Moving Target Defense (2014 Year in Review)

 

 
SoS Newsletter Logo

MovingTarget Defense

(2014 Year in Review)

 

One of the research thrusts outlined in the 2011 report Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program was Moving Target (MT) research and development that results in the presentation of a dynamic attack surface to an adversary, increasing the work factor necessary to successfully attack and exploit a cyber target. The subsequent Symposium on Moving Target Research brought together and published the work of the MT community to provide a basis for building on the current state of the art as of June 2012. The works cited here were published in 2014.  

 

Yue-Bin Luo; Bao-Sheng Wang; Gui-Lin Cai, "Effectiveness of Port Hopping as a Moving Target Defense," Security Technology (SecTech), 2014 7th International Conference on, pp.7,10, 20-23 Dec. 2014. doi: 10.1109/SecTech.2014.9 Port hopping is a typical moving target defense, which constantly changes service port number to thwart reconnaissance attack. It is effective in hiding service identities and confusing potential attackers, but it is still unknown how effective port hopping is and under what circumstances it is a viable proactive defense because the existed works are limited and they usually discuss only a few parameters and give some empirical studies. This paper introduces urn model and quantifies the likelihood of attacker success in terms of the port pool size, number of probes, number of vulnerable services, and hopping frequency. Theoretical analysis shows that port hopping is an effective and promising proactive defense technology in thwarting network attacks.

Keywords: {security of data; attacker success likelihood; moving target defense; network attacks; port hopping; proactive defense technology; reconnaissance attack; service identity hiding; urn model; Analytical models; Computers; Ports (Computers); Probes; Reconnaissance; Servers; moving target defense; port hopping; proactive defense; urn model  (ID#: 15-3858) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7023273&isnumber=7023263

 

Carroll, T.E.; Crouse, M.; Fulp, E.W.; Berenhaut, K.S., "Analysis of Network Address Shuffling As A Moving Target Defense," Communications (ICC), 2014 IEEE International Conference on,  pp. 701, 706, 10-14 June 2014. doi: 10.1109/ICC.2014.6883401 Address shuffling is a type of moving target defense that prevents an attacker from reliably contacting a system by periodically remapping network addresses. Although limited testing has demonstrated it to be effective, little research has been conducted to examine the theoretical limits of address shuffling. As a result, it is difficult to understand how effective shuffling is and under what circumstances it is a viable moving target defense. This paper introduces probabilistic models that can provide insight into the performance of address shuffling. These models quantify the probability of attacker success in terms of network size, quantity of addresses scanned, quantity of vulnerable systems, and the frequency of shuffling. Theoretical analysis shows that shuffling is an acceptable defense if there is a small population of vulnerable systems within a large network address space, however shuffling has a cost for legitimate users. These results will also be shown empirically using simulation and actual traffic traces.

Keywords: probability; security of data; moving target defense; network address remapping; network address shuffling; probabilistic models; Computational modeling; Computers; IP networks; Information systems; Probes; Reconnaissance (ID#: 15-3859) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6883401&isnumber=6883277

 

Wei Peng; Feng Li; Chin-Tser Huang; Xukai Zou, "A Moving-Target Defense Strategy For Cloud-Based Services With Heterogeneous And Dynamic Attack Surfaces," Communications (ICC), 2014 IEEE International Conference on, pp. 804, 809, 10-14 June 2014. doi: 10.1109/ICC.2014.6883418 Due to deep automation, the configuration of many Cloud infrastructures is static and homogeneous, which, while easing administration, significantly decreases a potential attacker's uncertainty on a deployed Cloud-based service and hence increases the chance of the service being compromised. Moving-target defense (MTD) is a promising solution to the configuration staticity and homogeneity problem. This paper presents our findings on whether and to what extent MTD is effective in protecting a Cloud-based service with heterogeneous and dynamic attack surfaces - these attributes, which match the reality of current Cloud infrastructures, have not been investigated together in previous works on MTD in general network settings. We 1) formulate a Cloud-based service security model that incorporates Cloud-specific features such as VM migration/snapshotting and the diversity/compatibility of migration, 2) consider the accumulative effect of the attacker's intelligence on the target service's attack surface, 3) model the heterogeneity and dynamics of the service's attack surfaces, as defined by the (dynamic) probability of the service being compromised, as an S-shaped generalized logistic function, and 4) propose a probabilistic MTD service deployment strategy that exploits the dynamics and heterogeneity of attack surfaces for protecting the service against attackers. Through simulation, we identify the conditions and extent of the proposed MTD strategy's effectiveness in protecting Cloud-based services. Namely, 1) MTD is more effective when the service deployment is dense in the replacement pool and/or when the attack is strong, and 2) attack-surface heterogeneity-and-dynamics awareness helps in improving MTD's effectiveness.

Keywords: cloud computing; probability; security of data; S-shaped generalized logistic function; VM migration-snapshotting; attack-surface heterogeneity-and-dynamics awareness; attacker intelligence; cloud infrastructures; cloud-based service security; cloud-specific features; configuration staticity; deep automation; diversity-compatibility; dynamic attack surfaces; dynamic probability; heterogeneous attack surfaces; homogeneity problem; moving-target defense strategy; probabilistic MTD service deployment; replacement pool; service attack surface; Equations; Information systems; Mathematical model; Probabilistic logic; Probes; Security; Uncertainty; moving-target defense; probabilistic algorithm; risk modeling; simulation (ID#: 15-3860) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6883418&isnumber=6883277

 

Morrell, Christopher; Ransbottom, J.Scot; Marchany, Randy; Tront, Joseph G., "Scaling IPv6 Address Bindings In Support Of A Moving Target Defense," Internet Technology and Secured Transactions (ICITST), 2014 9th International Conference for, pp. 440, 445, 8-10 Dec. 2014. doi: 10.1109/ICITST.2014.7038852 Moving target defense is an area of network security research in which machines are moved logically around a network in order to avoid detection. This is done by leveraging the immense size of the IPv6 address space and the statistical improbability of two machines selecting the same IPv6 address. This defensive technique forces a malicious actor to focus on the reconnaissance phase of their attack rather than focusing only on finding holes in a machine's static defenses. We have a current implementation of an IPv6 moving target defense entitled MT6D, which works well although is limited to functioning in a peer to peer scenario. As we push our research forward into client server networks, we must discover what the limits are in reference to the client server ratio. In our current implementation of a simple UDP echo server that binds large numbers of IPv6 addresses to the ethernet interface, we discover limits in both the number of addresses that we can successfully bind to an interface and the speed at which UDP requests can be successfully handled across a large number of bound interfaces.

Keywords: Internet; Kernel; Security; Servers; Sockets; Standards; Time factors; IPv6; Moving Target Defense; Networking; Sockets (ID#: 15-3861) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7038852&isnumber=7038754

 

Kampanakis, P.; Perros, H.; Beyene, T., "SDN-based solutions for Moving Target Defense network protection," A World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2014 IEEE 15th International Symposium on, pp.1,6, 19-19 June 2014. doi: 10.1109/WoWMoM.2014.6918979 Software-Defined Networking (SDN) allows network capabilities and services to be managed through a central control point. Moving Target Defense (MTD) on the other hand, introduces a constantly adapting environment in order to delay or prevent attacks on a system. MTD is a use case where SDN can be leveraged in order to provide attack surface obfuscation. In this paper, we investigate how SDN can be used in some network-based MTD techniques. We first describe the advantages and disadvantages of these techniques, the potential countermeasures attackers could take to circumvent them, and the overhead of implementing MTD using SDN. Subsequently, we study the performance of the SDN-based MTD methods using Cisco's One Platform Kit and we show that they significantly increase the attacker's overheads.

Keywords: computer network security; Cisco One Platform Kit; SDN-based MTD methods; SDN-based solutions; attack surface obfuscation; central control point; countermeasures attackers; moving target defense network protection; network-based MTD techniques; software-defined networking; Algorithm design and analysis; Delays; Payloads; Ports (Computers); Reconnaissance; Servers; Cisco onePK; MTD; Moving Target Defense; SDN; Software Defined Networks (ID#: 15-3862) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6918979&isnumber=6918912

 

Carvalho, M.; Ford, R., "Moving-Target Defenses for Computer Networks," Security & Privacy, IEEE, vol. 12, no.2, pp. 73, 76, Mar.-Apr. 2014. doi: 10.1109/MSP.2014.30 One of the criticisms of traditional security approaches is that they present a static target for attackers. Critics state, with good justification, that by allowing the attacker to reconnoiter a system at leisure to plan an attack, defenders are immediately disadvantaged. To address this, the concept of moving-target defense (MTD) has recently emerged as a new paradigm for protecting computer networks and systems.

Keywords: computer network security; MTD; computer network protection; moving-target defenses; security approach; static target; Complexity theory; Computer crime; Computer security; Cyberspace; Network security; Target tracking; MTD; attack; moving-target defense; system security ;target (ID#: 15-3863) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6798537&isnumber=6798534

 

Hong, J.B.; Dong Seong Kim, "Scalable Security Models for Assessing Effectiveness of Moving Target Defenses," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp. 515, 526, 23-26 June 2014. doi: 10.1109/DSN.2014.54 Moving Target Defense (MTD) changes the attack surface of a system that confuses intruders to thwart attacks. Various MTD techniques are developed to enhance the security of a networked system, but the effectiveness of these techniques is not well assessed. Security models (e.g., Attack Graphs (AGs)) provide formal methods of assessing security, but modeling the MTD techniques in security models has not been studied. In this paper, we incorporate the MTD techniques in security modeling and analysis using a scalable security model, namely Hierarchical Attack Representation Models (HARMs), to assess the effectiveness of the MTD techniques. In addition, we use importance measures (IMs) for scalable security analysis and deploying the MTD techniques in an effective manner. The performance comparison between the HARM and the AG is given. Also, we compare the performance of using the IMs and the exhaustive search method in simulations.

Keywords: graph theory; security of data; HARMs; IMs; MTD; attack graphs; effectiveness assessment; exhaustive search method; hierarchical attack representation models; importance measures; moving target defenses; networked system security; scalable security models; security assessment; Analytical models; Computational modeling; Diversity methods; Internet; Linux; Measurement; Security; Attack Representation Model; Importance Measures; Moving Target Defense; Security Analysis; Security Modeling Techniques (ID#: 15-3864) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903607&isnumber=6903544

 

Thompson, M.; Evans, N.; Kisekka, V., "Multiple OS Rotational Environment An Implemented Moving Target Defense," Resilient Control Systems (ISRCS), 2014 7th International Symposium on, pp.1,6, 19-21 Aug. 2014. doi: 10.1109/ISRCS.2014.6900086 Cyber-attacks continue to pose a major threat to existing critical infrastructure. Although suggestions for defensive strategies abound, Moving Target Defense (MTD) has only recently gained attention as a possible solution for mitigating cyber-attacks. The current work proposes a MTD technique that provides enhanced security through a rotation of multiple operating systems. The MTD solution developed in this research utilizes existing technology to provide a feasible dynamic defense solution that can be deployed easily in a real networking environment. In addition, the system we developed was tested extensively for effectiveness using CORE Impact Pro (CORE), Nmap, and manual penetration tests. The test results showed that platform diversity and rotation offer improved security. In addition, the likelihood of a successful attack decreased proportionally with time between rotations.

Keywords: operating systems (computers);security of data; CORE; CORE Impact Pro; MTD technique; Nmap; cyber-attacks mitigation; defensive strategies; manual penetration test; moving target defense; multiple OS rotational environment; operating systems; Availability; Fingerprint recognition; IP networks; Operating systems; Security; Servers; Testing; insert (ID#: 15-3865) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6900086&isnumber=6900080

 

Marttinen, A.; Wyglinski, A.M.; Jantti, R., "Moving-Target Defense Mechanisms Against Source-Selective Jamming Attacks In Tactical Cognitive Radio MANETs," Communications and Network Security (CNS), 2014 IEEE Conference on, pp.14,20, 29-31 Oct. 2014. doi: 10.1109/CNS.2014.6997460 In this paper, we propose techniques for combating source selective jamming attacks in tactical cognitive MANETs. Secure, reliable and seamless communications are important for facilitating tactical operations. Selective jamming attacks pose a serious security threat to the operations of wireless tactical MANETs since selective strategies possess the potential to completely isolate a portion of the network from other nodes without giving a clear indication of a problem. Our proposed mitigation techniques use the concept of address manipulation, which differ from other techniques presented in open literature since our techniques employ de-central architecture rather than a centralized framework and our proposed techniques do not require any extra overhead. Experimental results show that the proposed techniques enable communications in the presence of source selective jamming attacks. When the presence of a source selective jammer blocks transmissions completely, implementing a proposed flipped address mechanism increases the expected number of required transmission attempts only by one in such scenario. The probability that our second approach, random address assignment, fails to solve the correct source MAC address can be as small as 10-7 when using accurate parameter selection.

Keywords: cognitive radio; computer network security; interference suppression; jamming; military communication; mobile ad hoc networks; probability; telecommunication network reliability; address manipulation; flipped address mechanism; moving target defense mechanism; parameter selection; probability; random address assignment; reliable communication; seamless communication; secure communication; source MAC address; source selective jammer block transmission; source selective jamming attack combination; tactical cognitive radio MANET; Ad hoc networks; Communication system security; Delays; Jamming; Mobile computing; Wireless communication (ID#: 15-3866) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6997460&isnumber=6997445

 

Yu Li; Rui Dai; Junjie Zhang, "Morphing Communications Of Cyber-Physical Systems Towards Moving-Target Defense," Communications (ICC), 2014 IEEE International Conference on, pp. 592, 598, 10-14 June 2014. doi: 10.1109/ICC.2014.6883383 Since the massive deployment of Cyber-Physical Systems (CPSs) calls for long-range and reliable communication services with manageable cost, it has been believed to be an inevitable trend to relay a significant portion of CPS traffic through existing networking infrastructures such as the Internet. Adversaries who have access to networking infrastructures can therefore eavesdrop network traffic and then perform traffic analysis attacks in order to identify CPS sessions and subsequently launch various attacks. As we can hardly prevent all adversaries from accessing network infrastructures, thwarting traffic analysis attacks becomes indispensable. Traffic morphing serves as an effective means towards this direction. In this paper, a novel traffic morphing algorithm, CPSMorph, is proposed to protect CPS sessions. CPSMorph maintains a number of network sessions whose distributions of inter-packet delays are statistically indistinguishable from those of typical network sessions. A CPS message will be sent through one of these sessions with assured satisfaction of its time constraint. CPSMorph strives to minimize the overhead by dynamically adjusting the morphing process. It is characterized by low complexity as well as high adaptivity to changing dynamics of CPS sessions. Experimental results have shown that CPSMorph can effectively performing traffic morphing for real-time CPS messages with moderate overhead.

Keywords: Internet; computer network reliability; telecommunication traffic; CPS traffic; CPSMorph traffic morphing algorithm; Internet; cyber-physical systems; eavesdrop network traffic; inter-packet delays; long-range communication services; morphing communications; moving-target defense; network sessions ;networking infrastructures; reliable communication services; thwarting traffic analysis attacks; traffic analysis attacks; Algorithm design and analysis; Delays; Information systems; Real-time systems; Security; Silicon; Time factors (ID#: 15-3867) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6883383&isnumber=6883277

 

Fink, G.A.; Haack, J.N.; McKinnon, A.D.; Fulp, E.W., "Defense on the Move: Ant-Based Cyber Defense," Security & Privacy, IEEE, vol. 12, no. 2, pp.36,43, Mar.-Apr. 2014. doi: 10.1109/MSP.2014.21 Many common cyberdefenses (like firewalls and intrusion-detection systems) are static, giving attackers the freedom to probe them at will. Moving-target defense (MTD) adds dynamism, putting the systems to be defended in motion, potentially at great cost to the defender. An alternative approach is a mobile resilient defense that removes attackers' ability to rely on prior experience without requiring motion in the protected infrastructure. The defensive technology absorbs most of the cost of motion, is resilient to attack, and is unpredictable to attackers. The authors' mobile resilient defense, Ant-Based Cyber Defense (ABCD), is a set of roaming, bio-inspired, digital-ant agents working with stationary agents in a hierarchy headed by a human supervisor. ABCD provides a resilient, extensible, and flexible defense that can scale to large, multi-enterprise infrastructures such as the smart electric grid.

Keywords: optimisation; security of data; ant-based cyber defense; defended systems; mobile resilient defense; moving-target defense; protected infrastructure; Computer crime; Computer security; Cyberspace; Database systems; Detectors; Malware; Mobile communication; Particle swarm intelligence; Statistics; Target tracking; MTD; cybersecurity; digital ants; moving-target defense; swarm intelligence (ID#: 15-3868) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6798536&isnumber=6798534

 

Quan Jia; Huangxin Wang; Fleck, D.; Fei Li; Stavrou, A.; Powell, W., "Catch Me If You Can: A Cloud-Enabled DDoS Defense," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.264,275, 23-26 June 2014. doi: 10.1109/DSN.2014.35 We introduce a cloud-enabled defense mechanism for Internet services against network and computational Distributed Denial-of-Service (DDoS) attacks. Our approach performs selective server replication and intelligent client re-assignment, turning victim servers into moving targets for attack isolation. We introduce a novel system architecture that leverages a "shuffling" mechanism to compute the optimal re-assignment strategy for clients on attacked servers, effectively separating benign clients from even sophisticated adversaries that persistently follow the moving targets. We introduce a family of algorithms to optimize the runtime client-to-server re-assignment plans and minimize the number of shuffles to achieve attack mitigation. The proposed shuffling-based moving target mechanism enables effective attack containment using fewer resources than attack dilution strategies using pure server expansion. Our simulations and proof-of-concept prototype using Amazon EC2 [1] demonstrate that we can successfully mitigate large-scale DDoS attacks in a small number of shuffles, each of which incurs a few seconds of user-perceived latency.

Keywords: client-server systems; cloud computing; computer network security; Amazon EC2; Internet services; attack dilution strategies; attack mitigation; client-to-server reassignment plans; cloud computing; cloud-enabled DDoS defense; computational distributed denial-of-service attacks; intelligent client reassignment; large-scale DDoS attacks; moving target mechanism; moving targets; network attacks; optimal reassignment strategy; shuffling mechanism; system architecture; turning victim servers; Cloud computing; Computer architecture; Computer crime; IP networks; Servers; Web and internet services; Cloud; DDoS; Moving Target Defense; Shuffling (ID#: 15-3869) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903585&isnumber=6903544

 

Moody, W.C.; Hongxin Hu; Apon, A., "Defensive maneuver cyber platform modeling with Stochastic Petri Nets," Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2014 International Conference on, pp.531, 538, 22-25 Oct. 2014. Abstract: Distributed and parallel applications are critical information technology systems in multiple industries, including academia, military, government, financial, medical, and transportation. These applications present target rich environments for malicious attackers seeking to disrupt the confidentiality, integrity and availability of these systems. Applying the military concept of defense cyber maneuver to these systems can provide protection and defense mechanisms that allow survivability and operational continuity. Understanding the tradeoffs between information systems security and operational performance when applying maneuver principles is of interest to administrators, users, and researchers. To this end, we present a model of a defensive maneuver cyber platform using Stochastic Petri Nets. This model enables the understanding and evaluation of the costs and benefits of maneuverability in a distributed application environment, specifically focusing on moving target defense and deceptive defense strategies.

Keywords: Petri nets; security of data; stochastic processes; deceptive defense strategies; defensive maneuver cyber platform modeling; information systems security; malicious attackers; moving target defense strategies; stochastic Petri nets; Control systems; Cyberspace; Military computing; Petri nets; Security; Standards; Stochastic processes (ID#: 15-3870) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7014609&isnumber=7011734

 

Torrieri, D., "Cyber Maneuvers and Maneuver Keys," Military Communications Conference (MILCOM), 2014 IEEE, pp. 262, 267, 6-8 Oct. 2014. doi: 10.1109/MILCOM.2014.48 This paper presents an overview of cyber maneuvers and their roles in cyber security. As the cyber war escalates, a strategy that preemptively limits and curtails attacks is required. Such a proactive strategy is called a cyber maneuver and is a refinement of the concept of a moving-target defense, which includes both reactive and proactive network changes. The major advantages of cyber maneuvers relative to other moving-target defenses are described. The use of maneuver keys in making cyber maneuvers much more feasible and affordable is explained. As specific examples, the applications of maneuver keys in encryption algorithms and as spread-spectrum keys are described. The integration of cyber maneuvers into a complete cyber security system with intrusion detection, identification of compromised nodes, and secure rekeying is presented. An example of secure rekeying despite the presence of compromised nodes is described.

Keywords: cryptography; cyber maneuvers; cyber security system; encryption algorithm; intrusion detection; maneuver keys; moving-target defenses; proactive network change; proactive strategy; reactive network change; secure rekeying; spread-spectrum key; Computer security; Encryption; Hardware; Intrusion detection; Jamming (ID#: 15-3871) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6956769&isnumber=6956719

 

