A System Attack Surface Based MTD Effectiveness and Cost Quantification Framework

Moving Target Defense (MTD) is a game-changing method to thwart adversaries and reverses the imbalance situation in network countermeasures. Introducing Attack Surface (AS) into MTD security assessment brings productive concepts to qualitative and quantitative analysis. The quantification of MTD effectiveness and cost (E&C) has been under researched, using simulation models and emulation testbeds, to give accurate and reliable results for MTD technologies. However, the lack of system-view evaluation impedes MTD to move toward large-scale applications. In this paper, a System Attack Surface Based Quantification Framework (SASQF) is proposed to establish a system-view based framework for further research in Attack Surface and MTD E&C quantification. And a simulated model based on SASQF is developed to provide illustrations and software simulation methods. A typical C/S scenario and Cyber Kill Chain (CKC) attacks are presented in case study and several simulated results are given. From the simulated results, IP mutation frequency is the key to increase consumptions of adversaries, while the IP mutation pool is not the principal factor to thwart adversaries in reconnaissance and delivery of CKC steps. For system user operational cost, IP mutation frequency influence legitimate connections in relative values under ideal link state without delay, packet lose and jitter. The simulated model based on SASQF also provides a basic method to find the optimal IP mutation frequency through simulations.