System attack surface based MTD effectiveness assessment model
XIONG Xinli1, ZHAO Guangsheng2,3, XU Weiguang1, LI Bo1
1. College of Command and Control Engineering, Army Engineering University of PLA, Nanjing 210007, China; 2. College of Computer, National University of Defense Technology, Changsha 410073, China; 3. College of Cyberspace Security, PLA Information Engineering University, Zhengzhou 450002, China
Abstract：Moving target defense (MTD) is a proactive method that protects against advanced persistent threats (APT) in cybersecurity. Although partial MT techniques have been employed in systems, there are no good effectiveness assessments, which hinders the use of multilayer MTD systems world-wide. This paper presents an MTD effectiveness evaluation method based on a system attack surface model with shifting parameters (SASSP) using an enlarged definition of the Attack Surface. The SASSP sequence is used in the MTD effectiveness assessment model to establish a relationship between the attacking states and the SASSP to evaluate the multi-layer MT techniques in larger topologies. A case study is given to illustrate the assessment effectiveness to guide the effectiveness and cost trade-off optimization of MTD systems.
 GHOSH K A, PENDARAKIS D, SANDERS H. W, et al. National cyber leap year summit 2009 co-chairs' report.[R/OL].[2018-09-30]. https://www.nitrd.gov/nitrdgroups/images/b/bd/National_Cyber_Leap_Year_Summit_2009_CoChairs_Report.pdf.  JAJODIA S, GHOSH K A, SWARUP A, et al. Moving target defense[M]. New York:Springer, 2011.  JAJODIA S, GHOSH K A, SWARUP A, et al. Moving target defense:Creating asymmetric uncertainty for cyber threats[M]. Berlin:Springer, 2011.  JAJODIA S, GHOSH K A, SWARUP A, et al. Moving target defense Ⅱ:Application of game theory and adversarial modeling[M]. New York:Springer, 2013.  蔡桂林, 王宝生, 王天佐, 等. 移动目标防御技术研究进展[J]. 计算机研究与发展, 2016, 53(5):968-987. CAI G L, WANG B S, WANG T Z, et al. Research and development of moving target defense technology[J]. Journal of Computer Research and Development, 2016, 53(5):968-987. (in Chinese)  AL-SHAER E, DUAN Q, JAFARIAN J H. Random host mutation for moving target defense[M]//KEROMYTIS A D, DI PIETRO R. Security and Privacy in Communication Networks. Berlin, Germany:Springer, 2013:310-327.  PENG W, LI F, HUANG C T, et al. A moving-target defense strategy for cloud-based services with heterogeneous and dynamic attack surfaces[C]//Proceedings of 2014 IEEE International Conference on Communications. Sydney, USA, Australia:IEEE, 2014:804-809.  OKHRAVI H, HOBSON T, BIGELOW D, et al. Finding focus in the blur of moving-target techniques[J]. IEEE Security & Privacy, 2013, 12(2):16-26.  CROUSE M, PROSSER B, FULP E W. Probabilistic performance analysis of moving target and deception reconnaissance defenses[C]//Proceedings of the 2nd ACM Workshop on Moving Target Defense. Denver, USA:ACM, 2015:21-29.  JONES S T, OUTKIN A V, GEARHART J L, et al. Evaluating moving target defense with PLADD[R/OL].[2018-09-30]. https://prod.sandia.gov/techlib-noauth/access-control.cgi/2015/158432r.pdf.  MALEKI H, VALIZADEH S, KOCH W, et al. Markov modeling of moving target defense games[C]//Proceedings of 2016 ACM Workshop on Moving Target Defense. Vienna, Austrialia:ACM, 2016:81-92.  MA D H, WANG L M, LEI C, et al. POSTER:Quantitative security assessment method based on entropy for moving target defense[C]//Proceedings of 2017 ACM on Asia Conference on Computer and Communications Security. Abu Dhabi, United Arab Emirates:ACM, 2017:920-922.  LEI C, MA D H, ZHANG H Q, et al. Moving target network defense effectiveness evaluation based on change-point detection[J]. Mathematical Problems in Engineering, 2016, 2016:6391502.  MANADHATA P K, WING J M. A formal model for a system's attack surface[M]//JAJODIA S, GHOSH A K, SWARUP V, et al. Moving target defense. New York, USA:Springer, 2011:1-28.  MANADHATA P. Game theoretic approaches to attack surface shifting[M]//JAJODIA S, GHOSH A K, SUBRAHMANIAN V S, et al. Moving target defense Ⅱ:Application of game theory and adversarial modeling. New York, USA:Springer, 2013:1-13.  YADAV T, RAO A M. Technical aspects of cyber kill chain[M]//ABAWAJY J H, MUKHERJEA S, THAMPI S M, et al. Security in computing and communications. Cham, Switzerland:Springer, 2015:438-452.  SUN K, JAJODIA S. Protecting enterprise networks through attack surface expansion[C]//Proceedings of 2014 Workshop on Cyber Security Analytics, Intelligence and Automation. Scottsdale, Arizona, USA:ACM, 2014:29-32.  HOUMB S H, FRANQUEIRA V N L, ENGUM E A. Quantifying security risk level from CVSS estimates of frequency and impact[J]. Journal of Systems and Software, 2010, 83(9):1622-1634.