A cost-sensitive move selection strategy for moving target defense

Abstract The effectiveness and the cost-sensitivity of moving target defense (MTD) strategies have not been studied thoroughly in previous research. In this paper, we propose a hybrid MTD model that considers the defender's preferences to shift the attack surfaces more effectively in a cost-sensitive manner by incorporating event- and time-based move selection engines. We model the protected system as a state machine where the states are the attack surfaces with their security levels which are determined by utilizing the Bayesian attack graph (BAG) as a dynamic risk assessment tool. In the event-based engine, the competitive Markov decision process (CMDP) is employed to find the proper moves for each possible state of the protected system. Moreover, the proposed time-based engine shifts the attack surface based on the history of the received alerts to maintain the unpredictability of the attack surface. The simulations demonstrate that the hybrid strategy outperforms other common strategies with regard to thwarting attacks in a cost-sensitive manner.

[1]  Joshua Taylor,et al.  A Quantitative Framework for Moving Target Defense Effectiveness Evaluation , 2015, MTD@CCS.

[2]  Michael P. Wellman,et al.  Empirical Game-Theoretic Analysis for Moving Target Defense , 2015, MTD@CCS.

[3]  Demosthenis Teneketzis,et al.  Optimal Defense Policies for Partially Observable Spreading Processes on Bayesian Attack Graphs , 2015, MTD@CCS.

[4]  Alfonso Valdes,et al.  Adaptive, Model-Based Monitoring for Cyber Attack Detection , 2000, Recent Advances in Intrusion Detection.

[5]  Cheng Lei,et al.  Network moving target defense technique based on collaborative mutation , 2017, Comput. Secur..

[6]  Robert K. Cunningham,et al.  Evaluating and Strengthening Enterprise Network Security Using Attack Graphs , 2005 .

[7]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[8]  Hao Chen,et al.  Noncespaces: Using randomization to defeat cross-site scripting attacks , 2012, Comput. Secur..

[9]  Jin B. Hong,et al.  Assessing the Effectiveness of Moving Target Defenses Using Security Models , 2016, IEEE Transactions on Dependable and Secure Computing.

[10]  R. Bellman Dynamic programming. , 1957, Science.

[11]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[12]  Michael B. Crouse,et al.  Probabilistic Performance Analysis of Moving Target and Deception Reconnaissance Defenses , 2015, MTD@CCS.

[13]  David A. Schmidt,et al.  Aggregating vulnerability metrics in enterprise networks using attack graphs , 2013, J. Comput. Secur..

[14]  Ehab Al-Shaer,et al.  Moving Target Defense for Hardening the Security of the Power System State Estimation , 2014, MTD '14.

[15]  J. Filar,et al.  Competitive Markov Decision Processes , 1996 .

[16]  Eugene H. Spafford,et al.  ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[17]  Thomas E. Carroll,et al.  Analysis of network address shuffling as a moving target defense , 2014, 2014 IEEE International Conference on Communications (ICC).

[18]  Ari Arapostathis,et al.  Competitive Markov decision processes with partial observation , 2004, 2004 IEEE International Conference on Systems, Man and Cybernetics (IEEE Cat. No.04CH37583).

[19]  Christopher Krügel,et al.  Comprehensive approach to intrusion detection alert correlation , 2004, IEEE Transactions on Dependable and Secure Computing.

[20]  William W. Streilein,et al.  On the Challenges of Effective Movement , 2014, MTD '14.

[21]  Brett Benyo,et al.  Moving target defense (MTD) in an adaptive execution environment , 2013, CSIIRW '13.

[22]  Ehab Al-Shaer,et al.  Agile virtualized infrastructure to proactively defend against cyber attacks , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[23]  Marthony Taguinod,et al.  Toward a Moving Target Defense for Web Applications , 2015, 2015 IEEE International Conference on Information Reuse and Integration.

[24]  Anh Nguyen-Tuong,et al.  Effectiveness of Moving Target Defenses , 2011, Moving Target Defense.

[25]  Quanyan Zhu,et al.  Game-Theoretic Approach to Feedback-Driven Multi-stage Moving Target Defense , 2013, GameSec.

[26]  Eugene Santos,et al.  Exploiting case-based independence for approximating marginal probabilities , 1996, Int. J. Approx. Reason..

[27]  Babu M. Mehtre,et al.  Graph similarity metrics for assessing temporal changes in attack surface of dynamic networks , 2017, Comput. Secur..

[28]  Joseph G. Tront,et al.  Attention: moving target defense networks, how well are you moving? , 2015, Conf. Computing Frontiers.

[29]  Harry G. Perros,et al.  SDN-based solutions for Moving Target Defense network protection , 2014, Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.

[30]  Ricardo Lent Evaluating a migration-based response to DoS attacks in a system of distributed auctions , 2012, Comput. Secur..

[31]  Kevin M. Carter,et al.  Agent-based simulation in support of moving target cyber defense technology development and evaluation , 2015, SpringSim.

[32]  Yih Huang,et al.  Introducing Diversity and Uncertainty to Create Moving Attack Surfaces for Web Services , 2011, Moving Target Defense.

[33]  Kevin M. Carter,et al.  Quantitative Evaluation of Dynamic Platform Techniques as a Defensive Mechanism , 2014, RAID.

[34]  Scott A. DeLoach,et al.  Model-driven, Moving-Target Defense for Enterprise Network Security , 2011, Models@run.time@Dagstuhl.

[35]  Kevin M. Carter,et al.  A Game Theoretic Approach to Strategy Determination for Dynamic Platform Defenses , 2014, MTD '14.