scholarly journals On Moving Target Techniques for Network Defense Security

2021 ◽  
Vol 9 (5) ◽  
pp. 84-90
Author(s):  
Shouq Mohsen Alnemari ◽  
Sabah M Alzahrani
Keyword(s):  
Defense Mechanisms ◽  
Assessment Methods ◽  
Moving Target ◽  
Moving Target Defense ◽  
Network Defense ◽  
Success Ratio ◽  
The Future ◽  
Traditional Technologies ◽  
Comprehensive Study

The traditional technologies, tools and procedures of any network cannot be protected from attackers due to the unchanged services and configurations of the networks. To get rid of the asymmetrical feature, Moving Target Defense technique constantly changes the platform conformation which reduces success ratio of the cyberattack. Users are faced with realness with the increase of continual, progressive, and smart attacks. However, the defenders often follow the attackers in taking suitable action to frustrate expected attackers. The moving target defense idea appeared as a preemptive protect mechanism aimed at preventing attacks. This paper conducts a comprehensive study to cover the following aspects of moving target defense, characteristics of target attacks and its limitation, classifications of defense types, major methodologies, promising defense solutions, assessment methods and applications of defense. Finally, we conclude the study and the future concern proposals. The purpose of the study is to give general directions of research regarding critical features of defense techniques to scholars seeking to improve proactive and adaptive moving target defense mechanisms.

A Review of Moving Target Defense Mechanisms for Internet of Things Applications

2020 ◽  
pp. 563-614
Author(s):  
Nico Saputro ◽  
Samet Tonyali ◽  
Abdullah Aydeger ◽  
Kemal Akkaya ◽  
Mohammad A. Rahman ◽  
...  
Keyword(s):  
Internet Of Things ◽  
Defense Mechanisms ◽  
Moving Target ◽  
Moving Target Defense

scholarly journals Automated benchmark network diversification for realistic attack simulation with application to moving target defense

2021 ◽  
Author(s):  
Alexander Bajic ◽  
Georg T. Becker
Keyword(s):  
Moving Target ◽  
Virtual Machine Migration ◽  
Moving Target Defense ◽  
Network Defense ◽  
Fine Grained ◽  
Flexible Modeling ◽  
Wide Range ◽  
Corporate Network ◽  
Attacks And Defenses

AbstractWith numbers of exploitable vulnerabilities and attacks on networks constantly increasing, it is important to employ defensive techniques to protect one’s systems. A wide range of defenses are available and new paradigms such as Moving Target Defense (MTD) rise in popularity. But to make informed decisions on which defenses to implement, it is necessary to evaluate their effectiveness first. In many cases, the full impact these techniques have on security is not well understood yet. In this paper we propose network defense evaluation based on detailed attack simulation. Using a flexible modeling language, networks, attacks, and defenses are described in high detail, yielding a fine-grained scenario definition. Based on this, an automated instantiator generates a wide range of realistic benchmark networks. These serve to perform simulations, allowing to evaluate the security impact of different defenses, both quantitatively and qualitatively. A case study based on a mid-sized corporate network scenario and different Moving Target Defenses illustrates the usefulness of this approach. Results show that virtual machine migration, a frequently suggested MTD technique, more often degrades than improves security. Hence, we argue that evaluation based on realistic attack simulation is a qualified approach to examine and verify claims of newly proposed defense techniques.

scholarly journals CHAOS: An SDN-Based Moving Target Defense System

2017 ◽  
Vol 2017 ◽  
pp. 1-11 ◽  
Author(s):  
Yuan Shi ◽  
Huanguo Zhang ◽  
Juan Wang ◽  
Feng Xiao ◽  
Jianwei Huang ◽  
...  
Keyword(s):  
Information Disclosure ◽  
Experimental Results ◽  
Moving Target ◽  
Normal Flow ◽  
Defense System ◽  
Moving Target Defense ◽  
Network Defense ◽  
Tower Structure ◽  
Attack Surface ◽  
Sdn Controller

Moving target defense (MTD) has provided a dynamic and proactive network defense to reduce or move the attack surface that is available for exploitation. However, traditional network is difficult to realize dynamic and active security defense effectively and comprehensively. Software-defined networking (SDN) points out a brand-new path for building dynamic and proactive defense system. In this paper, we propose CHAOS, an SDN-based MTD system. Utilizing the programmability and flexibility of SDN, CHAOS obfuscates the attack surface including host mutation obfuscation, ports obfuscation, and obfuscation based on decoy servers, thereby enhancing the unpredictability of the networking environment. We propose the Chaos Tower Obfuscation (CTO) method, which uses the Chaos Tower Structure (CTS) to depict the hierarchy of all the hosts in an intranet and define expected connection and unexpected connection. Moreover, we develop fast CTO algorithms to achieve a different degree of obfuscation for the hosts in each layer. We design and implement CHAOS as an application of SDN controller. Our approach makes it very easy to realize moving target defense in networks. Our experimental results show that a network protected by CHAOS is capable of decreasing the percentage of information disclosure effectively to guarantee the normal flow of traffic.

Sign in / Sign up

Export Citation Format

Share Document