Moving target defense (MTD) in an adaptive execution environment

Paulos, Aaron; Pal, Partha; Schantz, Richard; Benyo, Brett

doi:10.1145/2459976.2460045

Cited by 9 publications

(5 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, system security is enhanced by collaboratively adopting mechanisms such as endpoint information hopping, network intrusion detection, and container separation. Pal et al [100][101][102] proposed Advanced Adaptive Application (A3). A3 achieves proactive defense by adopting dedicated isolation container, defensive buffer, and modify and replay.…”

Section: Cross-layer Mtd Mechanismmentioning

confidence: 99%

Moving Target Defense Techniques: A Survey

Cheng

Zhang

Jian-cheng

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

As an active defense technique to change asymmetry in cyberattack-defense confrontation, moving target defense research has become one of the hot spots. In order to gain better understanding of moving target defense, background knowledge and inspiration are expounded at first. Based on it, the concept of moving target defense is analyzed. Secondly, literature analysis method is adopted to explain the design principles and system architecture of moving target defense. In addition, some relevant key techniques are introduced from the aspects of strategy generation, shuffling implementation, and performance evaluation. After that, the applications of moving target defense in different network architectures are illustrated. Finally, existing problems and future trend in this field are elaborated so as to provide a basis for further study.

show abstract

Section: Cross-layer Mtd Mechanismmentioning

confidence: 99%

Moving Target Defense Techniques: A Survey

Cheng

Zhang

Jian-cheng

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…As described, the kernel of the algorithm is the EMD problem (4a), (4b), (4c), (4d), (4e), and (4f) solved using the binary branch and bound/cut method in Step (11). The optimal solution for (4a), (4b), (4c), (4d), (4e), and (4f) is used to update , or, in other words, to find the detours of the routes, as depicted in Step (12). By repeating these steps, the existing routes gradually move away and increase lengths, until the uniformity of all the nodes as regards accumulative traffic cannot be further improved; see the loop from Steps (2) to (13).…”

Section: Nodewise Route Mutation For Delay-tolerant Trafficmentioning

confidence: 99%

Scalable Node-Centric Route Mutation for Defense of Large-Scale Software-Defined Networks

Yang

Zheng

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

Exploiting software-defined networking techniques, randomly and instantly mutating routes can disguise strategically important infrastructure and protect the integrity of data networks. Route mutation has been to date formulated as NP-complete constraint satisfaction problem where feasible sets of routes need to be generated with exponential computational complexities, limiting algorithmic scalability to large-scale networks. In this paper, we propose a novel node-centric route mutation method which interprets route mutation as a signature matching problem. We formulate the route mutation problem as a three-dimensional earth mover's distance (EMD) model and solve it by using a binary branch and bound method. Considering the scalability, we further propose that a heuristic method yields significantly lower computational complexities with marginal loss of robustness against eavesdropping. Simulation results show that our proposed methods can effectively disguise key infrastructure by reducing the difference of historically accumulative traffic among different switches. With significantly reduced complexities, our algorithms are of particular interest to safeguard large-scale networks.

show abstract

“…At the same time one can observe the significant increase in a number of research papers in this field within the last couple of years. There were proposed such solutions as defense of networks from remote scanning [4,5], defense from DDoS-attacks [6], virtualization technologies protected from research [7], etc. Some solutions based on MTD were accepted as standards in the area of software development, e.g.…”

Section: Introductionmentioning

confidence: 99%

Formalization of the problem of protection against reconnaissance in conflict systems

Styugin

Кытманов

Yamskikh

2018

Journal of Discrete Mathematical Sciences and Cryptography

View full text Add to dashboard Cite

This paper attempts to identify recent trends in counteraction to the intruder`s penetration into the system at reconnaissance stage as the sphere of information security. The problem of actions interrelation, agents` information awareness and system transition from one state into another is formulated. Based on the functional model, formalization of the three tasks is presented. The first task formulates the conditions in which the system can not transform into undesirable state for a given set of indiscernible elements. The second task formalizes the way to achieve a safe state in the system and allows one to formulate the optimization problem. The third task formalises the conditions under which the system agents actions may be indiscernible to each other. The scope of study for functional steganography is defined. Exponential complexity of agents actions factorization in a system is proved. The definition of absolutely indiscernible actions is provided.

show abstract

Moving target defense (MTD) in an adaptive execution environment

Cited by 9 publications

References 6 publications

Moving Target Defense Techniques: A Survey

Moving Target Defense Techniques: A Survey

Scalable Node-Centric Route Mutation for Defense of Large-Scale Software-Defined Networks

Formalization of the problem of protection against reconnaissance in conflict systems

Contact Info

Product

Resources

About