Abstract: moving target defense (MTD) is a novel way to alter the asymmetric situation of attacks and defenses, and a lot of MTD studies have been carried out recently. However, relevant analysis for the defense mechanism of the MTD technology is still absent. In this paper, we analyze the defense mechanism of MTD technology in two dimensions. First, we present a new defense model named MP2R to describe the proactivity and effect of MTD technology intuitively. Second, we use the incomplete information dynamic game theory to verify the proactivity and effect of MTD technology. Specifically, we model the interaction between a defender who equips a server with different types of MTD techniques and a visitor who can be a user or an attacker, and analyze the equilibria and their conditions for these models. Then, we take an existing incomplete information dynamic game model for traditional defense and its equilibrium result as baseline for comparison, to validate the proactivity and effect of MTD technology. We also identify the factors that will influence the proactivity and effectiveness of the MTD approaches. This work gives theoretical support for understanding the defense process and defense mechanism of MTD technology and provides suggestions to improve the effectiveness of MTD approaches.

基于博弈论方法的移动目标防御机理研究

[1]Al-Shaer, E., Duan, Q., Jafarian, J.H., 2013. Random host mutation for moving target defense. Int. Conf. on Security and Privacy in Communication Systems, p.310-327.

[2]Azab, M., Hassan, R., Eltoweissy, M., 2011. ChameleonSoft: a moving target defense system. 7th Int. Conf. on Collaborative Computing: Networking, Applications and Worksharing, p.241-250.

[3]Cai, G., Wang, B., Hu, W., et al., 2016a. Moving target defense: state of the art and characteristics. Front. Inform. Technol. Electron. Eng., 17(11):1122-1153.

[4]Cai, G., Wang, B., Luo, Y., et al., 2016b. Characterizing the running patterns of moving target defense mechanisms. 18th Int. Conf. on Advanced Communication Technology, p.191-196.

[5]Carroll, T., Grosu, D., 2011. A game theoretic investigation of deception in network security. Secur. Commun. Netw., 4(10):1162-1172.

[6]Carroll, T., Crouse, M., Fulp, E., et al., 2014. Analysis of network address shuffling as a moving target defense. IEEE Int. Conf. on Communications, p.701-706.

[7]Carter, K., Riordan, J., Okhravi, H., 2014. A game theoretic approach to strategy determination for dynamic platform defenses. 1st ACM Workshop on Moving Target Defense, p.21-30.

[8]Carvalho, M., Bradshaw, J., Bunch, L., et al., 2012. Command and control requirements for moving-target defense. IEEE Intell. Syst., 27(3):79-85.

[9]Colbaugh, R., Glass, K., 2012. Predictability-oriented defense against adaptive adversaries. IEEE Int. Conf. on Systems, Man, and Cybernetics, p.2721-2727.

[10]Hobson, T., Okhravi, H., Bigelow, D., et al., 2014. On the challenges of effective movement. 1st ACM Workshop on Moving Target Defense, p.41-50.

[11]Huang, Y., Ghosh, A., 2011. Introducing diversity and uncertainty to create moving attack surfaces for web services. In: Jajodia, S., Ghosh, A., Swarup, V., et al. (Eds.), Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Springer New York, New York, p.131-151.

[12]Jajodia, S., Ghosh, A., Swarup, V., et al., 2011. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Springer Science & Business Media.

[13]Jia, C., Zhong, A., Zhang, W., et al., 2006. Incomplete informational and dynamic game model in network security. J. Comput. Res. Dev., 43(Suppl.):530-533 (in Chinese).

[14]Liu, C., Zhang, Y., Chen, R., 2011. Research on dynamic model for network security based on artificial immunity. Int. J. Knowl. Lang. Process., 2(3):21-35.

[15]Lye, K.W., Wing, J., 2005. Game strategies in network security. Int. J. Inform. Secur., 4(1-2):71-86.

[16]Manadhata, P., 2013. Game theoretic approaches to attack surface shifting. In: Jajodia, S., Ghosh, A., Subrahmanian, V., et al. (Eds.), Moving Target Defense II: Application of Game Theory and Adversarial Modeling. Springer New York, New York, p.1-13.

[17]Manshaei, M., Zhu, Q., Alpcan, T., et al., 2013. Game theory meets network security and privacy. ACM Comput. Surv., 45(3):25.

[18]Moody, W.C., Hu, H., Apon, A., 2014. Defensive maneuver cyber platform modeling with stochastic Petri Nets. Int. Conf. on Collaborative Computing: Networking, Applications and Worksharing, p.531-538.

[19]NITRD, 2009. National Cyber Leap Year Summit 2009. Co-chairs&x2019; Report. https://www.nitrd.gov/fileupload/files/National_Cyber_Leap_Year_Summit_2009_CoChairs_Report.pdf

[20]NITRD, 2010. NITRD CSIA IWG Cybersecurity Game-Change Research and Development Recommendations. https://www.nitrd.gov/cybersecurity/

[21]Okhravi, H., Hobson, T., Bigelow, D., et al., 2014. Finding focus in the blur of moving-target techniques. IEEE Secur. Priv., 12(2):16-26.

[22]Prakash, A., Wellman, M., 2015. Empirical game-theoretic analysis for moving target defense. 2nd ACM Workshop on Moving Target Defense, p.57-65.

[23]Shi, L., Jia, C., Lu, S., 2007. DoS evading mechanism upon service hopping. IFIP Int. Conf. on Network and Parallel Computing Workshops, p.119-122.

[24]Shi, L., Jia, C., Lv, S., 2009. A game theoretic analysis of service hopping mechanism for DoS defense. J. Electron. Inform. Techn., 31(1):228-232 (in Chinese).

[25]Urias, V.E., Stout, W.M.S., Loverro, C., 2015. Computer network deception as a moving target defense. Int. Carnahan Conf. on Security Technology, p.1-6.

[26]Vadlamudi, S., Sengupta, S., Kambhampati, S., et al., 2016. Moving target defense for web applications using Bayesian Stackelberg games. arXiv:1602.07024.

[27]Winterrose, M.L., Carter, K.M., 2014. Strategic evolution of adversaries against temporal platform diversity active cyber defenses. Proc. Symp. on Agent Directed Simulation, p.9.

[28]Winterrose, M.L., Carter, K.M., Wagner, N., et al., 2014. Adaptive attacker strategy development against moving target cyber defenses. arXiv:1407.8540.

[29]Zhu, Q., Başar, T., 2013. Game-theoretic approach to feedback-driven multi-stage moving target defense. LNCS, 8252:246-263.

[30]Zhuang, R., DeLoach, S., Ou, X., 2014. Towards a theory of moving target defense. 1st ACM Workshop on Moving Target Defense, p.31-40.