Moving Target Defense Based on Adaptive Forwarding Path Migration for Securing the SCADA Network

Static characteristics of supervisory control and data acquisition (SCADA) system are often exploited to perform malicious activities on smart grids. Most of the time, the success of cyberattacks begins with the profiling of the target system and follows by the analysis of the limited resources. To alleviate the asymmetry between attack and defense, network-based moving target defense (MTD) techniques have been applied in the network system to defend against cyberattacks by constructing a dynamic attack surface to the adversary. In this paper, we propose a novel MTD technique based on adaptive forwarding path migration (AFPM) that focuses on improving the defense capability and optimizing the network performance of path mutation. Considering the transient problems present in path mutation caused by the dynamic switching of the forwarding path, we formalize the mutation constraints based on the satisfiability modulo theory (SMT) to select the mutation path. Considering the limited defense capability of path mutation owing to the traditional mutation selection mechanism, we design the mutation path generation algorithm based on the network security capacity matrix to obtain an optimal combination of mutation path and mutation period. Finally, we compare and analyze various cyber defense techniques used in the SCADA network and demonstrate experimentally that our MTD technique can prevent more than 92% of passive monitoring under specified conditions while ensuring the quality of service (QoS) to be almost the same as the static network.

Download Full-text

Effectiveness Evaluation Model of Moving Target Defense Based on System Attack Surface

IEEE Access ◽

10.1109/access.2019.2891613 ◽

2019 ◽

Vol 7 ◽

pp. 9998-10014 ◽

Cited By ~ 7

Author(s):

Xin-Li Xiong ◽

Lin Yang ◽

Guang-Sheng Zhao

Keyword(s):

Evaluation Model ◽

Effectiveness Evaluation ◽

Moving Target ◽

Moving Target Defense ◽

Attack Surface

Download Full-text

SCIT Based Moving Target Defense Reduces and Shifts Attack Surface

Proceedings of the 11th International Workshop on Security in Information Systems ◽

10.5220/0004978300140025 ◽

2014 ◽

Keyword(s):

Moving Target ◽

Moving Target Defense ◽

Attack Surface ◽

And Shifts

Download Full-text

Moving Target Defense for SDN-Based Cloud Datacenter Network Protection

International Journal of Advanced Trends in Computer Science and Engineering ◽

10.30534/ijatcse/2021/421032021 ◽

2021 ◽

Vol 10 (3) ◽

pp. 1784-1794

Keyword(s):

Defense Mechanism ◽

Significant Advance ◽

Moving Target ◽

Security Risk ◽

Moving Target Defense ◽

Network Protection ◽

Cloud Datacenter ◽

Datacenter Network ◽

Attack Surface ◽

Security Operations

The significant advance of software Defined Networking (SDN) technology has enabled several complex system operations to be highly dynamic, flexible and robust; particularly in terms of programmability and controllability with the help of SDN controllers. Accordingly, many security operations have utilized this capability to be optimally deployed in a complex network using the SDN functionalities. Moving target defense (MTD) has emerged as an adaptive and proactive defense mechanism aiming to thwart a potential attacker. The key underlying idea of MTD is to increase uncertainty and confusion for attackers by changing attack surface (i.e., system or network configurations) that can invalidate the intelligence collected by the attackers and interrupt attack execution; ultimately leading to attack failure. In this research, by leveraging the advanced SDN technology, the model of MTD using SDN-based system framework design is proposed. The model uses a runtime model that allows the proposed framework to infer the current state of the system. Based on the obtained information, the MTD mechanism using SDN can provide proactive, adaptive and affordable defense services for the exploitable aspects of the cloud datacenter network to increase uncertainty and complexityto the attackers and reduce the likelihood of an attack and minimize cloud security risk. The research also validates the outperformance of the proposed MTD technique in attack success rate via simulation on SDN-based cloud datacenter network experiments in a virtualized environment.

Download Full-text

Ghost-MTD: Moving Target Defense via Protocol Mutation for Mission-Critical Cloud Systems

Energies ◽

10.3390/en13081883 ◽

2020 ◽

Vol 13 (8) ◽

pp. 1883

Author(s):

Jun-Gyu Park ◽

Yangjae Lee ◽

Ki-Wan Kang ◽

Sang-Hoon Lee ◽

Ki-Woong Park

Keyword(s):

