As cyberattacks are rising, Moving Target Defense (MTD) can be a countermeasure to proactively protect a networked system against cyber-attacks. Despite the fact that MTD systems demonstrate security effectiveness against the reconnaissance of Cyber Kill Chain (CKC), a time-based MTD has a limitation when it comes to protecting a system against the next phases of CKC. In this work, we propose a novel hybrid MTD technique, its implementation and evaluation. Our hybrid MTD system is designed on a real SDN testbed and it uses an intrusion detection system (IDS) to provide an additional MTD triggering condition. This in itself presents an extra layer of system protection. Our hybrid MTD technique can enhance security in the response to multi-phased cyber-attacks. The use of the reactive MTD triggering from intrusion detection alert shows that it is effective to thwart the further phase of detected cyber-attacks. We also investigate the performance degradation due to more frequent MTD triggers.This work contributes to (1) proposing an ML-based rule classification model for predicting identified attacks which helps a decision-making process for security enhancement; (2) developing a hybrid-based MTD integrated with a Network Intrusion Detection System (NIDS) with the consideration of performance and security; and (3) assessment of the performance degradation and security effectiveness against potential real attacks (i.e., scanning, dictionary, and SQL injection attack) in a physical testbed.

In this research, we evaluate the effectiveness of different MTD techniques on the transformer-based cyber anomaly detection models trained on the KDD Cup’99 Dataset, a publicly available dataset commonly used for evaluating intrusion detection systems. We explore the trade-offs between security and performance when using MTD techniques for cyber anomaly detection and investigate how MTD techniques can be combined with other cybersecurity techniques to improve the overall security of the system. We evaluate their performance using standard metrics such as accuracy and FI score, as well as measures of robustness against adversarial attacks. Our results show that MTD techniques can significantly improve the security of the anomaly detection model, with some techniques being more effective than others depending on the model architecture. We also find that there are trade-offs between security and performance, with some MTD techniques leading to a reduction in model accuracy or an increase in computation time. However, we demonstrate that these tradeoffs can be mitigated by optimizing the MTD parameters for the specific model architecture.

This paper reports on work in progress on security metrics combining risks of known and zero-day attacks. We assume that system security is modelled by Attack Graph (AG), where attack paths may include a combination of known and zeroday exploits and impact of successful attacks is quantified by system loss function. While set of feasible zero-day exploits and composition of each attack path are known, only estimates of likelihoods of known exploits are available. After averaging the system loss function over likelihoods of known exploits, we propose addressing uncertain likelihoods of zero-day exploits within framework of robust risk metrics. Assuming some prior likelihoods of zero-day exploits, robust risk metrics are identified with the worst-case Bayesian AG scenario subject to a controlled deviation of actual likelihoods of zero-day exploits from their priors. The corresponding worst-case scenario is defined with respect to the system losses due to a zero-day attack. We argue that the proposed risk metric quantifies potential benefits of system configuration diversification, such as Moving Target Defense, for mitigation of the system/attacker information asymmetry.

Network Security Resiliency - Trending towards autonomous transportation systems, modern vehicles are equipped with hundreds of sensors and actuators that increase the intelligence of the vehicles with a higher level of autonomy, as well as facilitate increased communication with entities outside the in-vehicle network.However, increase in a contact point with the outside world has exposed the controller area network (CAN) of a vehicle to remote security vulnerabilities. In particular, an attacker can inject fake high priority messages within the CAN through the contact points, while preventing legitimate messages from controlling the CAN (Denial-of-Service (DoS) attack). In this paper, we propose a Moving Target Defense (MTD) based mechanism to provide resiliency against DoS attack, where we shuffle the message priorities at different communication cycles, opposed to the state-of-the-art message priority setup, to nullify the attacker’s knowledge of message priorities for a given time. The performance and efficacy of the proposed shuffling algorithm has been analyzed under different configuration, and compared against the state-of-the-art solutions. It is observed that the proposed mechanism is successful in denying DoS attack when the attacker is able to bypass preemptive strategies and inject messages within the in-vehicle network.

Moving Target Defense - Synthetic aperture radar (SAR) is an effective remote sensor for target detection and recognition. Deep learning has a great potential for implementing automatic target recognition based on SAR images. In general, Sufficient labeled data are required to train a deep neural network to avoid overfitting. However, the availability of measured SAR images is usually limited due to high cost and security in practice. In this paper, we will investigate the relationship between the recognition performance and training dataset size. The experiments are performed on three classifiers using MSTAR (Moving and Stationary Target Acquisition and Recognition) dataset. The results show us the minimum size of the training set for a particular classification accuracy.

