A Cost-Based Mechanism for Evaluating the Effectiveness of Moving Target Defenses

Collins, M. Patrick

doi:10.1007/978-3-642-34266-0_13

A Cost-Based Mechanism for Evaluating the Effectiveness of Moving Target Defenses

M. Patrick Collins¹⁸

Conference paper

1999 Accesses
5 Citations

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7638))

Abstract

We propose a means for evaluating the strength of network-based moving target defenses using a general model of tag switching. Tag switching breaks the network into tags (labels for entities on the network) and assets (hosts present on the network) whose relationshps are moderated by lookup protocols, such as DNS, ARP or BGP. Lookup protocols hide the relationship between tags and assets, and are already used to provide dynamic asset allocation for scaling and defense. Our model provides a generalize means for describing tags and assets within tag spaces defined by the defender and then quantifies the attacker’s ability to manipulate a network within a tag space. Defenders manipulate the tag/asset relationship over time using one of a number of moving target defenses. The impact of these defenses is quantifiable and can be used to determine how effective different defensive postures will be.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Antonatos, S., Akritidis, P., Markatos, E.P.: Defending against hitlist worms using network address space randomization. In: Proceedings of the 3rd ACM Workshop on Rapid Malcode (WORM) (2005)
Google Scholar
Antonatos, S., Anagnostakis, K.G.: TAO: Protecting against Hitlist Worms Using Transparent Address Obfuscation. In: Leitold, H., Markatos, E.P. (eds.) CMS 2006. LNCS, vol. 4237, pp. 12–21. Springer, Heidelberg (2006)
Chapter Google Scholar
Caglayan, A., Toothaker, M., Drapaeau, D., Burke, D., Eaton, G.: Behavioral analysis of fast flux service networks. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies (2009)
Google Scholar
Cai, J.-Y., Yegneswaran, V., Alfeld, C., Barford, P.: An Attacker-Defender Game for Honeynets. In: Ngo, H.Q. (ed.) COCOON 2009. LNCS, vol. 5609, pp. 7–16. Springer, Heidelberg (2009)
Chapter Google Scholar
Cárdenas, A., Baras, J., Seamon, K.: A framework for evaluation of intrusion detection systems. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy (2006)
Google Scholar
Collins, M.: Payoff based ids evaluation. In: Proceedings of the 2nd Annual CSET Workshop on Computer Security Experimentation and Test (2009)
Google Scholar
Davis, B.: Leveraging the load balancer to fight DDoS. In: SANS GIAC Gold Certification Report (2009)
Google Scholar
Gaffney, J., Ulvila, J.: Evaluation of intrusion detectors: A decision theory approach. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy (2001)
Google Scholar
Kewley, D., Fink, R., Lowry, J., Dean, M.: Dynamic approaches to thwart adversary intelligence gathering. In: DARPA Information Survivability Conference and Exposition, vol. 1 (2001)
Google Scholar
Krishnamurthy, B., Wills, C., Zhang, Y.: On the use and performance of content distribution networks. In: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement (2001)
Google Scholar
Moore, T., Clayton, R.: Examining the impact of website take-down on phishing. In: Proceedings of the Anti-phishing Working Groups 2nd Annual eCrime Researchers Summit (2007)
Google Scholar
Shin, S., Gu, G.: Conficker and beyond: a large-scale empirical study. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC 2010 (2010)
Google Scholar
Stolfo, S., Fan, W., Lee, W., Prodromidis, A., Chan, P.: Cost-based modeling for fraud and intrusion detection: Results from the JAM project. In: Proceedings of the 2000 DARPA Information Survivability Conference and Exposition (2000)
Google Scholar
Tyma, P.: The architecture of mailinator
Google Scholar

Download references

Author information

Authors and Affiliations

RedJack LLC, 8484 Georgia Avenue, Ste. 940, Silver Spring, MD, 20910, USA
M. Patrick Collins

Authors

M. Patrick Collins
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

College of Information Sciences and Technology, The Pennsylvania State University, 329A Information Sciences and Technology Building, 16802, University Park,, PA, USA
Jens Grossklags
Department of Electrical Engineering and Computer Sciences, University of California, 257M Cory Hall, 94720, Berkeley, CA, USA
Jean Walrand

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Collins, M.P. (2012). A Cost-Based Mechanism for Evaluating the Effectiveness of Moving Target Defenses. In: Grossklags, J., Walrand, J. (eds) Decision and Game Theory for Security. GameSec 2012. Lecture Notes in Computer Science, vol 7638. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34266-0_13

Download citation

DOI: https://doi.org/10.1007/978-3-642-34266-0_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34265-3
Online ISBN: 978-3-642-34266-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics