research-article

Characterizing the power of moving target defense via cyber epidemic dynamics

Authors:

Shouhuai XuAuthors Info & Claims

HotSoS '14: Proceedings of the 2014 Symposium and Bootcamp on the Science of Security

Article No.: 10, Pages 1 - 12

https://doi.org/10.1145/2600176.2600180

Published: 08 April 2014 Publication History

Abstract

Moving Target Defense (MTD) can enhance the resilience of cyber systems against attacks. Although there have been many MTD techniques, there is no systematic understanding and quantitative characterization of the power of MTD. In this paper, we propose to use a cyber epidemic dynamics approach to characterize the power of MTD. We define and investigate two complementary measures that are applicable when the defender aims to deploy MTD to achieve a certain security goal. One measure emphasizes the maximum portion of time during which the system can afford to stay in an undesired configuration (or posture), without considering the cost of deploying MTD. The other measure emphasizes the minimum cost of deploying MTD, while accommodating that the system has to stay in an undesired configuration (or posture) for a given portion of time. Our analytic studies lead to algorithms for optimally deploying MTD.

References

[1]

S. Antonatos, P. Akritidis, E. Markatos, and K. Anagnostakis. Defending against hitlist worms using network address space randomization. In Proc. (WORM'05), pages 30--40.

Digital Library

[2]

M. Atighetchi, P. Pal, F. Webber, and C. Jones. Adaptive use of network-centric mechanisms in cyber-defense. In IEEE Symposium on Object-Oriented Real-Time Distributed Computing, 2003, pages 183--192, 2003.

Digital Library

[3]

A. Avizienis. The n-version approach to fault-tolerant software. IEEE TSE, (12):1491--1501, 1985.

Digital Library

[4]

E. Barrantes, D. Ackley, S. Forrest, and D. Stefanović. Randomized instruction set emulation. ACM TISSEC, 8(1):3--40, 2005.

Digital Library

[5]

E. Barrantes, D. Ackley, T. Palmer, D. Stefanovic, and D. Zovi. Randomized instruction set emulation to disrupt binary code injection attacks. In Proc. ACM CCS'03, pp 281--289.

Digital Library

[6]

S. Bhatkar, D. DuVarney, and R. Sekar. Address obfuscation: An efficient approach to combat a board range of memory error exploits. In USENIX Security Symposium, 2003.

Digital Library

[7]

S. Boyd, G. Kc, M. Locasto, A. Keromytis, and V. Prevelakis. On the general applicability of instruction-set randomization. IEEE TDSC, 7(3):255--270, July 2010.

Digital Library

[8]

D. Bruening, T. Garnett, and S. Amarasinghe. An infrastructure for adaptive dynamic optimization. In Proc. CGO'03, pages 265--275.

Digital Library

[9]

J. Cai, V. Yegneswaran, C. Alfeld, and P. Barford. An attacker-defender game for honeynets. In COCOON'09, pp 7--16.

Digital Library

[10]

D. Chakrabarti, Y. Wang, C. Wang, J. Leskovec, and C. Faloutsos. Epidemic thresholds in real networks. ACM TISSEC, 10(4):1--26, 2008.

Digital Library

[11]

F. Cohen. Operating system protection through program evolution. Comput. Secur., 12(6):565--584, October 1993.

Digital Library

[12]

Y. Desmedt and Y. Frankel. Threshold cryptosystems. In CRYPTO'89, pages 307--315.

Digital Library

[13]

E. B. Dynkin. Markov processes. Springer, Berlin, 1965.

[14]

S. Forrest, A. Somayaji, and D. Ackley. Building diverse computer systems. In Proc. HotOS-VI.

Digital Library

[15]

A. Ganesh, L. Massoulie, and D. Towsley. The effect of network topology on the spread of epidemics. In Proc. IEEE Infocom 2005.

[16]

C. Giuffrida, A. Kuijsten, and A. Tanenbaum. Enhanced operating system security through efficient and fine-grained address space randomization. In Proc. USENIX Security'12.

Digital Library

[17]

A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk, and M. Yung. Proactive public key and signature schemes. In Proc. ACM CCS'97.

Digital Library

[18]

J. Hiser, A. Nguyen-Tuong, M. Co, M. Hall, and J. W. Davidson. Ilr: Where'd my gadgets go? In Proc. IEEE Symposium on Security and Privacy 2012.

Digital Library

[19]

A. Homescu, S. Brunthaler, P. Larsen, and M. Franz. Librando: transparent code randomization for just-in-time compilers. In Proc. ACM CCS'13.

Digital Library

[20]

T. Jackson, B. Salamat, A. Homescu, K. Manivannan, G. Wagner, A. Gal, S. Brunthaler, C. Wimmer, and M. Franz. Diversifying the Software Stack Using Randomized NOP Insertion In S. Jajodia, A. Ghosh, V. Swarup, C. Wang, and X. Wang, editors, Moving Target Defense, pages 77--98.

[21]

J. Jafarian, E. Al-Shaer, and Q. Duan. Openflow random host mutation: Transparent moving target defense using software defined networking. In Proc. HotSDN'12.

Digital Library

[22]

G. Kc, A. Keromytis, and V. Prevelakis. Countering code-injection attacks with instruction-set randomization. In Proc. ACM CCS'03.

Digital Library

[23]

Eric Keller, Soudeh Ghorbani, Matt Caesar, and Jennifer Rexford. Live migration of an entire network (and its hosts). In Proc. HotNets'12.

Digital Library

[24]

J. Kephart and S. White. Directed-graph epidemiological models of computer viruses. In IEEE Symposium on Security and Privacy'91.

[25]

J. Kephart and S. White. Measuring and modeling computer virus prevalence. In IEEE Symposium on Security and Privacy'93.

Digital Library

[26]

W. Kermack and A. McKendrick. A contribution to the mathematical theory of epidemics. Proc. of Roy. Soc. Lond. A, 115:700--721, 1927.

[27]

D. Kewley, R. Fink, J. Lowry, and M. Dean. Dynamic approaches to thwart adversary intelligence gathering. In Proc. DISCEX'01.

[28]

V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proc. USENIX Security'02.

Digital Library

[29]

D. Liberzon. Switching in Systems and Control. Birkhauser, Boston, MA, 2003.

[30]

C. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. Reddi, and K. Hazelwood. Pin: Building customized program analysis tools with dynamic instrumentation. In Proc. PLDI'05.

Digital Library

[31]

P. Manadhata. Game theoretic approaches to attack surface shifting. In Moving Target Defense II, pages 1--13. 2013.

[32]

M. Mariton. Jump linear systems in automatic control. Marcel dekker, New York, 1990.

[33]

A. McKendrick. Applications of mathematics to medical problems. Proc. of Edin. Math. Soceity, 14:98--130, 1926.

[34]

N. Nethercote and J. Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. In PLDI'07.

Digital Library

[35]

A. Papadogiannakis, L. Loutsis, V. Papaefstathiou, and S. Ioannidis. Asist: Architectural support for instruction set randomization. In ACM CCS'13.

Digital Library

[36]

V. Pappas, M. Polychronakis, and A. Keromytis. Smashing the gadgets: Hindering return-oriented programming using in-place code randomization. In IEEE Symposium on Security and Privacy'12.

Digital Library

[37]

R. Pastor-Satorras and A. Vespignani. Epidemic dynamics in finite size scale-free networks. Physical Review E, 65:035108, 2002.

[38]

B. Prakash, H. Tong, N. Valler, M. Faloutsos, and C. Faloutsos. Virus propagation on time-varying networks: Theory and immunization algorithms. In ECML/PKDD (3), pages 99--114, 2010.

Digital Library

[39]

M. Rami, V. Bokharaie, O. Mason, and F. Wirth. Stability criteria for sis epidemiological models under switching policies, 2013.

[40]

A. Shamir. How to share a secret. CACM, 22:612--613, 1979.

Digital Library

[41]

A. Sovarel, D. Evans, and N. Paul. Where's the feeb? the effectiveness of instruction set randomization. In Pro. USENIX Security'05.

