Research On Some Key Issues For Moving Target Defense

Moving Target Defense(MTD)is a new revolutionary technology to alter the asymmetric situation of attacks and defenses.It keeps changing the protected target's attack surface through dynamic shifting,which can be controlled and managed by the administrator.In this way,the attack surface exposed to the attacker appears chaotic and changes over time.Therefore,the work effort,i.e.,the cost and complexity,for the attackers to launch a successful attack,will be greatly increased.As a result,the probability of successful attacks will be decreased,and the resiliency and security of the protected target will be enhanced effectively.MTD is a research focus in the field of cyber security,and numerous related works are available.However,there are still some key issues to be solved.In this thesis,we have chosen four key issues,i.e.,the investigation of the characteristics and security model for MTD strategies,the analysis for the defense mechanism of MTD technology,the design of an adaptive moving target defense system,and the research on the evaluation for the system that has been deployed with MTD strategies,as our research topic.The major contributions of this thesis are as follows:1.Proposing the characteristics of MTD and a new security model MP2 R for MTD technologyTo better understand the essence of MTD,we identify,extrapolate,and summarize the static characteristics and running patterns shared by the MTD strategies to improve system security,and also introduce a new security model with MTD called MP2 R.The static characteristics are the foundation and precondition for creating an effective MTD.We investigate and extract four main characteristics and a minor characteristic embodied in existing MTD strategies.Moreover,we propose an MTD system model to characterize the corresponding relationship between an specific MTD strategy and the static characteristics,and take analyses on existing typical MTD strategies to verify the corresponding relationship.The running patterns are the paradigm of running the static characteristics to ensure the effectiveness of an MTD strategy.We identify the two fundamental running patterns and an assistant pattern.Moreover,we generalize the correspondence between the the three major schools of MTD and the running patterns,and use five MTD approaches that belong to the three schools of thought as cases to confirm the patterns presented.Thereafter,we propose a new security model MP2 R to describe the general defense process of MTD strategies.Through the comparison between the MP2 R model and PPDRR model that is used to describe the defense process of traditional defense approaches,we can easily understand the changes in the traditional defense paradigm and security model caused by the introduction of MTD and the proactivity of MTD technology.2.Analyzing the defense mechanism of MTD technologyTo solve the problem that relevant analysis for the defense mechanism of MTD technology is still absent,we study the defense mechanism of MTD technology by using incomplete information dynamic game theory.There are two players in the game scenario we examined,one is a defender who can equip a server with different types of MTD approaches to improve the server's security while enable it to provide a specific service such as web service,and the other is a visitor who can be a normal user or an attacker that attempts to launch attacks.The analysis approach is as follows.Firstly,we specify the game models between the defender and the visitor for different types of MTD techniques,and analyze the equilibria and their conditions for these models.Then,we take an existing incomplete information dynamic game model for traditional defense and its equilibrium result as baseline for comparison,to illustrate the proactivity and effect of the MTD technology.We also identify the factors that would influence the proactivity and effectiveness of the MTD approaches,the size of configuration space and the frequency of shifting for each MTD mechanism.This work gives theoretical support for understanding the defense mechanism of MTD technology and provides suggestions to improve the effectiveness of MTD approaches.3.Proposing an adaptive moving target defense approachAn MTD strategy thwarts attacks by continuously shifting the target's attack surface.Therefore,it would introduce some defense cost when securing the target,and in the meanwhile,it will affect the availability of the target system too.As a result,how to define the condition and timing of the attack surface shifting and optimize the frequency of the shifting to achieve the availability-security-cost trade-off,is a problem worthy of further study.To solve this problem,we present an adaptive moving target defense approach framework,which can provide the proactive defense arrived at by the anomaly-driven shuffling(ADS)and the reactive defense arrived at by the timer-driven shuffling(TDS).Furthermore,its shifting interval is adaptive.We first describe the components of AMTD framework and the functionality of each component,and introduce the inner workings of AMTD framework.Then we develop a mathematical model that reflects the expected cost of the combination of ADS and TDS,to determine the triggering condition for ADS and compute the optimal shifting interval of TDS in this context.Meanwhile,the start time of each TDS interval is set to the finish time of the last ADS/TDS,or the start time when the target system recovers its functionality after being compromised and damaged.In addition,we define a quantitative parameter,service rate,to quantify the influence of the cost of ADS and TDS on the system's availability.Simulation results show that AMTD is always better than MTD with fixed interval,and the effect of AMTD will be affected by the accuracy of IDS system,the leads of intrusion detection,and the changes on ADS/TDS overhead and the loss of being compromised.4.Proposing an performance evaluation model for an MTD systemEvaluation is an important part of system design,and it is no exception in the field of moving target defense.However,existing evaluation methods are mostly used to evaluate the effectiveness of an initial design of a certain type of MTD technology,and few studies to analyze the impact of the deployment of an MTD mechanism on the performance of the target system.To solve this problem,we propose a generalized performance evaluation model for MTD techniques based on Generalized Stochastic Petri Net.To achieve this goal,we consider a Web server as a deployment scenario for the existing typical kinds of MTD techniques.We first extend the classic process of Web service,describe a complete process of service and defense of a Web server which can deploy the three typical MTD techniques.Then we develop a generalized abstract performance evaluation model for the Web system through using generalized stochastic Petri Net(GSPN),and validate the correctness of this model.Thereafter,we take an existing MTD approach as a use case to illustrate the usage of the proposed model and its practical significance.