Improving the Diversity Defense of Genetic Algorithm-Based Moving Target Approaches

One approach for providing a Moving Target (MT) defense is to intermediately change a system’s configuration (operating systems and/or applications). For example, Genetic Algorithms (GAs) have been successfully used to find alternative configurations that can discount the attacker’s knowledge about the system. Central to the GA approach is the chromosome pool, which consists of the best alternative configurations discovered thus far. Unfortunately the pool can possibly “stagnate” if these configurations do not change after a period of time. Although the configurations are secure, this situation limits the diversity the approach can achieve. This paper describes how chromosome pool management can improve the diversity of GA-based MT environments. The proposed approach “ages” configurations, reducing the fitness (security) of a configuration based on the period of time since it was last active (used as the configuration for the system). As a result, configurations that not been active for a long period of time are considered less secure which can make space in the pool for new alternatives. Simulations results will demonstrate proper pool management can provide a functional, secure, and more diverse MT environment.

[1]  Helen J. Wang,et al.  Strider: a black-box, state-based approach to change and configuration management and support , 2003, Sci. Comput. Program..

[2]  Fabrice Harrouet,et al.  IpMorph: fingerprinting spoofing unification , 2010, Journal in Computer Virology.

[3]  Evangelos P. Markatos,et al.  Defending against hitlist worms using network address space randomization , 2005, WORM '05.

[4]  Zhen Huang AUTOMATICALLY IDENTIFYING CONFIGURATION FILES , 2009 .

[5]  Farnam Jahanian,et al.  Defeating TCP/IP Stack Fingerprinting , 2000, USENIX Security Symposium.

[6]  Steven D. Gribble,et al.  Configuration Debugging as Search: Finding the Needle in the Haystack , 2004, OSDI.

[7]  Dorothea Heiss-Czedik,et al.  An Introduction to Genetic Algorithms. , 1997, Artificial Life.

[8]  Mona Attariyan,et al.  AutoBash: improving configuration management with operating system causality analysis , 2007, SOSP.

[9]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[10]  Michael B. Crouse,et al.  A moving target environment for computer configurations using Genetic Algorithms , 2011, 2011 4th Symposium on Configuration Analytics and Automation (SAFECONFIG).

[11]  Erik Lee,et al.  Final Report for the Network Security Mechanisms Utilizing Network Address Translation LDRD Project , 2002 .

[12]  Farnam Jahanian,et al.  If It Ain't Broke, Don't Fix It: Challenges and New Directions for Inferring the Impact of Software Patches , 2009, HotOS.

[13]  Yi-Min Wang,et al.  Discovering correctness constraints for self-management of system configuration , 2004, International Conference on Autonomic Computing, 2004. Proceedings..

[14]  D. Kewley,et al.  Dynamic approaches to thwart adversary intelligence gathering , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[15]  Gail E. Kaiser,et al.  Deux: Autonomic Testing System for Operating System Upgrades , 2008 .

[16]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).