Abstract
Moving Target Defense (MTD) has emerged as a good solution to deal with dynamic attack surface. The goal is to make it difficult for an attacker to exploit network resources. But it is challenging to provide zero downtime guarantees when performing network rearrangement or when a physical host acts as a single point of failure for virtual servers. In this paper, we introduce Software Defined Networking (SDN) based continuous time modeling techniques to perform virtual machine migration and MTD techniques while maintaining high service availability and system security. This solution will not only increase attackers uncertainty but will also provide low downtime and high availability guarantee for the network.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Clark, C., Fraser, K., Hand, S., Hansen, J.G., Jul, E., Limpach, C., Pratt, I., Warfield, A.: Live migration of virtual machines. In: The 2nd Conference on Symposium on Networked Systems Design and Implementation, vol. 2, pp. 273–286. USENIX Association (2005)
Hong, J., Kim, D.S.: Assessing the effectiveness of moving target defenses using security models. IEEE Trans. Depend. Secur. Comput. 13, 163–177 (2016)
Jia, Q., Sun, K., Stavrou, A.: MOTAG: moving target defense against internet denial of service attacks. In: 22nd International Conference on Computer Communications and Networks (ICCCN), pp. 1–9. IEEE (2013)
Jafarian, J.H., Al-Shaer, E., Duan, Q.: Openflow random host mutation: transparent moving target defense using software defined networking. In: First Workshop on Hot Topics in Software Defined Networks, pp. 127–132. ACM, New York (2012)
Rohrer, J.P., Jabbar, A., Sterbenz, J.P.G.: Path diversification for future internet end-to-end resilience and survivability. Telecommun. Syst. 56, 49–67 (2014)
Cox, B., Evans, D., Filipi, A., Rowanhill, J., Hu, W., Davidson, J., Knight, J., Nguyen-Tuong, A., Hiser, J.: N-variant systems: a secretless framework for security through diversity. In: 15th USENIX Security Symposium, Vancouver, pp. 105–120 (2006)
Yuan, E., Malek, S., Schmerl, B., Garlan, D., Gennari, J.: Architecture-based self-protecting software systems. In: 9th International ACM Sigsoft Conference on Quality of Software Architectures, Vancouver, pp. 33–42. ACM (2013)
Wang, H., Li, Y., Zhang, Y., Jin, D.: Virtual machine migration planning in software-defined networks. In: Conference on Computer Communications (INFOCOM), Hong Kong, pp. 487–495. IEEE (2015)
Thompson, M., Evans, N., Kisekka, V.: Multiple OS rotational environment an implemented moving target defense. In: 7th International Symposium on Resilient Control Systems (ISRCS), Denver, pp. 1–6. IEEE (2014)
Kampanakis, P., Perros, H., Beyene, T.: SDN-based solutions for Moving Target Defense network protection. In: 15th International Symposium on World of Wireless. Mobile and Multimedia Networks (WoWMoM), Sydney, pp. 1–6. IEEE (2014)
El Mir, I., Kim, D.S., Haqiq, A.: Security modeling and analysis of an intrusion tolerant cloud data center. In: Third World Conference on Complex Systems (WCCS), Marrakech, pp. 1–6. IEEE (2015)
El Mir, I., Kim, D.S., Haqiq, A.: Security modeling and analysis of a self-cleansing intrusion tolerance technique. In: 11th International Conference on Information Assurance and Security (IAS), Marrakech, pp. 110–116. IEEE (2015)
El Mir, I., Kim, D.S., Haqiq, A.: Cloud computing security modeling and analysis based on a self-cleansing intrusion tolerance technique. J. Inf. Assur. Secur. (JIAS) 11, 273–282 (2016)
Aziz, A., Sanwal, K., Singhal, V., Brayton, R.: Model-checking continuous-time Markov chains. ACM Trans. Comput. Logic (TOCL) 1, 162–170 (2000)
Chung, C.J., Khatkar, P., Xing, T., Lee, J., Huang, D.: NICE: network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans. Depend. Secur. Comput. 10, 198–211 (2013)
Acknowledgments
This research work is supported by the NATO Multi Year Project entitled Cyber Security Analysis and Assurance using Cloud-Based Security Measurement System with the code: SPS-984425. The research work was conducted as part of visiting scholar - Iman EL MIR’s visit to Arizona State University.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
El Mir, I., Chowdhary, A., Huang, D., Pisharody, S., Kim, D.S., Haqiq, A. (2018). Software Defined Stochastic Model for Moving Target Defense. In: Abraham, A., Haqiq, A., Ella Hassanien, A., Snasel, V., Alimi, A. (eds) Proceedings of the Third International Afro-European Conference for Industrial Advancement — AECIA 2016. AECIA 2016. Advances in Intelligent Systems and Computing, vol 565. Springer, Cham. https://doi.org/10.1007/978-3-319-60834-1_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-60834-1_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-60833-4
Online ISBN: 978-3-319-60834-1
eBook Packages: EngineeringEngineering (R0)