Evaluating the Network Diversity of Networks Against Zero-Day Attacks

  • Mengyuan Zhang
  • Lingyu WangEmail author
  • Sushil Jajodia
  • Anoop Singhal


Diversity has long been regarded as a security mechanism and it has found new applications in security, e.g., in cloud, Moving Target Defense (MTD), and network routing. However, most existing efforts rely on intuitive and imprecise notions of diversity, and the few existing models of diversity are mostly designed for a single system running diverse software replicas or variants. At a higher abstraction level, as a global property of the entire network, diversity and its effect on security have received limited attention. In this chapter, we present a formal model of network diversity as a security metric. Specifically, we first devise a biodiversity-inspired metric based on the effective number of distinct resources. We then propose two complementary diversity metrics, based on the least and the average attacking efforts, respectively. Finally, we evaluate the proposed metrics through simulation.



Authors with Concordia University were partially supported by the Natural Sciences and Engineering Research Council of Canada under Discovery Grant N01035. Sushil Jajodia was partially supported by the by Army Research Office grants W911NF-13-1-0421 and W911NF-15-1-0576, by the Office of Naval Research grant N00014-15-1-2007, National Institutes of Standard and Technology grant 60NANB16D287, and by the National Science Foundation grant IIP-1266147.


  1. 1.
    M. Albanese, S. Jajodia, S. Noel, A time-efficient approach to cost-effective network hardening using attack graphs, in Proceedings of DSN’12 (2012), pp. 1–12Google Scholar
  2. 2.
    S. Alrabaee, P. Shirani, L. Wang, M. Debbabi, Sigma: a semantic integrated graph matching approach for identifying reused functions in binary code. Digit. Investig. 12(Supplement 1), S61–S71 (2015)Google Scholar
  3. 3.
    P. Ammann, D. Wijesekera, S. Kaushik, Scalable, graph-based network vulnerability analysis, in Proceedings of ACM CCS’02 (2002)Google Scholar
  4. 4.
    H.A. Basit, S. Jarzabek, Efficient token based clone detection with flexible tokenization, in Proceedings of the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering (ACM, New York, 2007), pp. 513–516Google Scholar
  5. 5.
    S. Bhatkar, D.C. DuVarney, R. Sekar, Address obfuscation: an efficient approach to combat a broad range of memory error exploits, in Proceedings of the 12th USENIX security symposium, Washington, DC, vol. 120 (2003)Google Scholar
  6. 6.
    S. Bhatkar, R. Sekar, Data space randomization, in Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA ’08 (Springer, Berlin/Heidelberg, 2008), pp. 1–22Google Scholar
  7. 7.
    R. Brixtel, M. Fontaine, B. Lesner, C. Bazin, R. Robbes, Language-independent clone detection applied to plagiarism detection, in 2010 10th IEEE Working Conference on Source Code Analysis and Manipulation (SCAM) (IEEE, Los Alamitos, 2010), pp. 77–86Google Scholar
  8. 8.
    J. Caballero, T. Kampouris, D. Song, J. Wang, Would diversity really increase the robustness of the routing infrastructure against software defects? in Proceedings of the Network and Distributed System Security Symposium (2008)Google Scholar
  9. 9.
    B.G. Chun, P. Maniatis, S. Shenker, Diverse replication for single-machine byzantine-fault tolerance, in USENIX Annual Technical Conference (2008), pp. 287–292Google Scholar
  10. 10.
    B. Cox, D. Evans, A. Filipi, J. Rowanhill, W. Hu, J. Davidson, J. Knight, A. Nguyen-Tuong, J. Hiser, N-variant systems: a secretless framework for security through diversity. Defense Technical Information Center (2006)Google Scholar
  11. 11.
  12. 12.
    T. Dullien, E. Carrera, S.M. Eppler, S. Porst, Automated attacker correlation for malicious code. Technical report, DTIC Document (2010)Google Scholar
  13. 13.
    C. Elton, The Ecology of Invasion by Animals and Plants (University of Chicago Press, Chicago, 1958)CrossRefGoogle Scholar
  14. 14.
    W.S. Evans, C.W. Fraser, F. Ma, Clone detection via structural abstraction. Softw. Qual. J. 17(4), 309–330 (2009)CrossRefGoogle Scholar
  15. 15.
    N. Falliere, L.O. Murchu, E. Chien, W32.stuxnet dossier. Symantec Security Response (2011)Google Scholar
  16. 16.
    M. Frigault, L. Wang, A. Singhal, S. Jajodia, Measuring network security using dynamic Bayesian network, in Proceedings of 4th ACM QoP (2008)Google Scholar
  17. 17.
    K. Gaitanis, E. Cohen, Open bayes 0.1.0. (2013)
  18. 18.
    D. Gao, M. Reiter, D. Song, Behavioral distance measurement using hidden Markov models, in Recent Advances in Intrusion Detection (Springer, Berlin, 2006), pp. 19–40CrossRefGoogle Scholar
  19. 19.
    M. Garcia, A. Bessani, I. Gashi, N. Neves, R. Obelheiro, OS diversity for intrusion tolerance: myth or reality? in 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN) (2011), pp. 383–394Google Scholar
  20. 20.
    M.O. Hill, Diversity and evenness: a unifying notation and its consequences. Ecology 54(2), 427–432 (1973)CrossRefGoogle Scholar
  21. 21.
    S. Jajodia, S. Noel, B. O’Berry, Topological analysis of network attack vulnerability, in Managing Cyber Threats: Issues, Approaches and Challenges, ed. by V. Kumar, J. Srivastava, A. Lazarevic (Kluwer Academic Publisher, Dordrecht, 2003)Google Scholar
  22. 22.
    S. Jajodia, A.K. Ghosh, V. Swarup, C. Wang, X.S. Wang, Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, 1st edn. (Springer, New York, 2011)CrossRefGoogle Scholar
  23. 23.
    J. Jang, D. Brumley, S. Venkataraman, Bitshred: fast, scalable malware triage. Cylab, Carnegie Mellon University, Pittsburgh, PA, Technical Report CMU-Cylab-10, 22 (2010)Google Scholar
  24. 24.
    J.H. Johnson, Identifying redundancy in source code using fingerprints, in Proceedings of the 1993 conference of the Centre for Advanced Studies on Collaborative research: software engineering, vol. 1 (IBM Press, 1993), pp. 171–183Google Scholar
  25. 25.
    G.S. Kc, A.D. Keromytis, V. Prevelakis, Countering code-injection attacks with instruction-set randomization, in Proceedings of the 10th ACM conference on Computer and communications security (ACM, New York, 2003), pp. 272–280Google Scholar
  26. 26.
    W.M. Khoo, A. Mycroft, R. Anderson, Rendezvous: a search engine for binary code, in Proceedings of the 10th Working Conference on Mining Software Repositories, MSR ’13 (2013), pp. 329–338Google Scholar
  27. 27.
    T. Leinster, C.A. Cobbold, Measuring diversity: the importance of species similarity. Ecology 93(3), 477–489 (2012)CrossRefGoogle Scholar
  28. 28.
    B. Littlewood, L. Strigini, Redundancy and diversity in security. Computer Security–ESORICS 2004 (2004), pp. 423–438Google Scholar
  29. 29.
    K.S. McCann, The diversity-stability debate. Nature 405, 228–233 (2000)CrossRefGoogle Scholar
  30. 30.
    M.A. McQueen, W.F. Boyer, M.A. Flynn, G.A. Beitel, Time-to-compromise model for cyber risk reduction estimation, in Quality of Protection (Springer, Berlin, 2006), pp. 49–64Google Scholar
  31. 31.
    P. Mell, K. Scarfone, S. Romanosky, Common vulnerability scoring system. IEEE Secur. Priv. 4(6), 85–89 (2006)CrossRefGoogle Scholar
  32. 32.
    National vulnerability database. Available at:, May 9, 2008.
  33. 33.
    X. Ou, W.F. Boyer, M.A. McQueen, A scalable approach to attack graph generation, in Proceedings of the 13th ACM conference on Computer and communications security, CCS’06 (ACM, New York, 2006), pp. 336–345Google Scholar
  34. 34.
    E.C. Pielou, Ecological Diversity (Wiley, New York, 1975)Google Scholar
  35. 35.
  36. 36.
    K. Ren, C. Wang, Q. Wang, Security challenges for the public cloud. IEEE Internet Comput. 16(1), 69–73 (2012)CrossRefGoogle Scholar
  37. 37.
    A. Sæbjørnsen, J. Willcock, T. Panas, D. Quinlan, Z. Su, Detecting code clones in binary executables, in Proceedings of the eighteenth international symposium on Software testing and analysis (ACM, New York, 2009), pp. 117–128Google Scholar
  38. 38.
    O. Sheyner, J. Haines, S. Jha, R. Lippmann, J.M. Wing, Automated generation and analysis of attack graphs, in Proceedings of the 2002 IEEE Symposium on Security and Privacy (2002)Google Scholar
  39. 39.
    L. Wang, M. Zhang, S. Jajodia, A. Singhal, M. Albanese, Modeling network diversity for evaluating the robustness of networks against zero-day attacks, in Proceedings of ESORICS’14 (2014), pp. 494–511Google Scholar
  40. 40.
    Y. Yang, S. Zhu, G. Cao, Improving sensor network immunity under worm attacks: a software diversity approach, in Proceedings of the 9th ACM international symposium on Mobile ad hoc networking and computing (ACM, New York, 2008), pp. 149–158Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Mengyuan Zhang
    • 1
  • Lingyu Wang
    • 1
    Email author
  • Sushil Jajodia
    • 2
  • Anoop Singhal
    • 3
  1. 1.Concordia Institute for Information Systems EngineeringConcordia UniversityMontrealCanada
  2. 2.Center for Secure Information SystemsGeorge Mason UniversityFairfaxUSA
  3. 3.Computer Security DivisionNISTGaithersburgUSA

Personalised recommendations