Visible to the public Biblio

Filters: Author is Zhao, Guangsheng  [Clear All Filters]
2019-09-09
Zhao, Guangsheng, Xiong, Xinli, Wu, Huaying.  2018.  A Model for Analyzing the Effectiveness of Moving Target Defense. Proceedings of the 8th International Conference on Communication and Network Security. :17–21.
Moving target defense(MTD) is a typical proactive cyber defense technology, which not only increases the difficulty of the attacker, but also reduces the damage caused by successful attacks. A number of studies have assessed the defensive effectiveness of MTD, but only focus on increasing the difficulty of attacks. No studies have been conducted to assess the impact of successful attacks on the network. In this paper, we propose a probability model that evaluates the impact of MTD against subsequent stages of complete attack process. The model quantify the probability distribution of the number of compromised hosts. The results of simulation show that MTD can reduce the number of compromised hosts, and attackers cannot control all hosts.
2019-02-08
Xiong, Xinli, Zhao, Guangsheng, Wang, Xian.  2018.  A System Attack Surface Based MTD Effectiveness and Cost Quantification Framework. Proceedings of the 2Nd International Conference on Cryptography, Security and Privacy. :175-179.

Moving Target Defense (MTD) is a game-changing method to thwart adversaries and reverses the imbalance situation in network countermeasures. Introducing Attack Surface (AS) into MTD security assessment brings productive concepts to qualitative and quantitative analysis. The quantification of MTD effectiveness and cost (E&C) has been under researched, using simulation models and emulation testbeds, to give accurate and reliable results for MTD technologies. However, the lack of system-view evaluation impedes MTD to move toward large-scale applications. In this paper, a System Attack Surface Based Quantification Framework (SASQF) is proposed to establish a system-view based framework for further research in Attack Surface and MTD E&C quantification. And a simulated model based on SASQF is developed to provide illustrations and software simulation methods. A typical C/S scenario and Cyber Kill Chain (CKC) attacks are presented in case study and several simulated results are given. From the simulated results, IP mutation frequency is the key to increase consumptions of adversaries, while the IP mutation pool is not the principal factor to thwart adversaries in reconnaissance and delivery of CKC steps. For system user operational cost, IP mutation frequency influence legitimate connections in relative values under ideal link state without delay, packet lose and jitter. The simulated model based on SASQF also provides a basic method to find the optimal IP mutation frequency through simulations.