A Survey of Moving Target Defenses for Network Security

Sailik Sengupta; Ankur Chowdhary; Abdulhakim Sabur; Adel Alshamrani; Dijiang Huang; Subbarao Kambhampati

doi:10.1109/COMST.2020.2982955

A Survey of Moving Target Defenses for Network Security

Sailik Sengupta, Ankur Chowdhary, Abdulhakim Sabur, Adel Alshamrani, Dijiang Huang, Subbarao Kambhampati

Research output: Contribution to journal › Article › peer-review

137 Scopus citations

Abstract

Network defenses based on traditional tools, techniques, and procedures (TTP) fail to account for the attacker's inherent advantage present due to the static nature of network services and configurations. To take away this asymmetric advantage, Moving Target Defense (MTD) continuously shifts the configuration of the underlying system, in turn reducing the success rate of cyberattacks. In this survey, we analyze the recent advancements made in the development of MTDs and highlight (1) how these defenses can be defined using common terminology, (2) can be made more effective with the use of artificial intelligence techniques for decision making, (3) be implemented in practice and (4) evaluated. We first define an MTD using a simple and yet general notation that captures the key aspects of such defenses. We then categorize these defenses into different sub-classes depending on what they move, when they move and how they move. In trying to answer the latter question, we showcase the use of domain knowledge and game-theoretic modeling can help the defender come up with effective and efficient movement strategies. Second, to understand the practicality of these defense methods, we discuss how various MTDs have been implemented and find that networking technologies such as Software Defined Networking and Network Function Virtualization act as key enablers for implementing these dynamic defenses. We then briefly highlight MTD test-beds and case-studies to aid readers who want to examine or deploy existing MTD techniques. Third, our survey categorizes proposed MTDs based on the qualitative and quantitative metrics they utilize to evaluate their effectiveness in terms of security and performance. We use well-defined metrics such as risk analysis and performance costs for qualitative evaluation and metrics based on Confidentiality, Integrity, Availability (CIA), attack representation, QoS impact, and targeted threat models for quantitative evaluation. Finally, we show that our categorization of MTDs is effective in identifying novel research areas and highlight directions for future research.

Original language	English (US)
Article number	9047923
Pages (from-to)	1909-1941
Number of pages	33
Journal	IEEE Communications Surveys and Tutorials
Volume	22
Issue number	3
DOIs	https://doi.org/10.1109/COMST.2020.2982955
State	Published - Jul 1 2020

Keywords

Cyber security
QoS metrics
advanced persistent threats
artificial intelligence
attack representation methods (ARMs)
cyber deception
cyber kill chain (CKC)
game theory
moving target defense
network function virtualization (NFV)
network security
qualitative metrics
quantitative metrics
risk analysis
software-defined networking (SDN)

ASJC Scopus subject areas

Electrical and Electronic Engineering

Access to Document

10.1109/COMST.2020.2982955

Cite this

@article{6a02085894e443488137df7f0c10ca20,

title = "A Survey of Moving Target Defenses for Network Security",

abstract = "Network defenses based on traditional tools, techniques, and procedures (TTP) fail to account for the attacker's inherent advantage present due to the static nature of network services and configurations. To take away this asymmetric advantage, Moving Target Defense (MTD) continuously shifts the configuration of the underlying system, in turn reducing the success rate of cyberattacks. In this survey, we analyze the recent advancements made in the development of MTDs and highlight (1) how these defenses can be defined using common terminology, (2) can be made more effective with the use of artificial intelligence techniques for decision making, (3) be implemented in practice and (4) evaluated. We first define an MTD using a simple and yet general notation that captures the key aspects of such defenses. We then categorize these defenses into different sub-classes depending on what they move, when they move and how they move. In trying to answer the latter question, we showcase the use of domain knowledge and game-theoretic modeling can help the defender come up with effective and efficient movement strategies. Second, to understand the practicality of these defense methods, we discuss how various MTDs have been implemented and find that networking technologies such as Software Defined Networking and Network Function Virtualization act as key enablers for implementing these dynamic defenses. We then briefly highlight MTD test-beds and case-studies to aid readers who want to examine or deploy existing MTD techniques. Third, our survey categorizes proposed MTDs based on the qualitative and quantitative metrics they utilize to evaluate their effectiveness in terms of security and performance. We use well-defined metrics such as risk analysis and performance costs for qualitative evaluation and metrics based on Confidentiality, Integrity, Availability (CIA), attack representation, QoS impact, and targeted threat models for quantitative evaluation. Finally, we show that our categorization of MTDs is effective in identifying novel research areas and highlight directions for future research.",

keywords = "Cyber security, QoS metrics, advanced persistent threats, artificial intelligence, attack representation methods (ARMs), cyber deception, cyber kill chain (CKC), game theory, moving target defense, network function virtualization (NFV), network security, qualitative metrics, quantitative metrics, risk analysis, software-defined networking (SDN)",

author = "Sailik Sengupta and Ankur Chowdhary and Abdulhakim Sabur and Adel Alshamrani and Dijiang Huang and Subbarao Kambhampati",

note = "Funding Information: Manuscript received April 30, 2019; revised October 24, 2019; accepted February 13, 2020. Date of publication March 26, 2020; date of current version August 21, 2020. This work was supported in part by the Naval Research Laboratory under Grant N00173-15-G017 and Grant N0017319-1-G002, in part by the Air Force Office of Scientific Research under Grant FA9550-18-1-0067, in part by the National Aeronautics and Space Administration under Grant NNX17AD06G, in part by the Office of Naval Research under Grant N00014-16-1-2892, Grant N00014-18-1-2442, and Grant N00014-18-12840, in part by NSF U.S. under Grant DGE-1723440, Grant OAC-1642031, Grant SaTC-1528099, and Grant 1723440, in part by NSF China under Grant 61628201 and Grant 61571375, in part by the JP Morgan AI Research Faculty Award, and in part by DARPA CHASE under Grant W912CG-19-C-0003 (via IBM). The work of Sailik Sengupta was supported by the IBM Ph.D. Fellowship. The work of Abdulhakim Sabur was supported by a scholarship from Taibah University through Saudi Arabian Cultural Mission. (Sailik Sengupta and Ankur Chowdhary contributed equally to this work.) (Corresponding author: Sailik Sengupta.) Sailik Sengupta, Ankur Chowdhary, Dijiang Huang, and Subbarao Kambhampati are with the School of Computing, Informatics, and Decision Systems Engineering, Arizona State University, Tempe, AZ 85287 USA (e-mail: ssengu15@asu.edu; achaud16@asu.edu; dijiang@asu.edu; rao@asu.edu). Publisher Copyright: {\textcopyright} 1998-2012 IEEE.",

year = "2020",

month = jul,

day = "1",

doi = "10.1109/COMST.2020.2982955",

language = "English (US)",

volume = "22",

pages = "1909--1941",

journal = "IEEE Communications Surveys and Tutorials",

issn = "1553-877X",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "3",

}

TY - JOUR

T1 - A Survey of Moving Target Defenses for Network Security

AU - Sengupta, Sailik

AU - Chowdhary, Ankur

AU - Sabur, Abdulhakim

AU - Alshamrani, Adel

AU - Huang, Dijiang

AU - Kambhampati, Subbarao

N1 - Funding Information: Manuscript received April 30, 2019; revised October 24, 2019; accepted February 13, 2020. Date of publication March 26, 2020; date of current version August 21, 2020. This work was supported in part by the Naval Research Laboratory under Grant N00173-15-G017 and Grant N0017319-1-G002, in part by the Air Force Office of Scientific Research under Grant FA9550-18-1-0067, in part by the National Aeronautics and Space Administration under Grant NNX17AD06G, in part by the Office of Naval Research under Grant N00014-16-1-2892, Grant N00014-18-1-2442, and Grant N00014-18-12840, in part by NSF U.S. under Grant DGE-1723440, Grant OAC-1642031, Grant SaTC-1528099, and Grant 1723440, in part by NSF China under Grant 61628201 and Grant 61571375, in part by the JP Morgan AI Research Faculty Award, and in part by DARPA CHASE under Grant W912CG-19-C-0003 (via IBM). The work of Sailik Sengupta was supported by the IBM Ph.D. Fellowship. The work of Abdulhakim Sabur was supported by a scholarship from Taibah University through Saudi Arabian Cultural Mission. (Sailik Sengupta and Ankur Chowdhary contributed equally to this work.) (Corresponding author: Sailik Sengupta.) Sailik Sengupta, Ankur Chowdhary, Dijiang Huang, and Subbarao Kambhampati are with the School of Computing, Informatics, and Decision Systems Engineering, Arizona State University, Tempe, AZ 85287 USA (e-mail: ssengu15@asu.edu; achaud16@asu.edu; dijiang@asu.edu; rao@asu.edu). Publisher Copyright: © 1998-2012 IEEE.

PY - 2020/7/1

Y1 - 2020/7/1

N2 - Network defenses based on traditional tools, techniques, and procedures (TTP) fail to account for the attacker's inherent advantage present due to the static nature of network services and configurations. To take away this asymmetric advantage, Moving Target Defense (MTD) continuously shifts the configuration of the underlying system, in turn reducing the success rate of cyberattacks. In this survey, we analyze the recent advancements made in the development of MTDs and highlight (1) how these defenses can be defined using common terminology, (2) can be made more effective with the use of artificial intelligence techniques for decision making, (3) be implemented in practice and (4) evaluated. We first define an MTD using a simple and yet general notation that captures the key aspects of such defenses. We then categorize these defenses into different sub-classes depending on what they move, when they move and how they move. In trying to answer the latter question, we showcase the use of domain knowledge and game-theoretic modeling can help the defender come up with effective and efficient movement strategies. Second, to understand the practicality of these defense methods, we discuss how various MTDs have been implemented and find that networking technologies such as Software Defined Networking and Network Function Virtualization act as key enablers for implementing these dynamic defenses. We then briefly highlight MTD test-beds and case-studies to aid readers who want to examine or deploy existing MTD techniques. Third, our survey categorizes proposed MTDs based on the qualitative and quantitative metrics they utilize to evaluate their effectiveness in terms of security and performance. We use well-defined metrics such as risk analysis and performance costs for qualitative evaluation and metrics based on Confidentiality, Integrity, Availability (CIA), attack representation, QoS impact, and targeted threat models for quantitative evaluation. Finally, we show that our categorization of MTDs is effective in identifying novel research areas and highlight directions for future research.

AB - Network defenses based on traditional tools, techniques, and procedures (TTP) fail to account for the attacker's inherent advantage present due to the static nature of network services and configurations. To take away this asymmetric advantage, Moving Target Defense (MTD) continuously shifts the configuration of the underlying system, in turn reducing the success rate of cyberattacks. In this survey, we analyze the recent advancements made in the development of MTDs and highlight (1) how these defenses can be defined using common terminology, (2) can be made more effective with the use of artificial intelligence techniques for decision making, (3) be implemented in practice and (4) evaluated. We first define an MTD using a simple and yet general notation that captures the key aspects of such defenses. We then categorize these defenses into different sub-classes depending on what they move, when they move and how they move. In trying to answer the latter question, we showcase the use of domain knowledge and game-theoretic modeling can help the defender come up with effective and efficient movement strategies. Second, to understand the practicality of these defense methods, we discuss how various MTDs have been implemented and find that networking technologies such as Software Defined Networking and Network Function Virtualization act as key enablers for implementing these dynamic defenses. We then briefly highlight MTD test-beds and case-studies to aid readers who want to examine or deploy existing MTD techniques. Third, our survey categorizes proposed MTDs based on the qualitative and quantitative metrics they utilize to evaluate their effectiveness in terms of security and performance. We use well-defined metrics such as risk analysis and performance costs for qualitative evaluation and metrics based on Confidentiality, Integrity, Availability (CIA), attack representation, QoS impact, and targeted threat models for quantitative evaluation. Finally, we show that our categorization of MTDs is effective in identifying novel research areas and highlight directions for future research.

KW - Cyber security

KW - QoS metrics

KW - advanced persistent threats

KW - artificial intelligence

KW - attack representation methods (ARMs)

KW - cyber deception

KW - cyber kill chain (CKC)

KW - game theory

KW - moving target defense

KW - network function virtualization (NFV)

KW - network security

KW - qualitative metrics

KW - quantitative metrics

KW - risk analysis

KW - software-defined networking (SDN)

UR - http://www.scopus.com/inward/record.url?scp=85083468585&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85083468585&partnerID=8YFLogxK

U2 - 10.1109/COMST.2020.2982955

DO - 10.1109/COMST.2020.2982955

M3 - Article

AN - SCOPUS:85083468585

SN - 1553-877X

VL - 22

SP - 1909

EP - 1941

JO - IEEE Communications Surveys and Tutorials

JF - IEEE Communications Surveys and Tutorials

IS - 3

M1 - 9047923

ER -

A Survey of Moving Target Defenses for Network Security

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this