The Experts below are selected from a list of 1734 Experts worldwide ranked by ideXlab platform
Hong Qi Zhang - One of the best experts on this subject based on the ideXlab platform.
-
Optimal strategy selection approach to Moving Target Defense based on Markov robust game
Computers & Security, 2019Co-Authors: Hong Qi Zhang, Yu-qiao ChengAbstract:Abstract Moving Target Defense, as a “game-changing” security technique for network warfare, thwarts the apparent certainty of attackers by transforming the network resource vulnerabilities. In order to enhance the Defense of unknown security threats, a novel of optimal strategy selection approach to Moving Target Defense based on Markov robust game is first proposed in this paper. Firstly, Moving Target Defense model based on Moving attack and exploration surfaces is defined. Thus, the random emerging of vulnerabilities is described, as well as the cognitive and behavioral difference of offensive and defensive sides caused by defensive transformation. Based on it, Markov robust game model is constructed to depict the multistage and multistate features of Moving Target Defense confrontation, in which the unknown prior information in incomplete information assumption are illustrated by combining Markov decision process with robust game theory. Further, the existence of optimal strategy of Markov robust game is proved. Additionally, by equivalent converting optimal strategy selection into a nonlinear programming problem, an efficient optimal defensive strategy selection algorithm is designed. Finally, simulation and deduction of the proposed approach are given in the case study so as to demonstrate the feasibility of constructed game model and effectiveness of the proposed approach.
-
Moving Target Defense Techniques: A Survey
Security and Communication Networks, 2018Co-Authors: Cheng Lei, Hong Qi Zhang, Tan Jinglei, Zhang Yuchen, Liu XiaohuAbstract:As an active Defense technique to change asymmetry in cyberattack-Defense confrontation, Moving Target Defense research has become one of the hot spots. In order to gain better understanding of Moving Target Defense, background knowledge and inspiration are expounded at first. Based on it, the concept of Moving Target Defense is analyzed. Secondly, literature analysis method is adopted to explain the design principles and system architecture of Moving Target Defense. In addition, some relevant key techniques are introduced from the aspects of strategy generation, shuffling implementation, and performance evaluation. After that, the applications of Moving Target Defense in different network architectures are illustrated. Finally, existing problems and future trend in this field are elaborated so as to provide a basis for further study.
-
Incomplete information Markov game theoretic approach to strategy generation for Moving Target Defense
Computer Communications, 2018Co-Authors: Cheng Lei, Hong Qi Zhang, Li-ming Wan, Lu LiuAbstract:Abstract With the extensively study on Moving Target Defense, optimal strategy generation has become one of the key problems in current research. A novel of incomplete information Markov game theoretic approach to strategy generation for Moving Target Defense is proposed to solve the existing problems. On the one hand, traditional matrix game structure and complete information assumption often fail to describe Moving Target Defense confrontation accurately. To deal with this inaccuracy, Moving Target Defense game model based on incomplete information Markov game theory is constructed by introducing Moving attack surface and Moving exploration surface concept, extending optimal strategy selection of Moving Target Defense with incomplete information from mono-state or mono-phase to multi-stated and multi-phased. On the other hand, traditional models care little about Defense cost in the process of optimal strategy generation. After comprehensively analyzing the impact of defensive cost and defensive benefit on strategy generation, an optimal strategy generation algorithm is designed to prevent the deviation of the selected strategies from actual network conditions, thus ensuring the correctness of optimal strategy generation. Finally, simulation and deduction experiments have been performed in a case study so as to confirm the feasibility and the effectiveness of the proposed approach.
-
RELOCATE: A Container Based Moving Target Defense Approach
Proceedings of The 7th International Conference on Computer Engineering and Networks — PoS(CENet2017), 2017Co-Authors: Huang Rui, Hong Qi Zhang, Yi Liu, Shie ZhouAbstract:In order to cope with border information leakage problem in cloud services, we presented RELOCATE,a Moving Target Defense approach. RELOCATE chose a lightweight operating system virtualization technology named Docker to manage the containers in physical hosts. Docker performs well for tenants’ services because of fast initialization and small footprint. Thus, we used Docker clusters to orchestrate the tenants' services. Additionally, we proposed a novel dynamic relocation strategy to mitigate attacks from malicious neighbors by using theMoving Target Defense thought. Lastly, we conducted a simulation experiment in our testbed. Result shows that RELOCATE is efficient and effective to Defense border information leakage attacks
-
AsiaCCS - Quantitative Security Assessment Method based on Entropy for Moving Target Defense
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, 2017Co-Authors: Liming Wang, Cheng Lei, Hong Qi ZhangAbstract:Moving Target Defense(MTD) provides a promising solution to reduce the chance of weakness exposure by constantly changing the Target's attack surface. Though lots of MTD technologies have been researched to defend network attacks, there is little systematic study on security assessment of MTD. This paper proposes a novel method to quantify the security of MTD system which based on three factors: Vulnerability Entropy, Attack Entropy and Attenuation Entropy. This assessment model provides a theoretical and practical guidance for building MTD system and improving MTD technology.
Joseph G. Tront - One of the best experts on this subject based on the ideXlab platform.
-
ICITST - Scaling IPv6 address bindings in support of a Moving Target Defense
The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014), 2014Co-Authors: Christopher Morrell, Randy Marchany, J. Scot Ransbottom, Joseph G. TrontAbstract:Moving Target Defense is an area of network security research in which machines are moved logically around a network in order to avoid detection. This is done by leveraging the immense size of the IPv6 address space and the statistical improbability of two machines selecting the same IPv6 address. This defensive technique forces a malicious actor to focus on the reconnaissance phase of their attack rather than focusing only on finding holes in a machine's static Defenses. We have a current implementation of an IPv6 Moving Target Defense entitled MT6D, which works well although is limited to functioning in a peer to peer scenario. As we push our research forward into client server networks, we must discover what the limits are in reference to the client server ratio. In our current implementation of a simple UDP echo server that binds large numbers of IPv6 addresses to the ethernet interface, we discover limits in both the number of addresses that we can successfully bind to an interface and the speed at which UDP requests can be successfully handled across a large number of bound interfaces.
-
Scaling IPv6 address bindings in support of a Moving Target Defense
The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014), 2014Co-Authors: Christopher Morrell, Scot J. Ransbottom, Randy Marchany, Joseph G. TrontAbstract:Moving Target Defense is an area of network security research in which machines are moved logically around a network in order to avoid detection. This is done by leveraging the immense size of the IPv6 address space and the statistical improbability of two machines selecting the same IPv6 address. This defensive technique forces a malicious actor to focus on the reconnaissance phase of their attack rather than focusing only on finding holes in a machine's static Defenses. We have a current implementation of an IPv6 Moving Target Defense entitled MT6D, which works well although is limited to functioning in a peer to peer scenario. As we push our research forward into client server networks, we must discover what the limits are in reference to the client server ratio. In our current implementation of a simple UDP echo server that binds large numbers of IPv6 addresses to the ethernet interface, we discover limits in both the number of addresses that we can successfully bind to an interface and the speed at which UDP requests can be successfully handled across a large number of bound interfaces.
-
ANCS - Optimizing a network layer Moving Target Defense for specific system architectures
Architectures for Networking and Communications Systems, 2013Co-Authors: Owen Hardman, Randy Marchany, Stephen Groat, Joseph G. TrontAbstract:Complex Defenses, such as Moving Target Defenses, exist to help protect against threats. While these new forms of Defense offer increased security, they are resource intensive and cannot be run on many new classes of network connected mobile systems. To provide security for these systems, a highly efficient Defense must be used. Moving Target Defense for IPv6 (MT6D) is a network layer Moving Target Defense that was originally designed using Python for portability to a variety of system architectures. Optimizing a Moving Target Defense (MTD) for a specific system architecture increases performance to allow for these new Defenses to be deployed in resource constrained environments. By transitioning from Python to C, and by using system specific networking features, MT6D can be successfully deployed to resource constrained network systems.
-
Securing static nodes in mobile-enabled systems using a network-layer Moving Target Defense
2013 1st International Workshop on the Engineering of Mobile-Enabled Systems (MOBS), 2013Co-Authors: Stephen Groat, Randy Marchany, Reese Moore, Joseph G. TrontAbstract:As computing becomes mobile and systems enable connectivity through mobile applications, the characteristics of the network communication of these systems change due to the instability of mobile nodes on networks. Mobile devices logically move by changing addresses throughout the course of their communication in the system. These mobiles nodes acquire characteristics of a Moving Target Defense, in which nodes change addresses to avoid detection and attack. Yet, as mobile nodes change addresses, the critical points in the system that applications are set to communicate with, such as servers, cloud services, and peer registration servers, remain static and become easily identifiable. Mobile-enabled systems are beginning to model heterogeneous Moving Target networks, in which some nodes move while others remain static. Heterogeneous Moving Target networks expose relationships and dependencies between nodes, helping an attacker easily identify the static, critical nodes within a mobile-enabled system. Homogeneous Moving Target networks, in which all nodes change addresses, mask the critical points within the system, blending the mobile nodes with the critical, static nodes, and provide additional security for the static nodes. By applying a Moving Target Defense to all nodes within a mobile-enabled system, the critical points can be masked and additional security can be provided.
-
using an ipv6 Moving Target Defense to protect the smart grid
IEEE PES Innovative Smart Grid Technologies Conference, 2012Co-Authors: Stephen Groat, Randy Marchany, Matthew Dunlop, William Urbanksi, Joseph G. TrontAbstract:As advanced Internet Protocol (IP)-based communication systems are proposed for the Smart Grid, security solutions must be developed which address not only the security of the communications, but also the security of the communicating systems. To support the large number of hosts required for the Smart Grid on an IP network, the new Internet Protocol version 6 (IPv6) must be leveraged. Unfortunately, IPv6 inherits the majority of Internet Protocol version 4 (IPv4) vulnerabilities as well as adds new address-based exploits. The embedded systems necessary for Smart Grid deployments using IP communications will be especially vulnerable to attacks due to their limited system resources. A Moving Target Defense not only secures the communications between peers, but also prevents the peers from being located for attack. Implementing security at the network layer mitigates most IP-specific exploits and allows for solutions to be integrated with minimal impact to existing Smart Grid systems, thus reducing costs and increasing reliability. By using a network layer Moving Target Defense, hosts cannot be located for exploitation and secure connectivity is maintained with trusted peers. A robust Smart Grid network must be capable of proactive Defense so that components are not consumed with defending incoming attacks. A solution which implements a proactive network layer Defense called the Moving Target IPv6 Defense (MT6D) is offered as a potential solution for secure Smart Grid communications.
Stephen Groat - One of the best experts on this subject based on the ideXlab platform.
-
ANCS - Optimizing a network layer Moving Target Defense for specific system architectures
Architectures for Networking and Communications Systems, 2013Co-Authors: Owen Hardman, Randy Marchany, Stephen Groat, Joseph G. TrontAbstract:Complex Defenses, such as Moving Target Defenses, exist to help protect against threats. While these new forms of Defense offer increased security, they are resource intensive and cannot be run on many new classes of network connected mobile systems. To provide security for these systems, a highly efficient Defense must be used. Moving Target Defense for IPv6 (MT6D) is a network layer Moving Target Defense that was originally designed using Python for portability to a variety of system architectures. Optimizing a Moving Target Defense (MTD) for a specific system architecture increases performance to allow for these new Defenses to be deployed in resource constrained environments. By transitioning from Python to C, and by using system specific networking features, MT6D can be successfully deployed to resource constrained network systems.
-
Securing static nodes in mobile-enabled systems using a network-layer Moving Target Defense
2013 1st International Workshop on the Engineering of Mobile-Enabled Systems (MOBS), 2013Co-Authors: Stephen Groat, Randy Marchany, Reese Moore, Joseph G. TrontAbstract:As computing becomes mobile and systems enable connectivity through mobile applications, the characteristics of the network communication of these systems change due to the instability of mobile nodes on networks. Mobile devices logically move by changing addresses throughout the course of their communication in the system. These mobiles nodes acquire characteristics of a Moving Target Defense, in which nodes change addresses to avoid detection and attack. Yet, as mobile nodes change addresses, the critical points in the system that applications are set to communicate with, such as servers, cloud services, and peer registration servers, remain static and become easily identifiable. Mobile-enabled systems are beginning to model heterogeneous Moving Target networks, in which some nodes move while others remain static. Heterogeneous Moving Target networks expose relationships and dependencies between nodes, helping an attacker easily identify the static, critical nodes within a mobile-enabled system. Homogeneous Moving Target networks, in which all nodes change addresses, mask the critical points within the system, blending the mobile nodes with the critical, static nodes, and provide additional security for the static nodes. By applying a Moving Target Defense to all nodes within a mobile-enabled system, the critical points can be masked and additional security can be provided.
-
using an ipv6 Moving Target Defense to protect the smart grid
IEEE PES Innovative Smart Grid Technologies Conference, 2012Co-Authors: Stephen Groat, Randy Marchany, Matthew Dunlop, William Urbanksi, Joseph G. TrontAbstract:As advanced Internet Protocol (IP)-based communication systems are proposed for the Smart Grid, security solutions must be developed which address not only the security of the communications, but also the security of the communicating systems. To support the large number of hosts required for the Smart Grid on an IP network, the new Internet Protocol version 6 (IPv6) must be leveraged. Unfortunately, IPv6 inherits the majority of Internet Protocol version 4 (IPv4) vulnerabilities as well as adds new address-based exploits. The embedded systems necessary for Smart Grid deployments using IP communications will be especially vulnerable to attacks due to their limited system resources. A Moving Target Defense not only secures the communications between peers, but also prevents the peers from being located for attack. Implementing security at the network layer mitigates most IP-specific exploits and allows for solutions to be integrated with minimal impact to existing Smart Grid systems, thus reducing costs and increasing reliability. By using a network layer Moving Target Defense, hosts cannot be located for exploitation and secure connectivity is maintained with trusted peers. A robust Smart Grid network must be capable of proactive Defense so that components are not consumed with defending incoming attacks. A solution which implements a proactive network layer Defense called the Moving Target IPv6 Defense (MT6D) is offered as a potential solution for secure Smart Grid communications.
-
ISGT - Using an IPv6 Moving Target Defense to protect the Smart Grid
2012 IEEE PES Innovative Smart Grid Technologies (ISGT), 2012Co-Authors: Stephen Groat, Randy Marchany, Matthew Dunlop, William Urbanksi, Joseph G. TrontAbstract:As advanced Internet Protocol (IP)-based communication systems are proposed for the Smart Grid, security solutions must be developed which address not only the security of the communications, but also the security of the communicating systems. To support the large number of hosts required for the Smart Grid on an IP network, the new Internet Protocol version 6 (IPv6) must be leveraged. Unfortunately, IPv6 inherits the majority of Internet Protocol version 4 (IPv4) vulnerabilities as well as adds new address-based exploits. The embedded systems necessary for Smart Grid deployments using IP communications will be especially vulnerable to attacks due to their limited system resources. A Moving Target Defense not only secures the communications between peers, but also prevents the peers from being located for attack. Implementing security at the network layer mitigates most IP-specific exploits and allows for solutions to be integrated with minimal impact to existing Smart Grid systems, thus reducing costs and increasing reliability. By using a network layer Moving Target Defense, hosts cannot be located for exploitation and secure connectivity is maintained with trusted peers. A robust Smart Grid network must be capable of proactive Defense so that components are not consumed with defending incoming attacks. A solution which implements a proactive network layer Defense called the Moving Target IPv6 Defense (MT6D) is offered as a potential solution for secure Smart Grid communications.
Mohamed Eltoweissy - One of the best experts on this subject based on the ideXlab platform.
-
smart Moving Target Defense for linux container resiliency
Color Imaging Conference, 2016Co-Authors: Mohamed Azab, Amr S. Abed, Bassem Mokhtar, Mohamed EltoweissyAbstract:Nature is a major source of inspiration for many of the inventions that we rely on to maintain our daily lifestyle. In this paper, we present ESCAPE, an evolved version of our nature-inspired game-like informed Moving-Target-Defense mechanism for cloud containers resiliency. ESCAPE rely on a novel container mobilization framework controlled by a smart attack maneuvering module. That module drives the running containers based on real-time models of the interaction between attackers and their Targets as a "predator searching for a prey" search game. ESCAPE employs run-time live-migration of Linux-containers {prey} to avoid attacks (predator) and failures. The entire process is guided by a novel host-based behavior-monitoring system that seamlessly monitors containers for indications of intrusions and attacks. To evaluate the effect of ESCAPE's container live-migration evading attacks, we extensively simulated the attack avoidance process based on a mathematical model mimicking the prey-vs-predator search game. With ESCAPE's live-migrations, results show high container survival probabilities with minimal added overhead.
-
Toward Smart Moving Target Defense for Linux Container Resiliency
2016 IEEE 41st Conference on Local Computer Networks (LCN), 2016Co-Authors: Mohamed Azab, Amr S. Abed, Bassem Mokhtar, Mohamed EltoweissyAbstract:This paper presents ESCAPE, an informed Moving Target Defense mechanism for cloud containers. ESCAPE models the interaction between attackers and their Target containers as a "predator searching for a prey" search game. Live migration of Linux-containers (prey) is used to avoid attacks (predator) and failures. The entire process is guided by a novel host-based behavior-monitoring system that seamlessly monitors containers for indications of intrusions and attacks. To evaluate ESCAPE effectiveness, we simulated the attack avoidance process based on a mathematical model mimicking the prey-vs-predator search game. Simulation results show high container survival probabilities with minimal added overhead.
-
chameleonsoft a Moving Target Defense system
Collaborative Computing, 2011Co-Authors: Mohamed Azab, Riham Hassan, Mohamed EltoweissyAbstract:Ubiquitous cyber systems and their supporting infrastructure impact productivity and quality of life immensely. Their penetration in our daily life increases the need for their enhanced resilience and for means to secure and protect them. One major threat is the software monoculture. Latest research work illustrated the danger of software monoculture and introduced diversity to reduce the attack surface. In this paper, we propose a biologically-inspired Defense system, ChameleonSoft, that employs multidimensional software diversity to, in effect, induce spatiotemporal software behavior encryption and a Moving Target Defense. The key principles are decoupling functional roles and runtime role players; devising intrinsically-resilient composable online programmable building blocks; separating logic, state and physical resources; and employing functionally-equivalent, behaviorally-different code variants. Given, our construction, ChameleonSoft is also equipped with an autonomic failure recovery mechanism for enhanced resilience. Nodes employing ChameleonSoft autonomously and cooperatively change their recovery and encryption policy both proactively and reactively according to the continual change in context and environment. In order to test the applicability of the proposed approach, we present a prototype of the ChameleonSoft Behavior Encryption (CBE) and recovery mechanisms. Further, using analysis and simulation, we study the performance and security aspects of the proposed system. This study aims to evaluate the provisioned level of security by measuring the level of induced confusion and diffusion to quantify the strength of the CBE mechanism. Further, we compute the computational cost of security provisioning and enhancing system resilience. A brief attack scenario is also included to illustrate the complexity of attacking ChameleonSoft.
Li Wang - One of the best experts on this subject based on the ideXlab platform.
-
Moving Target Defense against network reconnaissance with software defined networking
International Conference on Information Security, 2016Co-Authors: Li WangAbstract:Online hosts and networks are easy Targets of network attacks due to their static nature, which creates an information asymmetry and makes them easy to attack and hard to defend. To break the asymmetry, Moving Target Defense was proposed to bring uncertainties to computer systems. It can be applied to all levels of protections, covering applications, system software, operating systems, and networks. In this paper, we present, Sniffer Reflector, a new method to practice Moving Target Defense against network reconnaissance, which is usually considered as the very first step of most attacks. Sniffer Reflector employs Software-Defined Networking to disturb network reconnaissance. We use virtualization to provide an obfuscated reconnaissance result for attackers. Our method can be easily combined with existing security tools for network forensics as well. We have developed a prototype in a virtual local area network. Our experiment results show that Sniffer Reflector is effective and efficient in blurring various network reconnaissance.
-
ISC - Moving Target Defense Against Network Reconnaissance with Software Defined Networking
Lecture Notes in Computer Science, 2016Co-Authors: Li WangAbstract:Online hosts and networks are easy Targets of network attacks due to their static nature, which creates an information asymmetry and makes them easy to attack and hard to defend. To break the asymmetry, Moving Target Defense was proposed to bring uncertainties to computer systems. It can be applied to all levels of protections, covering applications, system software, operating systems, and networks. In this paper, we present, Sniffer Reflector, a new method to practice Moving Target Defense against network reconnaissance, which is usually considered as the very first step of most attacks. Sniffer Reflector employs Software-Defined Networking to disturb network reconnaissance. We use virtualization to provide an obfuscated reconnaissance result for attackers. Our method can be easily combined with existing security tools for network forensics as well. We have developed a prototype in a virtual local area network. Our experiment results show that Sniffer Reflector is effective and efficient in blurring various network reconnaissance.
