Abstract
Network diversity based security metric is attracting increasing interest in cybersecurity research community. There have been several efforts towards network diversity modeling, for the purpose of evaluating a network’s robustness against potential attacks. However, those efforts commonly use traditional network resource graph abstraction to model network diversity, which are not scalable when applied to modern large scaled networked systems, which can be encountered in cloud environments. In this chapter, we introduce a hierarchical network resource graph abstraction method to improve the scalability of network diversity modeling. Specifically, we use a two-layer hierarchy to separate the network topology information (in the upper layer) from the resource information of each host (in the lower layer). Simulations show that the proposed approach is scalable for larger sized networked systems.
Keywords
- Network System
- Closeness Centrality
- Network Diversity
- Attack Scenario
- Attack Graph
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, access via your institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptions
References
J. Xu, P. Guo, M. Zhao, R. F. Erbacher, M. Zhu, and P. Liu, “Comparing different moving target defense techniques,” in Proceedings of the First ACM Workshop on Moving Target Defense. ACM, 2014, pp. 97–107.
L. Wang, M. Zhang, S. Jajodia, A. Singhal, and M. Albanese, “Modeling network diversity for evaluating the robustness of networks against zero-day attacks,” in Computer Security-ESORICS 2014. Springer, 2014, pp. 494–511.
O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing, “Automated generation and analysis of attack graphs,” in Security and privacy, 2002. Proceedings. 2002 IEEE Symposium on. IEEE, 2002, pp. 273–284.
J. H. Jafarian, E. Al-Shaer, and Q. Duan, “Openflow random host mutation: transparent moving target defense using software defined networking,” in Proceedings of the first workshop on Hot topics in software defined networks. ACM, 2012, pp. 127–132.
E. Al-Shaer and J. H. Jafarian, “On the random route mutation moving target defense,” in National Symposium on Moving Target Research, June 2012.
E. Al-Shaer, “Toward network configuration randomization for moving target defense,” in Moving Target Defense. Springer, 2011, pp. 153–159.
W. Peng, F. Li, C.-T. Huang, and X. Zou, “A moving-target defense strategy for cloud-based services with heterogeneous and dynamic attack surfaces,” in Communications (ICC), 2014 IEEE International Conference on. IEEE, 2014, pp. 804–809.
R. Colbaugh and K. L. Glass, “Predictive moving target defense.” Sandia National Laboratories (SNL-NM), Albuquerque, NM (United States), Tech. Rep., 2012.
Y. Zhang, M. Li, K. Bai, M. Yu, and W. Zang, “Incentive compatible moving target defense against vm-colocation attacks in clouds,” in Information Security and Privacy Research. Springer, 2012, pp. 388–399.
J. Rowe, K. N. Levitt, T. Demir, and R. Erbacher, “Artificial diversity as maneuvers in a control theoretic moving target defense,” in National Symposium on Moving Target Research, 2012.
M. Crouse, E. W. Fulp, and D. Canas, “Improving the diversity defense of genetic algorithm-based moving target approaches,” in Proceedings of the National Symposium on Moving Target Research, 2012.
J. Hong and D.-S. Kim, “Harms: Hierarchical attack representation models for network security analysis,” 2012.
L. Gallon and J. Bascou, “Using CVSS in attack graphs,” in Proceedings of the 6th International Conference on Availability, Reliability and Security (ARES’11), 2011, pp. 59–66.
G. Georgiadis and L. Kirousis, “Lightweight centrality measures in networks under attack,” Complexus, vol. 3, no. 1, pp. 147–157, 2006.
Acknowledgements
This work is based on research sponsored by the Office of the Assistant Secretary of Defense for Research and Engineering (OASD(R&E)) under agreement number FAB750-15-2-0120. The US Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Office of the Assistant Secretary of Defense for Research and Engineering (OASD(R&E)) or the US Government. This work is also supported in part by an ARO grant W911NF-12-1-0055, National Science Foundation (NSF) Grant HRD-1137466, Department of Homeland Security (DHS) SLA grant 2010-ST-062-0000041 and 2014-ST-062-000059.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Shetty, S., Yuchi, X., Song, M. (2016). Scalable Network Diversity Modeling For Assessing Threats in Cloud Networks. In: Moving Target Defense for Distributed Systems. Wireless Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-31032-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-31032-9_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31031-2
Online ISBN: 978-3-319-31032-9
eBook Packages: Computer ScienceComputer Science (R0)