首页 > 最新文献

Proceedings of the Second ACM Workshop on Moving Target Defense最新文献

英文 中文
Empirical Game-Theoretic Analysis for Moving Target Defense 移动目标防御的经验博弈论分析
Pub Date : 2015-10-12 DOI: 10.1145/2808475.2808483
Achintya Prakash, Michael P. Wellman
The effectiveness of a moving target defense depends on how it is deployed through specific system operations over time, and how attackers may respond to this deployment. We define a generic cyber-defense scenario, and examine the interplay between attack and defense strategies using empirical game-theoretic techniques. In this approach, the scenario is defined procedurally by a simulator, and data derived from systematic simulation is used to induce a game model. We explore a space of 72 game instances, defined by differences in agent objectives, attack cost, and ability of the defender to detect attack actions. We observe a range of qualitative strategic behaviors, which vary in clear patterns across environmental conditions. In particular, we find that the efficacy of deterrent defense is critically sensitive to detection capability, and in the absence of perfect detection the defender is often driven to proactive moving-target actions.
移动目标防御的有效性取决于如何通过特定的系统操作随着时间的推移进行部署,以及攻击者如何响应这种部署。我们定义了一个通用的网络防御场景,并使用经验博弈论技术检查攻击和防御策略之间的相互作用。在这种方法中,场景是由模拟器程序定义的,从系统模拟中得到的数据被用来诱导一个博弈模型。我们探索了一个由72个游戏实例组成的空间,由代理目标、攻击成本和防御方检测攻击行为的能力的差异来定义。我们观察到一系列定性战略行为,它们在不同的环境条件下以明确的模式变化。特别是,我们发现威慑防御的有效性对探测能力非常敏感,在没有完善的探测能力的情况下,防御者往往被驱使采取主动的移动目标行动。
{"title":"Empirical Game-Theoretic Analysis for Moving Target Defense","authors":"Achintya Prakash, Michael P. Wellman","doi":"10.1145/2808475.2808483","DOIUrl":"https://doi.org/10.1145/2808475.2808483","url":null,"abstract":"The effectiveness of a moving target defense depends on how it is deployed through specific system operations over time, and how attackers may respond to this deployment. We define a generic cyber-defense scenario, and examine the interplay between attack and defense strategies using empirical game-theoretic techniques. In this approach, the scenario is defined procedurally by a simulator, and data derived from systematic simulation is used to induce a game model. We explore a space of 72 game instances, defined by differences in agent objectives, attack cost, and ability of the defender to detect attack actions. We observe a range of qualitative strategic behaviors, which vary in clear patterns across environmental conditions. In particular, we find that the efficacy of deterrent defense is critically sensitive to detection capability, and in the absence of perfect detection the defender is often driven to proactive moving-target actions.","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"5 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74763916","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 52
Session details: MTD Technologies I (short papers) 会议详情:MTD技术I(短论文)
Pub Date : 2015-10-12 DOI: 10.1145/3253885
C. Lamb
{"title":"Session details: MTD Technologies I (short papers)","authors":"C. Lamb","doi":"10.1145/3253885","DOIUrl":"https://doi.org/10.1145/3253885","url":null,"abstract":"","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"57 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77813472","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
VINE: A Cyber Emulation Environment for MTD Experimentation VINE:用于MTD实验的网络仿真环境
Pub Date : 2015-10-12 DOI: 10.1145/2808475.2808486
T. Eskridge, Marco M. Carvalho, Evan Stoner, Troy Toggweiler, A. Granados
Dynamic and moving target defenses are generally characterized by their ability to modify their own state, or the state of the protected target. As such, the evolution of these kinds of defenses require specialized experiments that can capture their behavior and effectiveness through time, as well as their broader impacts in the network. While specialized experiments can be constructed to evaluate specific defenses, there is a need for a general approach that will facilitate such tasks. In this work we introduce VINE, a high-fidelity cyber experimentation environment designed for the study and evaluation of dynamic and moving target defenses. VINE provides a common infrastructure supporting the construction, deployment, execution, and monitoring of complex mission-driven network scenarios that are fully instrumented. The tool was designed to be scalable, extensible, and highly configurable to enable the study of cyber defense strategies under dynamic background traffic and attack conditions, making VINE well-suited for the study of adaptive and moving target defenses. In this paper we introduce the VINE approach, the VINE architecture for MTD experimentation, and provide an illustrative example of the framework in action.
动态和移动目标防御的特点通常是它们能够修改自己的状态或被保护目标的状态。因此,这类防御的演变需要专门的实验,可以随着时间的推移捕捉它们的行为和有效性,以及它们在网络中的广泛影响。虽然可以构建专门的实验来评估特定的防御,但需要一种通用的方法来促进此类任务。在这项工作中,我们介绍了VINE,这是一个高保真的网络实验环境,旨在研究和评估动态和移动目标防御。VINE提供了一个通用的基础设施,支持构建、部署、执行和监控完全仪器化的复杂任务驱动网络场景。该工具具有可扩展性、可扩展性和高度可配置性,能够研究动态背景流量和攻击条件下的网络防御策略,使VINE非常适合研究自适应和移动目标防御。在本文中,我们介绍了VINE方法,用于MTD实验的VINE体系结构,并提供了一个实际的框架示例。
{"title":"VINE: A Cyber Emulation Environment for MTD Experimentation","authors":"T. Eskridge, Marco M. Carvalho, Evan Stoner, Troy Toggweiler, A. Granados","doi":"10.1145/2808475.2808486","DOIUrl":"https://doi.org/10.1145/2808475.2808486","url":null,"abstract":"Dynamic and moving target defenses are generally characterized by their ability to modify their own state, or the state of the protected target. As such, the evolution of these kinds of defenses require specialized experiments that can capture their behavior and effectiveness through time, as well as their broader impacts in the network. While specialized experiments can be constructed to evaluate specific defenses, there is a need for a general approach that will facilitate such tasks. In this work we introduce VINE, a high-fidelity cyber experimentation environment designed for the study and evaluation of dynamic and moving target defenses. VINE provides a common infrastructure supporting the construction, deployment, execution, and monitoring of complex mission-driven network scenarios that are fully instrumented. The tool was designed to be scalable, extensible, and highly configurable to enable the study of cyber defense strategies under dynamic background traffic and attack conditions, making VINE well-suited for the study of adaptive and moving target defenses. In this paper we introduce the VINE approach, the VINE architecture for MTD experimentation, and provide an illustrative example of the framework in action.","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"42 ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91452885","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Getting Beyond Tit for Tat: Better Strategies for Moving Target Prototyping and Evaluation 超越针锋相对:移动目标原型和评估的更好策略
Pub Date : 2015-10-12 DOI: 10.1145/2808475.2808489
Hamed Okhravi
The cyber moving target (MT) approach has been identified as one of the game-changing themes to rebalance the cyber landscape in favor of defense. MT techniques make cyber systems less static, less homogeneous, and less deterministic in order to create uncertainty for attackers. Although many MT techniques have been proposed in the literature, little has been done to evaluate their effectiveness, benefits, and weaknesses. In this talk, we describe the status quo in MT prototyping and evaluation and provide recommendations for a more systematic approach in designing and implementing more effective MT defenses.
网络移动目标(MT)方法已被确定为改变游戏规则的主题之一,以重新平衡网络景观,有利于防御。MT技术使网络系统不那么静态、不那么同质、不那么确定性,从而为攻击者创造不确定性。虽然文献中提出了许多MT技术,但很少有人评估它们的有效性、优点和缺点。在这次演讲中,我们描述了MT原型和评估的现状,并为设计和实施更有效的MT防御提供了更系统的方法建议。
{"title":"Getting Beyond Tit for Tat: Better Strategies for Moving Target Prototyping and Evaluation","authors":"Hamed Okhravi","doi":"10.1145/2808475.2808489","DOIUrl":"https://doi.org/10.1145/2808475.2808489","url":null,"abstract":"The cyber moving target (MT) approach has been identified as one of the game-changing themes to rebalance the cyber landscape in favor of defense. MT techniques make cyber systems less static, less homogeneous, and less deterministic in order to create uncertainty for attackers. Although many MT techniques have been proposed in the literature, little has been done to evaluate their effectiveness, benefits, and weaknesses. In this talk, we describe the status quo in MT prototyping and evaluation and provide recommendations for a more systematic approach in designing and implementing more effective MT defenses.","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"12 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90662439","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Session details: Doctoral Symposium 会议详情:博士研讨会
Pub Date : 2015-10-12 DOI: 10.1145/3253888
T. Eskridge
{"title":"Session details: Doctoral Symposium","authors":"T. Eskridge","doi":"10.1145/3253888","DOIUrl":"https://doi.org/10.1145/3253888","url":null,"abstract":"","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"12 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78342507","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
From Fine Grained Code Diversity to JIT-ROP to Execute-Only Memory: The Cat and Mouse Game Between Attackers and Defenders Continues 从细粒度代码多样性到JIT-ROP再到只执行内存:攻击者和防御者之间的猫捉老鼠游戏仍在继续
Pub Date : 2015-10-12 DOI: 10.1145/2808475.2808488
M. Franz
Today's software monoculture creates asymmetric threats. An attacker needs to find only one way in, while defenders need to guard a lot of ground. Adversaries can fully debug and perfect their attacks on their own computers, exactly replicating the environment that they will later be targeting. One possible defense is software diversity, which raises the bar to attackers. A diversification engine automatically generates a large number of different versions of the same program, potentially one unique version for every computer. These all behave in exactly the same way from the perspective of the end-user, but they implement their functionality in subtly different ways. As a result, a specific attack will succeed on only a small fraction of targets and a large number of different attack vectors would be needed to take over a significant percentage of them. Because an attacker has no way of knowing a priori which specific attack will succeed on which specific target, this method also very significantly increases the cost of attacks directed at specific targets. Unfortunately, attackers have now started assembling their attacks on the target itself, circumventing diversity. In order to prevent this, we need to make all executable code on the target platform unreadable by the attacker. We present a solution that keeps randomized executable code completely hidden from the attacker, preventing even the latest class of dynamically assembled code reuse attacks ('JIT-ROP'). We will also report on a set of new software diversity techniques that can additionally also defend against side-channel attacks by dynamically and systematically randomizing the control flow of programs. Previous software diversity techniques transform each program trace identically. Our new technique instead transforms programs to make each program trace unique. This approach offers probabilistic protection against both online and off-line side-channel attacks, including timing and cache-based attacks. In particular, we create a large number of unique program execution paths by automatically generating diversified replicas for parts of an input program. At runtime we then randomly and frequently switch between these replicas. As a consequence, no two executions of the same program are ever alike, even when the same inputs are used. Our method requires no manual effort or hardware changes, has a reasonable performance impact, and reduces side-channel information leakage significantly when applied to known attacks on AES.
今天的软件单一文化造成了不对称的威胁。攻击者只需要找到一条路,而防御者则需要守住大片土地。攻击者可以在自己的计算机上完全调试和完善他们的攻击,精确地复制他们以后要攻击的环境。一个可能的防御是软件的多样性,这提高了攻击者的门槛。多样化引擎会自动生成同一程序的大量不同版本,可能每台计算机都有一个独特的版本。从最终用户的角度来看,它们都以完全相同的方式运行,但它们以微妙的不同方式实现其功能。因此,特定的攻击只会在一小部分目标上成功,而需要大量不同的攻击向量来接管其中很大一部分目标。因为攻击者无法先验地知道哪个特定的攻击会在哪个特定的目标上成功,所以这种方法也极大地增加了针对特定目标的攻击的成本。不幸的是,攻击者现在已经开始集中攻击目标本身,绕过多样性。为了防止这种情况,我们需要使攻击者无法读取目标平台上的所有可执行代码。我们提出了一种解决方案,使随机可执行代码完全隐藏于攻击者,甚至可以防止最新的动态汇编代码重用攻击(JIT-ROP)。我们还将报告一组新的软件多样性技术,这些技术还可以通过动态和系统地随机化程序的控制流来防御侧信道攻击。以前的软件多样性技术对每个程序轨迹的转换是相同的。我们的新技术将程序转换为使每个程序跟踪唯一。这种方法提供了针对在线和离线侧通道攻击的概率保护,包括定时和基于缓存的攻击。特别是,我们通过自动为输入程序的各个部分生成不同的副本来创建大量独特的程序执行路径。在运行时,我们会随机且频繁地在这些副本之间切换。因此,即使使用了相同的输入,同一个程序的两次执行也不会是相同的。我们的方法不需要人工操作或硬件更改,具有合理的性能影响,并且在应用于对AES的已知攻击时显著减少了侧信道信息泄漏。
{"title":"From Fine Grained Code Diversity to JIT-ROP to Execute-Only Memory: The Cat and Mouse Game Between Attackers and Defenders Continues","authors":"M. Franz","doi":"10.1145/2808475.2808488","DOIUrl":"https://doi.org/10.1145/2808475.2808488","url":null,"abstract":"Today's software monoculture creates asymmetric threats. An attacker needs to find only one way in, while defenders need to guard a lot of ground. Adversaries can fully debug and perfect their attacks on their own computers, exactly replicating the environment that they will later be targeting. One possible defense is software diversity, which raises the bar to attackers. A diversification engine automatically generates a large number of different versions of the same program, potentially one unique version for every computer. These all behave in exactly the same way from the perspective of the end-user, but they implement their functionality in subtly different ways. As a result, a specific attack will succeed on only a small fraction of targets and a large number of different attack vectors would be needed to take over a significant percentage of them. Because an attacker has no way of knowing a priori which specific attack will succeed on which specific target, this method also very significantly increases the cost of attacks directed at specific targets. Unfortunately, attackers have now started assembling their attacks on the target itself, circumventing diversity. In order to prevent this, we need to make all executable code on the target platform unreadable by the attacker. We present a solution that keeps randomized executable code completely hidden from the attacker, preventing even the latest class of dynamically assembled code reuse attacks ('JIT-ROP'). We will also report on a set of new software diversity techniques that can additionally also defend against side-channel attacks by dynamically and systematically randomizing the control flow of programs. Previous software diversity techniques transform each program trace identically. Our new technique instead transforms programs to make each program trace unique. This approach offers probabilistic protection against both online and off-line side-channel attacks, including timing and cache-based attacks. In particular, we create a large number of unique program execution paths by automatically generating diversified replicas for parts of an input program. At runtime we then randomly and frequently switch between these replicas. As a consequence, no two executions of the same program are ever alike, even when the same inputs are used. Our method requires no manual effort or hardware changes, has a reasonable performance impact, and reduces side-channel information leakage significantly when applied to known attacks on AES.","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"24 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87770341","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Session details: MTD Keynote I 会议细节:MTD主题演讲1
Pub Date : 2015-10-12 DOI: 10.1145/3253883
G. Cybenko
{"title":"Session details: MTD Keynote I","authors":"G. Cybenko","doi":"10.1145/3253883","DOIUrl":"https://doi.org/10.1145/3253883","url":null,"abstract":"","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"38 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79131751","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Probabilistic Performance Analysis of Moving Target and Deception Reconnaissance Defenses 移动目标与欺骗侦察防御的概率性能分析
Pub Date : 2015-10-12 DOI: 10.1145/2808475.2808480
Michael B. Crouse, B. Prosser, E. Fulp
Deception and moving target reconnaissance defenses are techniques that attempt to invalidate information an attacker attempts to gather. Deception defenses attempt to mislead attackers performing network reconnaissance, while moving target defenses seek to make it more difficult for the attacker to predict the state of their target by dynamically altering what the attacker sees. Although the deployment of reconnaissance defenses can be effective, there are nontrivial administration costs associated with their configuration and maintenance. As a result, understanding under the circumstances these defenses are effective and efficient is important. This paper introduces probabilistic models for reconnaissance defenses to provide deeper understanding of the theoretical effect these strategies and their parameters have for cyber defense. The models quantify the success of attackers under various conditions, such as network size, deployment of size, and number of vulnerable computers. This paper provides a probabilistic interpretation for the performance of honeypots, for deception, and network address shuffling, for moving target, and their effect in concert. The models indicate that a relatively small number of deployed honeypots can provide an effective defense strategy, often better than movement alone. Furthermore, the models confirm the intuition that that combining, or layering, defense mechanisms provide the largest impact to attacker success while providing a quantitative analysis of the improvement and parameters of each strategy.
欺骗和移动目标侦察防御是试图使攻击者试图收集的信息无效的技术。欺骗防御试图误导攻击者执行网络侦察,而移动目标防御试图通过动态改变攻击者所看到的内容,使攻击者更难以预测目标的状态。尽管侦察防御的部署可能是有效的,但是与它们的配置和维护相关的管理成本很高。因此,了解在这种情况下这些防御是有效和高效的是很重要的。本文引入了侦察防御的概率模型,以便更深入地理解这些策略及其参数对网络防御的理论影响。这些模型量化了攻击者在各种条件下的成功,比如网络规模、部署规模和易受攻击的计算机数量。本文对蜜罐、欺骗、网络地址变换、移动目标的性能及其协同效应提供了一个概率解释。这些模型表明,相对少量的蜜罐部署可以提供有效的防御策略,通常比单独移动更好。此外,这些模型证实了一种直觉,即组合或分层防御机制对攻击者的成功影响最大,同时提供了对每种策略的改进和参数的定量分析。
{"title":"Probabilistic Performance Analysis of Moving Target and Deception Reconnaissance Defenses","authors":"Michael B. Crouse, B. Prosser, E. Fulp","doi":"10.1145/2808475.2808480","DOIUrl":"https://doi.org/10.1145/2808475.2808480","url":null,"abstract":"Deception and moving target reconnaissance defenses are techniques that attempt to invalidate information an attacker attempts to gather. Deception defenses attempt to mislead attackers performing network reconnaissance, while moving target defenses seek to make it more difficult for the attacker to predict the state of their target by dynamically altering what the attacker sees. Although the deployment of reconnaissance defenses can be effective, there are nontrivial administration costs associated with their configuration and maintenance. As a result, understanding under the circumstances these defenses are effective and efficient is important. This paper introduces probabilistic models for reconnaissance defenses to provide deeper understanding of the theoretical effect these strategies and their parameters have for cyber defense. The models quantify the success of attackers under various conditions, such as network size, deployment of size, and number of vulnerable computers. This paper provides a probabilistic interpretation for the performance of honeypots, for deception, and network address shuffling, for moving target, and their effect in concert. The models indicate that a relatively small number of deployed honeypots can provide an effective defense strategy, often better than movement alone. Furthermore, the models confirm the intuition that that combining, or layering, defense mechanisms provide the largest impact to attacker success while providing a quantitative analysis of the improvement and parameters of each strategy.","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"264 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73557507","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 44
The SDN Shuffle: Creating a Moving-Target Defense using Host-based Software-Defined Networking SDN Shuffle:使用基于主机的软件定义网络创建移动目标防御
Pub Date : 2015-10-12 DOI: 10.1145/2808475.2808485
D. C. MacFarland, Craig A. Shue
Moving target systems can help defenders limit the utility of reconnaissance for adversaries, hindering the effectiveness of attacks. While moving target systems are a topic of robust research, we find that prior work in network-based moving target defenses has limitations in either scalability or the ability to protect public servers accessible to unmodified clients. In this work, we present a new moving target defense using software-defined networking (SDN) that can service unmodified clients while avoiding scalability limitations. We then evaluate this approach according to seven moving-target properties and evaluate its performance. We find that the approach achieves its security goals while introducing low overheads.
移动目标系统可以帮助防御者限制敌方侦察的效用,阻碍攻击的有效性。虽然移动目标系统是一个强有力的研究课题,但我们发现,先前基于网络的移动目标防御工作在可扩展性或保护未修改客户端可访问的公共服务器的能力方面存在局限性。在这项工作中,我们提出了一种新的移动目标防御,使用软件定义网络(SDN),可以为未修改的客户端提供服务,同时避免可扩展性限制。然后根据7个运动目标属性对该方法进行了评价,并对其性能进行了评价。我们发现该方法在引入低开销的同时实现了其安全目标。
{"title":"The SDN Shuffle: Creating a Moving-Target Defense using Host-based Software-Defined Networking","authors":"D. C. MacFarland, Craig A. Shue","doi":"10.1145/2808475.2808485","DOIUrl":"https://doi.org/10.1145/2808475.2808485","url":null,"abstract":"Moving target systems can help defenders limit the utility of reconnaissance for adversaries, hindering the effectiveness of attacks. While moving target systems are a topic of robust research, we find that prior work in network-based moving target defenses has limitations in either scalability or the ability to protect public servers accessible to unmodified clients. In this work, we present a new moving target defense using software-defined networking (SDN) that can service unmodified clients while avoiding scalability limitations. We then evaluate this approach according to seven moving-target properties and evaluate its performance. We find that the approach achieves its security goals while introducing low overheads.","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"36 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81525016","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 100
Session details: MTD Keynote II 会议细节:MTD主题演讲II
Pub Date : 2015-10-12 DOI: 10.1145/3253886
Dijiang Huang
{"title":"Session details: MTD Keynote II","authors":"Dijiang Huang","doi":"10.1145/3253886","DOIUrl":"https://doi.org/10.1145/3253886","url":null,"abstract":"","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"73 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77031536","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
期刊
Proceedings of the Second ACM Workshop on Moving Target Defense
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1