Toward effectiveness and agility of network security situational awareness using moving target defense (MTD)

Ge, Linqiang; Yu, Wei; Shen, Dan; Chen, Genshe; Pham, Khanh; Blasch, Erik; Lü, Chao

doi:10.1117/12.2050782

Cited by 18 publications

(19 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• Reconnaissance (or scanning) attacks: Scanning attacks are used by attackers to gather information and intelligence about a target system before an actual attack is launched. attacks include the use of hidden proxies, IP/port shuffling and/or address mapping [13,34,51,61,82,83,88,93,142,145,158,105]. For example, Meier et al [105] proposed a novel network obfuscation approach and implemented a framework named 'NetHide' which can successfully battle against the possible attacks such as Link-Flooding Attacks (LFAs) launched by even advanced attackers.…”

Section: Attack Typesmentioning

confidence: 99%

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

Cho

Sharma

Alavizadeh

et al. 2020

IEEE Commun. Surv. Tutorials

206

View full text Add to dashboard Cite

Reactive defense mechanisms, such as intrusion detection systems, have made significant efforts to secure a system or network for the last several decades. However, the nature of reactive security mechanisms has limitations because potential attackers cannot be prevented in advance. We are facing a reality with the proliferation of persistent, advanced, intelligent attacks while defenders are often way behind attackers in taking appropriate actions to thwart potential attackers. The concept of moving target defense (MTD) has emerged as a proactive defense mechanism aiming to prevent attacks. In this work, we conducted a comprehensive, in-depth survey to discuss the following aspects of MTD: key roles, design principles, classifications, common attacks, key methodologies, important algorithms, metrics, evaluation methods, and application domains. We discuss the pros and cons of all aspects of MTD surveyed in this work. Lastly, we highlight insights and lessons learned from this study and suggest future work directions. The aim of this paper is to provide the overall trends of MTD research in terms of critical aspects of defense systems for researchers who seek for developing proactive, adaptive MTD mechanisms.

show abstract

Section: Attack Typesmentioning

confidence: 99%

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

Cho

Sharma

Alavizadeh

et al. 2020

IEEE Commun. Surv. Tutorials

206

View full text Add to dashboard Cite

show abstract

“…This allows for the concept of MTD games related to attacker reconnaissance evasion and intelligence collection efficiency minimization to be established for the first time. Ge et al [39] have proposed incentive compatible MTD games based on communication mapping between normal users during server migration as a methodology that could be used to ensure high network service visibility and throughput for legitimate users as well as improve cyber agility [40] in terms of availability. This methodology could compose the concept of MTD operation for securing service availability and cyber agility in an architecture defined in detail for the first time.…”

Section: Game-theoretic Defensive Deception With Mtdmentioning

confidence: 99%

SOD2G: A Study on a Social-Engineering Organizational Defensive Deception Game Framework through Optimization of Spatiotemporal MTD and Decoy Conflict

Seo

Kim

2021

Electronics

View full text Add to dashboard Cite

Existing moving target defense (MTD) and decoy systems are conceptually limited in avoiding and preventing attackers’ social-engineering real-time attacks by organization through either structural mutations or induction and isolation only using static traps. To overcome the practical limitations of existing MTD and decoy and to conduct a multi-stage deception decision-making in a real-time attack-defense competition, the current work presents a social-engineering organizational defensive deception game (SOD2G) as a framework, consi dering hierarchical topologies and fingerprint characteristics by organization. The present work proposed and applied deception concepts and zero-sum-based two-player game models as well as attacker and defender decision-making process based on deceivable organizational environments and vulnerability information. They were designed in consideration of limited organizational resources so that they could converge in the positive direction to secure organizational defender dominant share and optimal values of the defender deception formulated by both scenario and attribute. This framework could handle incomplete private information better than existing models and non-sequentially stratified, and also contributed to the configuration of the optimal defender deception strategy. As the experimental results, they could increase the deception efficiency within an organization by about 40% compared to existing models. Also, in the sensitivity analysis, the proposed MTD and decoy yielded improvements of at least 60% and 30% in deception efficiency, respectively, compared to the existing works.

show abstract

“…The core elements of agility include: responsiveness, versatility, flexibility, resilience, innovativeness, and adaptability [94]. An example of agility in practice is network security that provides the dynamic responsiveness and resilience to adapt to moving challenges [95]. By considering the suitability of different C2 approaches for the conduct of different types of situations, the paradigm of C2 agility can be directly linked to the situational leadership.…”

Section: C2 Agilitymentioning

confidence: 99%

Agile battle management efficiency for command, control, communications, computers and intelligence (C4I)

Blasch

Bélanger

2016

Signal Processing, Sensor/Information Fusion, and Target Recognition XXV

Self Cite

View full text Add to dashboard Cite

Various operations such as civil-military co-operation (CIMIC) affairs require orchestration of communications, assets, and actors. A key component includes technology advancements to enable coordination among people and machines the ability to know where things are, who to coordinate with, and open and consistent lines of communication. In this paper, we explore concepts of battle management (BM) to support high-tempo emergency response scenarios such as a disaster action response team (DART). Three concepts highlighted of agile battle management (ABM) include source orchestration (e.g., sensors and domains), battle management language (BML) development (e.g., software and ontologies), and command and control (C2) coordination (e.g., people and visualization); which require correlation and de-confliction. These concepts of ABM support the physical, information, and cognitive domains for efficient command, control, communications, and information (C3I) to synchronize data and people for efficient and effective operations.

show abstract

Toward effectiveness and agility of network security situational awareness using moving target defense (MTD)

Cited by 18 publications

References 10 publications

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense

SOD2G: A Study on a Social-Engineering Organizational Defensive Deception Game Framework through Optimization of Spatiotemporal MTD and Decoy Conflict

Agile battle management efficiency for command, control, communications, computers and intelligence (C4I)

Contact Info

Product

Resources

About