Advertisement

Effectiveness and Impact Measurements of a Diversification Based Moving Target Defense

  • Manel SmineEmail author
  • Nora Cuppens
  • Frédéric Cuppens
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11391)

Abstract

Moving Target Defense techniques have been proposed to increase uncertainty and apparent complexity for attackers. In this paper, we first study the related work on quantification effectiveness and the impact of a diversification based MTD techniques. Then, we propose a new model that relies mainly on the knowledge that the adversary has about the target system to compute the effectiveness and the impact and also to figure out the optimal MTD diversification of a target system.

Keywords

Moving Target Defense Effectiveness and impact quantification Optimal diversification 

References

  1. 1.
    National Cyber Leap Year Summit 2009 Participants’ Ideas Report (2009). https://www.qinetiq-na.com/wp-content/uploads/2011/12/National_Cyber_Leap_Year_Summit_2009_Participants_Ideas_Report.pdf. Accessed 19 Apr 2018
  2. 2.
    National Cyber Leap Year Summit Cochair’s Report (2009). https://www.qinetiq-na.com/wp-content/uploads/2011/12/National_Cyber_Leap_Year_Summit_2009_CoChairs_Report.pdf. Accessed 19 Apr 2018
  3. 3.
    Collins, M.P.: A cost-based mechanism for evaluating the effectiveness of moving target defenses. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 221–233. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34266-0_13CrossRefGoogle Scholar
  4. 4.
    Collins, M., RedJack, L.: Payoff based ids evaluation. In: CSET (2009)Google Scholar
  5. 5.
    Connell, W.J.: A quantitative framework for cyber moving target defenses. Ph.D. thesis, George Mason University (2017)Google Scholar
  6. 6.
    Gaffney, J.E., Ulvila, J.W.: Evaluation of intrusion detectors: a decision theory approach. In: Proceedings of 2001 IEEE Symposium on Security and Privacy, S&P 2001, pp. 50–61. IEEE (2001)Google Scholar
  7. 7.
    Haimes, Y.: On a bicriterion formulation of the problems of integrated system identification and system optimization. IEEE Trans. Syst. Man Cybern. 1(3), 296–297 (1971)MathSciNetzbMATHGoogle Scholar
  8. 8.
    Jafarian, J.H.H., Al-Shaer, E., Duan, Q.: Spatio-temporal address mutation for proactive cyber agility against sophisticated attackers. In: Proceedings of the First ACM Workshop on Moving Target Defense, MTD 2014, pp. 69–78. ACM, New York (2014). https://doi.acm.org/10.1145/2663474.2663483
  9. 9.
    Peng, W., Li, F., Huang, C.T., Zou, X.: A moving-target defense strategy for cloud-based services with heterogeneous and dynamic attack surfaces. In: 2014 IEEE International Conference on Communications (ICC), pp. 804–809. IEEE (2014)Google Scholar
  10. 10.
    Stolfo, S.J., Fan, W., Lee, W., Prodromidis, A., Chan, P.K.: Cost-based modeling for fraud and intrusion detection: results from the jam project. Technical report, Department of Computer Science, Columbia University, New York (2000)Google Scholar
  11. 11.
    Zaffarano, K., Taylor, J., Hamilton, S.: A quantitative framework for moving target defense effectiveness evaluation. In: Proceedings of the Second ACM Workshop on Moving Target Defense, MTD 2015, pp. 3–10. ACM, New York (2015). https://doi.acm.org/10.1145/2808475.2808476
  12. 12.
    Zhuang, R., Zhang, S., Bardas, A., DeLoach, S.A., Ou, X., Singhal, A.: Investigating the application of moving target defenses to network security. In: 2013 6th International Symposium on Resilient Control Systems (ISRCS), pp. 162–169. IEEE (2013)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.IMT AtlantiqueBrestFrance

Personalised recommendations