ABSTRACT
One of the biggest challenges faced by cyber defenders is that attacks evolve more rapidly than our ability to recognize them. We propose a moving target defense concept in which the means of detection is set in motion. This is done by moving away from static signature-based detection and instead adopting biological modeling techniques that describe families of related sequences. We present here one example for how to apply evolutionary models to cyber sequences, and demonstrate the feasibility of this technique on analysis of a complex, evolving software project. Specifically, we applied sequence-based and profile-based evolutionary models and report the ability of these models to recognize highly volatile code regions. We found that different drift models reliably identify different types of evolutionarily related code regions. The impact is that these (and possibly other) evolutionary models could be used in a moving target defense in which the "signature" being used to detect sequence-based behaviors is not a fixed signature but one that can recognize new variants of a known family based on multiple evolutionary models.
- C. Oehmen, E. Peterson and S. Dowson, "An Organic Model for Detecting Cyber Events," in CSIIRW'10, Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, 2010. Google ScholarDigital Library
- C. Oehmen and J. Nieplocha, "ScalaBLAST: A scalable implementation of BLAST for High Performance Data-Intensive Bioinformatics Analysis," IEEE Trans. Parallel. Dist. Sys., vol. 17, pp. 740--749, 2006. Google ScholarDigital Library
- S. Altschul, W. Gish, W. Miller, E. Myers, and D. Lipman, "Basic local alignment search tool," J. Mol. Biol., vol. 215, pp. 403--410, 1990.Google ScholarCross Ref
- K. Katoh, K. Kuma, H. Toh, and T. Miyata, "MAFFT version 5: improvement in accuracy of multiple sequence alignment," Nucl. Acid. Res., vol. 33, pp. 511--518, 2005.Google ScholarCross Ref
- S. Eddy, "A new generation of homology search tools based on probabilistic inference," Genome Inform, vol 23, pp. 205--211, 2009.Google Scholar
Index Terms
- Evolutionary drift models for moving target defense
Recommendations
Moving Target Defense Against Injection Attacks
Algorithms and Architectures for Parallel ProcessingAbstractWith the development of network technology, web services become more convenient and popular. However, web services are also facing serious security threats, especially SQL injection attack(SQLIA). Due to the diversity of attack techniques and the ...
Evaluating Deception and Moving Target Defense with Network Attack Simulation
MTD'22: Proceedings of the 9th ACM Workshop on Moving Target DefenseIn the field of network security, with the ongoing arms race between attackers, seeking new vulnerabilities to bypass defense mechanisms and defenders reinforcing their prevention, detection and response strategies, the novel concept of cyber deception ...
An organic model for detecting cyber-events
CSIIRW '10: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence ResearchCyber entities in many ways mimic the behavior of organic systems. Individuals or groups compete for limited resources using a variety of strategies, the most effective of which are reused and refined in later 'generations'. Traditionally this behavior ...
Comments