Software Defined Stochastic Model for Moving Target Defense

Moving Target Defense (MTD) has emerged as a good solution to deal with dynamic attack surface. The goal is to make it difficult for an attacker to exploit network resources. But it is challenging to provide zero downtime guarantees when performing network rearrangement or when a physical host acts as a single point of failure for virtual servers. In this paper, we introduce Software Defined Networking (SDN) based continuous time modeling techniques to perform virtual machine migration and MTD techniques while maintaining high service availability and system security. This solution will not only increase attackers uncertainty but will also provide low downtime and high availability guarantee for the network.

[1]  Ying Zhang,et al.  Virtual machine migration planning in software-defined networks , 2014, 2015 IEEE Conference on Computer Communications (INFOCOM).

[2]  Harry G. Perros,et al.  SDN-based solutions for Moving Target Defense network protection , 2014, Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.

[3]  Abdul Jabbar,et al.  Path diversification for future internet end-to-end resilience and survivability , 2014, Telecommun. Syst..

[4]  Dong Seong Kim,et al.  Security modeling and analysis of a self-cleansing intrusion tolerance technique , 2015, 2015 11th International Conference on Information Assurance and Security (IAS).

[5]  Robert K. Brayton,et al.  Model-checking continuous-time Markov chains , 2000, TOCL.

[6]  Dijiang Huang,et al.  NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems , 2013, IEEE Transactions on Dependable and Secure Computing.

[7]  Nathaniel Evans,et al.  Multiple OS rotational environment an implemented Moving Target Defense , 2014, 2014 7th International Symposium on Resilient Control Systems (ISRCS).

[8]  Dong Seong Kim,et al.  Security modeling and analysis of an intrusion tolerant cloud data center , 2015, 2015 Third World Conference on Complex Systems (WCCS).

[9]  Angelos Stavrou,et al.  MOTAG: Moving Target Defense against Internet Denial of Service Attacks , 2013, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[10]  David Evans,et al.  N-Variant Systems: A Secretless Framework for Security through Diversity , 2006, USENIX Security Symposium.

[11]  Jin B. Hong,et al.  Assessing the Effectiveness of Moving Target Defenses Using Security Models , 2016, IEEE Transactions on Dependable and Secure Computing.

[12]  Bradley R. Schmerl,et al.  Architecture-based self-protecting software systems , 2013, QoSA '13.

[13]  Andrew Warfield,et al.  Live migration of virtual machines , 2005, NSDI.

[14]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.