Advertisement

Journal of Computer Science and Technology

, Volume 34, Issue 1, pp 207–233 | Cite as

A Survey on the Moving Target Defense Strategies: An Architectural Perspective

  • Jianjun ZhengEmail author
  • Akbar Siami Namin
Survey
  • 47 Downloads

Abstract

As the complexity and the scale of networks continue to grow, the management of the network operations and security defense has become a challenging task for network administrators, and many network devices may not be updated timely, leaving the network vulnerable to potential attacks. Moreover, the static nature of our existing network infrastructure allows attackers to have enough time to study the static configurations of the network and to launch well-crafted attacks at their convenience while defenders have to work around the clock to defend the network. This asymmetry, in terms of time and money invested, has given attackers greater advantage than defenders and has made the security defense even more challenging. It calls for new and innovative ideas to fix the problem. Moving Target Defense (MTD) is one of the innovative ideas which implements diverse and dynamic configurations of network systems with the goal of puzzling the exact attack surfaces available to attackers. As a result, the system status with the MTD strategy is unpredictable to attackers, hard to exploit, and is more resilient to various forms of attacks. There are existing survey papers on various MTD techniques, but to the best of our knowledge, insufficient focus was given on the architectural perspective of MTD strategies or some new technologies such as Internet of Things (IoT). This paper presents a comprehensive survey on MTD and implementation strategies from the perspective of the architecture of the complete network system, covering the motivation for MTD, the explanation of main MTD concepts, ongoing research efforts of MTD and its implementation at each level of the network system, and the future research opportunities offered by new technologies such as Software-Defined Networking (SDN) and Internet of Things (IoT).

Keywords

moving target defense network security Software-Defined Networking (SDN) 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Supplementary material

11390_2019_1906_MOESM1_ESM.pdf (295 kb)
ESM 1 (PDF 295 kb)

References

  1. [1]
    Manadhata P K,Wing J M. An attack surface metric. IEEE Transactions on Software Engineering, 2011, 37(3): 371-386.CrossRefGoogle Scholar
  2. [2]
    Zhuang R, Zhang S, DeLoach S A, Ou X M, Singhal A. Simulation-based approaches to studying effectiveness of moving-target network defense. In Proc. National Symposium on Moving Target Research, June 2012, pp.21-26.Google Scholar
  3. [3]
    Peng W, Li F, Huang C, Zou X. A moving-target defense strategy for cloud-based services with heterogeneous and dynamic attack surfaces. In Proc. IEEE International Conference on Communications, June 2014, pp.804-809.Google Scholar
  4. [4]
    Okhravi H, Rabe M A, Mayberry T J, Leonard W G, Hobson T R, Bigelow D, Streilein W W. Survey of cyber moving target techniques. Technical Report, Massachusetts Institute of Technology, 2013. http://www.dtic.mil/dtic/tr/fulltext/u2/a591804.pdf, Sept. 2018.
  5. [5]
    Cai G1, Wang B S, Hu W, Wang T Z. Moving target defense: State of the art and characteristics. Frontiers of Information Technology & Electronic Engineering, 2016, 17(11): 1122-1153.CrossRefGoogle Scholar
  6. [6]
    Lei C, Zhang H Q, Tan J L, Zhang Y C, Liu X H. Moving target defense techniques: A survey. Security and Communication Networks, 2018, Article No. 3759626.Google Scholar
  7. [7]
    Okhravi H, Comella A, Robinson E, Yannalfo S, Michaleas P, Haines J. Creating a cyber moving target for critical infrastructure applications. In Proc. the 5th IFIP WG 11.10 International Conference on Critical Infrastructure Protection, March 2011, pp.107-123.Google Scholar
  8. [8]
    Okhravi H, Comella A, Robinson E, Haines J. Creating a cyber moving target for critical infrastructure applications using platform diversity. International Journal of Critical Infrastructure Protection, 2012, 5(1): 30-39.CrossRefGoogle Scholar
  9. [9]
    Barrantes E G, Ackley D H, Forrest S, Palmer T S, Stefanovic D, Zovi D D. Randomized instruction set emulation to disrupt binary code injection attacks. In Proc. the 10th ACM Conference on Computer and Communications Security, October 2003, pp.281-289.Google Scholar
  10. [10]
    Kc G S, Keromytis A D, Prevelakis V. Countering codeinjection attacks with instruction-set randomization. In Proc. the 10th ACM Conference on Computer and Communications Security, October 2003, pp.272-280.Google Scholar
  11. [11]
    Just J E, Cornwell M. Review and analysis of synthetic diversity for breaking monocultures. In Proc. the 2004 ACM Workshop on Rapid Malcode, October 2004, pp.23-32.Google Scholar
  12. [12]
    Stamp M. Risks of monoculture. Communications of the ACM, March 2004, 47(3): 120.Google Scholar
  13. [13]
    Forrest S, Somayaji A, Ackley D H. Building diverse computer systems. In Proc. the 6th Workshop on Hot Topics in Operating Systems, May 1997, pp.67-72.Google Scholar
  14. [14]
    Cox B, Evans D, Filipi A, Rowanhill J, Hu W, Davidson J, Knight J, Nguyen-Tuong A, Hiser J. N-variant systems: A secretless framework for security through diversity. In Proc. the 15th Conference on USENIX Security Symposium, July 2006, Article No. 16.Google Scholar
  15. [15]
    Gherbi A, Charpentier R. Diversity-based approaches to software systems security. In Proc. International Conference on Security Technology, December 2011, pp.228-237.Google Scholar
  16. [16]
    Neti S, Somayaji A, Locasto M E. Software diversity: Security, entropy and game theory. In Proc. the 7th USENIX Workshop on Hot Topics in Security, August 2012, Article No. 5.Google Scholar
  17. [17]
    Jacob M, Jakubowski M H, Naldurg P, Saw C W, Venkatesan R. The superdiversifier: Peephole individualization for software protection. In Proc. the 3rd International Workshop on Security, November 2008, pp.100-120.Google Scholar
  18. [18]
    Antonatos S, Akritidis P, Markatos E P, Anagnostakis K G. Defending against hitlist worms using network address space randomization. In Proc. the 2005 ACM Workshop on Rapid Malcode, November 2005, pp.30-40.Google Scholar
  19. [19]
    Bangalore A K, Sood A K. Securing web servers using self cleansing intrusion tolerance (SCIT). In Proc. the 2nd International Conference on Dependability, June 2009, pp.60-65.Google Scholar
  20. [20]
    Boyd S W, Keromytis A D. SQLrand: Preventing SQL injection attacks. In Proc. the 2nd International Conference on Applied Cryptography and Network Security, June 2004, pp.292-302.Google Scholar
  21. [21]
    Portner J, Kerr J, Chu B. Moving target defense against cross-site scripting attacks (position paper). In Proc. the 7th International Symposium on Foundations and Practice of Security, November 2015, pp.85-91.Google Scholar
  22. [22]
    Jia Q, Sun K, Stavrou A. MOTAG: Moving target defense against internet denial of service attacks. In Proc. the 22nd International Conference on Computer Communication and Networks, July 2013.Google Scholar
  23. [23]
    Venkatesan S, Albanese M, Amin K, Jajodia S,Wright M. A moving target defense approach to mitigate DDoS attacks against proxy-based architectures. In Proc. IEEE Conference on Communications and Network Security, October 2016, pp.198-206.Google Scholar
  24. [24]
    Shacham H, Page M, Pfaff B, Goh E J, Modadugu N, Boneh D. On the effectiveness of address-space randomization. In Proc. the 11th ACM Conference on Computer and Communications Security, October 2004, pp.298-307.Google Scholar
  25. [25]
    Bittau A, Belay A, Mashtizadeh A, Maziéres D, Boneh D. Hacking blind. In Proc. IEEE Symposium on Security and Privacy, May 2014, pp.227-242.Google Scholar
  26. [26]
    Hund R, Willems C, Holz T. Practical timing side channel attacks against kernel space ASLR. In Proc. IEEE Symposium on Security and Privacy, May 2013, pp.191-205.Google Scholar
  27. [27]
    Seibert J, Okhravi H, Söderström E. Information leaks without memory disclosures: Remote side channel attacks on diversified code. In Proc. the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, pp.54-65.Google Scholar
  28. [28]
    Pappas V, Polychronakis M, Keromytis A D. Smashing the gadgets: Hindering return-oriented programming using inplace code randomization. In Proc. IEEE Symposium on Security and Privacy, May 2012, pp.601-615.Google Scholar
  29. [29]
    Wartell R, Mohan V, Hamlen K W, Lin Z Q. Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In Proc. the 2012 ACM Conference on Computer and Communications Security, October 2012, pp.157-168.Google Scholar
  30. [30]
    Snow K Z, Monrose F, Davi L, Dmitrienko A, Liebchen C, Sadeghi A R. Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In Proc. the 2013 IEEE Symposium on Security and Privacy, May 2013, pp.574-588.Google Scholar
  31. [31]
    Hu W, Hiser J, Williams D, Filipi A, Davidson J W, Evans D, Knight J C, Nguyen-Tuong A, Rowanhill J. Secure and practical defense against code-injection attacks using software dynamic translation. In Proc. the 2nd International Conference on Virtual Execution Environments, June 2006, pp.2-12.Google Scholar
  32. [32]
    Porras P. Inside risks: Reflections on Conficker. Communications of the ACM, 2009, 52(10): 23-24.CrossRefGoogle Scholar
  33. [33]
    Portokalidis G, Keromytis A D. Global ISR: Toward a comprehensive defense against unauthorized code execution. In Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V, Wang C, Wang X S (eds.), Springer, 2011, pp.49-76.Google Scholar
  34. [34]
    Chen L M, Avizienis A. N-version programming: A faulttolerance approach to reliability of software operation. In Proc. the 25th International Symposium on Fault-Tolerant Computing, June 1995, pp.113-119.Google Scholar
  35. [35]
    Massalin H. Superoptimizer: A look at the smallest program. In Proc. the 2nd International Conference on Architectual Support for Programming Languages and Operating Systems, October 1987, pp.122-126.Google Scholar
  36. [36]
    Jackson T, Salamat B, Homescu A, Manivannan K,Wagner G, Gal A, Brunthaler S, Wimmer C, Franz M. Compilergenerated software diversity. In Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V, Wang C, Wang X S (eds.), Springer, 2011, pp.77-98.Google Scholar
  37. [37]
    Cabutto A, Falcarin P, Abrath B, Coppens B, De Sutter B. Software protection with code mobility. In Proc. the 2nd ACM Workshop on Moving Target Defense, October 2015, pp.95-103.Google Scholar
  38. [38]
    Franz M. E unibus pluram: Massive-scale software diversity as a defense mechanism. In Proc. the 2010 New Security Paradigms Workshop, September 2010, pp.7-16.Google Scholar
  39. [39]
    Jackson T, Homescu A, Crane S, Larsen P, Brunthaler S, Franz M. Diversifying the software stack using randomized NOP insertion. In Moving Target Defense II: Application of Game Theory and Adversarial Modeling, Jajodia S, Ghosh A K, Subrahmanian V S, Swarup V, Wang C, Wang X S (eds.), Springer, 2013, pp.151-173.Google Scholar
  40. [40]
    Hobson T, Okhravi H, Bigelow D, Rudd R, Streilein W. On the challenges of effective movement. In Proc. the 1st ACM Workshop on Moving Target Defense, November 2014, pp.41-50.Google Scholar
  41. [41]
    Spinellis D. Reflection as a mechanism for software integrity verification. ACM Transactions on Information and System Security, 2000, 3(1): 51-62.CrossRefGoogle Scholar
  42. [42]
    Msgna M, Markantonakis K, Naccache D, Mayes K. Verifying software integrity in embedded systems: A side channel approach. In Proc. the 5th International Workshop on Constructive Side-Channel Analysis and Secure Design, April 2014, pp.261-280.Google Scholar
  43. [43]
    Basili V R, Selby R W. Comparing the effectiveness of software testing strategies. IEEE Transactions on Software Engineering, 1987, SE-13(12):1278-1296.CrossRefGoogle Scholar
  44. [44]
    Shacham H. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proc. the 14th ACM Conference on Computer and Communications Security, October 2007, pp.552-561.Google Scholar
  45. [45]
    Pappas V, Polychronakis M, Keromytis A D. Practical software diversification using in-place code randomization. In Moving Target Defense II: Application of Game Theory and Adversarial Modeling, Jajodia S, Ghosh A K, Subrahmanian V S, Swarup V,Wang C,Wang X S (eds.), Springer, 2013, pp.175-202.Google Scholar
  46. [46]
    Cui A, Stolfo S J. Symbiotes and defensive mutualism: Moving target defense. In Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V,Wang C, Wang X S (eds.), Springer, 2011, pp.99-108.Google Scholar
  47. [47]
    Zhuang R, Zhang S, Bardas A, DeLoach S A, Ou X, Singhal A. Investigating the application of moving target defenses to network security. In Proc. the 6th International Symposium on Resilient Control Systems, August 2013, pp.162-169.Google Scholar
  48. [48]
    Al-Shaer E. Toward network configuration randomization for moving target defense. In Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V, Wang C, Wang X S (eds.), Springer, 2011, pp.153-159.Google Scholar
  49. [49]
    Dunlop M, Groat S, Urbanski W, Marchany R, Tront J. MT6D: A moving target IPv6 defense. In Proc. Military Communications Conference, November 2011, pp.1321-1326.Google Scholar
  50. [50]
    Jafarian J H, Al-Shaer E, Duan Q. OpenFlow random host mutation: Transparent moving target defense using software defined networking. In Proc. the 1st Workshop on Hot Topics in Software Defined Networks, August 2012, pp.127-132.Google Scholar
  51. [51]
    Groat S, Dunlop M, Urbanksi W, Marchany R, Tront J. Using an IPv6 moving target defense to protect the Smart Grid. In Proc. IEEE PES Innovative Smart Grid Technologies, January 2012.Google Scholar
  52. [52]
    Clark A, Sun K, Poovendran R. Effectiveness of IP address randomization in decoy-based moving target defense. In Proc. the 52nd IEEE Conference on Decision and Control, December 2013, pp.678-685.Google Scholar
  53. [53]
    Zheng J, Namin A S. The impact of address changes and host diversity on the effectiveness of moving target defense strategy. In Proc. the 40th Annual Computer Software and Applications Conference, June 2016, Volume 2, pp.553-558.Google Scholar
  54. [54]
    Wang H, Xi Z, Li F, Chen S. WebTrap: A dynamic defense scheme against economic denial of sustainability attacks. In Proc. IEEE Conference on Communications and Network Security, October 2017.Google Scholar
  55. [55]
    Yeung F, Cho P, Morrell C, Marchany R, Tront J. Modeling network based moving target defense impacts through simulation in Ns-3. In Proc. IEEE Military Communications Conference, November 2016, pp.746-751.Google Scholar
  56. [56]
    Huang Y, Ghosh A K. Introducing diversity and uncertainty to create moving attack surfaces for web services. In Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V, Wang C, Wang X S (eds.), Springer, 2011, pp.131-151.Google Scholar
  57. [57]
    Bardas A G, Sundaramurthy S C, Ou X M, DeLoach S A. MTD CBITS: Moving target defense for cloud-based IT systems. In Proc. the 22nd European Symposium on Research in Computer Security, September 2017, pp.167-186.Google Scholar
  58. [58]
    Stoll C. The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage (1st edition). The Bodley Head Ltd, 1989.Google Scholar
  59. [59]
    Kreutz D, Ramos F M V, Veríssimo P E, Rothenberg C E, Azodolmolky S, Uhlig S. Software-defined networking: A comprehensive survey. Proceedings of the IEEE, 2015, 103(1): 14-76.CrossRefGoogle Scholar
  60. [60]
    MacFarland D C, Shue C A. The SDN shuffle: Creating a moving-target defense using host-based software-defined networking. In Proc. the 2nd ACM Workshop on Moving Target Defense, October 2015, pp.37-41.Google Scholar
  61. [61]
    Wang K, Chen X, Zhu Y F. Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks. PLOS ONE, 2017, 12(5): Article No. e0177111.Google Scholar
  62. [62]
    Skowyra R, Bauer K, Dedhia V, Okhravi H. Have No PHEAR: Networks without identifiers. In Proc. the 2016 ACM Workshop on Moving Target Defense, October 2016, pp.3-14.Google Scholar
  63. [63]
    Kampanakis P, Perros H, Beyene T. SDN-based solutions for moving target defense network protection. In Proc. IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, June 2014.Google Scholar
  64. [64]
    Chowdhary A, Pisharody S, Huang D. SDN based scalable MTD solution in cloud network. InProc. the 2016 ACM Workshop on Moving Target Defense, October 2016, pp.27-36.Google Scholar
  65. [65]
    Kil C, Jun J, Bookholt C, Xu J, Ning P. Address Space Layout Permutation (ASLP): Towards fine-grained randomization of commodity software. In Proc. the 22nd Annual Computer Security Applications Conference, December 2006, pp.339-348.Google Scholar
  66. [66]
    Casola V, de Benedictis A, Albanese M. A moving target defense approach for protecting resource-constrained distributed devices. In Proc. the 14th International Conference on Information Reuse and Integration, August 2013, pp.22-29.Google Scholar
  67. [67]
    Zeitz K, Cantrell M, Marchany R, Tront J. Designing a micro-moving target IPv6 defense for the Internet of things. In Proc. the 2nd International Conference on Internet-of- Things Design and Implementation, April 2017, pp.179-184.Google Scholar
  68. [68]
    Kumar A, Aggarwal A. Lightweight cryptographic primitives for mobile ad hoc networks. In Proc. International Conference on Recent Trends in Computer Networks and Distributed Systems Security, October 2012, pp.240-251.Google Scholar
  69. [69]
    Okhravi H, Riordan J, Carter K. Quantitative evaluation of dynamic platform techniques as a defensive mechanism. In Proc. the 17th International Symposium on Research in Attacks, Intrusions and Defenses, September 2014, pp.405-425.Google Scholar
  70. [70]
    Hamlet J R, Lamb C C. Dependency graph analysis and moving target defense selection. In Proc. the 2016 ACM Workshop on Moving Target Defense, October 2016, pp.105-116.Google Scholar
  71. [71]
    Green M, MacFarland D C, Smestad D R, Shue C A. Characterizing network-based moving target defenses. In Proc. the 2nd ACM Workshop on Moving Target Defense, October 2015, pp.31-35.Google Scholar
  72. [72]
    Zaffarano K, Taylor J, Hamilton S. A quantitative framework for moving target defense effectiveness evaluation. In Proc. the 2nd ACM Workshop on Moving Target Defense, October 2015, pp.3-10.Google Scholar
  73. [73]
    Taylor J, Zaffarano K, Koller B, Bancroft C, Syversen J. Automated effectiveness evaluation of moving target defenses: Metrics for missions and attacks. In Proc. the 2016 ACM Workshop on Moving Target Defense, October 2016, pp.129-134.Google Scholar
  74. [74]
    Evans D, Nguyen-Tuong A, Knight J. Effectiveness of moving target defenses. In Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V,Wang C, Wang X S (eds.), Springer, 2011, pp.29-48.Google Scholar
  75. [75]
    Xu J, Guo P Y, Zhao M Y, Erbacher R F, Zhu M H, Liu P. Comparing different moving target defense techniques. In Proc. the 1st ACM Workshop on Moving Target Defense, November 2014, pp.97-107.Google Scholar
  76. [76]
    Manadhata P K. Game theoretic approaches to attack surface shifting. In Moving Target Defense II: Application of Game Theory and Adversarial Modeling, Jajodia S, Ghosh A K, Subrahmanian V S, Swarup V, Wang C, Wang X S (eds.), Springer, 2013, pp.1-13.Google Scholar
  77. [77]
    Zhu Q Y, Ba¸sar T. Game-theoretic approach to feedbackdriven multi-stage moving target defense. In Proc. the 4th International Conference on Decision and Game Theory for Security, November 2013, pp.246-263.Google Scholar
  78. [78]
    Zheng J J, Namin A S. A Markov decision process to determine optimal policies in moving target. In Proc. ACM SIGSAC Conference on Computer and Communications Security, October 2018, pp.2321-2323.Google Scholar
  79. [79]
    Carter K M, Riordan J F, Okhravi H. A game theoretic approach to strategy determination for dynamic platform defenses. In Proc. the 1st ACM Workshop on Moving Target Defense, November 2014, pp.21-30.Google Scholar
  80. [80]
    Maleki H, Valizadeh S, Koch W, Bestavros A, van Dijk M. Markov modeling of moving target defense games. In Proc. the 2016 ACM Workshop on Moving Target Defense, October 2016, pp.81-92.Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Computer ScienceTexas Tech UniversityLubbockUSA

Personalised recommendations