A survey: When moving target defense meets game theory

Jian-cheng, Tan; Jin, Hui; Zhang, Hongqi; Zhang, Yuchen; Chang, Dexian; Liu, Xiaohu; Zhang, Hengwei

doi:10.1016/j.cosrev.2023.100544

Cited by 12 publications

(7 citation statements)

References 50 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, this approach to cybersecurity was formalized only recently under the umbrella of Moving Target Defense [1]. Since then, many approaches have been proposed in the literature at different levels of the system stack, with several review papers covering the topic [36], [37]. In this section, we analyze relevant related works and provide a comparison against DOLOS.…”

Section: Related Workmentioning

confidence: 99%

DOLOS: A Novel Architecture for Moving Target Defense

Pagnotta,

De Gaspari,

Hitaj

et al. 2023

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Moving Target Defense and Cyber Deception emerged in recent years as two key proactive cyber defense approaches, contrasting with the static nature of the traditional reactive cyber defense. The key insight behind these approaches is to impose an asymmetric disadvantage for the attacker by using deception and randomization techniques to create a dynamic attack surface. Moving Target Defense (MTD) typically relies on system randomization and diversification, while Cyber Deception is based on decoy nodes and fake systems to deceive attackers. However, current Moving Target Defense techniques are complex to manage and can introduce high overheads, while Cyber Deception nodes are easily recognized and avoided by adversaries.This paper presents DOLOS, a novel architecture that unifies Cyber Deception and Moving Target Defense approaches. DOLOS is motivated by the insight that deceptive techniques are much more powerful when integrated into production systems rather than deployed alongside them. DOLOS combines typical Moving Target Defense techniques, such as randomization, diversity, and redundancy, with cyber deception and seamlessly integrates them into production systems through multiple layers of isolation. We extensively evaluate DOLOS against a wide range of attackers, ranging from automated malware to professional penetration testers, and show that DOLOS is effective in slowing down attacks and protecting the integrity of production systems. We also provide valuable insights and considerations for the future development of MTD techniques based on our findings.

show abstract

Section: Related Workmentioning

confidence: 99%

DOLOS: A Novel Architecture for Moving Target Defense

Pagnotta,

De Gaspari,

Hitaj

et al. 2023

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

show abstract

“…(3) Proximity centrality Proximity centrality is used to measure the average distance from one node to other nodes in the network. As shown in formula (7), where uv d represents the geodesic distance between nodes u and v, as the higher the degree of network center of the node, the lower the average geodesic distance. Therefore, the reciprocal processing is performed, and V is the node set in the network.…”

Section: Path Initial Weight Calculationmentioning

confidence: 99%

DPW-RRM: Random Routing Mutation Defense Method Based on Dynamic Path Weight

2023

KSII TIIS

View full text Add to dashboard Cite

A preliminary version of this paper appeared in International Conference on Machine Learning, Cloud Computing and Intelligent Mining (MLCCIM 2022). This version has extended our study by adding the theoretical analysis of the link congestion detection based on network state constraints, the mutation path calculation and selection based on weighted random routing, and the methods of the mutation strategy delivery.

show abstract

“…AI techniques, such as ML and DL, are used to enhance SDN security in various ways, including anomaly detection, traffic classification, and threat prediction [15], [16]. Moving target defense mechanisms are designed to thwart evolving cyber threats by dynamically changing network configurations [17], [18]. We focus on moving-target defense mechanisms deployed within SDN, particularly the data and control planes.…”

Section: Introductionmentioning

confidence: 99%

Security Control and Data Planes of SDN: A Comprehensive Review of Traditional, AI, and MTD Approaches to Security Solutions

Abdi,

Audah,

Salh

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Software-Defined Networking (SDN) is a groundbreaking technology that has transformed network management significantly. By integrating data and control, SDN offers unparalleled flexibility and responsiveness, thereby overcoming the limitations of conventional network architectures. However, a centralized controller, which is a hallmark of SDN, is a double-edged security sword that offers easy control. This also becomes a dangerous point of failure for the entire network. To the best of our knowledge, this is the first comprehensive study to explore traditional-based, artificial intelligence (AI)-based, and moving target defense (MTD) approaches to securing SDN. The study begins with a survey of traditional security solutions for SDN, encompassing authentication, authorization, encryption, security protocols, firewalls, and flow verification, by addressing security threats and vulnerabilities in both data and control planes. The study then investigates the application of AI-based security solutions in an SDN environment, focusing on how Machine Learning (ML) and Deep Learning (DL) techniques are leveraged to address advanced security threats. Additionally, the survey examines MTD mechanisms within data and control plane security. Several in-depth techniques, including the randomization of Internet Protocol (IP) and Media Access Control (MAC) addresses, port numbers, and flow tables, and delving into the relationship between security threats, MTD strategies, and the specific controllers employed in experimental implementations. We utilized the widely recognized STRIDE cybersecurity framework to systematically identify and evaluate the potential threats to SDN security. Our analysis resulted in a comprehensive list of security challenges, and we propose future research directions aimed at addressing emerging threats in both the data and control planes.

show abstract

A survey: When moving target defense meets game theory

Cited by 12 publications

References 50 publications

DOLOS: A Novel Architecture for Moving Target Defense

DOLOS: A Novel Architecture for Moving Target Defense

DPW-RRM: Random Routing Mutation Defense Method Based on Dynamic Path Weight

Security Control and Data Planes of SDN: A Comprehensive Review of Traditional, AI, and MTD Approaches to Security Solutions

Contact Info

Product

Resources

About