Biblio

Moving target defense (MTD) has emerged as a proactive defense mechanism aiming to thwart a potential attacker. The key underlying idea of MTD is to increase uncertainty and confusion for attackers by changing the attack surface (i.e., system or network configurations) that can invalidate the intelligence collected by the attackers and interrupt attack execution; ultimately leading to attack failure. Recently, the significant advance of software-defined networking (SDN) technology has enabled several complex system operations to be highly flexible and robust; particularly in terms of programmability and controllability with the help of SDN controllers. Accordingly, many security operations have utilized this capability to be optimally deployed in a complex network using the SDN functionalities. In this paper, by leveraging the advanced SDN technology, we developed an attack graph-based MTD technique that shuffles a host's network configurations (e.g., MAC/IP/port addresses) based on its criticality, which is highly exploitable by attackers when the host is on the attack path(s). To this end, we developed a hierarchical attack graph model that provides a network's vulnerability and network topology, which can be utilized for the MTD shuffling decisions in selecting highly exploitable hosts in a given network, and determining the frequency of shuffling the hosts' network configurations. The MTD shuffling with a high priority on more exploitable, critical hosts contributes to providing adaptive, proactive, and affordable defense services aiming to minimize attack success probability with minimum MTD cost. We validated the out performance of the proposed MTD in attack success probability and MTD cost via both simulation and real SDN testbed experiments.

With the advent of IoT devices and exponential growth of nodes on the internet, computer networks are facing new challenges, with one of the more important ones being DDoS attacks. In this paper, new features to detect initiation and termination of DDoS attacks are investigated. The method to extract these features is devised with respect to some openflowbased switch capabilities. These features provide us with a higher resolution to view and process packet count entropies, thus improving DDoS attack detection capabilities. Although some of the technical assumptions are based on SDN technology and openflow protocol, the methodology can be applied in other networking paradigms as well.

Conventional SDN-based MTD techniques have been mainly developed with a single SDN controller which exposes a single point of failure as well as raises a scalability issue for large-scale networks in achieving both security and performance. The use of multiple SDN controllers has been proposed to ensure both performance and security of SDN-based MTD systems for large-scale networks; however, the effect of using multiple SDN controllers has not been investigated in the state-of-the-art research. In this paper, we propose the SDN based MTD architecture using multiple SDN controllers and validate their security effect (i.e., attack success probability) by implementing an IP shuffling MTD in a testbed using ONOS SDN controllers.

It is technically challenging to conduct a security analysis of a dynamic network, due to the lack of methods and techniques to capture different security postures as the network changes. Graphical Security Models (e.g., Attack Graph) are used to assess the security of network systems, but it typically captures a snapshot of a network state to carry out the security analysis. To address this issue, we propose a new Graphical Security Model named Time-independent Hierarchical Attack Representation Model (Ti-HARM) that captures security of multiple network states by taking into account the time duration of each network state and the visibility of network components (e.g., hosts, edges) in each state. By incorporating the changes, we can analyse the security of dynamic networks taking into account all the threats appearing in different network states. Our experimental results show that the Ti-HARM can effectively capture and assess the security of dynamic networks which were not possible using existing graphical security models.

Moving Target Defence (MTD) has been recently proposed and is an emerging proactive approach which provides an asynchronous defensive strategies. Unlike traditional security solutions that focused on removing vulnerabilities, MTD makes a system dynamic and unpredictable by continuously changing attack surface to confuse attackers. MTD can be utilized in cloud computing to address the cloud's security-related problems. There are many literature proposing MTD methods in various contexts, but it still lacks approaches to evaluate the effectiveness of proposed MTD method. In this paper, we proposed a combination of Shuffle and Diversity MTD techniques and investigate on the effects of deploying these techniques from two perspectives lying on two groups of security metrics (i) system risk: which is the cloud providers' perspective and (ii) attack cost and return on attack: which are attacker's point of view. Moreover, we utilize a scalable Graphical Security Model (GSM) to enhance the security analysis complexity. Finally, we show that combining MTD techniques can improve both aforementioned two groups of security metrics while individual technique cannot.

