The goal of this research is to understand and quantify the potential and limitations of moving-target defense (MTD) systems to protect computer networks against the use of general vulnerability exploits to gain unauthorized access. To achieve this goal, we plan to create (1) a set of analytical models to quantify the effectiveness of MTD systems, and (2) a proof-of-concept MTD system that will automatically adapt multiple aspects of the network’s logical and physical configuration. Key research questions we plan to address include
- How can an MTD system’s affect be measured in terms of security gain and mission impact?
- What are the key parameters of an MTD system; what is their effect on MTD performance?
- Is an MTD system that can adapt multiple configuration aspects feasible for reasonable threat assumptions?
- Can an intelligent MTD triggered by attack/risk indicators be more effective than a purely random MTD?
To understand MTD systems, we will design mathematical models to capture key adaptability parameters of MTD systems, which include the frequency, size, and type of adaptivity exhibited by the MTD. We will investigate stochastic modeling to understand the effect of adaptability parameters on attack success likelihood. We plan to answer the questions
- Assuming attack steps take time to achieve certain success probability, what impact will MTDs have on attacker’s goal achievement?
- How should the MTD system be designed and configured to make it effective in reducing attackability while not overly degrading performance?
To validate our models, we will develop a proof-of-concept MTD that explicitly models the system’s mission/security goals and maps them to network resources. We will leverage our current research in reasoning under uncertainty to study the benefits of triggering MTDs based on real-time observations indicating transient risks as well as inherent risks.
Rui Zhuang, Su Zhang, Alex Bardas, Scott A. DeLoach, Xinming Ou, Anoop Singhal. Investigating the Application of Moving Target Defenses to Network Security. 1st International Symposium on Resilient Cyber Systems (ISRCS). August 13-15, 2013, San Francisco, CA.
Justin Yackoski, Jason Li, Scott A. DeLoach, Xinming Ou. Mission-oriented Moving Target Defense Based on Cryptographically Strong Network Dynamics. Proceedings of the 8th Annual Cyber Security and Information Intelligence Research Workshop, Jan 8 - 10, 2013. Oak Ridge, Tennessee.
- Rui Zhuang, Su Zhang, Scott A. DeLoach, Xinming Ou, and Anoop Singhal. Simulation-based Approaches to Studying Effectiveness of Moving-Target Network Defense. National Symposium on Moving Target Research. June 11, 2012, Annapolis, MD.
Dates: 4/1/2012 - 3/31/2017
Dr. DeLoach interview with Eric Chabrow of govInfoSecurity.com
Article in ACM News
K-State Press Release (sidebar, blog)