Cyber defense in breadth: Modeling and analysis of integrated defense systems

Cho, Jin-Hee; Ben-Asher, Noam

doi:10.1177/1548512917699725

Cited by 19 publications

(24 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Evaluation Methods: As seen in Section VIII, most MTD approaches have used simulation-based experiments for the performance validation. The similar trends are observed in evaluating MTD techniques for enterprise networks , which are mainly validated based on simulation models [20,34,49,51,83,158,161] while the use of a model-based probability/analytical models was not common [30]. Fig.…”

Section: A Enterprise Networksupporting

confidence: 56%

“…The examples include platform migrations or system diversity [20,30,46,49], server location migrations [51,158], software stack diversity [161], proxy shuffling [83], or IP mutation [34]. Main Attacks: Most MTD approaches developed for enterprise networks countermeasured worm attacks [51], DDoS [51,83,158], abstracted attacks in an attack-defense game [49], scanning attacks [20,30,34], APT attacks [161], or more sophisticated, multi-stage attacks, including circumvention attacks, deputy attacks, entropy reducing attacks, probing attacks, and incremental attacks [46]. Key Methodologies: Since majority of existing MTD approaches have used game theoretic approaches, many MTD techniques for enterprise networks have used in an attackdefense game where the MTD techniques are used as defense strategies.…”

Section: A Enterprise Networkmentioning

confidence: 99%

See 1 more Smart Citation

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

Cho

Sharma

Alavizadeh

et al. 2020

IEEE Commun. Surv. Tutorials

Self Cite

211

View full text Add to dashboard Cite

Reactive defense mechanisms, such as intrusion detection systems, have made significant efforts to secure a system or network for the last several decades. However, the nature of reactive security mechanisms has limitations because potential attackers cannot be prevented in advance. We are facing a reality with the proliferation of persistent, advanced, intelligent attacks while defenders are often way behind attackers in taking appropriate actions to thwart potential attackers. The concept of moving target defense (MTD) has emerged as a proactive defense mechanism aiming to prevent attacks. In this work, we conducted a comprehensive, in-depth survey to discuss the following aspects of MTD: key roles, design principles, classifications, common attacks, key methodologies, important algorithms, metrics, evaluation methods, and application domains. We discuss the pros and cons of all aspects of MTD surveyed in this work. Lastly, we highlight insights and lessons learned from this study and suggest future work directions. The aim of this paper is to provide the overall trends of MTD research in terms of critical aspects of defense systems for researchers who seek for developing proactive, adaptive MTD mechanisms.

show abstract

Section: A Enterprise Networksupporting

confidence: 56%

Section: A Enterprise Networkmentioning

confidence: 99%

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

Cho

Sharma

Alavizadeh

et al. 2020

IEEE Commun. Surv. Tutorials

Self Cite

211

View full text Add to dashboard Cite

show abstract

“…MTD is designed to increase uncertainty and/or confusion to attackers attempting to penetrate into a system by identifying vulnerabilities of the target system. The main functions of MTD are to change the attack surfaces (i.e., system or network configurations), consequently invalidating the intelligence gathered by the attackers and wasting their resources and time [17]. The MTD techniques can be categorized in terms of shuffling, diversity, and redundancy [7].…”

Section: B Moving Target Defensementioning

confidence: 99%

“…In line 8, the IP shuffling-based MTD countermeasure according to the probability in (9) for security enhancement of devices in the network. In lines 9 -12, Based on the randomly sampled mini batch from B, θ Q and θ µ are updated according to (17) and (18), and targets θ Q and θ µ are updated softly.…”

Section: Ddpg-based Resource Allocation For Traffic Inspection and Mtd Operationsmentioning

confidence: 99%

DIVERGENCE: Deep Reinforcement Learning-Based Adaptive Traffic Inspection and Moving Target Defense Countermeasure Framework

Kim

Yoon

Cho

et al. 2022

IEEE Trans. Netw. Serv. Manage.

Self Cite

View full text Add to dashboard Cite

Reinforcement learning (RL) is a promising approach for intelligent agents to protect a given system under highly hostile environments. RL allows the agent to adaptively make sequential defense decisions based on the perceived current state of system security aiming to achieve the maximum defense performance in terms of fast, efficient, and automated detection, threat analysis, and response to the threat. In this paper, we propose a deep reinforcement learning (DRL)-based adaptive traffic inspection and moving target defense countermeasure framework, called 'DIVERGENCE,' for building a secure networked system. The DIVERGENCE provides two main security services: (1) a DRL-based network traffic inspection mechanism to achieve scalable and intensive network traffic visibility for rapid threat detection; and (2) an address shufflingbased moving target defense (MTD) technique to defend against threats as a proactive intrusion prevention mechanism. Through extensive simulations and experiments, we demonstrate that the DIVERGENCE successfully caught malicious traffic flows while significantly reducing the vulnerability of the network through MTD.

show abstract

“…Rahman et al [18] combine the degree of the system vulnerability and perform an attack based on resource level to quantify the probability that attacks are successfully performed. Cho et al [19] use Stochastic Petri Nets to create a model that describes an integrated defense system. They used the probability of a successful attack to quantify the meantime to security failure.…”

Section: Related Workmentioning

confidence: 99%

Optimal Strategy for Cyberspace Mimic Defense Based on Game Theory

Chen

Chen²,

Zhang³

et al. 2021

IEEE Access

View full text Add to dashboard Cite

Traditional defensive techniques are usually static and passive, and appear weak to confront highly adaptive and stealthy attacks. As a novel security theory, Cyberspace Mimic Defense (CMD) creates asymmetric uncertainty that favors the defender. CMD constructs multiple executors which are diverse functional equivalent variants for the protected target and arbitral mechanism. In this way, CMD senses the results of current running executors and changes the attack surface. Although CMD enhances the security of systems, there are still some critical gaps with respect to design a defensive strategy under costs and security. In this paper, we propose a dual model to dynamically select the number of executors being reconfigured according to the states of the executors. First, we establish a Markov anti-attack model to compare the effects of CMD under different types of attack. Then, we use a dynamic game of incomplete information to determine the optimal strategy, which achieves the balance of the number of reconfiguration and security. Finally, experimental results show that our dual model reduces defensive costs while guarantees security.

show abstract

Cyber defense in breadth: Modeling and analysis of integrated defense systems

Cited by 19 publications

References 21 publications

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

DIVERGENCE: Deep Reinforcement Learning-Based Adaptive Traffic Inspection and Moving Target Defense Countermeasure Framework

Optimal Strategy for Cyberspace Mimic Defense Based on Game Theory

Contact Info

Product

Resources

About