Skip to main content
SpringerLink
Log in

Attack Simulation for a Realistic Evaluation and Comparison of Network Security Techniques

  • Conference paper
  • First Online:
Secure IT Systems (NordSec 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11252))

Included in the following conference series:

Abstract

New network security techniques and strategies, such as Moving Target Defense (MTD), with promising narratives and concepts emerge on a regular basis. From a practical point of view, some of the most essential questions in judging a new defense technique are: What kind of attacks—and under which conditions—can be prevented? How does it compare to the state-of-the-art? Are there scenarios in which this technique poses a risk? Answering these questions is often difficult and no common framework for evaluating new techniques exists today.

In this paper we present an early operational version of such a practical evaluation framework that is able to incorporate static and dynamic defenses alike. The main idea is to model realistic networks and attacks with a high level of detail, integrate different defenses into this model, and measure their contribution to security in a given scenario with the help of simulation. To show the validity of our approach we use a small but realistic enterprise network as a case study in which we incorporate different realizations of the MTD technique VM migration. The quantitative results of the simulation based on attacker revenue reveal that VM migration actually has a negative impact on security. Using the log files containing the individual attack steps of the simulation, a qualitative analysis is performed to understand the reason. This combination of quantitative and qualitative analysis options is one of the main benefits of using attack simulation as an evaluation tool.

This research is supported by Rheinmetall.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    A table listing all functions with their requirements and effects can be found in the appendix.

References

  1. Al-Shaer, E., Duan, Q., Jafarian, J.H.: Random host mutation for moving target defense. In: Keromytis, A.D., Di Pietro, R. (eds.) SecureComm 2012. LNICST, vol. 106, pp. 310–327. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36883-7_19

    Chapter  Google Scholar 

  2. Almohri, H.M.J., Watson, L.T., Evans, D.: Misery digraphs: delaying intrusion attacks in obscure clouds. IEEE Trans. Inf. Forensics Secur. 13(6), 1361–1375 (2018)

    Article  Google Scholar 

  3. Anderson, N., Mitchell, R., Chen, I.R.: Parameterizing moving target defenses. In: 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–6, November 2016

    Google Scholar 

  4. Connell, W., Albanese, M., Venkatesan, S.: A framework for moving target defense quantification. In: De Capitani di Vimercati, S., Martinelli, F. (eds.) SEC 2017. IFIP AICT, vol. 502, pp. 124–138. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58469-0_9

    Chapter  Google Scholar 

  5. Connell, W., Menascé, D.A., Albanese, M.: Performance modeling of moving target defenses. In: Proceedings of the 2017 Workshop on Moving Target Defense, MTD 2017, pp. 53–63. ACM, New York (2017)

    Google Scholar 

  6. Dunlop, M., Groat, S., Urbanski, W., Marchany, R., Tront, J.: MT6D: a moving target IPv6 defense. In: Military Communications Conference - MILCOM 2011, pp. 1321–1326, November 2011

    Google Scholar 

  7. Evans, D., Nguyen-Tuong, A., Knight, J.: Effectiveness of moving target defenses. In: Jajodia, S., Ghosh, A., Swarup, V., Wang, C., Wang, X. (eds.) Moving Target Defense. Advances in Information Security, vol. 54, pp. 29–48. Springer, New York (2011). https://doi.org/10.1007/978-1-4614-0977-9_2

    Chapter  Google Scholar 

  8. Holm, H., Shahzad, K., Buschle, M., Ekstedt, M.: P\(^{2}\)CySeMoL: predictive, probabilistic cyber security modeling language. IEEE Trans. Dependable Secur. Comput. 12(6), 626–639 (2015)

    Article  Google Scholar 

  9. Holm, H., Sommestad, T., Ekstedt, M., Nordström, L.: CySeMoL: A tool for cyber security analysis of enterprises. In: 22nd International Conference and Exhibition on Electricity Distribution (CIRED 2013), pp. 1–4, June 2013

    Google Scholar 

  10. Hong, J.B., Kim, D.S.: Assessing the effectiveness of moving target defenses using security models. IEEE Trans. Dependable Secur. Comput. 13(2), 163–177 (2016)

    Article  Google Scholar 

  11. Jajodia, S., Noel, S., Kalapa, P., Albanese, M., Williams, J.: Cauldron mission-centric cyber situational awareness with defense in depth. In: Military Communications Conference - MILCOM 2011, pp. 1339–1344 (2011)

    Google Scholar 

  12. Jajodia, S., Noel, S., O’Berry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats. Massive Computing, vol. 5, pp. 247–266. Springer, Boston (2005). https://doi.org/10.1007/0-387-24230-9_9

    Chapter  Google Scholar 

  13. Johnson, P., Vernotte, A., Ekstedt, M., Lagerström, R.: pwnPr3d: an attack-graph-driven probabilistic threat-modeling approach. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 278–283. IEEE (2016)

    Google Scholar 

  14. Kampanakis, P., Perros, H., Beyene, T.: SDN-based solutions for moving target defense network protection. In: Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, pp. 1–6, June 2014

