Moving Target Defense
SoS Newsletter- Advanced Book Block
One of the research thrusts outlined in the 2011 report Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program was Moving Target (MT) research and development that results in the presentation of a dynamic attack surface to an adversary, increasing the work factor necessary to successfully attack and exploit a cyber target. The subsequent Symposium on Moving Target Research brought together and published the work of the MT community to provide a basis for building on the current state of the art as of June 2012. The works cited here are research papers presented and published subsequent to the conference.
- In June 2012, at the National Symposium on Moving Target Research, papers were presented on research and development that results in the presentation of a dynamic attack surface to an adversary, increasing the work factor necessary to successfully attack and exploit a cyber-target. The bibliography below identifies works published on moving target defense since that symposium.
- "Optimizing a network layer moving target defense for specific system architectures," Hardman, Owen; Groat, Stephen; Marchany, Randy; Tront, Joseph, Architectures for Networking and Communications Systems (ANCS), 2013 ACM/IEEE Symposium on , vol., no., pp.117,118, 21-22 Oct. 2013. (ID#:14-1265) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6665191&isnumber=6665163 Complex defenses, such as moving target defenses, exist to help protect against threats. While these new forms of defense offer increased security, they are resource intensive and cannot be run on many new classes of network connected mobile systems. To provide security for these systems, a highly efficient defense must be used. Moving Target Defense for IPv6 (MT6D) is a network layer moving target defense that was originally designed using Python for portability to a variety of system architectures. Optimizing a moving target defense (MTD) for a specific system architecture increases performance to allow for these new defenses to be deployed in resource constrained environments. By transitioning from Python to C, and by using system specific networking features, MT6D can be successfully deployed to resource constrained network systems.
- "MTC2: A command and control framework for moving target defense and cyber resilience," Carvalho, M.; Eskridge, T.C.; Bunch, L.; Dalton, A.; Hoffman, R.; Bradshaw, J.M.; Feltovich, P.J.; Kidwell, D.; Shanklin, T., Resilient Control Systems (ISRCS), 2013 6th International Symposium on , vol., no., pp.175,180, 13-15 Aug. 2013. (ID#:14-1266) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6623772&isnumber=6623739 This paper sheds new light on the current way command and control (C2) is managed for deployment of Moving Target Defenses (MTDs) within an enterprise network setting. Current approaches involve compensating for errors, as opposed to this paper's newly proposed method of active, iterative decision making, including human-agent elements. Detailed within this paper are the requirements and constraints of using concurrent multiple moving target defenses.
- "Moving target defense for adaptive adversaries," Colbaugh, R.; Glass, K., Intelligence and Security Informatics (ISI), 2013 IEEE International Conference on , vol., no., pp.50,55, 4-7 June 2013. (ID#:14-1267) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6578785&isnumber=6578763 Machine learning (ML) plays a central role in the solution of many security problems, for example enabling malicious and innocent activities to be rapidly and accurately distinguished and appropriate actions to be taken. Unfortunately, a standard assumption in ML - that the training and test data are identically distributed - is typically violated in security applications, leading to degraded algorithm performance and reduced security. Previous research has attempted to address this challenge by developing ML algorithms which are either robust to differences between training and test data or are able to predict and account for these differences. This paper adopts a different approach, developing a class of moving target (MT) defenses that are difficult for adversaries to reverse-engineer, which in turn decreases the adversaries' ability to generate training/test data differences that benefit them. The authors leverage the coevolutionary relationship between attackers and defenders to derive a simple, flexible MT defense strategy which is optimal or nearly optimal for a broad range of security problems. Case studies involving two distinct cyber defense applications demonstrate that the proposed MT algorithm outperforms standard static methods, offering effective defense against intelligent, adaptive adversaries.
- "A moving target defense approach for protecting resource-constrained distributed devices," Casola, V.; De Benedictis, A.; Albanese, M., Information Reuse and Integration (IRI), 2013 IEEE 14th International Conference on , vol., no., pp.22,29, 14-16 Aug. 2013. (ID#:14-1268) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6642449&isnumber=6642428 Techniques aimed at continuously changing a system's attack surface, usually referred to as Moving Target Defense (MTD), are emerging as powerful tools for thwarting cyber-attacks. Such mechanisms increase the uncertainty, complexity, and cost for attackers, limit the exposure of vulnerabilities, and ultimately increase overall resiliency. In this paper, the authors propose an MTD approach for protecting resource-constrained distributed devices through fine-grained reconfiguration at different architectural layers. In order to show the feasibility of our approach in real-world scenarios, they study its application to Wireless Sensor Networks (WSNs), introducing two different reconfiguration mechanisms. Finally, they show how the proposed mechanisms are effective in reducing the probability of successful attacks.