Cyber Security ◽

System Analysis ◽

Communication Protocols ◽

Target System ◽

Moving Target ◽

Security Technology ◽

Moving Target Defense ◽

Security Technologies ◽

Potential Target ◽

System Properties

Research on various security technologies has been actively underway to protect systems from attackers. However, attackers can secure enough time to reconnoiter and attack the target system owing to its static nature. This develops asymmetric warfare in which attackers outwit defenders. Moving target defense (MTD) technologies, which obfuscate the attack surface by modifying the main properties of the potential target system, have been gaining attention as an active cyber security technology. Particularly, network-based MTD (NMTD) technologies, which dynamically mutate the network configuration information, such as IP and ports of the potential target system, can dramatically increase the time required for an attacker to analyze the system. Therefore, this system defense technology has been actively researched. However, increasing the analysis complexity of the target system is limited in conventional NMTD because the variation of system properties (e.g., IP, port) that can be mutated is restricted by the system configuration environment. Therefore, there is a need for an MTD technique that effectively delays an attacker during the system analysis by increasing the variation of system properties. Additionally, in terms of practicality, minimizing the computational overhead arising by the MTD technology and solving the compatibility problem with existing communication protocols are critical issues that cannot be overlooked. In this study, we propose a technology called Ghost-MTD (gMTD). gMTD allows only the user who is aware of protocol mutation patterns to correctly communicate with the service modules of the server system through protocol mutation using the pre-shared one-time bit sequence. Otherwise, gMTD deceives the attackers who attempt to infiltrate the system by redirecting their messages to a decoy-hole module. The experimental results show that the proposed technology enables protocol mutation and validation with a very low performance overhead of only 3.28% to 4.97% using an m-bit (m ≥ 4) length one-time bit sequence and can be applied to real systems regardless of the specific communication protocols.

Download Full-text

Enhanced Hidden Moving Target Defense in Smart Grids

IEEE Transactions on Smart Grid ◽

10.1109/tsg.2018.2791512 ◽

2019 ◽

Vol 10 (2) ◽

pp. 2208-2223 ◽

Cited By ~ 21

Author(s):

Jue Tian ◽

Rui Tan ◽

Xiaohong Guan ◽

Ting Liu

Keyword(s):

Smart Grids ◽

Moving Target ◽

Moving Target Defense

Download Full-text

Hidden Moving Target Defense in Smart Grids

Proceedings of the 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids - CPSR-SG'17 ◽

10.1145/3055386.3055388 ◽

2017 ◽

Cited By ~ 4

Author(s):

Jue Tian ◽

Rui Tan ◽

Xiaohong Guan ◽

Ting Liu

Keyword(s):

Smart Grids ◽

Moving Target ◽

Moving Target Defense

Download Full-text

CHAOS: An SDN-Based Moving Target Defense System

Security and Communication Networks ◽

10.1155/2017/3659167 ◽

2017 ◽

Vol 2017 ◽

pp. 1-11 ◽

Cited By ~ 3

Author(s):

Yuan Shi ◽

Huanguo Zhang ◽

Juan Wang ◽

Feng Xiao ◽

Jianwei Huang ◽

...

Keyword(s):

Information Disclosure ◽

Experimental Results ◽

Moving Target ◽

Normal Flow ◽

Defense System ◽

Moving Target Defense ◽

Network Defense ◽

Tower Structure ◽

Attack Surface ◽

Sdn Controller

Moving target defense (MTD) has provided a dynamic and proactive network defense to reduce or move the attack surface that is available for exploitation. However, traditional network is difficult to realize dynamic and active security defense effectively and comprehensively. Software-defined networking (SDN) points out a brand-new path for building dynamic and proactive defense system. In this paper, we propose CHAOS, an SDN-based MTD system. Utilizing the programmability and flexibility of SDN, CHAOS obfuscates the attack surface including host mutation obfuscation, ports obfuscation, and obfuscation based on decoy servers, thereby enhancing the unpredictability of the networking environment. We propose the Chaos Tower Obfuscation (CTO) method, which uses the Chaos Tower Structure (CTS) to depict the hierarchy of all the hosts in an intranet and define expected connection and unexpected connection. Moreover, we develop fast CTO algorithms to achieve a different degree of obfuscation for the hosts in each layer. We design and implement CHAOS as an application of SDN controller. Our approach makes it very easy to realize moving target defense in networks. Our experimental results show that a network protected by CHAOS is capable of decreasing the percentage of information disclosure effectively to guarantee the normal flow of traffic.

Download Full-text

Optimal Timing Selection Approach to Moving Target Defense: A FlipIt Attack-Defense Game Model

Security and Communication Networks ◽

10.1155/2020/3151495 ◽

2020 ◽

Vol 2020 ◽

pp. 1-12

Author(s):

Jing-lei Tan ◽

Heng-wei Zhang ◽

Hong-qi Zhang ◽

Cheng Lei ◽

Hui Jin ◽

...

Keyword(s):

Continuous Process ◽

Disease Model ◽

Optimal Timing ◽

Moving Target ◽

Centralized Control ◽

Moving Target Defense ◽

Defense Strategies ◽

Infectious Disease Model ◽

Advanced Persistent Threats ◽

Attack And Defense

The centralized control characteristics of software-defined networks (SDNs) make them susceptible to advanced persistent threats (APTs). Moving target defense, as an effective defense means, is constantly developing. It is difficult to effectively characterize an MTD attack and defense game with existing game models and effectively select the defense timing to balance SDN service quality and MTD decision-making benefits. From the hidden confrontation between the actual attack and defense sides, existing attack-defense scenarios are abstractly characterized and analyzed. Based on the APT attack process of the Cyber Kill Chain (CKC), a state transition model of the MTD attack surface based on the susceptible-infective-recuperative-malfunctioned (SIRM) infectious disease model is defined. An MTD attack-defense timing decision model based on the FlipIt game (FG-MTD) is constructed, which expands the static analysis in the traditional game to a dynamic continuous process. The Nash equilibrium of the proposed method is analyzed, and the optimal timing selection algorithm of the MTD is designed to provide decision support for the selection of MTD timing under moderate security. Finally, the application model is used to verify the model and method. Through numerical analysis, the timings of different types of attack-defense strategies are summarized.

Download Full-text