Top

Published in:

2019 | OriginalPaper | Chapter

10. Active Defense Techniques

Authors : Nathaniel Evans, William Horsthemke

Published in: Cyber Resilience of Systems and Networks

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In the previous chapter, we were introduced to active defense among numerous other approaches. Now is a good time we explore active defense techniques in detail. These are automated- and human-directed activities that attempt to thwart cyberattacks by increasing the diversity, complexity, or variability of the systems and networks. These limit the attacker’s ability to gather intelligence or reduce the usable life-span of the intelligence. Other approaches focus on gathering intelligence on the attackers, either by attracting attackers to instrumented honeypots or by patrolling the systems and networks to hunt for attackers. The intelligence gathering approaches rely upon cybersecurity personnel using semiautomated techniques to respond and repel attackers. Widely available commercial solutions for active defense so far are lacking. Although general purpose products may emerge, meanwhile organizations need to tailor their applications for available solutions or develop their own customized active defense. A successfully architected system or application should include passive defenses, which add protection without requiring human interaction, as well as active defenses.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Systems Engineering Approaches

next chapter Managing Human Factors

Albanese, M., Benedictis, A. D., Jajodia, S., & Sun, K. (2013, October). A moving target defense mechanism for Manets based on identity virtualization. In Proceedings of the First IEEE Conference on Communications and Network Security (CNS 2013), Washington, DC.

Ali, M. Q., Al-Shaer, E., & Duan, Q. (2013). Randomizing AMI configuration for proactive defense in smart grid. In IEEE International Conference on Smart Grid Communications, Vancouver, BC: Canada.

Al-Shaer, E. (2011). Toward network configuration randomization for moving target defense. In S. Jajodia et al. (Eds.), Moving target defense (Vol. 54, pp. 153–159). New York: Springer.CrossRef

Al-Shaer, E., Duan, Q., & Jafarian, J. (2013). Random host mutation for moving target defense. In A. Keromytis & R. Pietro (Eds.), Security and privacy in communication networks (Vol. 106, pp. 310–327). Berlin/Heidelberg: Springer.CrossRef

Anderson, N., Mitchell, R., & Chen, I. R. (2016). Parameterizing moving target defenses. In 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS) (pp. 1–6). Larnaca.

Araujo, F., Hamlen, K. W., Biedermann, S., & Katzenbeisser, S. (2014). From patches to honey-patches: Lightweight attacker misdirection, deception, and disinformation. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS ‘14) (pp. 942–953). ACM: New York.

Argonne National Laboratory (2017). Cyber fed model. Available at https://cfm.gss.anl.gov/about-cfm/. Accessed 27 July 2017.

Atighetchi, M., Pal, P., Webber, F., Schantz, R., Jones, C., & Loyall, J. (2004). Adaptive cyberdefense for survival and intrusion tolerance. IEEE Internet Computing, 8(6), 25–33.CrossRef

Atighetchi, M., Soule, N., Watro, R., & Loyall, J. (2014). The concept of attack surface reasoning. In The Third International Conference on Intelligent Systems and Applications (Intelli 2014) (pp. 39–42). Seville, Spain.

Azab, M., Hassan, R., & Eltoweissy, M. (2011, October 15–18). ChameleonSoft: A moving target defense system. In 2011 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom) (pp. 241–250). Orlando.

Badr, Y., Hariri, S., Al-Nashif, Y., & Blasch, E. (2015). Resilient and trustworthy dynamic data-driven application systems (DDDAS) services for crisis management environments. Procedia Computer Science, 51, 2623–2637.CrossRef

Beraud, P., Cruz, A., Hassell, S., & Meadows, S. (2011, November 7–10). Using cyber maneuver to improve network resiliency. In 2011 Military Communications Conference (MILCOM) (pp. 1121–1126). Baltimore.

Boyd, S., & Keromytis, A. (2004). SQLrand: Preventing SQL injection attacks. In M. Jakobsson et al. (Eds.), Applied cryptography and network security (Vol. 3089, pp. 292–302). Berlin/Heidelberg: Springer.CrossRef

Cai, G., Wang, B., Luo, Y., Li, S., & Wang, X. (2016, January). Characterizing the running patterns of moving target defense mechanisms. In 2016 18th International Conference on Advanced Communication Technology (ICACT) (pp. 191–196). PyeongChang, Korea: IEEE.

Carvalho, M., Lamkin, T., & Perez, C. (2010, December). Organic resilience for tactical environments. In 5th International ICST Conference on Bio-Inspired Models of Network, Information, and Computing Systems (Bionetics), Boston.

Carvalho, M., Eskridge, T. C., Bunch, L., Dalton, A., Hoffman, R., Bradshaw, J. M., & Shanklin, T. (2013). MTC2: A command and control framework for moving target defense and cyber resilience. In 2013 6th International Symposium on Resilient Control Systems.

Casola, V., Benedictis, A. D., & Albanese, M. (2013). A moving target defense approach for protecting resource-constrained distributed devices. In Proceedings of the 14th International Conference on Information Reuse and Integration (IEEE IRI 2013). San Francisco: California, USA

Chan, C. S. (2012). Complexity the worst enemy of security. Available at https://www.schneier.com/news/archives/2012/12/complexity_the_worst.html

Chiang, C. J., et al. (2016). ACyDS: An adaptive cyber deception system. In Military Communications Conference (MILCOM) 2016 IEEE (pp. 800–805). Baltimore.

Choudhury, S., et al. (2015, October 12). Action recommendation for cyber resilience. In 2015 Workshop on Automated Decision Making for Active Cyber Defense (pp. 3–8). Denver.

Christodorescu, M., Fredrikson, M., Jha, S., & Giffin, J. (2011). End-to-end software diversification of internet services. In S. Jajodia et al. (Eds.), Moving target defense (Vol. 54, pp. 117–130). New York: Springer.CrossRef

Clark, A., Sun, K., & Poovendran, R. (2013). Effectiveness of IP address randomization in decoy-based moving target defense. In 2013 I.E. 52nd Annual Conference on Decision and Control.

Colbaugh, R., & Glass, K. (2013). Moving target defense for adaptive adversaries. In 2013 I.E. International Conference on Intelligence and Security Informatics, Florence: Italy.

Cox, B., Evans, D., Filipi, A., Rowanhill, J., Hu, W., Davidson, J., Knight, J., Nguyen-Tuong, A., & Hiser, J. (2006). N-variant systems: A secretless framework for security through diversity. In Defense Technical Information Center. USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium (Vol. 15, p. 9). Vancouver, B.C., Canada.

Crouse, M., Fulp, E., & Canas, D. (2012). Improving the diversity defense of genetic algorithm-based moving target approaches. In Proceedings of Moving Target Research Symposium.

Cui, A., & Stolfo, S. (2011). Symbiotes and defensive mutualism: Moving target defense. In S. Jajodia et al. (Eds.), Moving target defense (Vol. 54, pp. 99–108). New York: Springer.CrossRef

Curado, M., Madeira, H., Rupino, P., Cabral, B., Abreu, D. P., Barata, J., Roque, L., & Immich, R. (2017). Next generation Cyber-Physical Systems: Towards Resilient Software and Internet Services. In Cyber Resilience. Centre for Informatics and Systems Department of Informatics, Engineering University of Coimbra, p. 100.

Cyber Operations, Analysis, and Research (2017). Argonne National Lab, Moving target defense. Available at https://coar.risc.anl.gov/research/moving-target-defense

Das, S., et al. (2016, February). Semantics-based online malware detection: Towards efficient real-time protection against malware. IEEE Transactions on Information Forensics and Security, 11(2), 289–302.CrossRef

DLP and Honeytokens (2003). Augusto Paes de Barros. Available at http://blog.securitybalance.com/2007_08_01_archive.html

Dunlop, M., Groat, S., Urbanski, W., Marchany, R., & Tront, J. (2011, November 7–10). MT6D: A moving target IPv6 defense. In 2011 Military Communications Conference (MILCOM) (pp. 1321–1326). Baltimore.

Eric, J. (2001, April). Holdaway: Active computer network defense: An assessment. Alabama: Maxwell Air Force Base. Available at www.iwar.org.uk/iwar/resources/usaf/maxwell/students/2001/01-055.pdf

Eskridge, T. C., Carvalho, M. M., Stoner, E., Toggweiler, T., & Granados, A. (2015, October). VINE: A cyber emulation environment for MTD experimentation. In Proceedings of the Second ACM Workshop on Moving Target Defense (pp. 43–47). ACM.

Evans, D., Nguyen-Tuong, A., & Knight, J. (2011). Effectiveness of moving target defenses. In S. Jajodia et al. (Eds.), Moving target defense (Vol. 54, pp. 29–48). New York: Springer.CrossRef

Geer, D. E. (2008). Complexity is the enemy. IEEE Security and Privacy, 6(6), 88–88.CrossRef

Goues, C., Nguyen-Tuong, A., Chen, H., Davidson, J., Forrest, S., Hiser, J., Knight, J., & Gundy, M. (2013). Moving target defenses in the helix self-regenerative architecture. In S. Jajodia et al. (Eds.), Moving target defense II (Vol. 100, pp. 117–149). New York: Springer.CrossRef

Groat, S., Dunlop, M., Marchany, R., & Tront, J. (2011, March 17–18). Using dynamic addressing for a moving target defense. In Proceedings of the 6th International Conference on Information Warfare and Security (p. 84). Academic Conferences Limited: Washington, DC.

Groat, S., Dunlop, M., Urbanksi, W., Marchany, R., & Tront, J. (2012, July 22–26). Using an IPv6 moving target defense to protect the Smart Grid. In 2012 I.E. Power & Energy Society General Meeting, Innovative Smart Grid Technologies (ISGT) (pp. 1–7). San Diego.

Hamlet, J. R., & Lamb, C. C. (2016). Dependency graph analysis and moving target defense selection. In Proceedings of the 2016 ACM Workshop on Moving Target Defense (MTD ‘16) (pp. 105–116). ACM: New York.

Han, W., Zhao, Z., Doupé, A., & Ahn, G.-J. (2016). HoneyMix: Toward SDN-based intelligent honeynet. In Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization (SDN-NFV Security ‘16) (pp. 1–6). ACM: New York.

Hardman, O., Groat, S., Marchany, R., et al. (2013). Optimizing a network layer moving target defense for specific system architectures. In Proceedings of the ninth ACM/IEEE Symposium on Architectures for Networking and Communications Systems (pp. 117–118). IEEE Press.

Heckman, K. E., Stech, F. J., Schmoker, B. S., & Thomas, R. K. (2015). Denial and deception in cyber defense. Computer, 48, 36–44. https://doi.org/10.1109/MC.2015.104.CrossRef

Heydari, V., & Yoo, S. M. (2016). Securing critical infrastructure by moving target defense. In 11th International Conference on Cyber Warfare and Security (ICCWS 2016), Boston: Massachusetts, USA.

Hill, B. (2007). Complexity as the enemy of security. In W3C Workshop on Next Steps for XML. Signature and Encryption. 25/25 September.

Himma, K. E., & Dittrich, D. (2005, June 10). Active response to computer intrusions. Available at https://ssrn.com/abstract=790585

Holstein, D. K. (2009). A systems dynamics view of security assurance issues: The curse of complexity and avoiding Chaos. In 2009 42nd Hawaii International Conference on System Sciences (pp. 1–9). Big Island.

Hong, J. B., & Kim, D. S. (2014). Scalable security models for assessing effectiveness of moving target defenses. In 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (pp. 515–526). Atlanta.

Huang, Y., & Ghosh, A. (2011). Introducing diversity and uncertainty to create moving attack surfaces for web services. In S. Jajodia et al. (Eds.), Moving target defense (Vol. 54, pp. 131–151). New York: Springer.CrossRef

Ishikawa, T., & Sakurai, K. (2017, January 5–7). Parameter manipulation attack prevention and detection by using web application deception proxy. In Eleventh International Conference on Ubiquitous IMCOM 2017, Beppu.

Jackson, T., Homescu, A., Crane, S., Larsen, P., Brunthaler, S., & Franz, M. (2013). Diversifying the software stack using randomized NOP insertion. In S. Jajodia et al. (Eds.), Moving target defense II (Vol. 100, pp. 151–173). New York: Springer.CrossRef

Jacob, M., Jakubowski, M. H., Naldurg, P., Saw, C. W. N., & Venkatesan, R. (2008). The superdiversifier: Peephole individualization for software protection. In Advances in information and computer security (pp. 100–120). New York: Springer.CrossRef

Karsai, G., Koutsoukos, X., Neema, H., Volgyesi, P., & Sztipanovitz, J. (2017). Simulation-based analysis of cyber resilience in cyber-physical systems. Cyber Resilience, p. 131.

Kc, G. S., Keromytis, A. D., & Prevelakis, V. (2003). Countering code-injection attacks with instruction-set randomization. In Proceedings of the 10th ACM Conference on Computer and Communications Security (Washington, DC, October 27–30, 2003) (pp. 272–280). ACM: New York.

Kewley, D., Fink, R., Lowry, J., & Dean, M. (2001, June 12–14). Dynamic approaches to thwart adversary intelligence gathering. In 2001 DARPA Information Survivability Conference & Exposition II. DISCEX ‘01 Proceedings (Vol. 1, pp. 176–185), Anaheim.

Krebs, B. (2014). Complexity as the enemy of security. Available at https://krebsonsecurity.com/2014/05/complexity-as-the-enemy-of-security/

Leyi, S., Chunfu, J., & Shuwang, L. (2008, April 6–8). Full service hopping for proactive cyber-defense. In 2008 I.E. International Conference on Networking, Sensing and Control (ICNSC) (pp. 1337–1342). Sanya.

MacFarland, D. C., & Shue, C. A. (2015). The SDN shuffle: Creating a moving-target defense using host-based software-defined networking. In Proc of MTD ’15 (pp. 37–41).

Meyer, J. F. (2009, September). Defining and evaluating resilience: A performability perspective. In Presentation at International Workshop on Performability Modeling of Computer and Communication Systems.

Microsoft (2017, January 11). Early launch antimalware. Available at https://msdn.microsoft.com/windows/compatibility/early-launch-antimalware

National Institute of Standards and Technology (2016, December). NIST special publication 800-184. Guide for cybersecurity event recovery. Available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf. Accessed 27 July 2017.

Nguyen-Tuong, A., Evans, D., Knight, J. C., Cox, B., & Davidson, J. W. (2008). Security through redundant data diversity. In IEEE International Conference on Dependable Systems and Networks with FTCS and DCC (pp. 187–196). Anchorage, Alaska: USA.

Okhravi, H., Hobson, T., Bigelow, D., & Streilein, W. (2014). Finding focus in the blur of moving-target techniques. Security & Privacy, 12(2), 16–26. https://doi.org/10.1109/MSP.2013.137.CrossRef

Paasch, C., & Bonaventure, O. (2014). Multipath TCP. Queue, 12(2), 40. 12 pages.

Phatak, D. S. (2005, September 5–9). Spread-identity mechanisms for DOS resilience and security. In First International Conference on Security and Privacy for Emerging Areas in Communications Networks (pp. 23–34). Athens.

Phatak, D. S., Sherman, A. T., Joshi, N., Sonawane, B., Relan, V. G., & Dawalbhakta, A. (2013). Spread identity: A new dynamic address remapping mechanism for anonymity and DDoS defense. Journal of Computer Security, 21(2), 233–281.CrossRef

Portokalidis, G., & Keromytis, A. (2011). Global ISR: Toward a comprehensive defense against unauthorized code execution. In S. Jajodia et al. (Eds.), Moving target defense (Vol. 54, pp. 49–76). New York: Springer.CrossRef

Rieger, C. G. (2010, August). Notional examples and benchmark aspects of a resilient control system. In 3rd International Symposium on Resilient Control Systems (pp. 64–71).

Roeder, T., & Schneider, F. B. (2010). Proactive obfuscation. ACM Transactions on Computer Systems (TOCS), 28(2), 4.CrossRef

Shakarian, P., Kulkarni, N., Albanese, M., & Jajodia, S. (2014). Keeping intruders at bay: A graph-theoretic approach to reducing the probability of successful network intrusions. In International Conference on E-Business and Telecommunications, Vienna: Austria.

Soule, N., Simidchieva, B., Yaman, F., Watro, R., Loyall, J., Atighetchi, M., Carvalho, M., Last, D., Myers, D., & Flatley, B. (2015). Quantifying & minimizing attack surfaces containing moving target defenses. In Resilience week (RWS), 2015 (pp. 1–6). IEEE.

Spitzner, L. (2003, May 29). Definitions and value of honeypots. Available at http://www.tracking-hackers.com/papers/honeypots.html

Taguinod, M., Doupé, A., Zhao, Z., & Ahn, G. J. (2015). Toward a moving target defense for web applications. In Information Reuse and Integration (IRI).

Taylor, J., Zaffarano, K., Koller, B., Bancroft, C., & Syversen, J. (2016). Automated effectiveness evaluation of moving target defenses: Metrics for missions and attacks. In Proceedings of the 2016 ACM Workshop on Moving Target Defense (MTD ‘16) (pp. 129–134). ACM: New York.

The Honeynet Project (2003). Trapping the Hackers: IEEE Security and Privacy 1, 2 (March 2003), (pp. 15–23). Available at: http://dx.doi.org/10.1109/MSECP.2003.1193207

Thompson, M., Kisekka, V., & Evans, N. (2014, August 19–21). Multiple OS rotational environment: An implemented moving target defense. In 2014 seventh ISRCS. 7th International Symposium on Resilient Control Systems (ISRCS) 2014, Denver, Colorado, USA (pp. 1–6).

Thompson, M., Mendolla, M., Muggler, M., & Ike, M. (2016a). Dynamic application rotation environment for moving target defense. In 2016 Resilience week (RWS) (pp. 17–26) Chicago, IL.

Thompson, B., Morris-King, J., & Cam, H. (2016b, October 17–19). Effectiveness of proactive reset for mitigating impact of stealthy attacks on networks of autonomous systems. In 2016 I.E. Conference on Communications and Network Security (CNS) (pp. 437–441). Philadelphia.

US Department of Homeland Security (2011). Moving target defense. Available at https://www.dhs.gov/science-and-technology/csd-mtd

Van Leeuwen, B., Stout, W. M. S., & Urias, V. (2015). Operational cost of deploying moving target defenses defensive work factors. In MILCOM 2015 – 2015 I.E. Military Communications Conference (pp. 966–971). Tampa.

Verma, A. (2003). Production honeypots: An organization’s view. SANS Security Essentials.

Wang, L., Zhang, M., Jajodia, S., Singhal, A., & Albanese, M. (2014). Modeling network diversity for evaluating the robustness of networks against zero-day attacks. In European Symposium on Research in Computer Security.

Wang, H., Li, F., & Chen, S. (2016). Towards cost-effective moving target defense against DDoS and Covert channel attacks. In Proceedings of the 2016 ACM Workshop on Moving Target Defense (MTD ‘16) (pp. 15–25). ACM: New York.

Watson, D., & Riden, J. (2008). The honeynet project: Data collection tools, infrastructure, archives and analysis. In WOMBAT Workshop on Information Security Threats Data Collection and Sharing (pp. 24–30).

Wong, W. E., Debroy, V., Surampudi, A., Kim, H., & Siok, M. F. (2010). Recent catastrophic accidents: Investigating how software was responsible. In 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement (pp. 14–22). Singapore.

Yackoski, J., Bullen, H., Yu, X., & Li, J. (2013). Applying self-shielding dynamics to the network architecture. In S. Jajodia et al. (Eds.), Moving target defense II (Vol. 100, pp. 97–115). New York: Springer.CrossRef

Zank, A. (2012). Moving target defense. Coronado Group. June 18. Available at http://www.coronadogroup.com/images/Moving-Target-Defense-Coronado.pdf

Zhu, M., Hu, Z., & Liu, P. (2014). Reinforcement learning algorithms for adaptive cyber defense against Heartbleed. In Proceedings of the First ACM Workshop on Moving Target Defense.

Zhuang, R., Zhang, S., DeLoach, S. A., Ou, X., & Singhal, A. (2012). Simulation based approaches to studying effectiveness of moving-target network defense. In National Symposium on Moving Target Research.

Title: Active Defense Techniques
Authors: Nathaniel Evans
William Horsthemke
Publisher: Springer International Publishing
Book: Cyber Resilience of Systems and Networks
Print ISBN: 978-3-319-77491-6

Electronic ISBN: 978-3-319-77492-3

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-319-77492-3_10

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"