| Title | Moving Target Defense Against Advanced Persistent Threats for Cybersecurity Enhancement |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Khosravi-Farmad, M., Ramaki, A. A., Bafghi, A. G. |
| Conference Name | 2018 8th International Conference on Computer and Knowledge Engineering (ICCKE) |
| Keywords | abstraction levels, Advanced Persistent Threat (APT), advanced persistent threats, Analytical models, APT attack strategies, APT attacks, APTs, complex multi-step attack scenario, computer network security, cybersecurity, cybersecurity attacks, cybersecurity enhancement, deception techniques, enterprise-level organizations, Human Behavior, IKC models, IKC progression, IKC-based intrusion activities, Intrusion detection, Intrusion Detection Systems, Intrusion Kill Chain (IKC), intrusion kill chain model, intrusion prevention systems, invasive software, IP networks, Metrics, moving target defense, moving target defense (MTD), MTD techniques, network assets, network-based services, networked infrastructure, Organizations, pubcrawl, Reconnaissance, Resiliency, Scalability, security concerns |
| Abstract | One of the main security concerns of enterprise-level organizations which provide network-based services is combating with complex cybersecurity attacks like advanced persistent threats (APTs). The main features of these attacks are being multilevel, multi-step, long-term and persistent. Also they use an intrusion kill chain (IKC) model to proceed the attack steps and reach their goals on targets. Traditional security solutions like firewalls and intrusion detection and prevention systems (IDPSs) are not able to prevent APT attack strategies and block them. Recently, deception techniques are proposed to defend network assets against malicious activities during IKC progression. One of the most promising approaches against APT attacks is Moving Target Defense (MTD). MTD techniques can be applied to attack steps of any abstraction levels in a networked infrastructure (application, host, and network) dynamically for disruption of successful execution of any on the fly IKCs. In this paper, after presentation and discussion on common introduced IKCs, one of them is selected and is used for further analysis. Also, after proposing a new and comprehensive taxonomy of MTD techniques in different levels, a mapping analysis is conducted between IKC models and existing MTD techniques. Finally, the effect of MTD is evaluated during a case study (specifically IP Randomization). The experimental results show that the MTD techniques provide better means to defend against IKC-based intrusion activities. |
| DOI | 10.1109/ICCKE.2018.8566531 |
| Citation Key | khosravi-farmad_moving_2018 |
Moving Target Defense Against Advanced Persistent Threats for Cybersecurity Enhancement