| Peer-Reviewed

The New Progress of Motive Target Defense Technology

Received: 19 May 2018     Accepted: 1 July 2018     Published: 16 August 2018
Views:       Downloads:
Abstract

The concept of moving target defense (MTD) is an excellent solution proposed in USA to make the defender become dominant player while the defender is the disadvantage one in the game of defender and attacker. Focus on summarized the attack surface characteristic and functional connotation of moving target defense, according to the hierarchy in the execution stack, this paper classified and analyzed current moving target defense technologies into four categories, such as dynamic communication network, dynamic communication run-time environment, dynamic communication data and dynamic communication application, described the theory of every mechanism in each category, summarized the advantages and disadvantages of each mechanism. On the basis of the study of current mechanisms of moving target defense technologies, this paper designed a moving target defense system based on terminal information hopping and analyzed its anti-attack performance. The experiment result proven that system can effectively increase the time consumption and complexity of successful attack, and decrease successful attack rate by continually shifting the at­tack surface, our design greatly improved the strength of inactive defense. This study can provide the theoretical guidance for the design and implementation of muti-mechanisms moving target defense systems.

Published in International Journal on Data Science and Technology (Volume 4, Issue 3)
DOI 10.11648/j.ijdst.20180403.12
Page(s) 84-92
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2018. Published by Science Publishing Group

Keywords

Moving Target Defense (MTD), Active Defense, Communication Network Security, Shifting Mechanism, Survey