Moving Target Defense - As cyberattacks continuously threaten conventional defense techniques, Moving Target Defense (MTD) has emerged as a promising countermeasure to defend a system against them by dynamically changing attack surfaces of the system. MTD provides the system a state-of-art security mechanism that increases the attack cost or complexity of the system aiming for reducing vulnerabilities exposed to potential attackers. However, the notion of the proactive and dynamic systems adopting MTD services causes a substantial trade-off between system performance and security effectiveness, compared to conventional defense strategies. The MTD tactics accordingly result in performance degradation (e.g., interruptions of service availability) as one of the drawbacks caused by continuous mutations of the system configuration. Therefore, it is crucial to validate not only the security benefits against system threats but also quality-of-service (QoS) for clients when an MTDenabled system proactively continues to mutate attack surfaces. This paper contributes to (i) developing new security metrics; (ii) measuring both the performance degradation and security effectiveness against potential real attacks (i.e., scanning, HTTP flood, dictionary, and SQL injection attack); and (iii) comparing the proposed job management strategies (i.e., drop and switchover) from a performance and security perspective in a physical SDN testbed.

Moving Target Defense - Low (low altitude), slow (slow maneuvering) and small (small size)" targets such as drones pose a serious threat to airport flight safety and urban security, and there is an urgent need for effective detection. These targets have weak echoes and inconspicuous features, covered by strong clutter. Conventional radar data update rates are low with limited integration pulses, making detection extremely difficult. In this paper, the digital ubiquitous radar is used for long-time observation in order to improve the detection performance, and the high-order motion characteristics of low-altitude drone target are analyzed. The long-time integration method is proposed via Keystone transform (KT) and the enhanced fractional Fourier transform (EFRFT) to compensate the range and Doppler migrations simultaneously. Both simulation and real experiment using Lband digital ubiquitous radar are carried out to verify the performance of the proposed method. It is shown that the integration ability is better and the peak spectrum are more obvious compared with the traditional FFT-based moving target detection (MTD) and popular FRFT method.

Moving Target Defense - False Data Injection Attack(FDIA) is a typical network attack, which can bypass the Bad Data Detection(BDD) and affect State Estimation(SE), the estimation results is vital for power system, thus posing a great threat to the security of power system. In this paper, a new defense scheme is proposed, which is based on flexible switching of spare lines. By switching on the spare lines of some working transmission lines flexibly, the transmission line parameters in the power system topology can be changed, so as to reduce the possibility of FDIA. The impact of switching spare lines on power system operation and FDIA by ergodic method is analyzed. An optimization algorithm is designed to find the least system generator cost for power grid operator and the least attack space for attackers, this algorithm is tested in the IEEE 5-bus system and IEEE 30-bus system, and the results show that the scheme has a good performance in resisting FDIA.

Moving Target Defense - In the modern era, much of worldwide critical operations from a variety of different sectors are managed by industrial control systems (ICS). A typical ICS includes an extensive range of computerized devices, control systems, and networking appliances used to manage efficiently an industrial process across large geographical areas. ICS underpin sensitive and critical national infrastructures such as water treatment and energy production and transportation. The consequences of a successful attack against them can lead to shutting the infrastructure down which has major impacts such as production stoppages or safety implications for people, the environment, and assets. At the same time, running a process while the infrastructure is under attack or compromised also has safety implications, potentially catastrophic. This work-in-progress focuses on an adaptive approach, able to alter the defensive posture while providing assurances about operational capacity (or downgrading it) and safety. Our approach involves transforming policies from simply a means to enforce security requirements defined a priori, to adaptive objects that are capable to evolve in response to unfolding attacks. We use a case study of reconnaissance attacks and moving target defense as a means to realize such adaptive security policies.

Moving Target Defense - In recent years, many companies and organizations have introduced internal networks. While such internal networks propose availability and convenience, there have been many cases in which malicious outsiders have intruded on these local networks, and leaked customer information through cyber attacks. In addition, there have recently been reports of a type of attack called ”Advanced Persistent Threats (APT)”. Unlike conventional cyber attacks, these attacks target specific objectives. And they use sophisticated techniques to penetrate the target’s system. Once malware successes to intrude into the system, malware does not immediately attack the target but hides for a long time to investigate the system and gather information. Moving Target Defense, MTD is a technology that dynamically changes the configurations of systems targeted by cyber attacks. In this study, we implemented a model using a proxy-based network-level MTD to detect and quarantine malware in internal networks. And we can confirm that the proposed method is effective in the detection and quarantine of malware.

