Skip to main content
SpringerLink
Log in

Moving Target, Deception, and Other Adaptive Defenses

  • Chapter
  • First Online:
Industrial Control Systems Security and Resiliency

Part of the book series: Advances in Information Security ((ADIS,volume 75))

Abstract

Moving target defenses raise the cost of an attack to make it more difficult or infeasible. Strategies to do so include implementing diversity, movement, and obfuscation at the platform, network, runtime environment, application, or data layer. Doing so, however, often requires an investment in software, hardware, procedure, or overhead (such as training) and can also increase the complexity of infrastructures being defended. In industrial control system contexts, this complexity and its impact upon performance and reliability might present obstacles to implement such defensive technologies. As the scope of possible domains for introducing moving target defense concepts is now well-defined and the considerations are largely enumerated, consideration must additionally be given to systems that can dynamically select optimal strategies in response to attacks. In this chapter, we will survey the foundations, principles, and domains of moving target defense, consider specific implementation examples, and evaluate the considerations for implementing deceptive and responsive strategies in industrial control systems applications.

The work presented in this paper was partially supported by the US Department of Energy, Office of Science under DOE contract number DE AC02-06CH11357. The submitted manuscript has been created by UChicago Argonne, LLC, operator of Argonne National Laboratory. Argonne, a DOE Office of Science laboratory, is operated under Contract No. DE-AC02-06CH11357. The US Government retains for itself, and others acting on its behalf, a paid-up nonexclusive, irrevocable worldwide license in said article to reproduce, prepare derivative works, distribute copies to the public, and perform publicly and display publicly, by or on behalf of the government.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. R.L. Boyell, Defending a moving target against missile or torpedo attack. IEEE Trans. Aerosp. Electron. Syst. AES-12(4), 522–526 (1976). https://doi.org/10.1109/TAES.1976.308338, https://ieeexplore.ieee.org/document/4101686/

    Article  Google Scholar 

  2. S.D. Sagan, Enhanced survivability and stability, in Council on Foreign Relations, (Princeton University Press, Princeton, 1990). https://books.google.com/books?id=d8mkO4oKWNkC

    Google Scholar 

  3. L. Lamport, R. Shostak, M. Pease, The Byzantine generals problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982). https://doi.org/10.1145/357172.357176, http://portal.acm.org/citation.cfm?doid=357172.357176, arXiv:1011.1669v3

    Article  MATH  Google Scholar 

  4. M. Castro, B. Liskov, Practical byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst. 20(4), 398–461 (2002). https://doi.org/10.1145/571637.571640, http://portal.acm.org/citation.cfm?doid=571637.571640, arXiv:1203.6049v1

    Article  Google Scholar 

  5. S. Duan, Y. Li, K. Levitt, Cost sensitive moving target consensus, in Proceedings of the 15th IEEE International Symposium on Network Computing and Applications, vol. 2, (IEEE, Cambridge, MA, 2016), pp. 272–281. https://doi.org/10.1109/NCA.2016.7778630, https://ieeexplore.ieee.org/document/7778630/

    Chapter  Google Scholar 

  6. A. Avizienis, The N-version approach to fault-tolerant software. IEEE Trans. Softw. Eng. SE-11(12), 1491–1501 (1985). https://doi.org/10.1109/TSE.1985.231893, https://ieeexplore.ieee.org/document/1701972/

    Article  Google Scholar 

  7. J.C. Laprie, J. Arlat, C. Beounes, K. Kanoun, Definition and analysis of hardware- and software-fault-tolerant architectures. Computer 23(7), 39–51 (1990). https://doi.org/10.1109/2.56851, https://ieeexplore.ieee.org/document/56851/

    Article  Google Scholar 

  8. B. Parhami, Voting algorithms. IEEE Trans. Reliab. 43(4), 617–629 (1994). https://doi.org/10.1109/24.370218, https://ieeexplore.ieee.org/document/370218/

    Article  MathSciNet  Google Scholar 

  9. A.X. Liu, M.G. Gouda, Diverse firewall design. IEEE Trans. Parallel Distrib. Syst. 19(9), 1237–1251 (2008). https://doi.org/10.1109/TPDS.2007.70802, https://ieeexplore.ieee.org/document/4384478/

    Article  Google Scholar 

  10. H. Okhravi, M.A. Rabe, T.J. Mayberry, W.G. Leonard, T.R. Hobson, D. Bigelow, W.W. Streilein, Survey of Cyber-Moving Targets (MIT Lincoln Laboratory Technical Report, Lexington, 2013). https://www.ll.mit.edu/mission/cybersec/publications/publication-files/full-papers/2013-09-23-OkhraviH-TR-FP.pdf

    Book  Google Scholar 

  11. R. Zhuang, S.A. DeLoach, X. Ou, Towards a theory of moving target defense, in Proceedings of the First ACM Workshop on Moving Target Defense, (ACM, Scottsdale, 2014), pp. 31–40. https://doi.org/10.1145/2663474.2663479, http://dl.acm.org/citation.cfm?doid=2663474.2663479

    Chapter  Google Scholar 

  12. K.M. Carter, J.F. Riordan, H. Okhravi, A game theoretic approach to strategy determination for dynamic platform defenses, in Proceedings of the First ACM Workshop on Moving Target Defense, (ACM, New York, 2014), pp. 21–30. https://doi.org/10.1145/2663474.2663478, http://dl.acm.org/citation.cfm?doid=2663474.2663478

    Chapter  Google Scholar 

  13. MITRE CVE-2014-0160, Heartbleed bug (2014), https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160

  14. H. Shacham, M. Page, B. Pfaff, E.J. Goh, N. Madadugo, D. Boneh, On the effectiveness of address-space randomization, in Proceedings of the 11th ACM Conference on Computer and Communications Security, (ACM, New York, 2004), pp. 298–307. https://doi.org/10.1145/1030083.1030124, https://dl.acm.org/citation.cfm?id=1030124

    Chapter  Google Scholar 

  15. MITRE CWE-338, Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (2018), https://cwe.mitre.org/data/definitions/338.html

  16. T. Roeder, F.B. Schneider, Proactive obfuscation. ACM Trans. Comput. Syst. 28(2), 1–54 (2010). https://doi.org/10.1145/1813654.1813655, http://portal.acm.org/citation.cfm?doid=1813654.1813655

    Article  Google Scholar 

  17. M. Carvalho, T.C. Eskridge, L. Bunch, A. Dalton, R. Hoffman, J.M. Bradshaw, P.J. Feltovich, D. Kidwell, T. Shanklin, MTC2: A command and control framework for moving target defense and cyber-resilience, in Proceedings of the 6th International Symposium on Resilient Control Systems, (IEEE, San Francisco, 2013), pp. 175–180. https://doi.org/10.1109/ISRCS.2013.6623772, https://ieeexplore.ieee.org/document/6623772/

    Chapter  Google Scholar 

  18. M. Carvalho, T.C. Eskridge, K. Ferguson-Walter, N. Paltzer, MIRA: A support infrastructure for cyber command and control operations, in Proceedings of the 2015 Resilience Week, (IEEE, Philadelphia, 2015), pp. 102–107. https://doi.org/10.1109/RWEEK.2015.7287426, https://ieeexplore.ieee.org/document/7287426/

    Chapter  Google Scholar 

  19. M. Carvalho, T.C. Eskridge, M. Atighetchi, C.N. Paltzer, Semi-automated wrapping of defenses (SAWD) for cyber command and control, in Proceedings of the IEEE Military Communications Conference 2016, (IEEE, Baltimore, 2016), pp. 19–24. https://doi.org/10.1109/MILCOM.2016.7795295, https://ieeexplore.ieee.org/document/7795295/

    Chapter  Google Scholar 

  20. M. Thompson, V. Kisekka, N. Evans, Multiple OS rotational environment: An implemented moving target defense, in 7th International Symposium on Resilient Control Systems, (IEEE, Denver, 2014). https://doi.org/10.1109/ISRCS.2014.6900086, https://ieeexplore.ieee.org/document/6900086/

    Chapter  Google Scholar 

  21. N. Ahmed, B. Bhargava, Mayflies: A moving target defense framework for distributed systems, in Proceedings of the 2016 ACM Workshop on Moving Target Defense, (ACM, New York, 2016), pp. 59–64, https://doi.org/10.1145/2995272.2995283, https://dl.acm.org/citation.cfm?id=2995283, arXiv:1602.05561v1