References
[1] Gui-lin CAI, Bao-sheng WANG, et al. "Moving target defense: state of the art and characteristics," Frontiers of Information Technology & Electronic, vol. 17. 11, pp. 1122-1153, 2016.
[2] Manadhata, Pratyusa K., and J. M. Wing. "An Attack Surface Metric,"IEEE Transactions on Software Engineering, vol. 37 (3), pp. 371-386, 2011.
[3] Zhu Q, Ba§ar T. “Game-theoretic approach to feedback- driven multi-stage moving target defense,” Proceedings of the 4th International Conference on Decision and Game Theory for Security, Fort Worth, USA, pp. 246-263, 2013.
[4] Wei P, Feng L, Chin-Tser H, et al. “A moving-target de­fense strategy for Cloud-based services with heterogeneous and dynamic attack surfaces,” Proceedings of IEEE International Conference on Communications, Sydney. Australia, 2014, pp. 804-809.
[5] Zhuang R, Zhang S, Deloach S A, et al. “Simulation- based approaches to studying effectiveness of moving-tar­get network defense,” National Symposiumon Moving Tar­get Research, vol. 53. 39, pp. 15111-15126, 2013.
[6] July. “Cybersecurity Progress after President Obama’ s Ad­dress,” The White House National Security Council, 2012.
[7] NITRD CSIAIWG. “Cybersecurity Game-Change Research & Development Recommendations,” NITRD, 2010.
[8] Cai G L, Wang B S, Luo Y B, et al. “Research and Development of moving target defense technology,” Journal of Computer Research and Development, vol. 53. 5, pp. 968¬987, 2016.
[9] Manadhata P. “Game Theoretic Approaches to Attack Sur­face Shifting,” New York: Springer,, 2013, pp. 1-13.
[10] Kewley D, Fink R, Lowry J, et al. “Dynamic approaches to thwart adversary intelligence gathering,” Proceed­ings of the DARPA Information Survivability Conference & Exposition II, Anaheim, USA, pp. 176-185, 2001.
[11] Basam D, Ransbottom JS, Marchany RC, et al. “Strengthening MT6D defenses with LXC-based honeypot capabilities,” Electricaland Computer Enginering, vol. 2, pp. 12, 2016,
[12] Jafarian J H, Al-Shaer E, Duan Q. “Adversary-aware IP address randomization for proactive agility against sophis­ticated attackers,” Proceedings of 2015 IEEE Confer­ence on Computer Communications (INFOCOM), Hong Kong, China, pp. 738-746, 2015.
[13] Jafar Haadi Jafarian, Al-Shaer E, Duan Q. “An effective address mutation approach for disrupting reconnaissance attacks,” IEEE Transactions of Information Forensics and Security, vol. 10(2), pp. 2562-2577, 2015.
[14] Antonatos S, Akritidis P, Markatos E P, et al. “Defending against hitlist worms using network address space random­ization,” Proceedings of the 2005 ACM Workshop on Rapid Malcode, Fairfax, USA, pp. 30-40, 2005.
[15] Lee H C, Thing V LL.” Port hopping for resilient net­works,” Proceedings of 2004 IEEE 60th Vehicular Technology Conference, Los Angeles, USA, pp. 3291 – 3295, 2004.
[16] Badishi G, Herzberg A, Keidar I. “Keeping denial of service attackers in the dark,” IEEE Transactions on De­pendable & Secure Computing, vol. 4(3), pp. 191-204, 2007.
[17] Sifalakis M, Schmid S, Hutchison D. “Network address hopping: a mechanism to enhance data protection for packet communications,” Proceedings of IEEE Inter­national Conference on Communication, Beijing, China, pp. 1518-1523, 2005.
[18] Atighetchi M, Pal P, Webber F, et al. “Adaptive use of network-centric mechanisms in cyber-defense,” Pro­ceedings of IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, Hokkaido, Japan, pp. 183-192, 2003.
[19] Raytheon Company. “MORPHINATOR,” http://www.ray- theon.com+: Raytheon company, 2012.
[20] Wendzel S. “Protocol hopping covert channels,” http:// www. wendzel. de/dr. org/files/Papers/protocolhopping _ MP_DE.pdf: Wendzel, 2008
[21] Guang-jia SONG, and Zhen-zhou JI. "Anonymous-address-resolution model," Frontiers of Information Technology& Electronic Engineering, Vol. 17(10), pp. 1044-1055, 2016.
[22] Mian CHENG, Jin-shu SU, and Jing XU. "Real-time pre-processing system with hardware accelerator for mobile core networks," Frontiers of Information Technology & Electronic Engineering, Vol. 18(11), pp. 1720-1731, 2017.
[23] Peng JIANG, Qiaoyan WEN, et al. “An anonymous and efficient remote biometrics user authentication scheme in a multi-server environment,” Frontiers of Computer Science, vol. 9(1), pp. 142-156, 2015.
[24] Yackoski J, Xie P, Bullen H, et al. “A self-sliielding dynamic network architecture,” Proceedings of the Military Communications Conference, New York, USA, 2011, pp. 1381-1386.
[25] Clark A, Sun K, Poovendran R. “Effectiveness of IP address randomization in decoy-based moving target defense,” Proceedings of the Decision and Control, Florence, Italy, pp. 678-685, 2013.
[26] Okhravi H, Comella A, Robinson E, et al. “Creating a cyber moving target for critical infrastructure applications using platform diversity,” International Journal of Critical Infrastructure Protection, vol. 5(1), pp. 30-39, 2012.
[27] Bangalore A K, Sood A K. “Securing web servers using self cleansing intrusion tolerance,” Proceedings of the International Conference on Dependability, Brunow, Poland, pp. 60-65, 2009.
[28] Huang Y, Ghosh A. “Introducing Diversity and Uncertainty to Create Moving Attack Surfaces for Web Services,” New York: Springer, vol. 54, pp. 131-151, 2011.
[29] Kc G S, Keromytis A D, Prevelakis V. “Countering code injection attacks with instruction-set randomization,” Proceedings of ACM Conference on Computer and Communications Security, Washington, USA, pp. 272-280, 2003.
[30] Lucas B, Fulp E W, John D J, et al. “An initial framework for evolving computer configurations as a moving target defense,” Proceedings of the Cyber and Information Security Research Conference, New York, USA, pp. 69-72, 2014.
[31] John D J, Smith R W, Turkett W H, et al. “Evolutionary based moving target cyber defense,” Proceedings of the Companion Publication of the 2014 Annual Conference on Genetic and Evolutionary Computation, Vancouver, Canada, pp. 1261-1268, 2014.
[32] Jackson T, Salamat B, Homescu A, et al. “Compiler-generated software diversity,” Advances in Information Security, vol. 54, pp. 77-98, 2011.
[33] Christodorescu M, Fredrikson M, Jha S, et al. “End-to-End Software Diversification of Internet Services,” New York:Springer, 2011, vol. 54, pp. 117-130.
[34] Goues C, Nguyen-Tuong A, Chen H, et al. “Moving Target Defenses in the Helix Self-Regenerative Architecture,” NewYork:Springer, 2013, vol. 100, pp. 117-149.
[35] Ma J, Dunagan J, Wang H J, et al. “Finding diversity in remote code injection exploits,” Proceedings of the 6th ACM SIGCOMM Conference on Internet measurement, Riode Janeriro, Brazil, pp. 53-64, 2006.
[36] Bhatkar S, Sekar R. “Data space randomization,” Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Paris, France, pp. 1-22, 2008.
[37] Cowan C, Beattie S, Johansen J, et al. “PointGuard™: protecting pointers from buffer overflow vulnerabilities,” Proceedings of the 12th Conference on USENIX Security Symposium, Washington, USA, pp. 7-12, 2003.
[38] Rinard M C, Cadar C, Dumitran D, et al. “A dynamic technique for eliminating buffer overflow vulnerabilities,” Proceedings of the 20th Annual Computer Security Applications Conference, Tucson, USA, pp. 82-90, 2004.
[39] Bhatkar S, DuVarney D C, Sekar R. “Address obfuscation:an efficient approach to combat a broad range of memory error exploits,” Proceedings of the Conference on USENIX Security Symposium, Berkeley, USA, pp. 105-120, 2003.
Cite This Article
  • APA Style

    Tan Tiantian, Wang Baosheng, Wang XiaoFeng, Cai Guilin, Luo Yuebin, et al. (2018). The New Progress of Motive Target Defense Technology. International Journal on Data Science and Technology, 4(3), 84-92. https://doi.org/10.11648/j.ijdst.20180403.12

    Copy | Download

    ACS Style

    Tan Tiantian; Wang Baosheng; Wang XiaoFeng; Cai Guilin; Luo Yuebin, et al. The New Progress of Motive Target Defense Technology. Int. J. Data Sci. Technol. 2018, 4(3), 84-92. doi: 10.11648/j.ijdst.20180403.12

    Copy | Download

    AMA Style

    Tan Tiantian, Wang Baosheng, Wang XiaoFeng, Cai Guilin, Luo Yuebin, et al. The New Progress of Motive Target Defense Technology. Int J Data Sci Technol. 2018;4(3):84-92. doi: 10.11648/j.ijdst.20180403.12

    Copy | Download

  • @article{10.11648/j.ijdst.20180403.12,
      author = {Tan Tiantian and Wang Baosheng and Wang XiaoFeng and Cai Guilin and Luo Yuebin and Xiang Zheng},
      title = {The New Progress of Motive Target Defense Technology},
      journal = {International Journal on Data Science and Technology},
      volume = {4},
      number = {3},
      pages = {84-92},
      doi = {10.11648/j.ijdst.20180403.12},
      url = {https://doi.org/10.11648/j.ijdst.20180403.12},
      eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.ijdst.20180403.12},
      abstract = {The concept of moving target defense (MTD) is an excellent solution proposed in USA to make the defender become dominant player while the defender is the disadvantage one in the game of defender and attacker. Focus on summarized the attack surface characteristic and functional connotation of moving target defense, according to the hierarchy in the execution stack, this paper classified and analyzed current moving target defense technologies into four categories, such as dynamic communication network, dynamic communication run-time environment, dynamic communication data and dynamic communication application, described the theory of every mechanism in each category, summarized the advantages and disadvantages of each mechanism. On the basis of the study of current mechanisms of moving target defense technologies, this paper designed a moving target defense system based on terminal information hopping and analyzed its anti-attack performance. The experiment result proven that system can effectively increase the time consumption and complexity of successful attack, and decrease successful attack rate by continually shifting the at­tack surface, our design greatly improved the strength of inactive defense. This study can provide the theoretical guidance for the design and implementation of muti-mechanisms moving target defense systems.},
     year = {2018}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - The New Progress of Motive Target Defense Technology
    AU  - Tan Tiantian
    AU  - Wang Baosheng
    AU  - Wang XiaoFeng
    AU  - Cai Guilin
    AU  - Luo Yuebin
    AU  - Xiang Zheng
    Y1  - 2018/08/16
    PY  - 2018
    N1  - https://doi.org/10.11648/j.ijdst.20180403.12
    DO  - 10.11648/j.ijdst.20180403.12
    T2  - International Journal on Data Science and Technology
    JF  - International Journal on Data Science and Technology
    JO  - International Journal on Data Science and Technology
    SP  - 84
    EP  - 92
    PB  - Science Publishing Group
    SN  - 2472-2235
    UR  - https://doi.org/10.11648/j.ijdst.20180403.12
    AB  - The concept of moving target defense (MTD) is an excellent solution proposed in USA to make the defender become dominant player while the defender is the disadvantage one in the game of defender and attacker. Focus on summarized the attack surface characteristic and functional connotation of moving target defense, according to the hierarchy in the execution stack, this paper classified and analyzed current moving target defense technologies into four categories, such as dynamic communication network, dynamic communication run-time environment, dynamic communication data and dynamic communication application, described the theory of every mechanism in each category, summarized the advantages and disadvantages of each mechanism. On the basis of the study of current mechanisms of moving target defense technologies, this paper designed a moving target defense system based on terminal information hopping and analyzed its anti-attack performance. The experiment result proven that system can effectively increase the time consumption and complexity of successful attack, and decrease successful attack rate by continually shifting the at­tack surface, our design greatly improved the strength of inactive defense. This study can provide the theoretical guidance for the design and implementation of muti-mechanisms moving target defense systems.
    VL  - 4
    IS  - 3
    ER  - 

    Copy | Download

Author Information
  • Department of Computer, National University of Defense Technology, Changsha, China

  • Department of Computer, National University of Defense Technology, Changsha, China

  • Department of Computer, National University of Defense Technology, Changsha, China

  • Faculty of Crap, Crap 95942, Wuhan, China

  • Department of Computer, National University of Defense Technology, Changsha, China

  • Department of Network, Hunan Institute of Information Technology, Changsha, China

  • Sections