ABSTRACT
Both moving target defense and cyber deception defense protect their systems and networks by increasing the uncertainty of information acquired by attackers. Moving target defense randomly changes the IP address, port, operating platform, and other information of the network system to invalidate the information obtained by the attacker within a period of time. Cyber deception defense misleads the attacker to attack the wrong target by setting up a scam in one's network information system. To compare the defense performance of moving target defense and cyber deception defense, this paper establishes a defense effectiveness evaluation model based on the Urn model and quantifies the defense performance of different defense methods based on parameters such as the number of detected addresses, network size, and address conversion frequency.
- NITRDSubcommittee. National cyber leap year summit 2009 co-chairs' report. 2009. https://www.nitrd.gov/nitrdgroups/index.php? title=Category:National_Cyber_Leap_Year_ Summit_2009Google Scholar
- Xu, Jun & Guo, Pinyao & Zhao, Mingyi & Erbacher, Robert & Zhu, Minghui & Liu, Peng. (2014). Comparing Different Moving Target Defense Techniques. Proceedings of the ACM Conference on Computer and Communications Security. 2014. 97-107. 10.1145/2663474.2663486.Google ScholarDigital Library
- Antonatos, Spiros & Akritidis, Periklis & Markatos, Evangelos & Anagnostakis, K.. (2006). Defending against Hitlist Worms using Network Address Space Randomization. Computer Networks. 51. 10.1016/j.comnet.2007.02.006.Google Scholar
- Ryder, Dorene & Fink, R. & Lowry, John & Dean, Mike. (2001). Dynamic approaches to thwart adversary intelligence gathering. IEEE. 1. 176 - 185 vol.1. 10.1109/DISCEX.2001.932214.Google Scholar
- Al-Shaer, Ehab & Duan, Qi & Jafarian, Jafar. (2013). Random Host Mutation for Moving Target Defense. 106. 310-327. 10.1007/978-3-642-36883-7_19.Google Scholar
- Luo, Yue-Bin & Wang, Bao-Sheng & Wang, Xiao-Feng & Hu, Xiao-Feng & Cai, Gui-Lin & Sun, Hao. (2015). RPAH: Random Port and Address Hopping for Thwarting Internal and External Adversaries. 263-270. 10.1109/Trustcom.2015.383.Google Scholar
- Debroy, Saptarshi & Calyam, Prasad & Nguyen, Minh & Stage, Allen & Georgiev, Vladimir. (2016). Frequency-Minimal Moving Target Defense using Software-Defined Networking. 10.1109/ICCNC.2016.7440635.Google Scholar
- Jackson, Todd & Homescu, Andrei & Crane, Stephen & Larsen, Per & Brunthaler, Stefan & Franz, Michael. (2013). Diversifying the Software Stack Using Randomized NOP Insertion. 10.1007/978-1-4614-5416-8_8.Google Scholar
- Jia, Z.-P & Fang, B.-X & Liu, C.-G & Liu, Q.-X & Lin, J.-B. (2017). Survey on cyber deception. Tongxin Xuebao/Journal on Communications. 38. 128-143. 10.11959/j.issn.1000-436x.2017281.Google Scholar
- Sun, Jianhua & Liu, Songsong & Sun, Kun. (2019). A Scalable High Fidelity Decoy Framework against Sophisticated Cyber Attacks. 37-46. 10.1145/3338468.3356826.Google Scholar
- Albanese, Massimiliano & Battista, Ermanno & Jajodia, Sushil. (2016). Deceiving Attackers by Creating a Virtual Attack Surface. 10.1007/978-3-319-32699-3_8.Google Scholar
- Prakash, Achintya & Wellman, Michael. (2015). Empirical Game-Theoretic Analysis for Moving Target Defense. 57-65. 10.1145/2808475.2808483.Google Scholar
- Leeuwen, Brian & Stout, William & Urias, Vincent. (2016). MTD assessment framework with cyber attack modeling. 1-8. 10.1109/CCST.2016.7815722.Google Scholar
- Zaffarano, Kara & Taylor, Joshua & Hamilton, Samuel. (2015). A Quantitative Framework for Moving Target Defense Effectiveness Evaluation. 3-10. 10.1145/2808475.2808476.Google Scholar
- Carroll, Thomas & Crouse, Michael & Fulp, Errin & Berenhaut, Kenneth. (2014). Analysis of network address shuffling as a moving target defense. 701-706. 10.1109/ICC.2014.6883401.Google Scholar
- Luo, Yue-Bin & Wang, Bao-Sheng & Cai, Gui-Lin. (2014). Effectiveness of Port Hopping as a Moving Target Defense. 7-10. 10.1109/SecTech.2014.9.Google Scholar
- Crouse, Michael & Prosser, Bryan & Fulp, Errin. (2015). Probabilistic Performance Analysis of Moving Target and Deception Reconnaissance Defenses. 21-29. 10.1145/2808475.2808480.Google Scholar
- Xiong Xinlin & Xu Weigang & Zhao Guangsheng. (2018). The Effectiveness Assessment for Network Based MTD Strategies. 7-11. 10.1145/3290480.3290485Google Scholar
Recommendations
Insider Threat Mitigation Using Moving Target Defense and Deception
MIST '17: Proceedings of the 2017 International Workshop on Managing Insider Security ThreatsThe insider threat has been subject of extensive study and many approaches from technical perspective to behavioral perspective and psychological perspective have been proposed to detect or mitigate it. However, it still remains one of the most ...
Game Theory Approaches for Evaluating the Deception-based Moving Target Defense
MTD'22: Proceedings of the 9th ACM Workshop on Moving Target DefenseMoving target defense (MTD) is a proactive defensive mechanism proposed to disrupt and disable potential attacks, thus reversing the defender's disadvantages. Cyber deception is a complementary technique that is often used to enhance MTD by utilizing ...
A Model for Analyzing the Effectiveness of Moving Target Defense
ICCNS '18: Proceedings of the 8th International Conference on Communication and Network SecurityMoving target defense(MTD) is a typical proactive cyber defense technology, which not only increases the difficulty of the attacker, but also reduces the damage caused by successful attacks. A number of studies have assessed the defensive effectiveness ...
Comments