    Google Scholar 

  15. Kewley, D., Fink, R., Lowry, J., Dean, M.: Dynamic approaches to thwart adversary intelligence gathering. In: Proceedings of the DARPA Information Survivability Conference and Exposition II, DISCEX 2001, vol. 1, pp. 176–185 (2001)

    Google Scholar 

  16. Li, J., Yackoski, J., Evancich, N.: Moving target defense: a journey from idea to product. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense, MTD 2016, pp. 69–79. ACM (2016)

    Google Scholar 

  17. MacFarland, D.C., Shue, C.A.: The SDN shuffle: creating a moving-target defense using host-based software-defined networking. In: Proceedings of the Second ACM Workshop on Moving Target Defense, MTD 2015, pp. 37–41. ACM (2015)

    Google Scholar 

  18. Maleki, H., Valizadeh, S., Koch, W., Bestavros, A., van Dijk, M.: Markov modeling of moving target defense games. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense, MTD 2016, pp. 81–92. ACM (2016)

    Google Scholar 

  19. Neupane, R.L., et al.: Dolus: cyber defense using pretense against DDoS attacks in cloud platforms. In: Proceedings of the 19th International Conference on Distributed Computing and Networking, ICDCN 2018, pp. 30:1–30:10. ACM (2018)

    Google Scholar 

  20. Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: USENIX Security Symposium, Baltimore, MD, p. 8 (2005)

    Google Scholar 

  21. Prakash, A., Wellman, M.P.: Empirical game-theoretic analysis for moving target defense. In: Proceedings of the Second ACM Workshop on Moving Target Defense, MTD 2015, pp. 57–65. ACM, New York (2015)

    Google Scholar 

  22. Schmidt, S., Bye, R., Chinnow, J., Bsufka, K., Camtepe, A., Albayrak, S.: Application-level simulation for network security. Simulation 86(5–6), 311–330 (2010)

    Article  Google Scholar 

  23. Taylor, J., Zaffarano, K., Koller, B., Bancroft, C., Syversen, J.: Automated effectiveness evaluation of moving target defenses: metrics for missions and attacks. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense, MTD 2016, pp. 129–134. ACM, New York (2016)

    Google Scholar 

  24. Vadlamudi, S.G., et al.: Moving target defense for web applications using Bayesian Stackelberg games: (extended abstract). In: Proceedings of the 2016 International Conference on Autonomous Agents and Multiagent Systems, AAMAS 2016, pp. 1377–1378 (2016)

    Google Scholar 

  25. Venkatesan, S., Albanese, M., Cybenko, G., Jajodia, S.: A moving target defense approach to disrupting stealthy botnets. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense, MTD 2016, pp. 37–46. ACM (2016)

    Google Scholar 

  26. Vernotte, A., Johnson, P., Ekstedt, M., Lagerstrm, R.: In-depth modeling of the UNIX operating system for architectural cyber security analysis. In: 2017 IEEE 21st International Enterprise Distributed Object Computing Workshop (EDOCW), pp. 127–136, October 2017

    Google Scholar 

  27. Wang, H., Li, F., Chen, S.: Towards cost-effective moving target defense against DDoS and covert channel attacks. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense, MTD 2016, pp. 15–25. ACM, New York (2016)

    Google Scholar 

  28. Zaffarano, K., Taylor, J., Hamilton, S.: A quantitative framework for moving target defense effectiveness evaluation. In: Proceedings of the Second ACM Workshop on Moving Target Defense, MTD 2015, pp. 3–10. ACM (2015)

    Google Scholar 

  29. Zhuang, R., DeLoach, S.A., Ou, X.: A model for analyzing the effect of moving target defenses on enterprise networks. In: Proceedings of the 9th Annual Cyber and Information Security Research Conference, CISR 2014, pp. 73–76. ACM, New York (2014)

    Google Scholar 

  30. Zhuang, R., Zhang, S., DeLoach, S.A., Ou, X., Singhal, A.: Simulation-based approaches to studying effectiveness of moving-target network defense. In: National Symposium on Moving Target Research. NIST (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Digital Society Institute, ESMT Berlin, Berlin, Germany

    Alexander Bajic & Georg T. Becker

Authors
  1. Alexander Bajic
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Georg T. Becker
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alexander Bajic .

Editor information

Editors and Affiliations

  1. University of Oslo, Oslo, Norway

    Nils Gruschka

A Appendix

A Appendix

See Tables 3 and 4.

Table 3. Detailed overview of attacker actions based on exploits
Full size table
Table 4. Detailed overview of attacker actions based on legitimate functions as well as helper functions
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bajic, A., Becker, G.T. (2018). Attack Simulation for a Realistic Evaluation and Comparison of Network Security Techniques. In: Gruschka, N. (eds) Secure IT Systems. NordSec 2018. Lecture Notes in Computer Science(), vol 11252. Springer, Cham. https://doi.org/10.1007/978-3-030-03638-6_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-03638-6_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-03637-9

  • Online ISBN: 978-3-030-03638-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation