A Survey on the Moving Target Defense Strategies: An Architectural Perspective

Abstract

As the complexity and the scale of networks continue to grow, the management of the network operations and security defense has become a challenging task for network administrators, and many network devices may not be updated timely, leaving the network vulnerable to potential attacks. Moreover, the static nature of our existing network infrastructure allows attackers to have enough time to study the static configurations of the network and to launch well-crafted attacks at their convenience while defenders have to work around the clock to defend the network. This asymmetry, in terms of time and money invested, has given attackers greater advantage than defenders and has made the security defense even more challenging. It calls for new and innovative ideas to fix the problem. Moving Target Defense (MTD) is one of the innovative ideas which implements diverse and dynamic configurations of network systems with the goal of puzzling the exact attack surfaces available to attackers. As a result, the system status with the MTD strategy is unpredictable to attackers, hard to exploit, and is more resilient to various forms of attacks. There are existing survey papers on various MTD techniques, but to the best of our knowledge, insufficient focus was given on the architectural perspective of MTD strategies or some new technologies such as Internet of Things (IoT). This paper presents a comprehensive survey on MTD and implementation strategies from the perspective of the architecture of the complete network system, covering the motivation for MTD, the explanation of main MTD concepts, ongoing research efforts of MTD and its implementation at each level of the network system, and the future research opportunities offered by new technologies such as Software-Defined Networking (SDN) and Internet of Things (IoT).

This is a preview of subscription content, log in to check access.

References

  1. [1]

    Manadhata P K,Wing J M. An attack surface metric. IEEE Transactions on Software Engineering, 2011, 37(3): 371-386.

    Article  Google Scholar 

  2. [2]

    Zhuang R, Zhang S, DeLoach S A, Ou X M, Singhal A. Simulation-based approaches to studying effectiveness of moving-target network defense. In Proc. National Symposium on Moving Target Research, June 2012, pp.21-26.

  3. [3]

    Peng W, Li F, Huang C, Zou X. A moving-target defense strategy for cloud-based services with heterogeneous and dynamic attack surfaces. In Proc. IEEE International Conference on Communications, June 2014, pp.804-809.

  4. [4]

    Okhravi H, Rabe M A, Mayberry T J, Leonard W G, Hobson T R, Bigelow D, Streilein W W. Survey of cyber moving target techniques. Technical Report, Massachusetts Institute of Technology, 2013. http://www.dtic.mil/dtic/tr/fulltext/u2/a591804.pdf, Sept. 2018.

  5. [5]

    Cai G1, Wang B S, Hu W, Wang T Z. Moving target defense: State of the art and characteristics. Frontiers of Information Technology & Electronic Engineering, 2016, 17(11): 1122-1153.

    Article  Google Scholar 

  6. [6]

    Lei C, Zhang H Q, Tan J L, Zhang Y C, Liu X H. Moving target defense techniques: A survey. Security and Communication Networks, 2018, Article No. 3759626.

  7. [7]

    Okhravi H, Comella A, Robinson E, Yannalfo S, Michaleas P, Haines J. Creating a cyber moving target for critical infrastructure applications. In Proc. the 5th IFIP WG 11.10 International Conference on Critical Infrastructure Protection, March 2011, pp.107-123.

  8. [8]

    Okhravi H, Comella A, Robinson E, Haines J. Creating a cyber moving target for critical infrastructure applications using platform diversity. International Journal of Critical Infrastructure Protection, 2012, 5(1): 30-39.

    Article  Google Scholar 

  9. [9]

    Barrantes E G, Ackley D H, Forrest S, Palmer T S, Stefanovic D, Zovi D D. Randomized instruction set emulation to disrupt binary code injection attacks. In Proc. the 10th ACM Conference on Computer and Communications Security, October 2003, pp.281-289.

  10. [10]

    Kc G S, Keromytis A D, Prevelakis V. Countering codeinjection attacks with instruction-set randomization. In Proc. the 10th ACM Conference on Computer and Communications Security, October 2003, pp.272-280.

  11. [11]

    Just J E, Cornwell M. Review and analysis of synthetic diversity for breaking monocultures. In Proc. the 2004 ACM Workshop on Rapid Malcode, October 2004, pp.23-32.

  12. [12]

    Stamp M. Risks of monoculture. Communications of the ACM, March 2004, 47(3): 120.

  13. [13]

    Forrest S, Somayaji A, Ackley D H. Building diverse computer systems. In Proc. the 6th Workshop on Hot Topics in Operating Systems, May 1997, pp.67-72.

  14. [14]

    Cox B, Evans D, Filipi A, Rowanhill J, Hu W, Davidson J, Knight J, Nguyen-Tuong A, Hiser J. N-variant systems: A secretless framework for security through diversity. In Proc. the 15th Conference on USENIX Security Symposium, July 2006, Article No. 16.

  15. [15]

    Gherbi A, Charpentier R. Diversity-based approaches to software systems security. In Proc. International Conference on Security Technology, December 2011, pp.228-237.

  16. [16]

    Neti S, Somayaji A, Locasto M E. Software diversity: Security, entropy and game theory. In Proc. the 7th USENIX Workshop on Hot Topics in Security, August 2012, Article No. 5.

  17. [17]

    Jacob M, Jakubowski M H, Naldurg P, Saw C W, Venkatesan R. The superdiversifier: Peephole individualization for software protection. In Proc. the 3rd International Workshop on Security, November 2008, pp.100-120.

  18. [18]

    Antonatos S, Akritidis P, Markatos E P, Anagnostakis K G. Defending against hitlist worms using network address space randomization. In Proc. the 2005 ACM Workshop on Rapid Malcode, November 2005, pp.30-40.

  19. [19]

    Bangalore A K, Sood A K. Securing web servers using self cleansing intrusion tolerance (SCIT). In Proc. the 2nd International Conference on Dependability, June 2009, pp.60-65.

  20. [20]

    Boyd S W, Keromytis A D. SQLrand: Preventing SQL injection attacks. In Proc. the 2nd International Conference on Applied Cryptography and Network Security, June 2004, pp.292-302.

  21. [21]

    Portner J, Kerr J, Chu B. Moving target defense against cross-site scripting attacks (position paper). In Proc. the 7th International Symposium on Foundations and Practice of Security, November 2015, pp.85-91.

  22. [22]

    Jia Q, Sun K, Stavrou A. MOTAG: Moving target defense against internet denial of service attacks. In Proc. the 22nd International Conference on Computer Communication and Networks, July 2013.

  23. [23]

    Venkatesan S, Albanese M, Amin K, Jajodia S,Wright M. A moving target defense approach to mitigate DDoS attacks against proxy-based architectures. In Proc. IEEE Conference on Communications and Network Security, October 2016, pp.198-206.

  24. [24]

    Shacham H, Page M, Pfaff B, Goh E J, Modadugu N, Boneh D. On the effectiveness of address-space randomization. In Proc. the 11th ACM Conference on Computer and Communications Security, October 2004, pp.298-307.

  25. [25]

    Bittau A, Belay A, Mashtizadeh A, Maziéres D, Boneh D. Hacking blind. In Proc. IEEE Symposium on Security and Privacy, May 2014, pp.227-242.

  26. [26]

    Hund R, Willems C, Holz T. Practical timing side channel attacks against kernel space ASLR. In Proc. IEEE Symposium on Security and Privacy, May 2013, pp.191-205.

  27. [27]

    Seibert J, Okhravi H, Söderström E. Information leaks without memory disclosures: Remote side channel attacks on diversified code. In Proc. the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, pp.54-65.

  28. [28]

    Pappas V, Polychronakis M, Keromytis A D. Smashing the gadgets: Hindering return-oriented programming using inplace code randomization. In Proc. IEEE Symposium on Security and Privacy, May 2012, pp.601-615.

  29. [29]

    Wartell R, Mohan V, Hamlen K W, Lin Z Q. Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In Proc. the 2012 ACM Conference on Computer and Communications Security, October 2012, pp.157-168.

