research-article

An initial framework for evolving computer configurations as a moving target defense

Authors:

Brian Lucas,

Errin W. Fulp,

David J. John,

Daniel CañasAuthors Info & Claims

CISR '14: Proceedings of the 9th Annual Cyber and Information Security Research Conference

Pages 69 - 72

https://doi.org/10.1145/2602087.2602100

Published: 08 April 2014 Publication History

Get Access

Abstract

An evolutionary process encourages a system to change, and hopefully improve, based on environmental feed-back. When applied to a computer system, an evolutionary inspired process can be used to discover computer configurations that are different and potentially more secure. These configurations can be instantiated at different times to create a Moving Target Defense (MTD), where attackers must contend with a system that constantly changes and improves.

This paper describes an initial Python-based framework that creates an evolutionary inspired MTD for computers. The framework consists of three interacting components. An evolutionary component discovers computer configurations based on previous configurations. Another component vets new configurations by instantiating them using virtual machines. Finally, a third process uses a combination of penetration software as well as reports from actual attacks to assess the configurations. The framework has been used to provide a MTD for RedHat^® installed Apache^™1 web servers. Experimental results indicate the servers are on average diverse, functional, and increasingly more secure.

References

[1]

Michael B. Crouse and Errin W. Fulp. A moving target environment for computer configurations using genetic algorithms. In Proceedings of the 4th Symposium on Configuration Analytics and Automation (SafeConfig 2011), 2011.

Google Scholar

[2]

Renaud Deraison. Nessus: remote security scanner. http://www.nessus.org/.

Google Scholar

[3]

Carsten Eiram and Brian Martin. The CVSSv2 shortcomings, faults, and failures formulation. Technical report, Forum of Incident Response and Security Teams (FIRST), 2013.

Google Scholar

[4]

Dorene Kewley, Russ Fink, John Lowry, and Mike Dean. Dynamic approaches to thwart adversary intelligence gathering. In Proc. of the DARPA Information Survivability Conference & Exposition II (DISCEX '01), volume 1, pages 176--185, 2001.

Crossref

Google Scholar

[5]

Peter Mell, Karen Scarfone, and Sasha Romanosky. A complete guide to the common vulnerability scoring system version 2.0. http://www.first.org/cvss/cvss-guide.pdf, 2007.

Google Scholar

[6]

Melanie Mitchell. An Introduction to Genetic Algorithms. MIT Press, Cambridge, MA, USA, 1998.

Digital Library

Google Scholar

[7]

NIST. Consensus security configuration checklist. http://web.nvd.nist.gov/view/ncp/repository.

Google Scholar

[8]

Jon Oberheide, Evan Cooke, and Farnam Jahanian. If it ain't broke, don't fix it: challenges and new directions for inferring the impact of software patches. In Proceedings of the 12th conference on Hot topics in operating systems, 2009.

Digital Library

Google Scholar

Cited By

View all

Izadi SIzadi MRanjbaran GHomayounmajd S(2023)Enhancing Network Security Through Moving Target Defense Technology: An Analysis of the Impact on Attack Level2023 7th International Conference on Internet of Things and Applications (IoT)10.1109/IoT60973.2023.10365374(1-6)Online publication date: 25-Oct-2023
https://doi.org/10.1109/IoT60973.2023.10365374
Zheng YLi ZXu XZhao Q(2022)Dynamic defenses in cyber security: Techniques, methods and challengesDigital Communications and Networks10.1016/j.dcan.2021.07.0068:4(422-435)Online publication date: Aug-2022
https://doi.org/10.1016/j.dcan.2021.07.006
Seo SKim D(2021)OSINT-Based LPC-MTD and HS-Decoy for Organizational Defensive DeceptionApplied Sciences10.3390/app1108340211:8(3402)Online publication date: 10-Apr-2021
https://doi.org/10.3390/app11083402
Show More Cited By

Index Terms

An initial framework for evolving computer configurations as a moving target defense

Recommendations

Evolutionary based moving target cyber defense
GECCO Comp '14: Proceedings of the Companion Publication of the 2014 Annual Conference on Genetic and Evolutionary Computation

A Moving Target (MT) defense constantly changes a system's attack surface, in an attempt to limit the usefulness of the reconnaissance the attacker has collected. One approach to this defense strategy is to intermittently change a system's ...
Insider Threat Mitigation Using Moving Target Defense and Deception
MIST '17: Proceedings of the 2017 International Workshop on Managing Insider Security Threats

The insider threat has been subject of extensive study and many approaches from technical perspective to behavioral perspective and psychological perspective have been proposed to detect or mitigate it. However, it still remains one of the most ...
Moving Target Defense Against Injection Attacks
Algorithms and Architectures for Parallel Processing
Abstract
With the development of network technology, web services become more convenient and popular. However, web services are also facing serious security threats, especially SQL injection attack(SQLIA). Due to the diversity of attack techniques and the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CISR '14: Proceedings of the 9th Annual Cyber and Information Security Research Conference

April 2014

134 pages

ISBN:9781450328128

DOI:10.1145/2602087

Editors:
Robert K. Abercrombie
Oak Ridge National Laboratory (ORNL)
,
J. Todd McDonald
University of South Alabama

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 April 2014

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

CISR' '14

Sponsor:

Los Alamos National Labs
CEDS
Sandia National Labs
DOE
Lawrence Livermore National Lab.
BERKELEYLAB
CSL
Argonne Natl Lab
TTP
Nevada National Security Site

CISR' '14: 2014 Cyber and Information Security Research Conference

April 8 - 10, 2014

Tennessee, Oak Ridge, USA

Acceptance Rates

CISR '14 Paper Acceptance Rate 32 of 50 submissions, 64%;

Overall Acceptance Rate 69 of 136 submissions, 51%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
199
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)2

Reflects downloads up to 25 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Izadi SIzadi MRanjbaran GHomayounmajd S(2023)Enhancing Network Security Through Moving Target Defense Technology: An Analysis of the Impact on Attack Level2023 7th International Conference on Internet of Things and Applications (IoT)10.1109/IoT60973.2023.10365374(1-6)Online publication date: 25-Oct-2023
https://doi.org/10.1109/IoT60973.2023.10365374
Zheng YLi ZXu XZhao Q(2022)Dynamic defenses in cyber security: Techniques, methods and challengesDigital Communications and Networks10.1016/j.dcan.2021.07.0068:4(422-435)Online publication date: Aug-2022
https://doi.org/10.1016/j.dcan.2021.07.006
Seo SKim D(2021)OSINT-Based LPC-MTD and HS-Decoy for Organizational Defensive DeceptionApplied Sciences10.3390/app1108340211:8(3402)Online publication date: 10-Apr-2021
https://doi.org/10.3390/app11083402
Bajic ABecker GPalesi MPalermo GGraves CArima E(2020)A critical view on moving target defense and its analogiesProceedings of the 17th ACM International Conference on Computing Frontiers10.1145/3387902.3397225(277-283)Online publication date: 11-May-2020
https://dl.acm.org/doi/10.1145/3387902.3397225
Serrano-Collado EGarcía-Valdez MGuervós JCoello Coello C(2020)Delivering diverse web server configuration in a moving target defense using evolutionary algorithmsProceedings of the 2020 Genetic and Evolutionary Computation Conference Companion10.1145/3377929.3398083(1520-1527)Online publication date: 8-Jul-2020
https://dl.acm.org/doi/10.1145/3377929.3398083
Dass SNamin AHung CCerny TShin DBechini A(2020)Vulnerability coverage for adequacy security testingProceedings of the 35th Annual ACM Symposium on Applied Computing10.1145/3341105.3374099(540-543)Online publication date: 30-Mar-2020
https://dl.acm.org/doi/10.1145/3341105.3374099
Kong TWang LMa DChen KXu ZLu Y(2020)ConfigRand: A Moving Target Defense Framework against the Shared Kernel Information Leakages for Container-based Cloud2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th International Conference on Smart City; IEEE 6th International Conference on Data Science and Systems (HPCC/SmartCity/DSS)10.1109/HPCC-SmartCity-DSS50907.2020.00104(794-801)Online publication date: Dec-2020
https://doi.org/10.1109/HPCC-SmartCity-DSS50907.2020.00104
Cho JSharma DAlavizadeh HYoon SBen-Asher NMoore TKim DLim HNelson F(2020)Toward Proactive, Adaptive Defense: A Survey on Moving Target DefenseIEEE Communications Surveys & Tutorials10.1109/COMST.2019.296379122:1(709-745)Online publication date: Sep-2021
https://doi.org/10.1109/COMST.2019.2963791
Serrano-Collado EGarcia-Valdez MMerelo-Guervos J(2020)Improving evolution of service configurations for moving target defense2020 IEEE Congress on Evolutionary Computation (CEC)10.1109/CEC48606.2020.9185786(1-8)Online publication date: Jul-2020
https://doi.org/10.1109/CEC48606.2020.9185786
Collado ECastillo PMerelo Guervós J(2020)Using Evolutionary Algorithms for Server Hardening via the Moving Target Defense TechniqueApplications of Evolutionary Computation10.1007/978-3-030-43722-0_43(670-685)Online publication date: 9-Apr-2020
https://doi.org/10.1007/978-3-030-43722-0_43
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Evolutionary based moving target cyber defense

Insider Threat Mitigation Using Moving Target Defense and Deception

Moving Target Defense Against Injection Attacks