- "Investigating the application of moving target defenses to network security," Rui Zhuang; Su Zhang; Bardas, A.; DeLoach, S.A.; Xinming Ou; Singhal, A., Resilient Control Systems (ISRCS), 2013 6th International Symposium on , vol., no., pp.162,169, 13-15 Aug. 2013. (ID#:14-1269) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6623770&isnumber=6623739 This paper centers on the importance of understanding the role of Moving Target Defenses (MTD) in maintaining network integrity. The proposed MTD system is designed to counter malicious entities engaging in asymmetric cyber warfare. The system chooses the best adaptation that will allow continued maintenance of network integrity, by analyzing abstract models of the network's configuration, operational, and security objectives. The paper analyzes a simple MTD system and an intelligent MTD system, respectively, both which enhance adaptation selection by use of attack indicators. This paper provides particular insight on the role of MTDs in network security.
- "Managed Execution Environment as a Moving Target Defense (MTD) Infrastructure," Security & Privacy, IEEE , vol.PP, no.99, pp.1,1 2013. (ID#:14-1270) Available at: Pal, P.; Schantz, R.; Paulos, A.; Benyo, B., http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6671568&isnumber=5210089 The authors describe how the A3 adaptive execution management environment contributes to MTD strategies by enabling sophisticated dynamic defensive maneuvers. A3 facilitates synergistic combination of MTDs with one another and also with other aspects of an overall composite defense, aiming to improve over time the survivability of the application it manages. Execution management environments like A3 have the potential to expand the scope and increase the effectiveness of MTD by subjecting additional system aspects to dynamic motion, and adding moving target dynamism to the overall defense with only incremental increase in cost and complexity. They conclude this paper with a summary of evaluation results of the current prototype and its precursor techniques, and some thoughts on future research directions.
- "Lightweight Reconfigurable Encryption Architecture for Moving Target Defense," Husain, M.I.; Courtright, K.; Sridhar, R., Military Communications Conference, MILCOM 2013 - 2013 IEEE , vol., no., pp.214,219, 18-20 Nov. 2013. (ID#:14-1271) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6735624&isnumber=6735577 Symmetric encryption provides lightweight security solution to maintain data confidentiality on devices in a resource constrained scenario such as in a tactical network. However, lightweight encryption schemes are traditionally vulnerable to linear and differential cryptanalysis as well as power analysis attack when the encryption structure is known to the attacker. For tactical network devices, this is a critical concern since they often operate in hostile scenarios and lack in physical security in most cases. Moving Target Defense (MTD) is one of the key components of cyber maneuver that reshapes friendly networks and associated assets to be resilient to cyber-attacks. In this paper, the authors propose a lightweight reconfigurable symmetric encryption architecture, REA, which is capable of implementing a user-defined symmetric encryption scheme as an MTD mechanism. The encryption structure can be customized from device to device based on their available resource and performance requirements. Due to the reconfigurable nature of the proposed architecture, it is not possible for an attacker to directly launch the cryptanalysis or power analysis attack before committing significant resources to retrieve the encryption structure first. They implemented a reference encryption scheme on our proposed architecture in programmable logic (FPGA) and compared it to two representative symmetric encryption methods: AES and Present. Their results show that the reference encryption consumes less resources and performs faster compared to AES. Performance of the REA reference encryption is comparable with Present, which is optimized only for low resource devices and doesn't support reconfigurability.