Digital Library

[42]

The PaX Team. http://pax.grsecurity.net/docs/aslr.txt.

[43]

G. Teschl. Ordinary Differential Equations and Dynamical Systems. American Mathematical Society, 2010.

[44]

P. Van Mieghem, J. Omic, and R. Kooij. Virus spread in networks. IEEE/ACM ToN, 17(1):1--14, February 2009.

Digital Library

[45]

Y. Wang, D. Chakrabarti, C. Wang, and C. Faloutsos. Epidemic spreading in real networks: An eigenvalue viewpoint. In IEEE SRDS'03, pages 25--34.

[46]

R. Wartell, V. Mohan, K. Hamlen, and Z. Lin. Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In ACM CCS'12

Digital Library

[47]

Y. Weiss and E. Barrantes. Known/chosen key attacks against software instruction set randomization. In Proc. ACSAC'06.

Digital Library

[48]

D. William, Z. Jiang, H. Jamjoom, and H. Weatherspoon. Virtualwires for live migrating virtual networks across clouds (IBM TR rc25378, 2013).

[49]

S. Xu. Cybersecurity dynamics. In HotSoS'14 (poster).

Digital Library

[50]

S. Xu, W. Lu, L. Xu, and Z. Zhan. Adaptive epidemic dynamics in networks: Thresholds and control. ACM TAAS, 8(4):19, 2014.

Digital Library

[51]

S. Xu, W. Lu, and L. Xu. Push- and pull-based epidemic spreading in networks: Thresholds and deeper insights. ACM TAAS, 7(3):32, 2012.

Digital Library

[52]

S. Xu, W. Lu, and Z. Zhan. A stochastic model of multivirus dynamics. IEEE TDSC, 9(1):30--45, 2012.

Digital Library

[53]

J. Yackoski, H. Bullen, X. Yu, and J. Li. Applying self-shielding dynamics to the network architecture. In Moving Target Defense II, pp 97--115. 2013.

[54]

Q. Zhu and T. Basar. Game-theoretic approach to feedback-driven multi-stage moving target defense. In Porc. GameSec'13, pages 246--263.

Cited By

Longtchi TXu S(2025)Characterizing the Evolution of Psychological Factors Exploited by Malicious EmailsScience of Cyber Security10.1007/978-981-96-2417-1_9(158-178)Online publication date: 4-Mar-2025
https://doi.org/10.1007/978-981-96-2417-1_9
Ficke EBateman RXu S(2025)AutoCRAT: Automatic Cumulative Reconstruction of Alert TreesScience of Cyber Security10.1007/978-981-96-2417-1_15(273-294)Online publication date: 4-Mar-2025
https://doi.org/10.1007/978-981-96-2417-1_15
Xu SPirbhulal SAbie H(2025)An Architecture of Adaptive Cognitive Digital Twins for Resilient Healthcare Infrastructures and ServicesSecure and Resilient Digital Transformation of Healthcare10.1007/978-3-031-85558-0_1(3-22)Online publication date: 8-Mar-2025
https://doi.org/10.1007/978-3-031-85558-0_1
Show More Cited By

Index Terms

Characterizing the power of moving target defense via cyber epidemic dynamics
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Active cyber defense dynamics exhibiting rich phenomena
HotSoS '15: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security

The Internet is a man-made complex system under constant attacks (e.g., Advanced Persistent Threats and malwares). It is therefore important to understand the phenomena that can be induced by the interaction between cyber attacks and cyber defenses. In ...
Moving Target Defense Against Injection Attacks
Algorithms and Architectures for Parallel Processing
Abstract
With the development of network technology, web services become more convenient and popular. However, web services are also facing serious security threats, especially SQL injection attack(SQLIA). Due to the diversity of attack techniques and the ...
Insider Threat Mitigation Using Moving Target Defense and Deception
MIST '17: Proceedings of the 2017 International Workshop on Managing Insider Security Threats

The insider threat has been subject of extensive study and many approaches from technical perspective to behavioral perspective and psychological perspective have been proposed to detect or mitigate it. However, it still remains one of the most ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

HotSoS '14: Proceedings of the 2014 Symposium and Bootcamp on the Science of Security

April 2014

184 pages

ISBN:9781450329071

DOI:10.1145/2600176

General Chair:
Laurie A. Williams
North Carolina State University
,
Program Chairs:
David M. Nicol
University of Illinois, Urbana-Champaign
,
Munindar P. Singh
North Carolina State University

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

No. Carolina State Univeresity: North Carolina State University

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 April 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

HotSoS '14

Sponsor:

No. Carolina State Univeresity

HotSoS '14: Symposium and Bootcamp on the Science of Security

April 8 - 9, 2014

North Carolina, Raleigh, USA

Acceptance Rates

HotSoS '14 Paper Acceptance Rate 12 of 21 submissions, 57%;

Overall Acceptance Rate 34 of 60 submissions, 57%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

43
Total Citations
View Citations
332
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)2

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Longtchi TXu S(2025)Characterizing the Evolution of Psychological Factors Exploited by Malicious EmailsScience of Cyber Security10.1007/978-981-96-2417-1_9(158-178)Online publication date: 4-Mar-2025
https://doi.org/10.1007/978-981-96-2417-1_9
Ficke EBateman RXu S(2025)AutoCRAT: Automatic Cumulative Reconstruction of Alert TreesScience of Cyber Security10.1007/978-981-96-2417-1_15(273-294)Online publication date: 4-Mar-2025
https://doi.org/10.1007/978-981-96-2417-1_15
Xu SPirbhulal SAbie H(2025)An Architecture of Adaptive Cognitive Digital Twins for Resilient Healthcare Infrastructures and ServicesSecure and Resilient Digital Transformation of Healthcare10.1007/978-3-031-85558-0_1(3-22)Online publication date: 8-Mar-2025
https://doi.org/10.1007/978-3-031-85558-0_1
Żal MMichalski MZwierzykowski P(2024)Implementation of a Lossless Moving Target Defense MechanismElectronics10.3390/electronics1305091813:5(918)Online publication date: 28-Feb-2024
https://doi.org/10.3390/electronics13050918
Longtchi TRodriguez RAl-Shawaf LAtyabi AXu S(2024)Internet-Based Social Engineering Psychology, Attacks, and Defenses: A SurveyProceedings of the IEEE10.1109/JPROC.2024.3379855112:3(210-246)Online publication date: Mar-2024
https://doi.org/10.1109/JPROC.2024.3379855
Li SBaiocco AXu S(2024)Characterizing Privacy Risks in Healthcare IoT SystemsSecure and Resilient Digital Transformation of Healthcare10.1007/978-3-031-55829-0_4(51-68)Online publication date: 16-Mar-2024
https://doi.org/10.1007/978-3-031-55829-0_4
Sun ZXu MSchweitzer KBateman RKott AXu S(2023)Cyber Attacks Against Enterprise Networks: Characterization, Modeling and ForecastingScience of Cyber Security10.1007/978-3-031-45933-7_4(60-81)Online publication date: 21-Nov-2023
https://doi.org/10.1007/978-3-031-45933-7_4
Xu S(2023)AICA Development ChallengesAutonomous Intelligent Cyber Defense Agent (AICA)10.1007/978-3-031-29269-9_18(367-394)Online publication date: 3-Jun-2023
https://doi.org/10.1007/978-3-031-29269-9_18
Chang XShi YZhang ZXu ZTrivedi K(2022)Job Completion Time Under Migration-Based Dynamic Platform TechniqueIEEE Transactions on Services Computing10.1109/TSC.2020.298921515:3(1345-1357)Online publication date: 1-May-2022
https://doi.org/10.1109/TSC.2020.2989215
Chen HCam HXu S(2022)Quantifying Cybersecurity Effectiveness of Dynamic Network DiversityIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.310751419:6(3804-3821)Online publication date: 1-Nov-2022
https://doi.org/10.1109/TDSC.2021.3107514
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten