Abstract:Distributed and parallel applications are critical information technology systems in multiple industries, including academia, military, government, financial, medical, and transportation. These applications present target rich environments for malicious attackers seeking to disrupt the confidentiality, integrity and availability of these systems. Applying the military concept of defense cyber maneuver to these systems can provide protection and defense mechanisms that allow survivability and operational contin… Show more
“…Existing works include MUTE (Al-Shaer, 2011), multi-layer Han et al (2014) Theoretical analysis E Provide a general approach for using cyber epidemic dynamics and two metrics to characterize the power of MTDs c Evans et al (2011) A game model E Consider five attacking scenarios (circumvention attacks, deputy attacks, brute force and entropy reduction attacks, probing attacks, and incremental attacks) to evaluate the effectiveness of dynamic diversity defenses and conclude that MTD is not always effective c Xu et al (2014) A three-layer model E Provide a general model to evaluate the effectiveness of MTDs. Furthermore, this model can be used to compare the effects of different MTDs c Moody et al (2014) Stochastic Petri nets model E-F Evaluate the benefits of the maneuverability for the defensive maneuver cyber platform, which uses MTD and deceptive defense. Furthermore, identify that the ratio of deceptive to operational nodes and the transition firing rate can influence the defense effect d Carroll et al (2014) Urn models and simulation E-F Analyze the effectiveness of network address shuffling.…”
Section: Discussionmentioning
confidence: 99%
“…It is the first approach to evaluate and compare the effectiveness of different MTD techniques; however, it is too complicated for users. Moody et al (2014) used stochastic Petri nets (SPNs) to model and evaluate a defensive maneuver cyber platform, which uses MTD and deceptive defense tactics. Through the use of SPNs to model each node comprising the platform and the whole platform system, they discussed the trade-offs between security and operations in the defensive maneuver cyber platform, specifically identifying the impact of the transition firing rate.…”
Moving target defense (MTD) has emerged as one of the game-changing themes to alter the asymmetric situation between attacks and defenses in cyber-security. Numerous related works involving several facets of MTD have been published. However, comprehensive analyses and research on MTD are still absent. In this paper, we present a survey on MTD technologies to scientifically and systematically introduce, categorize, and summarize the existing research works in this field. First, a new security model is introduced to describe the changes in the traditional defense paradigm and security model caused by the introduction of MTD. A function-and-movement model is provided to give a panoramic overview on different perspectives for understanding the existing MTD research works. Then a systematic interpretation of published literature is presented to describe the state of the art of the three main areas in the MTD field, namely, MTD theory, MTD strategy, and MTD evaluation. Specifically, in the area of MTD strategy, the common characteristics shared by the MTD strategies to improve system security and effectiveness are identified and extrapolated. Thereafter, the methods to implement these characteristics are concluded. Moreover, the MTD strategies are classified into three types according to their specific goals, and the necessary and sufficient conditions of each type to create effective MTD strategies are then summarized, which are typically one or more of the aforementioned characteristics. Finally, we provide a number of observations for the future direction in this field, which can be helpful for subsequent researchers.
“…Existing works include MUTE (Al-Shaer, 2011), multi-layer Han et al (2014) Theoretical analysis E Provide a general approach for using cyber epidemic dynamics and two metrics to characterize the power of MTDs c Evans et al (2011) A game model E Consider five attacking scenarios (circumvention attacks, deputy attacks, brute force and entropy reduction attacks, probing attacks, and incremental attacks) to evaluate the effectiveness of dynamic diversity defenses and conclude that MTD is not always effective c Xu et al (2014) A three-layer model E Provide a general model to evaluate the effectiveness of MTDs. Furthermore, this model can be used to compare the effects of different MTDs c Moody et al (2014) Stochastic Petri nets model E-F Evaluate the benefits of the maneuverability for the defensive maneuver cyber platform, which uses MTD and deceptive defense. Furthermore, identify that the ratio of deceptive to operational nodes and the transition firing rate can influence the defense effect d Carroll et al (2014) Urn models and simulation E-F Analyze the effectiveness of network address shuffling.…”
Section: Discussionmentioning
confidence: 99%
“…It is the first approach to evaluate and compare the effectiveness of different MTD techniques; however, it is too complicated for users. Moody et al (2014) used stochastic Petri nets (SPNs) to model and evaluate a defensive maneuver cyber platform, which uses MTD and deceptive defense tactics. Through the use of SPNs to model each node comprising the platform and the whole platform system, they discussed the trade-offs between security and operations in the defensive maneuver cyber platform, specifically identifying the impact of the transition firing rate.…”
Moving target defense (MTD) has emerged as one of the game-changing themes to alter the asymmetric situation between attacks and defenses in cyber-security. Numerous related works involving several facets of MTD have been published. However, comprehensive analyses and research on MTD are still absent. In this paper, we present a survey on MTD technologies to scientifically and systematically introduce, categorize, and summarize the existing research works in this field. First, a new security model is introduced to describe the changes in the traditional defense paradigm and security model caused by the introduction of MTD. A function-and-movement model is provided to give a panoramic overview on different perspectives for understanding the existing MTD research works. Then a systematic interpretation of published literature is presented to describe the state of the art of the three main areas in the MTD field, namely, MTD theory, MTD strategy, and MTD evaluation. Specifically, in the area of MTD strategy, the common characteristics shared by the MTD strategies to improve system security and effectiveness are identified and extrapolated. Thereafter, the methods to implement these characteristics are concluded. Moreover, the MTD strategies are classified into three types according to their specific goals, and the necessary and sufficient conditions of each type to create effective MTD strategies are then summarized, which are typically one or more of the aforementioned characteristics. Finally, we provide a number of observations for the future direction in this field, which can be helpful for subsequent researchers.
“…The main methods in the research of security evaluation model of MTD systems are Markov stochastic process and stochastic Petri net. Moody et al [15] put forward a stochastic Petri-net evaluation model that can be used to understand, evaluate and optimize the cost and benefit of MTD systems in a distributed application environment, and can be used for security assessment of critical infrastructure in cyberspace. Zhuang et al [16] proposed an analysis model based on Markov chain, which combines network node configuration, adaptation interval and number of nodes in each interval to calculate the probability of successful MTD attack.…”
Section: Related Network Security Researchmentioning
“…Moody W, et al [23] analyzes the tradeoffs between security and operations using a Stochastic petri net (SPN) model of a defensive maneuver cyber platform. Robert Mitchell et al [24] develops an analytical model based on stochastic Petri nets to capture the dynamics between adversary behavior and defense for cyber physical systems. Guilin Cai, et al [25] develops a generalized abstract performance evaluation model for Moving target defense using Generalized stochastic petri net (GSPN).…”
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.