The centralized control characteristics of software-defined networks (SDNs) make them susceptible to advanced persistent threats (APTs). Moving target defense, as an effective defense means, is constantly developing. It is difficult to effectively characterize an MTD attack and defense game with existing game models and effectively select the defense timing to balance SDN service quality and MTD decision-making benefits. From the hidden confrontation between the actual attack and defense sides, existing attack-defense scenarios are abstractly characterized and analyzed. Based on the APT attack process of the Cyber Kill Chain (CKC), a state transition model of the MTD attack surface based on the susceptible-infective-recuperative-malfunctioned (SIRM) infectious disease model is defined. An MTD attack-defense timing decision model based on the FlipIt game (FG-MTD) is constructed, which expands the static analysis in the traditional game to a dynamic continuous process. The Nash equilibrium of the proposed method is analyzed, and the optimal timing selection algorithm of the MTD is designed to provide decision support for the selection of MTD timing under moderate security. Finally, the application model is used to verify the model and method. Through numerical analysis, the timings of different types of attack-defense strategies are summarized.
Optimal Timing Selection Approach to Moving Target Defense: A FlipIt Attack-Defense Game Model