  22. C. Ho, R. van Renesse, M. Bickford, D. Dolev, Nysiad: Practical protocol transformation to tolerate Byzantine failures, in Proceedings of the 5th {USENIX} Symposium on Networked Systems Design and Implementation, (The USENIX Association, San Francisco, 2008), pp. 175–188, https://www.usenix.org/event/nsdi08/tech/full papers/ho/ho.pdf

  23. J.H.H. Jafarian, E. Al-Shaer, Q. Duan, Spatio-temporal address mutation for proactive cyber-agility against sophisticated attackers, in Proceedings of the First ACM Workshop on Moving Target Defense, (ACM, New York, 2014), pp. 69–78. https://doi.org/10.1145/2663474.2663483, http://dl.acm.org/citation.cfm?doid=2663474.2663483

    Chapter  Google Scholar 

  24. J.H.H. Jafarian, A. Niakanlahiji, E. Al-Shaer, Q. Duan, Multi-dimensional host identity anonymization for defeating skilled attackers, in Proceedings of the 2016 ACM Workshop on Moving Target Defense, (ACM, New York, 2016), pp. 47–58. https://doi.org/10.1145/2995272.2995278, http://dl.acm.org/citation.cfm?doid=2995272.2995278

    Chapter  Google Scholar 

  25. D.C. Macfarland, C.A. Shue, The SDN shuffle: Creating a moving-target defense using host-based software-defined networking, in Proceedings of the Second ACM Workshop on Moving Target Defense, (ACM, New York, 2015), pp. 37–41. https://doi.org/10.1145/2808475.2808485, https://dl.acm.org/citation.cfm?id=2808485

    Chapter  Google Scholar 

  26. R. Skowyra, K. Bauer, V. Dedhia, H. Okhravi, Have no PHEAR: Networks without identifiers, in Proceedings of the 2016 ACM Workshop on Moving Target Defense, (ACM, New York, 2016), pp. 3–14. https://doi.org/10.1145/2995272.2995276, https://dl.acm.org/citation.cfm?id=2995276

    Chapter  Google Scholar 

  27. G.S. Kc, A.D. Keromytis, V. Prevelakis, Countering code-injection attacks with instruction-set randomization, in Proceedings of the 10th ACM conference on Computer and Communications Security, (ACM, New York, 2003), pp. 272–280. https://doi.org/10.1145/948143.948146, http://portal.acm.org/citation.cfm?doid=948109.948146

    Chapter  Google Scholar 

  28. H. Marco-Gisbert, I. Ripoll-Ripoll, Exploiting Linux and PaX ASLR’s weaknesses on 32- and 64-bit systems, in Black Hat Asia 2016, (Singapore/Malaysia, 2016). https://www.blackhat.com/docs/asia-16/materials/asia-16-Marco-Gisbert-Exploiting-Linux-And-PaX-ASLRS-Weaknesses-On-32-And-64-Bit-Systems-wp.pdf

  29. Y. Huang, A.K. Ghosh, Introducing diversity and uncertainty to create moving attack surfaces for web services, Chap. 8, in Moving Target Defense, ed. by S. Jajodia, A. K. Ghosh, V. Swarup, C. Wang, X. S. Wang, (Springer-Verlag, New York, 2011), pp. 131–159. https://doi.org/10.1007/978-1-4614-0977-9, https://www.springer.com/us/book/9781461409762

    Chapter  Google Scholar 

  30. M. Thompson, M. Mendolla, M. Muggler, M. Ike, Dynamic application rotation environment for moving target defense, in Proceedings of the 2016 Resilience Week, (IEEE, Chicago, 2016), pp. 17–26. https://doi.org/10.1109/RWEEK.2016.7573301, https://ieeexplore.ieee.org/document/7573301/

    Chapter  Google Scholar 

  31. S. Vikram, C. Yang, G. Gu, NOMAD: Towards non-intrusive moving-target defense against web-bots, in 2013 IEEE Conference on Communications and Network Security, (IEEE, Washington, DC, 2013), pp. 55–63. https://doi.org/10.1109/CNS.2013.6682692, https://ieeexplore.ieee.org/document/6682692/

    Chapter  Google Scholar 

  32. A. Jangda, M. Mishra, B.D. Sutter, Adaptive just-in-time code diversification, in Proceedings of the Second ACM Workshop on Moving Target Defense, (ACM, New York, 2015), pp. 49–53. https://doi.org/10.1145/2808475.2808487, https://dl.acm.org/citation.cfm?id=2808487

    Chapter  Google Scholar 

  33. K. Mahmood, D.M. Shila, Moving target defense for Internet of Things using context aware code partitioning and code diversification, in IEEE 3rd World Forum on Internet of Things, (IEEE, Reston, 2016), pp. 329–330. https://doi.org/10.1109/WF-IoT.2016.7845457, https://ieeexplore.ieee.org/document/7845457/

    Chapter  Google Scholar 

  34. V. Gunes, S. Peter, T. Givargis, F. Vahid, A survey on concepts, applications, and challenges in cyber-physical systems. KSII Trans. Internet Inf. Syst. 8(12), 4242–4268 (2014). https://doi.org/10.3837/tiis.2014.12.001, http://www.itiis.org/digital-library/manuscript/894

    Article  Google Scholar 

  35. Y. Yan, Y. Qian, H. Sharif, D. Tipper, A survey on smart grid communication infrastructures: Motivations, requirements, and challenges. IEEE Commun. Surv. Tutorials 15(1), 5–20 (2013). https://doi.org/10.1109/SURV.2012.021312.00034, https://ieeexplore.ieee.org/document/6157575/

    Article  Google Scholar 

  36. C. Davidson, T. Andel, Feasibility of applying moving target defensive techniques in a SCADA system, in 11th International Conference on Cyber Warfare and Security, (Academic Conferences and Publishing International Limited, Reading, 2016). https://doi.org/10.13140/RG.2.1.5189.5441

    Chapter  Google Scholar 

  37. S. Groat, M. Dunlop, W. Urbanksi, R. Marchany, J. Tront, Using an IPv6 moving target defense to protect the Smart Grid, in 2012 IEEE PES Innovative Smart Grid Technologies, (IEEE, Washington, DC, 2012), pp. 1–7. https://doi.org/10.1109/ISGT.2012.6175633. https://ieeexplore.ieee.org/document/6175633/

    Chapter  Google Scholar 

  38. M. Dunlop, S. Groat, W. Urbanski, R. Marchany, J. Tront, MT6D: A moving target IPv6 defense, in Proceedings of the IEEE Military Communications Conference, (IEEE, Piscataway, 2011), pp. 1321–1326. https://doi.org/10.1109/MILCOM.2011.6127486

    Chapter  Google Scholar 

  39. A. Pappa, A. Ashok, M. Govindarasu, Moving target defense for security Smart Grid communications: Architecture, implementation, and evaluation, in Power & Energy Society Innovative Smart Grid Technologies Conference, (IEEE, Piscataway, 2017), pp. 3–7. https://doi.org/10.1109/ISGT.2017.8085954, https://ieeexplore.ieee.org/document/8085954/

    Chapter  Google Scholar 

  40. J. Ulrich, J. Drahos, M. Govindarasu, A symmetric address translation approach for a network layer moving target defense to secure power grid networks, in Proceedings of the 2017 Resilience Week, (IEEE, Piscataway, 2017). https://doi.org/10.1109/RWEEK.2017.8088667, https://ieeexplore.ieee.org/document/8088667/

    Chapter  Google Scholar 

  41. A. Clark, R. Poovendran, T. Basar, An impact-aware defense against Stuxnet, in 2013 American Control Conference, (ASME, New York, 2013), pp. 4140–4147. https://doi.org/10.1109/ACC.2013.6580475, http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6580475

    Chapter  Google Scholar 

  42. R. Zhuang, A.G. Bardas, S.A. DeLoach, X. Ou, A theory of cyber attacks a step towards analyzing MTD systems, in Proceedings of the Second ACM Workshop on Moving Target Defense, (ACM, New York, 2015), pp. 11–20. https://doi.org/10.1145/2808475.2808478, https://dl.acm.org/citation.cfm?id=2808478

