Understanding and quantifying the impact of moving target defenses on computer networks

The goal of this research is to understand and quantify the potential and limitations of moving-target defense (MTD) systems to protect computer networks against the use of general vulnerability exploits to gain unauthorized access. To achieve this goal, we plan to create (1) a set of analytical models to quantify the effectiveness of MTD systems, and (2) a proof-of-concept MTD system that will automatically adapt multiple aspects of the network’s logical and physical configuration. Key research questions we plan to address include

  1. How can an MTD system’s affect be measured in terms of security gain and mission impact?
  2. What are the key parameters of an MTD system; what is their effect on MTD performance?
  3. Is an MTD system that can adapt multiple configuration aspects feasible for reasonable threat assumptions?
  4. Can an intelligent MTD triggered by attack/risk indicators be more effective than a purely random MTD?

To understand MTD systems, we will design mathematical models to capture key adaptability parameters of MTD systems, which include the frequency, size, and type of adaptivity exhibited by the MTD. We will investigate stochastic modeling to understand the effect of adaptability parameters on attack success likelihood. We plan to answer the questions

  1. Assuming attack steps take time to achieve certain success probability, what impact will MTDs have on attacker’s goal achievement?
  2. How should the MTD system be designed and configured to make it effective in reducing attackability while not overly degrading performance?

To validate our models, we will develop a proof-of-concept MTD that explicitly models the system’s mission/security goals and maps them to network resources. We will leverage our current research in reasoning under uncertainty to study the benefits of triggering MTDs based on real-time observations indicating transient risks as well as inherent risks.


Sponsor: AFOSR/NM

Dates: 4/1/2012 - 3/31/2017

Popular News

Dr. DeLoach interview with Eric Chabrow of govInfoSecurity.com

Article in ACM News

K-State Press Release (sidebar, blog)