Abstract
In the previous chapter, we were introduced to active defense among numerous other approaches. Now is a good time we explore active defense techniques in detail. These are automated- and human-directed activities that attempt to thwart cyberattacks by increasing the diversity, complexity, or variability of the systems and networks. These limit the attacker’s ability to gather intelligence or reduce the usable life-span of the intelligence. Other approaches focus on gathering intelligence on the attackers, either by attracting attackers to instrumented honeypots or by patrolling the systems and networks to hunt for attackers. The intelligence gathering approaches rely upon cybersecurity personnel using semiautomated techniques to respond and repel attackers. Widely available commercial solutions for active defense so far are lacking. Although general purpose products may emerge, meanwhile organizations need to tailor their applications for available solutions or develop their own customized active defense. A successfully architected system or application should include passive defenses, which add protection without requiring human interaction, as well as active defenses.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Albanese, M., Benedictis, A. D., Jajodia, S., & Sun, K. (2013, October). A moving target defense mechanism for Manets based on identity virtualization. In Proceedings of the First IEEE Conference on Communications and Network Security (CNS 2013), Washington, DC.
Ali, M. Q., Al-Shaer, E., & Duan, Q. (2013). Randomizing AMI configuration for proactive defense in smart grid. In IEEE International Conference on Smart Grid Communications, Vancouver, BC: Canada.
Al-Shaer, E. (2011). Toward network configuration randomization for moving target defense. In S. Jajodia et al. (Eds.), Moving target defense (Vol. 54, pp. 153–159). New York: Springer.
Al-Shaer, E., Duan, Q., & Jafarian, J. (2013). Random host mutation for moving target defense. In A. Keromytis & R. Pietro (Eds.), Security and privacy in communication networks (Vol. 106, pp. 310–327). Berlin/Heidelberg: Springer.
Anderson, N., Mitchell, R., & Chen, I. R. (2016). Parameterizing moving target defenses. In 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS) (pp. 1–6). Larnaca.
Araujo, F., Hamlen, K. W., Biedermann, S., & Katzenbeisser, S. (2014). From patches to honey-patches: Lightweight attacker misdirection, deception, and disinformation. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS ‘14) (pp. 942–953). ACM: New York.
Argonne National Laboratory (2017). Cyber fed model. Available at https://cfm.gss.anl.gov/about-cfm/. Accessed 27 July 2017.
Atighetchi, M., Pal, P., Webber, F., Schantz, R., Jones, C., & Loyall, J. (2004). Adaptive cyberdefense for survival and intrusion tolerance. IEEE Internet Computing, 8(6), 25–33.
Atighetchi, M., Soule, N., Watro, R., & Loyall, J. (2014). The concept of attack surface reasoning. In The Third International Conference on Intelligent Systems and Applications (Intelli 2014) (pp. 39–42). Seville, Spain.
Azab, M., Hassan, R., & Eltoweissy, M. (2011, October 15–18). ChameleonSoft: A moving target defense system. In 2011 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom) (pp. 241–250). Orlando.
Badr, Y., Hariri, S., Al-Nashif, Y., & Blasch, E. (2015). Resilient and trustworthy dynamic data-driven application systems (DDDAS) services for crisis management environments. Procedia Computer Science, 51, 2623–2637.
Beraud, P., Cruz, A., Hassell, S., & Meadows, S. (2011, November 7–10). Using cyber maneuver to improve network resiliency. In 2011 Military Communications Conference (MILCOM) (pp. 1121–1126). Baltimore.
Boyd, S., & Keromytis, A. (2004). SQLrand: Preventing SQL injection attacks. In M. Jakobsson et al. (Eds.), Applied cryptography and network security (Vol. 3089, pp. 292–302). Berlin/Heidelberg: Springer.
Cai, G., Wang, B., Luo, Y., Li, S., & Wang, X. (2016, January). Characterizing the running patterns of moving target defense mechanisms. In 2016 18th International Conference on Advanced Communication Technology (ICACT) (pp. 191–196). PyeongChang, Korea: IEEE.
Carvalho, M., Lamkin, T., & Perez, C. (2010, December). Organic resilience for tactical environments. In 5th International ICST Conference on Bio-Inspired Models of Network, Information, and Computing Systems (Bionetics), Boston.
Carvalho, M., Eskridge, T. C., Bunch, L., Dalton, A., Hoffman, R., Bradshaw, J. M., & Shanklin, T. (2013). MTC2: A command and control framework for moving target defense and cyber resilience. In 2013 6th International Symposium on Resilient Control Systems.
Casola, V., Benedictis, A. D., & Albanese, M. (2013). A moving target defense approach for protecting resource-constrained distributed devices. In Proceedings of the 14th International Conference on Information Reuse and Integration (IEEE IRI 2013). San Francisco: California, USA
Chan, C. S. (2012). Complexity the worst enemy of security. Available at https://www.schneier.com/news/archives/2012/12/complexity_the_worst.html
Chiang, C. J., et al. (2016). ACyDS: An adaptive cyber deception system. In Military Communications Conference (MILCOM) 2016 IEEE (pp. 800–805). Baltimore.
Choudhury, S., et al. (2015, October 12). Action recommendation for cyber resilience. In 2015 Workshop on Automated Decision Making for Active Cyber Defense (pp. 3–8). Denver.
Christodorescu, M., Fredrikson, M., Jha, S., & Giffin, J. (2011). End-to-end software diversification of internet services. In S. Jajodia et al. (Eds.), Moving target defense (Vol. 54, pp. 117–130). New York: Springer.
Clark, A., Sun, K., & Poovendran, R. (2013). Effectiveness of IP address randomization in decoy-based moving target defense. In 2013 I.E. 52nd Annual Conference on Decision and Control.
Colbaugh, R., & Glass, K. (2013). Moving target defense for adaptive adversaries. In 2013 I.E. International Conference on Intelligence and Security Informatics, Florence: Italy.
Cox, B., Evans, D., Filipi, A., Rowanhill, J., Hu, W., Davidson, J., Knight, J., Nguyen-Tuong, A., & Hiser, J. (2006). N-variant systems: A secretless framework for security through diversity. In Defense Technical Information Center. USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium (Vol. 15, p. 9). Vancouver, B.C., Canada.
Crouse, M., Fulp, E., & Canas, D. (2012). Improving the diversity defense of genetic algorithm-based moving target approaches. In Proceedings of Moving Target Research Symposium.
Cui, A., & Stolfo, S. (2011). Symbiotes and defensive mutualism: Moving target defense. In S. Jajodia et al. (Eds.), Moving target defense (Vol. 54, pp. 99–108). New York: Springer.
Curado, M., Madeira, H., Rupino, P., Cabral, B., Abreu, D. P., Barata, J., Roque, L., & Immich, R. (2017). Next generation Cyber-Physical Systems: Towards Resilient Software and Internet Services. In Cyber Resilience. Centre for Informatics and Systems Department of Informatics, Engineering University of Coimbra, p. 100.
Cyber Operations, Analysis, and Research (2017). Argonne National Lab, Moving target defense. Available at https://coar.risc.anl.gov/research/moving-target-defense
Das, S., et al. (2016, February). Semantics-based online malware detection: Towards efficient real-time protection against malware. IEEE Transactions on Information Forensics and Security, 11(2), 289–302.
DLP and Honeytokens (2003). Augusto Paes de Barros. Available at http://blog.securitybalance.com/2007_08_01_archive.html
Dunlop, M., Groat, S., Urbanski, W., Marchany, R., & Tront, J. (2011, November 7–10). MT6D: A moving target IPv6 defense. In 2011 Military Communications Conference (MILCOM) (pp. 1321–1326). Baltimore.
Eric, J. (2001, April). Holdaway: Active computer network defense: An assessment. Alabama: Maxwell Air Force Base. Available at www.iwar.org.uk/iwar/resources/usaf/maxwell/students/2001/01-055.pdf
Eskridge, T. C., Carvalho, M. M., Stoner, E., Toggweiler, T., & Granados, A. (2015, October). VINE: A cyber emulation environment for MTD experimentation. In Proceedings of the Second ACM Workshop on Moving Target Defense (pp. 43–47). ACM.
Evans, D., Nguyen-Tuong, A., & Knight, J. (2011). Effectiveness of moving target defenses. In S. Jajodia et al. (Eds.), Moving target defense (Vol. 54, pp. 29–48). New York: Springer.
Geer, D. E. (2008). Complexity is the enemy. IEEE Security and Privacy, 6(6), 88–88.
Goues, C., Nguyen-Tuong, A., Chen, H., Davidson, J., Forrest, S., Hiser, J., Knight, J., & Gundy, M. (2013). Moving target defenses in the helix self-regenerative architecture. In S. Jajodia et al. (Eds.), Moving target defense II (Vol. 100, pp. 117–149). New York: Springer.
Groat, S., Dunlop, M., Marchany, R., & Tront, J. (2011, March 17–18). Using dynamic addressing for a moving target defense. In Proceedings of the 6th International Conference on Information Warfare and Security (p. 84). Academic Conferences Limited: Washington, DC.
Groat, S., Dunlop, M., Urbanksi, W., Marchany, R., & Tront, J. (2012, July 22–26). Using an IPv6 moving target defense to protect the Smart Grid. In 2012 I.E. Power & Energy Society General Meeting, Innovative Smart Grid Technologies (ISGT) (pp. 1–7). San Diego.
Hamlet, J. R., & Lamb, C. C. (2016). Dependency graph analysis and moving target defense selection. In Proceedings of the 2016 ACM Workshop on Moving Target Defense (MTD ‘16) (pp. 105–116). ACM: New York.
Han, W., Zhao, Z., Doupé, A., & Ahn, G.-J. (2016). HoneyMix: Toward SDN-based intelligent honeynet. In Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization (SDN-NFV Security ‘16) (pp. 1–6). ACM: New York.
Hardman, O., Groat, S., Marchany, R., et al. (2013). Optimizing a network layer moving target defense for specific system architectures. In Proceedings of the ninth ACM/IEEE Symposium on Architectures for Networking and Communications Systems (pp. 117–118). IEEE Press.
Heckman, K. E., Stech, F. J., Schmoker, B. S., & Thomas, R. K. (2015). Denial and deception in cyber defense. Computer, 48, 36–44. https://doi.org/10.1109/MC.2015.104.
Heydari, V., & Yoo, S. M. (2016). Securing critical infrastructure by moving target defense. In 11th International Conference on Cyber Warfare and Security (ICCWS 2016), Boston: Massachusetts, USA.
Hill, B. (2007). Complexity as the enemy of security. In W3C Workshop on Next Steps for XML. Signature and Encryption. 25/25 September.
Himma, K. E., & Dittrich, D. (2005, June 10). Active response to computer intrusions. Available at https://ssrn.com/abstract=790585
Holstein, D. K. (2009). A systems dynamics view of security assurance issues: The curse of complexity and avoiding Chaos. In 2009 42nd Hawaii International Conference on System Sciences (pp. 1–9). Big Island.
Hong, J. B., & Kim, D. S. (2014). Scalable security models for assessing effectiveness of moving target defenses. In 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (pp. 515–526). Atlanta.
Huang, Y., & Ghosh, A. (2011). Introducing diversity and uncertainty to create moving attack surfaces for web services. In S. Jajodia et al. (Eds.), Moving target defense (Vol. 54, pp. 131–151). New York: Springer.
Ishikawa, T., & Sakurai, K. (2017, January 5–7). Parameter manipulation attack prevention and detection by using web application deception proxy. In Eleventh International Conference on Ubiquitous IMCOM 2017, Beppu.
Jackson, T., Homescu, A., Crane, S., Larsen, P., Brunthaler, S., & Franz, M. (2013). Diversifying the software stack using randomized NOP insertion. In S. Jajodia et al. (Eds.), Moving target defense II (Vol. 100, pp. 151–173). New York: Springer.
Jacob, M., Jakubowski, M. H., Naldurg, P., Saw, C. W. N., & Venkatesan, R. (2008). The superdiversifier: Peephole individualization for software protection. In Advances in information and computer security (pp. 100–120). New York: Springer.
Karsai, G., Koutsoukos, X., Neema, H., Volgyesi, P., & Sztipanovitz, J. (2017). Simulation-based analysis of cyber resilience in cyber-physical systems. Cyber Resilience, p. 131.
Kc, G. S., Keromytis, A. D., & Prevelakis, V. (2003). Countering code-injection attacks with instruction-set randomization. In Proceedings of the 10th ACM Conference on Computer and Communications Security (Washington, DC, October 27–30, 2003) (pp. 272–280). ACM: New York.
Kewley, D., Fink, R., Lowry, J., & Dean, M. (2001, June 12–14). Dynamic approaches to thwart adversary intelligence gathering. In 2001 DARPA Information Survivability Conference & Exposition II. DISCEX ‘01 Proceedings (Vol. 1, pp. 176–185), Anaheim.
Krebs, B. (2014). Complexity as the enemy of security. Available at https://krebsonsecurity.com/2014/05/complexity-as-the-enemy-of-security/
Leyi, S., Chunfu, J., & Shuwang, L. (2008, April 6–8). Full service hopping for proactive cyber-defense. In 2008 I.E. International Conference on Networking, Sensing and Control (ICNSC) (pp. 1337–1342). Sanya.
MacFarland, D. C., & Shue, C. A. (2015). The SDN shuffle: Creating a moving-target defense using host-based software-defined networking. In Proc of MTD ’15 (pp. 37–41).
Meyer, J. F. (2009, September). Defining and evaluating resilience: A performability perspective. In Presentation at International Workshop on Performability Modeling of Computer and Communication Systems.
Microsoft (2017, January 11). Early launch antimalware. Available at https://msdn.microsoft.com/windows/compatibility/early-launch-antimalware
National Institute of Standards and Technology (2016, December). NIST special publication 800-184. Guide for cybersecurity event recovery. Available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf. Accessed 27 July 2017.
Nguyen-Tuong, A., Evans, D., Knight, J. C., Cox, B., & Davidson, J. W. (2008). Security through redundant data diversity. In IEEE International Conference on Dependable Systems and Networks with FTCS and DCC (pp. 187–196). Anchorage, Alaska: USA.
Okhravi, H., Hobson, T., Bigelow, D., & Streilein, W. (2014). Finding focus in the blur of moving-target techniques. Security & Privacy, 12(2), 16–26. https://doi.org/10.1109/MSP.2013.137.
Paasch, C., & Bonaventure, O. (2014). Multipath TCP. Queue, 12(2), 40. 12 pages.
Phatak, D. S. (2005, September 5–9). Spread-identity mechanisms for DOS resilience and security. In First International Conference on Security and Privacy for Emerging Areas in Communications Networks (pp. 23–34). Athens.
Phatak, D. S., Sherman, A. T., Joshi, N., Sonawane, B., Relan, V. G., & Dawalbhakta, A. (2013). Spread identity: A new dynamic address remapping mechanism for anonymity and DDoS defense. Journal of Computer Security, 21(2), 233–281.
Portokalidis, G., & Keromytis, A. (2011). Global ISR: Toward a comprehensive defense against unauthorized code execution. In S. Jajodia et al. (Eds.), Moving target defense (Vol. 54, pp. 49–76). New York: Springer.
Rieger, C. G. (2010, August). Notional examples and benchmark aspects of a resilient control system. In 3rd International Symposium on Resilient Control Systems (pp. 64–71).
Roeder, T., & Schneider, F. B. (2010). Proactive obfuscation. ACM Transactions on Computer Systems (TOCS), 28(2), 4.
Shakarian, P., Kulkarni, N., Albanese, M., & Jajodia, S. (2014). Keeping intruders at bay: A graph-theoretic approach to reducing the probability of successful network intrusions. In International Conference on E-Business and Telecommunications, Vienna: Austria.
Soule, N., Simidchieva, B., Yaman, F., Watro, R., Loyall, J., Atighetchi, M., Carvalho, M., Last, D., Myers, D., & Flatley, B. (2015). Quantifying & minimizing attack surfaces containing moving target defenses. In Resilience week (RWS), 2015 (pp. 1–6). IEEE.
Spitzner, L. (2003, May 29). Definitions and value of honeypots. Available at http://www.tracking-hackers.com/papers/honeypots.html
Taguinod, M., Doupé, A., Zhao, Z., & Ahn, G. J. (2015). Toward a moving target defense for web applications. In Information Reuse and Integration (IRI).
Taylor, J., Zaffarano, K., Koller, B., Bancroft, C., & Syversen, J. (2016). Automated effectiveness evaluation of moving target defenses: Metrics for missions and attacks. In Proceedings of the 2016 ACM Workshop on Moving Target Defense (MTD ‘16) (pp. 129–134). ACM: New York.
The Honeynet Project (2003). Trapping the Hackers: IEEE Security and Privacy 1, 2 (March 2003), (pp. 15–23). Available at: http://dx.doi.org/10.1109/MSECP.2003.1193207
Thompson, M., Kisekka, V., & Evans, N. (2014, August 19–21). Multiple OS rotational environment: An implemented moving target defense. In 2014 seventh ISRCS. 7th International Symposium on Resilient Control Systems (ISRCS) 2014, Denver, Colorado, USA (pp. 1–6).
Thompson, M., Mendolla, M., Muggler, M., & Ike, M. (2016a). Dynamic application rotation environment for moving target defense. In 2016 Resilience week (RWS) (pp. 17–26) Chicago, IL.
Thompson, B., Morris-King, J., & Cam, H. (2016b, October 17–19). Effectiveness of proactive reset for mitigating impact of stealthy attacks on networks of autonomous systems. In 2016 I.E. Conference on Communications and Network Security (CNS) (pp. 437–441). Philadelphia.
US Department of Homeland Security (2011). Moving target defense. Available at https://www.dhs.gov/science-and-technology/csd-mtd
Van Leeuwen, B., Stout, W. M. S., & Urias, V. (2015). Operational cost of deploying moving target defenses defensive work factors. In MILCOM 2015 – 2015 I.E. Military Communications Conference (pp. 966–971). Tampa.
Verma, A. (2003). Production honeypots: An organization’s view. SANS Security Essentials.
Wang, L., Zhang, M., Jajodia, S., Singhal, A., & Albanese, M. (2014). Modeling network diversity for evaluating the robustness of networks against zero-day attacks. In European Symposium on Research in Computer Security.
Wang, H., Li, F., & Chen, S. (2016). Towards cost-effective moving target defense against DDoS and Covert channel attacks. In Proceedings of the 2016 ACM Workshop on Moving Target Defense (MTD ‘16) (pp. 15–25). ACM: New York.
Watson, D., & Riden, J. (2008). The honeynet project: Data collection tools, infrastructure, archives and analysis. In WOMBAT Workshop on Information Security Threats Data Collection and Sharing (pp. 24–30).
Wong, W. E., Debroy, V., Surampudi, A., Kim, H., & Siok, M. F. (2010). Recent catastrophic accidents: Investigating how software was responsible. In 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement (pp. 14–22). Singapore.
Yackoski, J., Bullen, H., Yu, X., & Li, J. (2013). Applying self-shielding dynamics to the network architecture. In S. Jajodia et al. (Eds.), Moving target defense II (Vol. 100, pp. 97–115). New York: Springer.
Zank, A. (2012). Moving target defense. Coronado Group. June 18. Available at http://www.coronadogroup.com/images/Moving-Target-Defense-Coronado.pdf
Zhu, M., Hu, Z., & Liu, P. (2014). Reinforcement learning algorithms for adaptive cyber defense against Heartbleed. In Proceedings of the First ACM Workshop on Moving Target Defense.
Zhuang, R., Zhang, S., DeLoach, S. A., Ou, X., & Singhal, A. (2012). Simulation based approaches to studying effectiveness of moving-target network defense. In National Symposium on Moving Target Research.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Evans, N., Horsthemke, W. (2019). Active Defense Techniques. In: Kott, A., Linkov, I. (eds) Cyber Resilience of Systems and Networks. Risk, Systems and Decisions. Springer, Cham. https://doi.org/10.1007/978-3-319-77492-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-77492-3_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-77491-6
Online ISBN: 978-3-319-77492-3
eBook Packages: EngineeringEngineering (R0)