    Chapter  Google Scholar 

  43. M. Crouse, B. Prosser, E.W. Fulp, Probabilistic performance analysis of moving target and deception reconnaissance defenses, in Proceedings of the Second ACM Workshop on Moving Target Defense, (ACM, New York, 2015), pp. 21–29. https://doi.org/10.1145/2808475.2808480, http://dl.acm.org/citation.cfm?doid=2808475.2808480

    Chapter  Google Scholar 

  44. T. Hobson, H. Okhravi, D. Bigelow, R. Rudd, W. Streilein, On the challenges of effective movement, in Proceedings of the First ACM Workshop on Moving Target Defense, (ACM, New York, 2014), pp. 41–50. https://doi.org/10.1145/2663474.2663480, http://dl.acm.org/citation.cfm?doid=2663474.2663480

    Chapter  Google Scholar 

  45. K. Zaffarano, J. Taylor, S. Hamilton, A quantitative framework for moving target defense effectiveness evaluation, in Proceedings of the Second ACM Workshop on Moving Target Defense, (ACM, New York, 2015), pp. 3–10. https://doi.org/10.1145/2808475.2808476, http://dl.acm.org/citation.cfm?doid=2808475.2808476

    Chapter  Google Scholar 

  46. J. Taylor, K. Zaffarano, B. Koller, C. Bancroft, J. Syversen, Automated effectiveness evaluation of moving target defenses, in Proceedings of the 2016 ACM Workshop on Moving Target Defense, (ACM, New York, 2016), pp. 129–134. https://doi.org/10.1145/2995272.2995282, http://dl.acm.org/citation.cfm?doid=2995272.2995282

    Chapter  Google Scholar 

  47. J. Xu, P. Guo, M. Zhao, R.F. Erbacher, M. Zhu, P. Liu, Comparing different moving target defense techniques, in Proceedings of the First ACM Workshop on Moving Target Defense, (ACM, New York, 2014), pp. 97–107. https://doi.org/10.1145/2663474.2663486, http://dl.acm.org/citation.cfm?doid=2663474.2663486

    Chapter  Google Scholar 

  48. A. Prakash, M.P. Wellman, Empirical game-theoretic analysis for moving target defense, in Proceedings of the Second ACM Workshop on Moving Target Defense, (ACM, New York, 2015), pp. 57–65. https://doi.org/10.1145/2808475.2808483, http://dl.acm.org/citation.cfm?doid=2808475.2808483

    Chapter  Google Scholar 

  49. S. Rass, S. König, S. Schauer, Defending against advanced persistent threats using game-theory. PLoS One 12(1), 1–43 (2017). https://doi.org/10.1371/journal.pone.0168675, http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0168675

    Article  Google Scholar 

  50. C. Lei, D.H. Ma, H.Q. Zhang, Optimal strategy selection for moving target defense based on Markov game. IEEE Access 5, 156–169 (2017). https://doi.org/10.1109/ACCESS.2016.2633983, https://ieeexplore.ieee.org/document/7805250/

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Strategic Security Sciences Division, Argonne National Laboratory, Lemont, IL, USA

    Benjamin Blakely, William Horsthemke, Alec Poczatec, Lovie Nowak & Nathaniel Evans

Authors
  1. Benjamin Blakely
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. William Horsthemke
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alec Poczatec
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lovie Nowak
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Nathaniel Evans
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nathaniel Evans .

Editor information

Editors and Affiliations

  1. Critical Infrastructure Security and Resilience, Idaho National Laboratory, Idaho Falls, ID, USA

    Craig Rieger

  2. Department of Computer Science, Colorado State University, Fort Collins, CO, USA

    Indrajit Ray

  3. Department of Electrical and Computer Engineering, Tandon School of Engineering New York University, Brooklyn, NY, USA

    Quanyan Zhu

  4. Department of Computer Science, University of Idaho, Idaho Falls, ID, USA

    Michael A. Haney

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Blakely, B., Horsthemke, W., Poczatec, A., Nowak, L., Evans, N. (2019). Moving Target, Deception, and Other Adaptive Defenses. In: Rieger, C., Ray, I., Zhu, Q., Haney, M. (eds) Industrial Control Systems Security and Resiliency. Advances in Information Security, vol 75. Springer, Cham. https://doi.org/10.1007/978-3-030-18214-4_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-18214-4_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-18213-7

  • Online ISBN: 978-3-030-18214-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation