for multiple attacks. Therefore, we propose a joint defense strategy based on the MTD that can select one or multiple mutant elements to defend against different types of attacks. In addition, we use the analytic hierarchy process (AHP) to quantify the factors affecting the attack and defense costs. After comprehensively analyzing the effects of the different MTD technologies against different attacks, we propose an efficient strategy selection algorithm based on joint defense. Finally, we conduct experiments to evaluate the selection of a joint defense strategy under multiple attacks. The experimental results demonstrate the feasibility and effectiveness of the proposed joint defense strategy selection approach.

[1]  Jiang Wei Evaluating Network Security and Optimal Active Defense Based on Attack-Defense Game Model , 2009 .

[2]  David Evans,et al.  N-Variant Systems: A Secretless Framework for Security through Diversity , 2006, USENIX Security Symposium.

[3]  Ehab Al-Shaer,et al.  An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks , 2015, IEEE Transactions on Information Forensics and Security.

[4]  Brian P. Van Leeuwen,et al.  Operational cost of deploying Moving Target Defenses defensive work factors , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[5]  Paolo Falcarin,et al.  Software Protection with Code Mobility , 2015, MTD@CCS.

[6]  Yih-Chun Hu,et al.  Practical Proactive DDoS-Attack Mitigation via Endpoint-Driven In-Network Traffic Control , 2018, IEEE/ACM Transactions on Networking.

[7]  Fei Li,et al.  Catch Me If You Can: A Cloud-Enabled DDoS Defense , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[8]  Hamed Okhravi,et al.  Creating a cyber moving target for critical infrastructure applications using platform diversity , 2012, Int. J. Crit. Infrastructure Prot..

[9]  Angelos Stavrou,et al.  MOTAG: Moving Target Defense against Internet Denial of Service Attacks , 2013, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[10]  Daniel A. Menascé,et al.  Performance Modeling of Moving Target Defenses with Reconfiguration Limits , 2021, IEEE Transactions on Dependable and Secure Computing.

[11]  Ruby B. Lee,et al.  National Cyber Leap Year Summit 2009 Co-Chairs ’ Report , 2009 .

[12]  Robert Walter Smith Evolutionary strategies for secure moving target configuration discovery , 2014 .

[13]  Sushil Jajodia,et al.  A moving target defense approach to mitigate DDoS attacks against proxy-based architectures , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[14]  Moses Ike,et al.  Dynamic Application Rotation Environment for Moving Target Defense , 2016, 2016 Resilience Week (RWS).

[15]  Scott A. DeLoach,et al.  Investigating the application of moving target defenses to network security , 2013, 2013 6th International Symposium on Resilient Control Systems (ISRCS).

[16]  Harry G. Perros,et al.  SDN-based solutions for Moving Target Defense network protection , 2014, Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.

[17]  Radha Poovendran,et al.  Effectiveness of IP address randomization in decoy-based moving target defense , 2013, 52nd IEEE Conference on Decision and Control.

[18]  Michael B. Crouse,et al.  A moving target environment for computer configurations using Genetic Algorithms , 2011, 2011 4th Symposium on Configuration Analytics and Automation (SAFECONFIG).

[19]  Jindong Wang,et al.  Markov Evolutionary Games for Network Defense Strategy Selection , 2017, IEEE Access.

[20]  Baosheng Wang,et al.  RPAH: Random Port and Address Hopping for Thwarting Internal and External Adversaries , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[21]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[22]  Jindong Wang,et al.  Markov Differential Game for Network Defense Decision-Making Method , 2018, IEEE Access.

[23]  Mohamed Eltoweissy,et al.  MIGRATE: Towards a Lightweight Moving-Target Defense Against Cloud Side-Channels , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[24]  Luan Huy Pham,et al.  Analysis of Concurrent Moving Target Defenses , 2018, MTD@CCS.

[25]  Scott A. DeLoach,et al.  A Theory of Cyber Attacks: A Step Towards Analyzing MTD Systems , 2015, MTD@CCS.

[26]  Marthony Taguinod,et al.  Toward a Moving Target Defense for Web Applications , 2015, 2015 IEEE International Conference on Information Reuse and Integration.

[27]  Sanjay Ranka,et al.  Detecting Internet worms at early stage , 2005, IEEE Journal on Selected Areas in Communications.

[28]  Michael B. Crouse,et al.  Improving the Diversity Defense of Genetic Algorithm-Based Moving Target Approaches , 2012 .

[29]  Hao Chen,et al.  Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks , 2009, NDSS.

[30]  Vahid Heydari,et al.  Scalable Anti-Censorship Framework Using Moving Target Defense for Web Servers , 2017, IEEE Transactions on Information Forensics and Security.

[31]  Harry Eugene Stanley,et al.  The cost of attack in competing networks , 2015, Journal of The Royal Society Interface.

[32]  Cheng Lei,et al.  Optimal Strategy Selection for Moving Target Defense Based on Markov Game , 2017, IEEE Access.

[33]  Angelos D. Keromytis,et al.  On the General Applicability of Instruction-Set Randomization , 2010, IEEE Transactions on Dependable and Secure Computing.

[34]  Pratyusa K. Manadhata,et al.  Game Theoretic Approaches to Attack Surface Shifting , 2013, Moving Target Defense.

[35]  Dimitris Mitropoulos,et al.  Defending Against Web Application Attacks: Approaches, Challenges and Implications , 2019, IEEE Transactions on Dependable and Secure Computing.

[36]  Noureddine Boudriga,et al.  Proactive Security For Safety And Sustainability of Mission Critical Systems , 2018 .

[37]  Riku Jäntti,et al.  Moving-target defense mechanisms against source-selective jamming attacks in tactical cognitive radio MANETs , 2014, 2014 IEEE Conference on Communications and Network Security.

[38]  Ehab Al-Shaer,et al.  Efficient Random Route Mutation considering flow and network constraints , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[39]  Scott A. DeLoach,et al.  Towards a Theory of Moving Target Defense , 2014, MTD '14.

[40]  Yuchen Zhang,et al.  Security Metric Methods for Network Multistep Attacks Using AMC and Big Data Correlation Analysis , 2018, Secur. Commun. Networks.

[41]  Nathaniel Evans,et al.  Multiple OS rotational environment an implemented Moving Target Defense , 2014, 2014 7th International Symposium on Resilient Control Systems (ISRCS).

[42]  Xiong Wei,et al.  Research on optimization model of network attack-defense game , 2017, 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS).

[43]  Hao Hu,et al.  Optimal Network Defense Strategy Selection Based on Incomplete Information Evolutionary Game , 2018, IEEE Access.

[44]  David J. John,et al.  Evolutionary based moving target cyber defense , 2014, GECCO.

[45]  Evangelos P. Markatos,et al.  Defending against hitlist worms using network address space randomization , 2007, Comput. Networks.

[46]  Chao Yang,et al.  NOMAD: Towards non-intrusive moving-target defense against web bots , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[47]  David K. Y. Yau,et al.  Realtime DDoS Defense Using COTS SDN Switches via Adaptive Correlation Analysis , 2018, IEEE Transactions on Information Forensics and Security.

[48]  Jack W. Davidson,et al.  Joza: Hybrid Taint Inference for Defeating Web Application SQL Injection Attacks , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[49]  Sun Yang,et al.  Analysis of Network Attack and Defense Game with the Average Recovery Time as the Quantitative Indicators of the Payment Function , 2017 .

[50]  Mao Bing A Comparison of Static Analysis Technology for Intrusion Prevention , 2006 .

[51]  Jianhua Li,et al.  Big Data Analysis-Based Security Situational Awareness for Smart Grid , 2018, IEEE Transactions on Big Data.

[52]  Sean Peisert,et al.  Techniques for the dynamic randomization of network attributes , 2015, 2015 International Carnahan Conference on Security Technology (ICCST).

[53]  Lionel C. Briand,et al.  Automated testing for SQL injection vulnerabilities: an input mutation approach , 2014, ISSTA 2014.