A Comprehensive Architectural Framework of Moving Target Defenses Against DDoS Attacks

Q3 Computer Science Journal of Cyber Security and Mobility Pub Date : 2023-06-30 DOI:10.13052/jcsm2245-1439.1248

Belal M. Amro, Saeed Salah, Mohammed Moreb

{"title":"A Comprehensive Architectural Framework of Moving Target Defenses Against DDoS Attacks","authors":"Belal M. Amro, Saeed Salah, Mohammed Moreb","doi":"10.13052/jcsm2245-1439.1248","DOIUrl":null,"url":null,"abstract":"Distributed Denial-of-Service (DDoS) attacks are among the top toughest security threats in today’s cyberspace. The multitude, diversity, and variety of both the attacks and their countermeasures have the consequence that no optimal solutions exist. However, many mitigation techniques and strategies have been proposed among which is Moving Target Defense (MTD). MTD strategy keeps changing the system states and attack surface dynamically by continually applying various systems reconfigurations aiming at increasing the uncertainty and complexity for attackers. Current proposals of MTD fall into one of three strategies: shuffling, diversity, and redundancy, based on what to move? how to move? and when to move? Despite the existence of such strategies, a comprehensive Framework for MTD techniques against DDoS attacks that can be used for all types of DDoS attacks has not been proposed yet. In this paper, we propose a novel and comprehensive Framework of MTD techniques considering all stages, mechanisms, data sources, and criteria adopted by the research community, the Framework will apply to all DDoS attacks on different systems. To efficiently use our proposed model, a comprehensive taxonomy of MTD mitigation techniques and strategies is also provided and can be used as a reference guide for the best selection of the model’s parameters.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"23 1","pages":"605-628"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cyber Security and Mobility","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.13052/jcsm2245-1439.1248","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Computer Science","Score":null,"Total":0}

引用次数: 0

Abstract

Distributed Denial-of-Service (DDoS) attacks are among the top toughest security threats in today’s cyberspace. The multitude, diversity, and variety of both the attacks and their countermeasures have the consequence that no optimal solutions exist. However, many mitigation techniques and strategies have been proposed among which is Moving Target Defense (MTD). MTD strategy keeps changing the system states and attack surface dynamically by continually applying various systems reconfigurations aiming at increasing the uncertainty and complexity for attackers. Current proposals of MTD fall into one of three strategies: shuffling, diversity, and redundancy, based on what to move? how to move? and when to move? Despite the existence of such strategies, a comprehensive Framework for MTD techniques against DDoS attacks that can be used for all types of DDoS attacks has not been proposed yet. In this paper, we propose a novel and comprehensive Framework of MTD techniques considering all stages, mechanisms, data sources, and criteria adopted by the research community, the Framework will apply to all DDoS attacks on different systems. To efficiently use our proposed model, a comprehensive taxonomy of MTD mitigation techniques and strategies is also provided and can be used as a reference guide for the best selection of the model’s parameters.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

移动目标防御DDoS攻击的综合体系结构框架

分布式拒绝服务(DDoS)攻击是当今网络空间最严峻的安全威胁之一。攻击及其对策的数量、多样性和多样性导致不存在最优解决方案。然而，人们提出了许多缓解技术和策略，其中包括移动目标防御(MTD)。MTD策略通过不断地应用各种系统重构来动态地改变系统状态和攻击面，从而增加攻击者的不确定性和复杂性。当前的MTD建议分为三种策略之一:洗牌、多样性和冗余，基于什么移动?如何移动?什么时候搬家?尽管存在这样的策略，但针对所有类型的DDoS攻击的MTD技术的综合框架尚未被提出。在本文中，我们提出了一个新颖而全面的MTD技术框架，考虑了研究界采用的所有阶段，机制，数据源和标准，该框架将适用于不同系统上的所有DDoS攻击。为了有效地使用我们提出的模型，还提供了MTD缓解技术和战略的综合分类，可作为最佳选择模型参数的参考指南。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Journal of Cyber Security and Mobility Computer Science-Computer Networks and Communications

CiteScore

2.30

自引率

0.00%

发文量

期刊介绍： Journal of Cyber Security and Mobility is an international, open-access, peer reviewed journal publishing original research, review/survey, and tutorial papers on all cyber security fields including information, computer & network security, cryptography, digital forensics etc. but also interdisciplinary articles that cover privacy, ethical, legal, economical aspects of cyber security or emerging solutions drawn from other branches of science, for example, nature-inspired. The journal aims at becoming an international source of innovation and an essential reading for IT security professionals around the world by providing an in-depth and holistic view on all security spectrum and solutions ranging from practical to theoretical. Its goal is to bring together researchers and practitioners dealing with the diverse fields of cybersecurity and to cover topics that are equally valuable for professionals as well as for those new in the field from all sectors industry, commerce and academia. This journal covers diverse security issues in cyber space and solutions thereof. As cyber space has moved towards the wireless/mobile world, issues in wireless/mobile communications and those involving mobility aspects will also be published.