A Survey of Moving Target Defenses for Network Security

Sailik Sengupta, Ankur Chowdhary, Abdulhakim Sabur, Adel Alshamrani, Dijiang Huang, Subbarao Kambhampati

Research output: Contribution to journalArticlepeer-review

1 Scopus citations

Abstract

Network defenses based on traditional tools, techniques, and procedures (TTP) fail to account for the attacker's inherent advantage present due to the static nature of network services and configurations. To take away this asymmetric advantage, Moving Target Defense (MTD) continuously shifts the configuration of the underlying system, in turn reducing the success rate of cyberattacks. In this survey, we analyze the recent advancements made in the development of MTDs and highlight (1) how these defenses can be defined using common terminology, (2) can be made more effective with the use of artificial intelligence techniques for decision making, (3) be implemented in practice and (4) evaluated. We first define an MTD using a simple and yet general notation that captures the key aspects of such defenses. We then categorize these defenses into different sub-classes depending on what they move, when they move and how they move. In trying to answer the latter question, we showcase the use of domain knowledge and game-theoretic modeling can help the defender come up with effective and efficient movement strategies. Second, to understand the practicality of these defense methods, we discuss how various MTDs have been implemented and find that networking technologies such as Software Defined Networking and Network Function Virtualization act as key enablers for implementing these dynamic defenses. We then briefly highlight MTD test-beds and case-studies to aid readers who want to examine or deploy existing MTD techniques. Third, our survey categorizes proposed MTDs based on the qualitative and quantitative metrics they utilize to evaluate their effectiveness in terms of security and performance. We use well-defined metrics such as risk analysis and performance costs for qualitative evaluation and metrics based on Confidentiality, Integrity, Availability (CIA), attack representation, QoS impact, and targeted threat models for quantitative evaluation. Finally, we show that our categorization of MTDs is effective in identifying novel research areas and highlight directions for future research.

Original languageEnglish (US)
Article number9047923
Pages (from-to)1909-1941
Number of pages33
JournalIEEE Communications Surveys and Tutorials
Volume22
Issue number3
DOIs
StatePublished - Jul 1 2020

Keywords

  • Cyber security
  • QoS metrics
  • advanced persistent threats
  • artificial intelligence
  • attack representation methods (ARMs)
  • cyber deception
  • cyber kill chain (CKC)
  • game theory
  • moving target defense
  • network function virtualization (NFV)
  • network security
  • qualitative metrics
  • quantitative metrics
  • risk analysis
  • software-defined networking (SDN)

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'A Survey of Moving Target Defenses for Network Security'. Together they form a unique fingerprint.

Cite this