A Survey of Moving Target Defenses for Network Security
release_6i3uibpforc4vndap7sbnxml5m
by
Sailik Sengupta, Ankur Chowdhary, Abdulhakim Sabur, Dijiang Huang,
Adel Alshamrani, Subbarao Kambhampati
2019
Abstract
Network defense techniques based on traditional tools, techniques, and
procedures fail to account for the attacker's inherent advantage present due to
the static nature of network services and configurations. Moving Target Defense
(MTD), on the other hand, provides an intelligent countermeasure by dynamically
re-configuring the underlying systems, thereby reducing the effectiveness of
cyber attacks. In this survey, we analyze the recent advancements made in the
development of MTDs and highlight how these defenses can be made more effective
with the use of artificial intelligence techniques for decision making. We
first define a unified formal notation for MTDs that can capture different
aspects of such defenses. We then categorize these defenses into different
sub-classes depending on how they answer the three questions -- what to move,
when to move and how to move -- showcasing how game-theoretic strategies can
effectively answer the latter question. To understand the usefulness of these
defense methods, we study the implementation of such MTD techniques. We find
that new networking technologies such as Software Defined Networking and
Network Function Virtualization provide effective means for implementing these
dynamic defense methods. To encourage researchers and industry experts in using
such defenses, we highlight industry use-cases and discuss the practicality and
maturity of these defenses. To aid readers who want to test or deploy MTD
techniques, we highlight existing MTD test-beds. Our survey then performs both
a qualitative and quantitative analysis to better understand the effectiveness
of these MTDs in terms of security and performance. To that extent, we use
well-defined metrics for measuring performance costs and security impacts of
the surveyed MTDs. Finally, we conclude by summarizing research opportunities
that our survey elucidates.
In text/plain
format
Archived Files and Locations
application/pdf 1.3 MB
file_ucsq7iu33zaybp4ujymzavhh7m
|
arxiv.org (repository) web.archive.org (webarchive) |
1905.00964v1
access all versions, variants, and formats of this works (eg, pre-prints)