Tunc, C.; Fargo, F.; Al-Nashif, Y.; Hariri, S.; Hughes, J., "Autonomic Resilient Cloud Management (ARCM) Design and Evaluation," Cloud and Autonomic Computing (ICCAC), 2014 International Conference on, pp. 44, 49, 8-12 Sept. 2014. doi: 10.1109/ICCAC.2014.35 Cloud computing is emerging as a new paradigm that aims delivering computing as a utility. For the cloud computing paradigm to be fully adopted and effectively used, it is critical that the security mechanisms are robust and resilient to faults and attacks. Securing cloud systems is extremely complex due to the many interdependent tasks such as application layer firewalls, alert monitoring and analysis, source code analysis, and user identity management. It is strongly believed that we cannot build cloud services that are immune to attacks. Resiliency to attacks is becoming an important approach to address cyber-attacks and mitigate their impacts. Resiliency for mission critical systems is demanded higher. In this paper, we present a methodology to develop an Autonomic Resilient Cloud Management (ARCM) based on moving target defense, cloud service Behavior Obfuscation (BO), and autonomic computing. By continuously and randomly changing the cloud execution environments and platform types, it will be difficult especially for insider attackers to figure out the current execution environment and their existing vulnerabilities, thus allowing the system to evade attacks. We show how to apply the ARCM to one class of applications, Map/Reduce, and evaluate its performance and overhead.

Keywords: cloud computing; security of data; software fault tolerance; ARCM;BO; autonomic resilient cloud management; cloud computing; cloud service behavior obfuscation; cloud system security; moving target defense; Cloud computing; Conferences; Autonomic Resilient Cloud Management; behavior obfuscation; resiliency (ID#: 15-3872) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7024043&isnumber=7024029

 

Azab, M., "Multidimensional Diversity Employment for Software Behavior Encryption," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1, 5, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814033 Modern cyber systems and their integration with the infrastructure has a clear effect on the productivity and quality of life immensely. Their involvement in our daily life elevate the need for means to insure their resilience against attacks and failure. One major threat is the software monoculture. Latest research work demonstrated the danger of software monoculture and presented diversity to reduce the attack surface. In this paper, we propose ChameleonSoft, a multidimensional software diversity employment to, in effect, induce spatiotemporal software behavior encryption and a moving target defense. ChameleonSoft introduces a loosely coupled, online programmable software-execution foundation separating logic, state and physical resources. The elastic construction of the foundation enabled ChameleonSoft to define running software as a set of behaviorally-mutated functionally-equivalent code variants. ChameleonSoft intelligently Shuffle, at runtime, these variants while changing their physical location inducing untraceable confusion and diffusion enough to encrypt the execution behavior of the running software. ChameleonSoft is also equipped with an autonomic failure recovery mechanism for enhanced resilience. In order to test the applicability of the proposed approach, we present a prototype of the ChameleonSoft Behavior Encryption (CBE) and recovery mechanisms. Further, using analysis and simulation, we study the performance and security aspects of the proposed system. This study aims to assess the provisioned level of security by measuring the avalanche effect percentage and the induced confusion and diffusion levels to evaluate the strength of the CBE mechanism. Further, we compute the computational cost of security provisioning and enhancing system resilience.

Keywords: computational complexity; cryptography; multidimensional systems; software fault tolerance; system recovery; CBE mechanism; ChameleonSoft Behavior Encryption; ChameleonSoft recovery mechanisms; autonomic failure recovery mechanism; avalanche effect percentage; behaviorally-mutated functionally-equivalent code variants; computational cost; confusion levels; diffusion levels; moving target defense; multidimensional software diversity employment; online programmable software-execution foundation separating logic; security level; security provisioning; software monoculture; spatiotemporal software behavior encryption; system resilience; Employment; Encryption; Resilience; Runtime; Software; Spatiotemporal phenomena (ID#: 15-3873) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814033&isnumber=6813963

 

Hang Shao; Japkowicz, N.; Abielmona, R.; Falcon, R., "Vessel Track Correlation And Association Using Fuzzy Logic and Echo State Networks," Evolutionary Computation (CEC), 2014 IEEE Congress on, pp.2322,2329, 6-11 July 2014. doi: 10.1109/CEC.2014.6900231 Tracking moving objects is a task of the utmost importance to the defence community. As this task requires high accuracy, rather than employing a single detector, it has become common to use multiple ones. In such cases, the tracks produced by these detectors need to be correlated (if they belong to the same sensing modality) or associated (if they were produced by different sensing modalities). In this work, we introduce Computational-Intelligence-based methods for correlating and associating various contacts and tracks pertaining to maritime vessels in an area of interest. Fuzzy k-Nearest Neighbours will be used to conduct track correlation and Fuzzy C-Means clustering will be applied for association. In that way, the uncertainty of the track correlation and association is handled through fuzzy logic. To better model the state of the moving target, the traditional Kalman Filter will be extended using an Echo State Network. Experimental results on five different types of sensing systems will be discussed to justify the choices made in the development of our approach. In particular, we will demonstrate the judiciousness of using Fuzzy k-Nearest Neighbours and Fuzzy C-Means on our tracking system and show how the extension of the traditional Kalman Filter by a recurrent neural network is superior to its extension by other methods.

Keywords: Kalman filters; correlation methods; fuzzy logic; fuzzy set theory; marine vehicles; naval engineering computing; object tracking; pattern clustering; recurrent neural nets; Kalman filter; computational-intelligence-based methods; defense community; echo state networks; fuzzy c-means clustering; fuzzy k-nearest neighbours; fuzzy logic; maritime vessels; moving object tracking; recurrent neural network; sensing modality; vessel track association; vessel track correlation; Correlation; Mathematical model; Radar tracking; Recurrent neural networks; Sensors; Target tracking; Vectors; Computational Intelligence; Data Fusion; Defence and Security; Fuzzy Logic; Maritime Domain Awareness; Neural Networks; Track Association; Track Correlation (ID#: 15-3874) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6900231&isnumber=6900223

 

Jian Wu; Yongmei Jiang; Gangyao Kuang; Jun Lu; Zhiyong Li, "Parameter Estimation For SAR Moving Target Detection using Fractional Fourier Transform," Geoscience and Remote Sensing Symposium (IGARSS), 2014 IEEE International, pp. 596, 599, 13-18 July 2014. doi: 10.1109/IGARSS.2014.6946493 This paper proposes an algorithm for multi-channel SAR ground moving target detection and estimation using the Fractional Fourier Transform(FrFT). To detect the moving target with low speed, the clutter is first suppressed by Displace Phase Center Antenna(DPCA), then the signal-to-clutter can be enhanced. Have suppressed the clutter, the echo of moving target remains and can be regarded as a chirp signal whose parameters can be estimated by FrFT. FrFT, one of the most widely used tools to time-frequency analysis, is utilized to estimate the Doppler parameters, from which the moving parameters, including the velocity and the acceleration can be obtained. The effectiveness of the proposed method is validated by the simulation.

Keywords: Doppler radar; Fourier transforms; geophysical techniques; parameter estimation; radar antennas; synthetic aperture radar; Doppler parameters; FrFT; SAR moving target detection; displace phase center antenna; fractional fourier transform; moving target echo; multichannel SAR ground algorithm; parameter estimation; target moving; time-frequency analysis; Acceleration; Apertures; Azimuth; Clutter; Doppler effect; Parameter estimation; Radar; Fractional Fourier Transform; GMTI; parameter estimation (ID#: 15-3875) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6946493&isnumber=6946328

 

Zhang Deping; Wang Quan; Wang Qingping; Wu WeiWei; Yuan NaiChang, "A Real Continuously Moving Target Simulation System Design Without Time Delay Error," Signal Processing, Communications and Computing (ICSPCC), 2014 IEEE International Conference on, pp.258, 261, 5-8 Aug. 2014. doi: 10.1109/ICSPCC.2014.6986194 The time delay of echo generated by the moving target simulator based on digital delay technique is discrete. So there are range and phase errors between the simulated target and real target, and the simulated target will move discontinuously due to the discrete time delay. In order to solve this problem and generate a continuously moving target, this paper uses signal processing technique to adjust the range and phase errors between the two targets. By adjusting the range gate, the time delay error is reduced to be smaller than sampling interval. According to the relationship between range and phase, the left error within one range bin can be removed equivalently by phase compensation. The simulation results show that by adjusting the range gate, the time delay errors are greatly reduced, and the left errors can be removed by phase compensation. In other words, a real continuously moving target is generated and the problem is solved.

Keywords: delays; echo; radar signal processing; continuously moving target simulation system design; digital delay technique; discrete time delay; echo time delay; phase compensation; radar moving target simulator; signal processing technique; time delay error; Delay effects; Delay lines; Laser radar; Logic gates; Radar antennas; Radar cross-sections ;moving target simulator; phase compensation; radar simulator; time delay error adjustment (ID#: 15-3876) 

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6986194&isnumber=6986138

Note:



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.