Delivering diverse web server configuration in a moving target defense using evolutionary algorithms
Authors: 
Ernesto Serrano-Collado, Mario García-Valdez, Juan-Julián Merelo GuervósAuthors Info & Claims
Pages 1520 - 1527
Abstract
Creating diverse service configurations that can be swiftly swapped is the essence of the so called Moving Target Defense: presenting a different attack surface for attackers profiling a system for further advances can be applied to many different services and systems. In this paper we focus on using evolutionary algorithms to generate a host of web server configurations. Even if this is an easy target for evolutionary algorithms, we will prove how evolutionary algorithms provide a supply of secure and diverse configurations, with minimum intervention of experts, even with the added challenge of the time the evaluation of a single system takes.
References
[1]
Noor O Ahmed and Bharat Bhargava. 2020. Bio-inspired Formal Model for Space/Time Virtual Machine Randomization and Diversification. IEEE Transactions on Cloud Computing TBD, TBD (2020), TBD.
[2]
Gui-lin Cai, Bao-sheng Wang, Wei Hu, and Tian-zuo Wang. 2016. Moving target defense: state of the art and characteristics. Frontiers of Information Technology & Electronic Engineering 17, 11 (01 Nov 2016), 1122--1153.
[3]
Xin Chi, Jianfeng Yao, and Huiming Yu. 2018. A Hybrid Load Balance Method Using Evolutionary Computing. In Proceedings of the Australasian Joint Conference on Artificial Intelligence-Workshops. ACM, NY, USA, 15--19.
[4]
Jin-Hee Cho, Dilli P Sharma, Hooman Alavizadeh, Seunghyun Yoon, Noam Ben-Asher, Terrence J Moore, Dong Seong Kim, Hyuk Lim, and Frederica F Nelson. 2019. Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense. (2019).
[5]
Ernesto Serrano Collado, Pedro A. Castillo, and Juan Julián Merelo Guervós. 2020. Using Evolutionary Algorithms for Server Hardening via the Moving Target Defense Technique. In Applications of Evolutionary Computation - 23rd European Conference, EvoApplications 2020, Held as Part of EvoStar 2020, Seville, Spain, April 15-17, 2020, Proceedings (Lecture Notes in Computer Science), Pedro A. Castillo, Juan Luis Jiménez Laredo, and Francisco Fernández de Vega (Eds.), Vol. 12104. Springer, Cham, 670--685.
[6]
Ernesto Serrano Collado, Juan Julián Merelo Guervós, and Mario García Valdez. 2020. Improving evolution of service configurations for moving target defense. In CEC proceedings. IEEE, Piscataway, NY, 8pp.
[7]
Ernesto Serrano Collado, Juan Julián Merelo Guervós, and Mario García Valdez. 2020. Moving target defense through evolutionary algorithms. In GECCO companion proceedings. ACM, NY, USA, 2.
[8]
M. Crouse and E. W. Fulp. 2011. A moving target environment for computer configurations using Genetic Algorithms. In 2011 4th Symposium on Configuration Analytics and Automation (SAFECONFIG). IEEE, Piscataway, NY, 1--7.
[9]
Ang Cui and Salvatore J Stolfo. 2011. Symbiotes and defensive mutualism: Moving target defense. In Moving target defense. Springer, NY, 99--108.
[10]
DISA. 2020. APACHE SERVER 2.4 UNIX SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG). Technical Report. DISA. https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apache_Server_2-4_UNIX_STIG.zip
[11]
CVSS Special Interest Group. 2019. Common Vulnerability Scoring System version 3.1: Specification Document. (June 2019). https://www.first.org/cvss/specification-document
[12]
Sushil Jajodia, Anup K Ghosh, Vipin Swarup, Cliff Wang, and X Sean Wang. 2011. Moving target defense: creating asymmetric uncertainty for cyber threats. Vol. 54. Springer Science & Business Media, NY.
[13]
David J. John, Robert W. Smith, William H. Turkett, Daniel A. Cañas, and Errin W. Fulp. 2014. Evolutionary Based Moving Target Cyber Defense. In Proceedings of the Companion Publication of the 2014 Annual Conference on Genetic and Evolutionary Computation (GECCO Comp '14). ACM, New York, NY, USA, 1261--1268. event-place: Vancouver, BC, Canada.
[14]
P. Larsen, S. Brunthaler, and M. Franz. 2014. Security through diversity: Are we there yet? IEEE Security and Privacy 12, 2 (2014), 28--35. cited By 25.
[15]
Cheng Lei, Hong-Qi Zhang, Jing-Lei Tan, Yu-Chen Zhang, and Xiao-Hu Liu. 2018. Moving target defense techniques: A survey. Security and Communication Networks 2018 (2018), 26 pp.
[16]
Brian Lucas, Errin W Fulp, David J John, and Daniel Cañas. 2014. An initial framework for evolving computer configurations as a moving target defense. In Proceedings of the 9th Annual Cyber and Information Security Research Conference. ACM, NY, US, 69--72.
[17]
NITRD. 2009. NITRD CSIA IWG Cybersecurity Game-Change Research and Development Recommendations. https://bit.ly/2peOnfd. (May 2009).
[18]
Sailik Sengupta, Ankur Chowdhary, Abdulhakim Sabur, Adel Alshamrani, Dijiang Huang, and Subbarao Kambhampati. 2020. A survey of moving target defenses for network security. IEEE Communications Surveys & Tutorials TBD, TBD (2020), 1--1.
[19]
Matheus Torquato and Marco Vieira. 2020. Moving target defense in cloud computing: A systematic mapping study. Computers and Security 92 (2020), 101742.
[20]
Bryan C Ward, Steven R Gomez, Richard Skowyra, David Bigelow, Jason Martin, James Landry, and Hamed Okhravi. 2018. Survey of Cyber Moving Targets Second Edition. Technical Report. MIT Lincoln Laboratory Lexington United States.
[21]
J. Zheng and A.S. Namin. 2019. A Survey on the Moving Target Defense Strategies: An Architectural Perspective. Journal of Computer Science and Technology 34, 1 (2019), 207--233. cited By 3.
Index Terms
- Delivering diverse web server configuration in a moving target defense using evolutionary algorithms
Recommendations
Game Theory Approaches for Evaluating the Deception-based Moving Target Defense
MTD'22: Proceedings of the 9th ACM Workshop on Moving Target DefenseMoving target defense (MTD) is a proactive defensive mechanism proposed to disrupt and disable potential attacks, thus reversing the defender's disadvantages. Cyber deception is a complementary technique that is often used to enhance MTD by utilizing ...
Evolutionary based moving target cyber defense
GECCO Comp '14: Proceedings of the Companion Publication of the 2014 Annual Conference on Genetic and Evolutionary ComputationA Moving Target (MT) defense constantly changes a system's attack surface, in an attempt to limit the usefulness of the reconnaissance the attacker has collected. One approach to this defense strategy is to intermittently change a system's ...
Moving target defense through evolutionary algorithms
GECCO '20: Proceedings of the 2020 Genetic and Evolutionary Computation Conference CompanionMoving target defense is a technique for protecting internet-facing systems via the creation of a variable attack surface, that is, a changing profile that, however, is able to provide the same service to legitimate users. In the case of internet ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Copyright © 2020 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 08 July 2020
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- Ministerio de Ciencia e Innovación
Conference
GECCO '20
Sponsor:
Acceptance Rates
Overall Acceptance Rate 1,669 of 4,410 submissions, 38%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 68Total Downloads
- Downloads (Last 12 months)4
- Downloads (Last 6 weeks)0
Reflects downloads up to 20 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in