  30. [30]

    Snow K Z, Monrose F, Davi L, Dmitrienko A, Liebchen C, Sadeghi A R. Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In Proc. the 2013 IEEE Symposium on Security and Privacy, May 2013, pp.574-588.

  31. [31]

    Hu W, Hiser J, Williams D, Filipi A, Davidson J W, Evans D, Knight J C, Nguyen-Tuong A, Rowanhill J. Secure and practical defense against code-injection attacks using software dynamic translation. In Proc. the 2nd International Conference on Virtual Execution Environments, June 2006, pp.2-12.

  32. [32]

    Porras P. Inside risks: Reflections on Conficker. Communications of the ACM, 2009, 52(10): 23-24.

    Article  Google Scholar 

  33. [33]

    Portokalidis G, Keromytis A D. Global ISR: Toward a comprehensive defense against unauthorized code execution. In Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V, Wang C, Wang X S (eds.), Springer, 2011, pp.49-76.

  34. [34]

    Chen L M, Avizienis A. N-version programming: A faulttolerance approach to reliability of software operation. In Proc. the 25th International Symposium on Fault-Tolerant Computing, June 1995, pp.113-119.

  35. [35]

    Massalin H. Superoptimizer: A look at the smallest program. In Proc. the 2nd International Conference on Architectual Support for Programming Languages and Operating Systems, October 1987, pp.122-126.

  36. [36]

    Jackson T, Salamat B, Homescu A, Manivannan K,Wagner G, Gal A, Brunthaler S, Wimmer C, Franz M. Compilergenerated software diversity. In Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V, Wang C, Wang X S (eds.), Springer, 2011, pp.77-98.

  37. [37]

    Cabutto A, Falcarin P, Abrath B, Coppens B, De Sutter B. Software protection with code mobility. In Proc. the 2nd ACM Workshop on Moving Target Defense, October 2015, pp.95-103.

  38. [38]

    Franz M. E unibus pluram: Massive-scale software diversity as a defense mechanism. In Proc. the 2010 New Security Paradigms Workshop, September 2010, pp.7-16.

  39. [39]

    Jackson T, Homescu A, Crane S, Larsen P, Brunthaler S, Franz M. Diversifying the software stack using randomized NOP insertion. In Moving Target Defense II: Application of Game Theory and Adversarial Modeling, Jajodia S, Ghosh A K, Subrahmanian V S, Swarup V, Wang C, Wang X S (eds.), Springer, 2013, pp.151-173.

  40. [40]

    Hobson T, Okhravi H, Bigelow D, Rudd R, Streilein W. On the challenges of effective movement. In Proc. the 1st ACM Workshop on Moving Target Defense, November 2014, pp.41-50.

  41. [41]

    Spinellis D. Reflection as a mechanism for software integrity verification. ACM Transactions on Information and System Security, 2000, 3(1): 51-62.

    Article  Google Scholar 

  42. [42]

    Msgna M, Markantonakis K, Naccache D, Mayes K. Verifying software integrity in embedded systems: A side channel approach. In Proc. the 5th International Workshop on Constructive Side-Channel Analysis and Secure Design, April 2014, pp.261-280.

  43. [43]

    Basili V R, Selby R W. Comparing the effectiveness of software testing strategies. IEEE Transactions on Software Engineering, 1987, SE-13(12):1278-1296.

    Article  Google Scholar 

  44. [44]

    Shacham H. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proc. the 14th ACM Conference on Computer and Communications Security, October 2007, pp.552-561.

  45. [45]

    Pappas V, Polychronakis M, Keromytis A D. Practical software diversification using in-place code randomization. In Moving Target Defense II: Application of Game Theory and Adversarial Modeling, Jajodia S, Ghosh A K, Subrahmanian V S, Swarup V,Wang C,Wang X S (eds.), Springer, 2013, pp.175-202.

  46. [46]

    Cui A, Stolfo S J. Symbiotes and defensive mutualism: Moving target defense. In Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V,Wang C, Wang X S (eds.), Springer, 2011, pp.99-108.

  47. [47]

    Zhuang R, Zhang S, Bardas A, DeLoach S A, Ou X, Singhal A. Investigating the application of moving target defenses to network security. In Proc. the 6th International Symposium on Resilient Control Systems, August 2013, pp.162-169.

  48. [48]

    Al-Shaer E. Toward network configuration randomization for moving target defense. In Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V, Wang C, Wang X S (eds.), Springer, 2011, pp.153-159.

  49. [49]

    Dunlop M, Groat S, Urbanski W, Marchany R, Tront J. MT6D: A moving target IPv6 defense. In Proc. Military Communications Conference, November 2011, pp.1321-1326.

  50. [50]

    Jafarian J H, Al-Shaer E, Duan Q. OpenFlow random host mutation: Transparent moving target defense using software defined networking. In Proc. the 1st Workshop on Hot Topics in Software Defined Networks, August 2012, pp.127-132.

  51. [51]

    Groat S, Dunlop M, Urbanksi W, Marchany R, Tront J. Using an IPv6 moving target defense to protect the Smart Grid. In Proc. IEEE PES Innovative Smart Grid Technologies, January 2012.

  52. [52]

    Clark A, Sun K, Poovendran R. Effectiveness of IP address randomization in decoy-based moving target defense. In Proc. the 52nd IEEE Conference on Decision and Control, December 2013, pp.678-685.

  53. [53]

    Zheng J, Namin A S. The impact of address changes and host diversity on the effectiveness of moving target defense strategy. In Proc. the 40th Annual Computer Software and Applications Conference, June 2016, Volume 2, pp.553-558.

  54. [54]

    Wang H, Xi Z, Li F, Chen S. WebTrap: A dynamic defense scheme against economic denial of sustainability attacks. In Proc. IEEE Conference on Communications and Network Security, October 2017.

  55. [55]

    Yeung F, Cho P, Morrell C, Marchany R, Tront J. Modeling network based moving target defense impacts through simulation in Ns-3. In Proc. IEEE Military Communications Conference, November 2016, pp.746-751.

  56. [56]

    Huang Y, Ghosh A K. Introducing diversity and uncertainty to create moving attack surfaces for web services. In Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V, Wang C, Wang X S (eds.), Springer, 2011, pp.131-151.

  57. [57]

    Bardas A G, Sundaramurthy S C, Ou X M, DeLoach S A. MTD CBITS: Moving target defense for cloud-based IT systems. In Proc. the 22nd European Symposium on Research in Computer Security, September 2017, pp.167-186.

  58. [58]

    Stoll C. The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage (1st edition). The Bodley Head Ltd, 1989.

  59. [59]

    Kreutz D, Ramos F M V, Veríssimo P E, Rothenberg C E, Azodolmolky S, Uhlig S. Software-defined networking: A comprehensive survey. Proceedings of the IEEE, 2015, 103(1): 14-76.

    Article  Google Scholar 

  60. [60]

    MacFarland D C, Shue C A. The SDN shuffle: Creating a moving-target defense using host-based software-defined networking. In Proc. the 2nd ACM Workshop on Moving Target Defense, October 2015, pp.37-41.

  61. [61]

    Wang K, Chen X, Zhu Y F. Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks. PLOS ONE, 2017, 12(5): Article No. e0177111.

  62. [62]

    Skowyra R, Bauer K, Dedhia V, Okhravi H. Have No PHEAR: Networks without identifiers. In Proc. the 2016 ACM Workshop on Moving Target Defense, October 2016, pp.3-14.

  63. [63]

    Kampanakis P, Perros H, Beyene T. SDN-based solutions for moving target defense network protection. In Proc. IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, June 2014.

  64. [64]

    Chowdhary A, Pisharody S, Huang D. SDN based scalable MTD solution in cloud network. InProc. the 2016 ACM Workshop on Moving Target Defense, October 2016, pp.27-36.

  65. [65]

    Kil C, Jun J, Bookholt C, Xu J, Ning P. Address Space Layout Permutation (ASLP): Towards fine-grained randomization of commodity software. In Proc. the 22nd Annual Computer Security Applications Conference, December 2006, pp.339-348.

  66. [66]

    Casola V, de Benedictis A, Albanese M. A moving target defense approach for protecting resource-constrained distributed devices. In Proc. the 14th International Conference on Information Reuse and Integration, August 2013, pp.22-29.

  67. [67]

    Zeitz K, Cantrell M, Marchany R, Tront J. Designing a micro-moving target IPv6 defense for the Internet of things. In Proc. the 2nd International Conference on Internet-of- Things Design and Implementation, April 2017, pp.179-184.

  68. [68]

    Kumar A, Aggarwal A. Lightweight cryptographic primitives for mobile ad hoc networks. In Proc. International Conference on Recent Trends in Computer Networks and Distributed Systems Security, October 2012, pp.240-251.

  69. [69]

    Okhravi H, Riordan J, Carter K. Quantitative evaluation of dynamic platform techniques as a defensive mechanism. In Proc. the 17th International Symposium on Research in Attacks, Intrusions and Defenses, September 2014, pp.405-425.

  70. [70]

    Hamlet J R, Lamb C C. Dependency graph analysis and moving target defense selection. In Proc. the 2016 ACM Workshop on Moving Target Defense, October 2016, pp.105-116.

  71. [71]

    Green M, MacFarland D C, Smestad D R, Shue C A. Characterizing network-based moving target defenses. In Proc. the 2nd ACM Workshop on Moving Target Defense, October 2015, pp.31-35.

  72. [72]

    Zaffarano K, Taylor J, Hamilton S. A quantitative framework for moving target defense effectiveness evaluation. In Proc. the 2nd ACM Workshop on Moving Target Defense, October 2015, pp.3-10.

  73. [73]

    Taylor J, Zaffarano K, Koller B, Bancroft C, Syversen J. Automated effectiveness evaluation of moving target defenses: Metrics for missions and attacks. In Proc. the 2016 ACM Workshop on Moving Target Defense, October 2016, pp.129-134.

  74. [74]

    Evans D, Nguyen-Tuong A, Knight J. Effectiveness of moving target defenses. In Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Jajodia S, Ghosh A K, Swarup V,Wang C, Wang X S (eds.), Springer, 2011, pp.29-48.

  75. [75]

    Xu J, Guo P Y, Zhao M Y, Erbacher R F, Zhu M H, Liu P. Comparing different moving target defense techniques. In Proc. the 1st ACM Workshop on Moving Target Defense, November 2014, pp.97-107.

  76. [76]

    Manadhata P K. Game theoretic approaches to attack surface shifting. In Moving Target Defense II: Application of Game Theory and Adversarial Modeling, Jajodia S, Ghosh A K, Subrahmanian V S, Swarup V, Wang C, Wang X S (eds.), Springer, 2013, pp.1-13.

  77. [77]

    Zhu Q Y, Ba¸sar T. Game-theoretic approach to feedbackdriven multi-stage moving target defense. In Proc. the 4th International Conference on Decision and Game Theory for Security, November 2013, pp.246-263.

  78. [78]

    Zheng J J, Namin A S. A Markov decision process to determine optimal policies in moving target. In Proc. ACM SIGSAC Conference on Computer and Communications Security, October 2018, pp.2321-2323.

  79. [79]

    Carter K M, Riordan J F, Okhravi H. A game theoretic approach to strategy determination for dynamic platform defenses. In Proc. the 1st ACM Workshop on Moving Target Defense, November 2014, pp.21-30.

  80. [80]

    Maleki H, Valizadeh S, Koch W, Bestavros A, van Dijk M. Markov modeling of moving target defense games. In Proc. the 2016 ACM Workshop on Moving Target Defense, October 2016, pp.81-92.

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Jianjun Zheng.

Electronic supplementary material

ESM 1

(PDF 295 kb)

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Zheng, J., Namin, A.S. A Survey on the Moving Target Defense Strategies: An Architectural Perspective. J. Comput. Sci. Technol. 34, 207–233 (2019). https://doi.org/10.1007/s11390-019-1906-z

Download citation

Keywords

  • moving target defense
  • network security
  • Software-Defined Networking (SDN)