An Efficient and Agile Spatio-Temporal Route Mutation Moving Target Defense Mechanism

Zhou, Zan; Xu, Changqiao; Kuang, Xiaohui; Zhang, Tao; Sun, Limin

doi:10.1109/icc.2019.8761927

Cited by 19 publications

(11 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The paper [83] proposed an MTD framework for spatiotemporal route mutation by using a stochastic optimization model to provide network security. The system is supervised by a controller that disperses the traffic among nodes taking into account parameters like link capacity, predetermined network and user requirements, and node stability, but also overall user quality of experience (QoE).…”

Section: Route Mutationmentioning

confidence: 99%

“…However, different approaches are also present in research papers, such as [93,110], which proposed an architecture, deriving new values from the pre-shared key between host and server. Articles [77,83,102,104,114] proposed calculating new values based on the current state of the system, possibly also taking past events into consideration. This could include network parameters, such as current link congestion, storage space, or even how many times a node had been under attack in the past.…”

Section: How To Movementioning

confidence: 99%

“…These were most often performed by using Matlab [121] or Python [122] or other means. Some examples from the surveyed literature are [76,80,81,83,85,103,111,[114][115][116]119]. The proposal in [107] was validated on the Rocketfuel [123] dataset containing network topologies, both from real ISPs and generated based on those real ones.…”

Section: Testbedsmentioning

confidence: 99%

See 2 more Smart Citations

A Survey on Moving Target Defense for Networks: A Practical View

2022

View full text Add to dashboard Cite

The static nature of many of currently used network systems has multiple practical benefits, including cost optimization and ease of deployment, but it makes them vulnerable to attackers who can observe from the shadows to gain insight before launching a devastating attack against the infrastructure. Moving target defense (MTD) is one of the emerging areas that promises to protect against this kind of attack by continuously shifting system parameters and changing the attack surface of protected systems. The emergence of network functions virtualization (NFV) and software-defined networking (SDN) technology allows for the implementation of very sophisticated MTD techniques. Furthermore, the introduction of such solutions as field-programmable gate array (FPGA) programmable acceleration cards makes it possible to take the MTD concept to the next level. Applying hardware acceleration to existing concepts or developing new, dedicated methods will offer more robust, efficient, and secure solutions. However, to the best of the authors’ knowledge, there are still no major implementations of MTD schemes inside large-scale networks. This survey aims to understand why, by analyzing research made in the field of MTD to show current pitfalls and possible improvements that need to be addressed in future proposals to make MTD a viable solution to address current cybersecurity threats in real-life scenarios.

show abstract

Section: Route Mutationmentioning

confidence: 99%

Section: How To Movementioning

confidence: 99%

See 1 more Smart Citation

A Survey on Moving Target Defense for Networks: A Practical View

2022

View full text Add to dashboard Cite

show abstract

“…Constraint (13) ensures that any link which is used in the prior control sublayer (developed by the proposed algorithm) will not be used in the new sublayer graph. Constraint (14) ensures that all the high-risk, recently compromised communication links (known based on the history of the underlying interconnected MAS) will be excluded from the control layer. Constraint (15) ensures that any node without an active selfloop will be connected to a node with an active selfloop (either directly or via an intermediary node).…”

Section: Control Layer Design Framework: Cybersecuritymentioning

confidence: 99%

Arbitrarily Fast Switched Distributed Stabilization of Partially Unknown Interconnected Multiagent Systems: A Proactive Cyber Defense Perspective

Rezaei¹,

Jafarian²,

Sicker³

2021

Preprint

View full text Add to dashboard Cite

A design framework recently has been developed to stabilize interconnected multiagent systems in a distributed manner, and systematically capture the architectural aspect of cyber-physical systems. Such a control theoretic framework, however, results in a stabilization protocol which is passive with respect to the cyber attacks and conservative regarding the guaranteed level of resiliency. We treat the control layer topology and stabilization gains as the degrees of freedom, and develop a mixed control and cybersecurity design framework to address the above concerns. From a control perspective, despite the agent layer modeling uncertainties and perturbations, we propose a new step-by-step procedure to design a set of control sublayers for an arbitrarily fast switching of the control layer topology. From a proactive cyber defense perspective, we propose a satisfiability modulo theory formulation to obtain a set of control sublayer structures with security considerations, and offer a frequent and fast mutation of these sublayers such that the control layer topology will remain unpredictable for the adversaries. We prove the robust input-to-state stability of the two-layer interconnected multiagent system, and validate the proposed ideas in simulation.

show abstract

“…For instance, routing randomization has been proven to be an effective method against eavesdropping attacks. Currently, representative routing randomization techniques include but are not limited to: RRM [53], AE-RRM [50], AT-RRM [54], and SSO-RM [55]. However, RRM and AE-RRM implement random transformations only on the routes of data transmission between nodes, without considering different attack behaviors and protecting network QoS under such circumstances.…”

mentioning

confidence: 99%

A Survey on Moving Target Defense: Intelligently Affordable, Optimized and Self-Adaptive

Sun¹,

Zhu²,

Fei³

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

Represented by reactive security defense mechanisms, cyber defense possesses a static, reactive, and deterministic nature, with overwhelmingly high costs to defend against ever-changing attackers. To change this situation, researchers have proposed moving target defense (MTD), which introduces the concept of an attack surface to define cyber defense in a brand-new manner, aiming to provide a dynamic, continuous, and proactive defense mechanism. With the increasing use of machine learning in networking, researchers have discovered that MTD techniques based on machine learning can provide omni-bearing defense capabilities and reduce defense costs at multiple levels. However, research in this area remains incomplete and fragmented, and significant progress is yet to be made in constructing a defense mechanism that is both robust and available. Therefore, we conducted a comprehensive survey on MTD research, summarizing the background, design mechanisms, and shortcomings of MTD, as well as relevant features of intelligent MTD that are designed to overcome these limitations. We aim to provide researchers seeking the future development of MTD with insight into building an intelligently affordable, optimized, and self-adaptive defense mechanism.

show abstract

An Efficient and Agile Spatio-Temporal Route Mutation Moving Target Defense Mechanism

Cited by 19 publications

References 14 publications

A Survey on Moving Target Defense for Networks: A Practical View

A Survey on Moving Target Defense for Networks: A Practical View

Arbitrarily Fast Switched Distributed Stabilization of Partially Unknown Interconnected Multiagent Systems: A Proactive Cyber Defense Perspective

A Survey on Moving Target Defense: Intelligently Affordable, Optimized and Self-Adaptive

Contact Info

Product

Resources

About