Visible to the public Biblio

Filters: Keyword is moving target defense  [Clear All Filters]
2021-08-02
Liu, Weilun, Ge, Mengmeng, Kim, Dong Seong.  2020.  Integrated Proactive Defense for Software Defined Internet of Things under Multi-Target Attacks. 2020 20th IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing (CCGRID). :767—774.
Due to the constrained resource and computational limitation of many Internet of Things (IoT) devices, conventional security protections, which require high computational overhead are not suitable to be deployed. Thus, vulnerable IoT devices could be easily exploited by attackers to break into networks. In this paper, we employ cyber deception and moving target defense (MTD) techniques to proactively change the network topology with both real and decoy nodes with the support of software-defined networking (SDN) technology and investigate the impact of single-target and multi-target attacks on the effectiveness of the integrated mechanism via a hierarchical graphical security model with security metrics. We also implement a web-based visualization interface to show topology changes with highlighted attack paths. Finally, the qualitative security analysis is performed for a small-scale and SDN-supported IoT network with different combinations of decoy types and levels of attack intelligence. Simulation results show the integrated defense mechanism can introduce longer mean-time-to-security-failure and larger attack impact under the multi-target attack, compared with the single-target attack model. In addition, adaptive shuffling has better performance than fixed interval shuffling in terms of a higher proportion of decoy paths, longer mean-time-to-security-failure and largely reduced defense cost.
Chai, Xinzhong, Wang, Yasen, Yan, Chuanxu, Zhao, Yuan, Chen, Wenlong, Wang, Xiaolei.  2020.  DQ-MOTAG: Deep Reinforcement Learning-based Moving Target Defense Against DDoS Attacks. 2020 IEEE Fifth International Conference on Data Science in Cyberspace (DSC). :375—379.
The rapid developments of mobile communication and wearable devices greatly improve our daily life, while the massive entities and emerging services also make Cyber-Physical System (CPS) much more complicated. The maintenance of CPS security tends to be more and more difficult. As a ”gamechanging” new active defense concept, Moving Target Defense (MTD) handle this tricky problem by periodically upsetting and recombining connections between users and servers in the protected system, which is so-called ”shuffle”. By this means, adversaries can hardly obtain enough time to compromise the potential victims, which is the indispensable condition to collect necessary information or conduct further malicious attacks. But every coin has two sides, MTD also introduce unbearable high energy consumption and resource occupation in the meantime, which hinders the large-scale application of MTD for quite a long time. In this paper, we propose a novel deep reinforcement learning-based MOTAG system called DQ-MOTAG. To our knowledge, this is the first work to provide self-adaptive shuffle period adjustment ability for MTD with reinforcement learning-based intelligent control mechanism. We also design an algorithm to generate optimal duration of next period to guide subsequent shuffle. Finally, we conduct a series of experiments to prove the availability and performance of DQ-MOTAG compared to exist methods. The result highlights our solution in terms of defense performance, error block rate and network source consumption.
Abdul Basit Ur Rahim, Muhammad, Duan, Qi, Al-Shaer, Ehab.  2020.  A Formal Analysis of Moving Target Defense. 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC). :1802—1807.
Static system configuration provides a significant advantage for the adversaries to discover the assets and launch attacks. Configuration-based moving target defense (MTD) reverses the cyber warfare asymmetry by mutating certain configuration parameters to disrupt the attack planning or increase the attack cost significantly. In this research, we present a methodology for the formal verification of MTD techniques. We formally modeled MTD techniques and verified them against constraints. We use Random Host Mutation (RHM) as a case study for MTD formal verification. The RHM transparently mutates the IP addresses of end-hosts and turns into untraceable moving targets. We apply the formal methodology to verify the correctness, safety, mutation, mutation quality, and deadlock-freeness of RHM using the model checking tool. An adversary is also modeled to validate the effectiveness of the MTD technique. Our experimentation validates the scalability and feasibility of the formal verification methodology.
Navas, Renzo E., Sandaker, Håkon, Cuppens, Frédéric, Cuppens, Nora, Toutain, Laurent, Papadopoulos, Georgios Z..  2020.  IANVS: A Moving Target Defense Framework for a Resilient Internet of Things. 2020 IEEE Symposium on Computers and Communications (ISCC). :1—6.
The Internet of Things (IoT) is more and more present in fundamental aspects of our societies and personal life. Billions of objects now have access to the Internet. This networking capability allows for new beneficial services and applications. However, it is also the entry-point for a wide variety of cyber-attacks that target these devices. The security measures present in real IoT systems lag behind those of the standard Internet. Security is sometimes completely absent. Moving Target Defense (MTD) is a 10-year-old cyber-defense paradigm. It proposes to randomize components of a system. Reasonably, an attacker will have a higher cost attacking an MTD-version of a system compared with a static-version of it. Even if MTD has been successfully applied to standard systems, its deployment for IoT is still lacking. In this paper, we propose a generic MTD framework suitable for IoT systems: IANVS (pronounced Janus). Our framework has a modular design. Its components can be adapted according to the specific constraints and requirements of a particular IoT system. We use it to instantiate two concrete MTD strategies. One that targets the UDP port numbers (port-hopping), and another a CoAP resource URI. We implement our proposal on real hardware using Pycom LoPy4 nodes. We expose the nodes to a remote Denial-of-Service attack and evaluate the effectiveness of the IANVS-based port-hopping MTD proposal.
Kong, Tong, Wang, Liming, Ma, Duohe, Chen, Kai, Xu, Zhen, Lu, Yijun.  2020.  ConfigRand: A Moving Target Defense Framework against the Shared Kernel Information Leakages for Container-based Cloud. 2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th International Conference on Smart City; IEEE 6th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). :794—801.
Lightweight virtualization represented by container technology provides a virtual environment for cloud services with more flexibility and efficiency due to the kernel-sharing property. However, the shared kernel also means that the system isolation mechanisms are incomplete. Attackers can scan the shared system configuration files to explore vulnerabilities for launching attacks. Previous works mainly eliminate the problem by fixing operating systems or using access control policies, but these methods require significant modifications and cannot meet the security needs of individual containers accurately. In this paper, we present ConfigRand, a moving target defense framework to prevent the information leakages due to the shared kernel in the container-based cloud. The ConfigRand deploys deceptive system configurations for each container, bounding the scan of attackers aimed at the shared kernel. In design of ConfigRand, we (1) propose a framework applying the moving target defense philosophy to periodically generate, distribute, and deploy the deceptive system configurations in the container-based cloud; (2) establish a model to formalize these configurations and quantify their heterogeneity; (3) present a configuration movement strategy to evaluate and optimize the variation of configurations. The results show that ConfigRand can effectively prevent the information leakages due to the shared kernel and apply to typical container applications with minimal system modification and performance degradation.
Magdy, Yousra, Kashkoush, Mona S., Azab, Mohamed, Rizk, Mohamed R. M..  2020.  Anonymous blockchain Based Routing For Moving-target Defense Across Federated Clouds. 2020 IEEE 21st International Conference on High Performance Switching and Routing (HPSR). :1—7.
Cloud federation is the evolution of modern cloud computing. It provides better resource-sharing, perfect resource-utilization, and load-balancing. However, the heterogeneity of security policies and configurations between cloud service providers makes it hard for users to totally trust them. Further, the severe impact of modern cloud attacks such as cross-side channels on federated environments is a major roadblock against such evolution. Securing users' capsules (Virtual Machines and containers) against cross-side channel attacks is considered as a big challenge to cloud service providers. Moving-target Defense (MtD) by live capsule migration was introduced as an effective mechanism to overcome such challenge. However, researchers noted that even with MtD, migrated capsules can still be tracked via routing information. In this paper, we propose a novel Blockchain-based routing mechanism to enable trace-resistant Moving-target Defence (BMtD) to enable anonymous live cross-cloud migrations of running capsules in federated cloud environments. Exploiting the Vulnerable, Exposed, Attacked, Recovered (VEAR) model, simulation results demonstrated the effectiveness of BMtD in minimizing viral attack dispersion.
Kim, Dong Seong, Kim, Minjune, Cho, Jin-Hee, Lim, Hyuk, Moore, Terrence J., Nelson, Frederica F..  2020.  Design and Performance Analysis of Software Defined Networking Based Web Services Adopting Moving Target Defense. 2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S). :43—44.
Moving Target Defense (MTD) has been emerged as a promising countermeasure to defend systems against cyberattacks asymmetrically while working well with legacy security and defense mechanisms. MTD provides proactive security services by dynamically altering attack surfaces and increasing attack cost or complexity to prevent further escalation of the attack. However, one of the non-trivial hurdles in deploying MTD techniques is how to handle potential performance degradation (e.g., interruptions of service availability) and maintain acceptable quality-of-service (QoS) in an MTD-enabled system. In this paper, we derive the service performance metrics (e.g., an extent of failed jobs) to measure how much performance degradation is introduced due to MTD operations, and propose QoS-aware service strategies (i.e., drop and wait) to manage ongoing jobs with the minimum performance degradation even under MTD operations running. We evaluate the service performance of software-defined networking (SDN)-based web services (i.e., Apache web servers). Our experimental results prove that the MTD-enabled system can minimize performance degradation by using the proposed job management strategies. The proposed strategies aim to optimize a specific service configuration (e.g., types of jobs and request rates) and effectively minimize the adverse impact of deploying MTD in the system with acceptable QoS while retaining the security effect of IP shuffling-based MTD.
Qi, Xiaoxia, Shen, Shuai, Wang, Qijin.  2020.  A Moving Target Defense Technology Based on SCIT. 2020 International Conference on Computer Engineering and Application (ICCEA). :454—457.
Moving target defense technology is one of the revolutionary techniques that is “changing the rules of the game” in the field of network technology, according to recent propositions from the US Science and Technology Commission. Building upon a recently-developed approach called Self Cleansing Intrusion Tolerance (SCIT), this paper proposes a moving target defense system that is based on server switching and cleaning. A protected object is maneuvered to improve its safety by exploiting software diversity and thereby introducing randomness and unpredictability into the system. Experimental results show that the improved system increases the difficulty of attack and significantly reduces the likelihood of a system being invaded, thus serving to enhance system security.
2021-05-20
Heydari, Vahid.  2020.  A New Security Framework for Remote Patient Monitoring Devices. 2020 International Symposium on Networks, Computers and Communications (ISNCC). :1—4.

Digital connectivity is fundamental to the health care system to deliver safe and effective care. However, insecure connectivity could be a major threat to patient safety and privacy (e.g., in August 2017, FDA recalled 465,000 pacemakers because of discovering security flaws). Although connecting a patient's pacemaker to the Internet has many advantages for monitoring the patient, this connectivity opens a new door for cyber-attackers to steal the patient data or even control the pacemaker or damage it. Therefore, patients are forced to choose between connectivity and security. This paper presents a framework for secure and private communications between wearable medical devices and patient monitoring systems. The primary objective of this research is twofold, first to identify and analyze the communication vulnerabilities, second, to develop a framework for combating unauthorized access to data through the compromising of computer security. Specifically, hiding targets from cyber-attackers could prevent our system from future cyber-attacks. This is the most effective way to stop cyber-attacks in their first step.

2021-05-13
Zhang, Yaqin, Ma, Duohe, Sun, Xiaoyan, Chen, Kai, Liu, Feng.  2020.  WGT: Thwarting Web Attacks Through Web Gene Tree-based Moving Target Defense. 2020 IEEE International Conference on Web Services (ICWS). :364–371.
Moving target defense (MTD) suggests a game-changing way of enhancing web security by increasing uncertainty and complexity for attackers. A good number of web MTD techniques have been investigated to counter various types of web attacks. However, in most MTD techniques, only fixed attributes of the attack surface are shifted, leaving the rest exploitable by the attackers. Currently, there are few mechanisms to support the whole attack surface movement and solve the partial coverage problem, where only a fraction of the possible attributes shift in the whole attack surface. To address this issue, this paper proposes a Web Gene Tree (WGT) based MTD mechanism. The key point is to extract all potential exploitable key attributes related to vulnerabilities as web genes, and mutate them using various MTD techniques to withstand various attacks. Experimental results indicate that, by randomly shifting web genes and diversely inserting deceptive ones, the proposed WGT mechanism outperforms other existing schemes and can significantly improve the security of web applications.
2021-02-23
Krohmer, D., Schotten, H. D..  2020.  Decentralized Identifier Distribution for Moving Target Defense and Beyond. 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). :1—8.

In this work, we propose a novel approach for decentralized identifier distribution and synchronization in networks. The protocol generates network entity identifiers composed of timestamps and cryptographically secure random values with a significant reduction of collision probability. The distribution is inspired by Unique Universal Identifiers and Timestamp-based Concurrency Control algorithms originating from database applications. We defined fundamental requirements for the distribution, including: uniqueness, accuracy of distribution, optimal timing behavior, scalability, small impact on network load for different operation modes and overall compliance to common network security objectives. An implementation of the proposed approach is evaluated and the results are presented. Originally designed for a domain of proactive defense strategies known as Moving Target Defense, the general architecture of the protocol enables arbitrary applications where identifier distributions in networks have to be decentralized, rapid and secure.

2021-01-25
Yoon, S., Cho, J.-H., Kim, D. S., Moore, T. J., Free-Nelson, F., Lim, H..  2020.  Attack Graph-Based Moving Target Defense in Software-Defined Networks. IEEE Transactions on Network and Service Management. 17:1653–1668.
Moving target defense (MTD) has emerged as a proactive defense mechanism aiming to thwart a potential attacker. The key underlying idea of MTD is to increase uncertainty and confusion for attackers by changing the attack surface (i.e., system or network configurations) that can invalidate the intelligence collected by the attackers and interrupt attack execution; ultimately leading to attack failure. Recently, the significant advance of software-defined networking (SDN) technology has enabled several complex system operations to be highly flexible and robust; particularly in terms of programmability and controllability with the help of SDN controllers. Accordingly, many security operations have utilized this capability to be optimally deployed in a complex network using the SDN functionalities. In this paper, by leveraging the advanced SDN technology, we developed an attack graph-based MTD technique that shuffles a host's network configurations (e.g., MAC/IP/port addresses) based on its criticality, which is highly exploitable by attackers when the host is on the attack path(s). To this end, we developed a hierarchical attack graph model that provides a network's vulnerability and network topology, which can be utilized for the MTD shuffling decisions in selecting highly exploitable hosts in a given network, and determining the frequency of shuffling the hosts' network configurations. The MTD shuffling with a high priority on more exploitable, critical hosts contributes to providing adaptive, proactive, and affordable defense services aiming to minimize attack success probability with minimum MTD cost. We validated the out performance of the proposed MTD in attack success probability and MTD cost via both simulation and real SDN testbed experiments.
2020-10-05
Xue, Baoze, Shen, Pubing, Wu, Bo, Wang, Xiaoting, Chen, Shuwen.  2019.  Research on Security Protection of Network Based on Address Layout Randomization from the Perspective of Attackers. 2019 IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC). :1475–1478.
At present, the network architecture is based on the TCP/IP protocol and node communications are achieved by the IP address and identifier of the node. The IP address in the network remains basically unchanged, so it is more likely to be attacked by network intruder. To this end, it is important to make periodic dynamic hopping in a specific address space possible, so that an intruder fails to obtain the internal network address and grid topological structure in real time and to continue to perform infiltration by the building of a new address space layout randomization system on the basis of SDN from the perspective of an attacker.
2020-08-03
Chowdhary, Ankur, Sengupta, Sailik, Alshamrani, Adel, Huang, Dijiang, Sabur, Abdulhakim.  2019.  Adaptive MTD Security using Markov Game Modeling. 2019 International Conference on Computing, Networking and Communications (ICNC). :577–581.
Large scale cloud networks consist of distributed networking and computing elements that process critical information and thus security is a key requirement for any environment. Unfortunately, assessing the security state of such networks is a challenging task and the tools used in the past by security experts such as packet filtering, firewall, Intrusion Detection Systems (IDS) etc., provide a reactive security mechanism. In this paper, we introduce a Moving Target Defense (MTD) based proactive security framework for monitoring attacks which lets us identify and reason about multi-stage attacks that target software vulnerabilities present in a cloud network. We formulate the multi-stage attack scenario as a two-player zero-sum Markov Game (between the attacker and the network administrator) on attack graphs. The rewards and transition probabilities are obtained by leveraging the expert knowledge present in the Common Vulnerability Scoring System (CVSS). Our framework identifies an attacker's optimal policy and places countermeasures to ensure that this attack policy is always detected, thus forcing the attacker to use a sub-optimal policy with higher cost.
2020-07-27
McBride, Marci, Mitchell, Robert.  2018.  Enhanced dynamic cyber zone defense. 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC). :66–71.
Information security is a top priority in government and industry because high consequence cyber incidents continue with regularity. The blue teamers that protect cyber systems cannot stop or even know about all these incidents, so they must take measures to tolerate these incursions in addition to preventing and detecting them. We propose dynamically compartmentalizing subject networks into collaboration zones and limiting the communication between these zones. In this article, we demonstrate this technique's effect on the attacker and the defender for various parameter settings using discrete-time simulation. Based on our results, we conclude that dynamic cyber zone defense is a viable intrusion tolerance technique and should be considered for technology transfer.
2020-05-15
Aydeger, Abdullah, Saputro, Nico, Akkaya, Kemal.  2018.  Utilizing NFV for Effective Moving Target Defense Against Link Flooding Reconnaissance Attacks. MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM). :946—951.

Moving target defense (MTD) is becoming popular with the advancements in Software Defined Networking (SDN) technologies. With centralized management through SDN, changing the network attributes such as routes to escape from attacks is simple and fast. Yet, the available alternate routes are bounded by the network topology, and a persistent attacker that continuously perform the reconnaissance can extract the whole link-map of the network. To address this issue, we propose to use virtual shadow networks (VSNs) by applying Network Function Virtualization (NFV) abilities to the network in order to deceive attacker with the fake topology information and not reveal the actual network topology and characteristics. We design this approach under a formal framework for Internet Service Provider (ISP) networks and apply it to the recently emerged indirect DDoS attacks, namely Crossfire, for evaluation. The results show that attacker spends more time to figure out the network behavior while the costs on the defender and network operations are negligible until reaching a certain network size.

2020-05-04
Wang, Fang, Qi, Weimin, Qian, Tonghui.  2019.  A Dynamic Cybersecurity Protection Method based on Software-defined Networking for Industrial Control Systems. 2019 Chinese Automation Congress (CAC). :1831–1834.

In this paper, a dynamic cybersecurity protection method based on software-defined networking (SDN) is proposed, according to the protection requirement analysis for industrial control systems (ICSs). This method can execute security response measures by SDN, such as isolation, redirection etc., based on the real-time intrusion detection results, forming a detecting-responding closed-loop security control. In addition, moving target defense (MTD) concept is introduced to the protection for ICSs, where topology transformation and IP/port hopping are realized by SDN, which can confuse and deceive the attackers and prevent attacks at the beginning, protection ICSs in an active manner. The simulation results verify the feasibility of the proposed method.

2020-04-17
Mohsen, Fadi, Jafaarian, Haadi.  2019.  Raising the Bar Really High: An MTD Approach to Protect Data in Embedded Browsers. 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC). 1:786—794.
The safety of web browsers is essential to the privacy of Internet users and the security of their computing systems. In the last few years, there have been several cyber attacks geared towards compromising surfers' data and systems via exploiting browser-based vulnerabilities. Android and a number of mobile operating systems have been supporting a UI component called WebView, which can be embedded in any mobile application to render the web contents. Yet, this mini-browser component has been found to be vulnerable to various kinds of attacks. For instance, an attacker in her WebView-Embedded app can inject malicious JavaScripts into the WebView to modify the web contents or to steal user's input values. This kind of attack is particularly challenging due to the full control of attackers over the content of the loaded pages. In this paper, we are proposing and testing a server-side moving target defense technique to counter the risk of JavaScript injection attacks on mobile WebViews. The solution entails creating redundant HTML forms, randomizing their attributes and values, and asserting stealthy prompts for the user data. The solution does not dictate any changes to the browser or applications codes, neither it requires key sharing with benign clients. The results of our performance and security analysis suggest that our proposed approach protects the confidentiality and integrity of user input values with minimum overhead.
2020-02-18
Griffioen, Paul, Weerakkody, Sean, Sinopoli, Bruno.  2019.  An Optimal Design of a Moving Target Defense for Attack Detection in Control Systems. 2019 American Control Conference (ACC). :4527–4534.
In this paper, we consider the problem of designing system parameters to improve detection of attacks in control systems. Specifically, we study control systems which are vulnerable to integrity attacks on sensors and actuators. We aim to defend against strong model aware adversaries that can read and modify all sensors and actuators. Previous work has proposed a moving target defense for detecting integrity attacks on control systems. Here, an authenticating subsystem with time-varying dynamics coupled to the original plant is introduced. Due to this coupling, an attack on the original system will affect the authenticating subsystem and in turn be revealed by a set of sensors measuring the extended plant. Moreover, the time-varying dynamics of the extended plant act as a moving target, preventing an adversary from developing an effective adaptive attack strategy. Previous work has failed to consider the design of the time-varying system matrices and as such provides little in terms of guidelines for implementation in real systems. This paper proposes two optimization problems for designing these matrices. The first designs the auxiliary actuators to maximize detection performance while the second designs the coupling matrices to maximize system estimation performance. Numerical examples are presented that validate our approach.
Chaturvedi, Shilpa, Simmhan, Yogesh.  2019.  Toward Resilient Stream Processing on Clouds Using Moving Target Defense. 2019 IEEE 22nd International Symposium on Real-Time Distributed Computing (ISORC). :134–142.
Big data platforms have grown popular for real-time stream processing on distributed clusters and clouds. However, execution of sensitive streaming applications on shared computing resources increases their vulnerabilities, and may lead to data leaks and injection of spurious logic that can compromise these applications. Here, we adopt Moving Target Defense (MTD) techniques into Fast Data platforms, and propose MTD strategies by which we can mitigate these attacks. Our strategies target the platform, application and data layers, which make these reusable, rather than the OS, virtual machine, or hardware layers, which are environment specific. We use Apache Storm as the canonical distributed stream processing platform for designing our MTD strategies, and offer a preliminary evaluation that indicates the feasibility and evaluates the performance overheads.
Lin, Gengshen, Dong, Mianxiong, Ota, Kaoru, Li, Jianhua, Yang, Wu, Wu, Jun.  2019.  Security Function Virtualization Based Moving Target Defense of SDN-Enabled Smart Grid. ICC 2019 - 2019 IEEE International Conference on Communications (ICC). :1–6.

Software-defined networking (SDN) allows the smart grid to be centrally controlled and managed by decoupling the control plane from the data plane, but it also expands attack surface for attackers. Existing studies about the security of SDN-enabled smart grid (SDSG) mainly focused on static methods such as access control and identity authentication, which is vulnerable to attackers that carefully probe the system. As the attacks become more variable and complex, there is an urgent need for dynamic defense methods. In this paper, we propose a security function virtualization (SFV) based moving target defense of SDSG which makes the attack surface constantly changing. First, we design a dynamic defense mechanism by migrating virtual security function (VSF) instances as the traffic state changes. The centralized SDN controller is re-designed for global status monitoring and migration management. Moreover, we formalize the VSF instances migration problem as an integer nonlinear programming problem with multiple constraints and design a pre-migration algorithm to prevent VSF instances' resources from being exhausted. Simulation results indicate the feasibility of the proposed scheme.

Zheng, Jianjun, Siami Namin, Akbar.  2019.  Enforcing Optimal Moving Target Defense Policies. 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC). 1:753–759.
This paper introduces an approach based on control theory to model, analyze and select optimal security policies for Moving Target Defense (MTD) deployment strategies. A Markov Decision Process (MDP) scheme is presented to model states of the system from attacking point of view. The employed value iteration method is based on the Bellman optimality equation for optimal policy selection for each state defined in the system. The model is then utilized to analyze the impact of various costs on the optimal policy. The MDP model is then applied to two case studies to evaluate the performance of the model.
Liu, Zhenpeng, He, Yupeng, Wang, Wensheng, Wang, Shuo, Li, Xiaofei, Zhang, Bin.  2019.  AEH-MTD: Adaptive Moving Target Defense Scheme for SDN. 2019 IEEE International Conference on Smart Internet of Things (SmartIoT). :142–147.

Distributed Denial of Service attack is very harmful to software-defined networking. Effective defense measures are the key to ensure SDN security. An adaptive moving target defense scheme based on end information hopping for SDN is proposed. The source address entropy value and the flow rate method are used to detect the network condition. According to the detection result, the end information is adjusted by time adaptive or space adaptive. A model of active network defense is constructed. The experimental results show that the proposed scheme enhances the anti-attack capability and serviceability compared with other methods, and has greater dynamics and flexibility.

Dishington, Cole, Sharma, Dilli P., Kim, Dong Seong, Cho, Jin-Hee, Moore, Terrence J., Nelson, Frederica F..  2019.  Security and Performance Assessment of IP Multiplexing Moving Target Defence in Software Defined Networks. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :288–295.

With the interconnection of services and customers, network attacks are capable of large amounts of damage. Flexible Random Virtual IP Multiplexing (FRVM) is a Moving Target Defence (MTD) technique that protects against reconnaissance and access with address mutation and multiplexing. Security techniques must be trusted, however, FRVM, along with past MTD techniques, have gaps in realistic evaluation and thorough analysis of security and performance. FRVM, and two comparison techniques, were deployed on a virtualised network to demonstrate FRVM's security and performance trade-offs. The key results include the security and performance trade-offs of address multiplexing and address mutation. The security benefit of IP address multiplexing is much greater than its performance overhead, deployed on top of address mutation. Frequent address mutation significantly increases an attackers' network scan durations as well as effectively obfuscating and hiding network configurations.

2019-12-16
Chen, Ping, Yu, Han, Zhao, Min, Wang, Jinshuang.  2018.  Research and Implementation of Cross-site Scripting Defense Method Based on Moving Target Defense Technology. 2018 5th International Conference on Systems and Informatics (ICSAI). :818–822.

The root cause of cross-site scripting(XSS) attack is that the JavaScript engine can't distinguish between the JavaScript code in Web application and the JavaScript code injected by attackers. Moving Target Defense (MTD) is a novel technique that aim to defeat attacks by frequently changing the system configuration so that attackers can't catch the status of the system. This paper describes the design and implement of a XSS defense method based on Moving Target Defense technology. This method adds a random attribute to each unsafe element in Web application to distinguish between the JavaScript code in Web application and the JavaScript code injected by attackers and uses a security check function to verify the random attribute, if there is no random attribute or the random attribute value is not correct in a HTML (Hypertext Markup Language) element, the execution of JavaScript code will be prevented. The experiment results show that the method can effectively prevent XSS attacks and have little impact on the system performance.