To provide a comprehensive security analysis of modern networked systems, we need to take into account the combined effects of existing vulnerabilities and zero-day vulnerabilities. In addition to them, it is important to incorporate new vulnerabilities emerging from threats such as BYOD, USB file sharing. Consequently, there may be new dependencies between system components that could also create new attack paths, but previous work did not take into account those new attack paths in their security analysis (i.e., not all attack paths are taken into account). Thus, countermeasures may not be effective, especially against attacks exploiting the new attack paths. In this paper, we propose a Unified Vulnerability Risk Analysis Module (UV-RAM) to address the aforementioned problems by taking into account the combined effects of those vulnerabilities and capturing the new attack paths. The three main functionalities of UV-RAM are: (i) to discover new dependencies and new attack paths, (ii) to incorporate new vulnerabilities introduced and zero-day vulnerabilities into security analysis, and (iii) to formulate mitigation strategies for hardening the networked system. Our experimental results demonstrate and validate the effectiveness of UV-RAM.

It is difficult to assess the security of modern enterprise networks because they are usually dynamic with configuration changes (such as changes in topology, firewall rules, etc). Graphical security models (e.g., Attack Graphs and Attack Trees) and security metrics (e.g., attack cost, shortest attack path) are widely used to systematically analyse the security posture of network systems. However, there are problems using them to assess the security of dynamic networks. First, the existing graphical security models are unable to capture dynamic changes occurring in the networks over time. Second, the existing security metrics are not designed for dynamic networks such that their effectiveness to the dynamic changes in the network is still unknown. In this paper, we conduct a comprehensive analysis via simulations to evaluate the effectiveness of security metrics using a Temporal Hierarchical Attack Representation Model. Further, we investigate the varying effects of security metrics when changes are observed in the dynamic networks. Our experimental analysis shows that different security metrics have varying security posture changes with respect to changes in the network.

It is difficult to assess the security of modern enterprise networks because they are usually dynamic with configuration changes (such as changes in topology, firewall rules, etc). Graphical security models (e.g., Attack Graphs and Attack Trees) and security metrics (e.g., attack cost, shortest attack path) are widely used to systematically analyse the security posture of network systems. However, there are problems using them to assess the security of dynamic networks. First, the existing graphical security models are unable to capture dynamic changes occurring in the networks over time. Second, the existing security metrics are not designed for dynamic networks such that their effectiveness to the dynamic changes in the network is still unknown. In this paper, we conduct a comprehensive analysis via simulations to evaluate the effectiveness of security metrics using a Temporal Hierarchical Attack Representation Model. Further, we investigate the varying effects of security metrics when changes are observed in the dynamic networks. Our experimental analysis shows that different security metrics have varying security posture changes with respect to changes in the network.

It is difficult to assess the security of modern enterprise networks because they are usually dynamic with configuration changes (such as changes in topology, firewall rules, etc). Graphical security models (e.g., Attack Graphs and Attack Trees) and security metrics (e.g., attack cost, shortest attack path) are widely used to systematically analyse the security posture of network systems. However, there are problems using them to assess the security of dynamic networks. First, the existing graphical security models are unable to capture dynamic changes occurring in the networks over time. Second, the existing security metrics are not designed for dynamic networks such that their effectiveness to the dynamic changes in the network is still unknown. In this paper, we conduct a comprehensive analysis via simulations to evaluate the effectiveness of security metrics using a Temporal Hierarchical Attack Representation Model. Further, we investigate the varying effects of security metrics when changes are observed in the dynamic networks. Our experimental analysis shows that different security metrics have varying security posture changes with respect to changes in the network.

In the Internet of Things (IoT), smart devices are connected using various communication protocols, such as Wi-Fi, ZigBee. Some IoT devices have multiple built-in communication modules. If an IoT device equipped with multiple communication protocols is compromised by an attacker using one communication protocol (e.g., Wi-Fi), it can be exploited as an entry point to the IoT network. Another protocol (e.g., ZigBee) of this IoT device could be used to exploit vulnerabilities of other IoT devices using the same communication protocol. In order to find potential attacks caused by this kind of cross-protocol devices, we group IoT devices based on their communication protocols and construct a graphical security model for each group of devices using the same communication protocol. We combine the security models via the cross-protocol devices and compute hidden attack paths traversing different groups of devices. We use two use cases in the smart home scenario to demonstrate our approach and discuss some feasible countermeasures.

Since security is increasingly the principal concern in the conception and implementation of software systems, it is very important that the security mechanisms are designed so as to protect the computer systems against cyber attacks. An Intrusion Tolerance Systems play a crucial role in maintaining the service continuity and enhancing the security compared with the traditional security. In this paper, we propose to combine a preventive maintenance with existing intrusion tolerance system to improve the system security. We use a semi-Markov process to model the system behavior. We quantitatively analyze the system security using the measures such as system availability, Mean Time To Security Failure and cost. The numerical analysis is presented to show the feasibility of the proposed approach.