- "Effectiveness of IP address randomization in decoy-based moving target defense," Clark, Andrew; Sun, Kun; Poovendran, Radha, Decision and Control (CDC), 2013 IEEE 52nd Annual Conference on , vol., no., pp.678,685, 10-13 Dec. 2013. (ID#:14-1272) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6759960&isnumber=6759837 In a decoy-based moving target defense (MTD), a computer network introduces a large number of virtual decoy nodes in order to prevent the adversary from locating and targeting real nodes. Since the decoys can eventually be identified and their Internet Protocol (IP) addresses blacklisted by the adversary, current MTD approaches suggest that the IP addresses of the real and decoy nodes should be randomly refreshed and reassigned over time. Refreshing and reassigning the IP addresses, however, disrupts services such as TCP/IP that rely on the IP address. The authors introduce an analytical approach to MTD and choosing the optimal randomization policy in order to minimize disruptions to system performance. The approach consists of two components. First, they model the interaction between the adversary and a virtual node as a sequential detection process, in which the adversary attempts to determine whether the node is real or a decoy in the minimum possible time. They compute the optimal strategy for the adversary to decide whether the node is real or a decoy, and derive closed-form expressions for the expected time to identify the real node using this strategy. Second, they formulate the problem of deciding when to randomize the IP addresses, based on a trade-off between reducing the probability of detecting the real node and minimizing the disruption to network services, as an optimal stopping problem. They derive the optimal randomization policy for the network and analyze the detection probability, expected number of connections lost due to IP randomization, and expected time between randomizations under the proposed policy. Their results are illustrated via a simulation study using real-world data from NMAP, a software tool used to identify decoy nodes. Their simulation study indicates that their IP randomization policy reduces the probability of detection while minimizing the number of connections that are disrupted by the randomization.
- "Moving Target with Load Balancing in P2P Cloud," Hong Liu; Thomas, J.; Khethavath, P.,Cloud Computing (CLOUD), 2013 IEEE Sixth International Conference on , vol., no., pp.359,366, June 28 2013-July 3 2013. (ID#:14-1273) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6676715&isnumber=6676660 In this paper the authors propose a 'moving target' security mechanism for a P2P cloud where files are partitioned and sensitive sections are moved at different times without modifying the routing or finger tables, to reduce the risk of the file being compromised. Two drawbacks with this approach are the problem of determining the locality of the data and load unbalancing. We present a hierarchical P2P cloud system that leads to scalability and efficiency. A 3-step load balancing scheme for hierarchical P2P cloud system to globally balance the network is proposed. Their simulation results show that our algorithm is effective in achieving load balancing in hierarchical peer-to-peer cloud systems.
- "A moving target defense mechanism for MANETs based on identity virtualization," Albanese, M.; De Benedictis, A.; Jajodia, S.; Kun Sun, Communications and Network Security (CNS), 2013 IEEE Conference on, vol., no., pp.278,286, 14-16 Oct. 2013. (ID#:14-1274) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6682717&isnumber=6682673 Mechanisms for continuously changing or shifting a system's attack surface are emerging as game-changers in cyber security. In this paper, the authors propose a novel defense mechanism for protecting the identity of nodes in Mobile Ad Hoc Networks and defeat the attacker's reconnaissance efforts. The proposed mechanism turns a classical attack mechanism - Sybil - into an effective defense mechanism, with legitimate nodes periodically changing their virtual identity in order to increase the uncertainty for the attacker. To preserve communication among legitimate nodes, they modify the network layer by introducing (i) a translation service for mapping virtual identities to real identities; (ii) a protocol for propagating updates of a node's virtual identity to all legitimate nodes; and (iii) a mechanism for legitimate nodes to securely join the network. Their proposed approach is robust to different types of attacks, and they also show that the overhead introduced by the update protocol can be controlled by tuning the update frequency.
- "MOTAG: Moving Target Defense against Internet Denial of Service Attacks," Quan Jia; Kun Sun; Stavrou, A., Computer Communications and Networks (ICCCN), 2013 22nd International Conference on, vol., no., pp.1,9, July 30 2013-Aug. 2 2013. (ID#:14-1275) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6614155&isnumber=6614072 This paper proposes applications of a Moving Target Defense (MTD) as "moving" dynamic packet proxies, called MOTAG, designed to effectively prevent attackers from directly accessing and overwhelming the network in the event of a Distributed Denial of Service attack (DDoS). MOTAG is able to discern insider attackers from legitimate parties by constantly "moving" said proxies to different areas on the network, and by reorganizing client-proxy assignments using a greedy algorithm.
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.