Moving Target Defense - The use of traditional defense mechanisms or intrusion detection systems presents a disadvantage for defenders against attackers since these mechanisms are essentially reactive. Moving target defense (MTD) has emerged as a proactive defense mechanism to reduce this disadvantage by randomly and continuously changing the attack surface of a system to confuse attackers. Although significant progress has been made recently in analyzing the security effectiveness of MTD mechanisms, critical gaps still exist, especially in maximizing security levels and estimating network reconfiguration speed for given attack power. In this paper, we propose a set of Petri Net models and use them to perform a comprehensive evaluation regarding key security metrics of Software-Defined Network (SDNs) based systems adopting a time-based MTD mechanism. We evaluate two use-case scenarios considering two different types of attacks to demonstrate the feasibility and applicability of our models. Our analyses showed that a time-based MTD mechanism could reduce the attackers’ speed by at least 78\% compared to a system without MTD. Also, in the best-case scenario, it can reduce the attack success probability by about ten times.

Moving Target Defense - Moving target detection algorithm plays a vital role in computer vision research. Moving object detection mainly processes video images to identify moving objects differently from the background. Moving target detection algorithm has an excellent application role, such as: used for security and forbidden area security. This paper presents an effective method for detecting moving targets. The authors combine the corner detection method with LK optical flow method. Afterimage preprocessing, image corner detection, finally, we use LK optical flow method to detect the movement of the moving object, and we can judge the movement direction of the moving object only by two frames of pictures. This method can judge the direction of moving objects only by two pictures frames and has an excellent performance in speed detection. In particular, in detecting small moving targets, the results of this method are noticeable.

Internet of Vehicles Security - As one of the effective methods to enhance traffic safety and improve traffic efficiency, the Internet of vehicles has attracted wide attention from all walks of life. V2X secure communication, as one of the research hotspots of the Internet of vehicles, also has many security and privacy problems. Attackers can use these vulnerabilities to obtain vehicle identity information and location information, and can also attack vehicles through camouflage.Therefore, the identity authentication process in vehicle network communication must be effectively protected. The anonymous identity authentication scheme based on moving target defense proposed in this paper not only ensures the authenticity and integrity of information sources, but also avoids the disclosure of vehicle identity information.

In defense and security applications, detection of moving target direction is as important as the target detection and/or target classification. In this study, a methodology for the detection of different mobile targets as approaching or receding was proposed for ground surveillance radar data, and convolutional neural networks (CNN) based on transfer learning were employed for this purpose. In order to improve the classification performance, the use of two key concepts, namely Deep Convolutional Generative Adversarial Network (DCGAN) and decision fusion, has been proposed. With DCGAN, the number of limited available data used for training was increased, thus creating a bigger training dataset with identical distribution to the original data for both moving directions. This generated synthetic data was then used along with the original training data to train three different pre-trained deep convolutional networks. Finally, the classification results obtained from these networks were combined with decision fusion approach. In order to evaluate the performance of the proposed method, publicly available RadEch dataset consisting of eight ground target classes was utilized. Based on the experimental results, it was observed that the combined use of the proposed DCGAN and decision fusion methods increased the detection accuracy of moving target for person, vehicle, group of person and all target groups, by 13.63%, 10.01%, 14.82% and 8.62%, respectively.

The use of Virtual Machine (VM) migration as support for software rejuvenation was introduced more than a decade ago. Since then, several works have validated this approach from experimental and theoretical perspectives. Recently, some works shed light on the possibility of using the same technique as Moving Target Defense (MTD). However, to date, no work evaluated the availability and security levels while applying VM migration for both rejuvenation and MTD (multipurpose VM migration). In this paper, we conduct a comprehensive evaluation using Stochastic Petri Net (SPN) models to tackle this challenge. The evaluation covers the steady-state system availability, expected MTD protection, and related metrics of a system under time-based multipurpose VM migration. Results show that the availability and security improvement due to VM migration deployment surpasses 50% in the best scenarios. However, there is a trade-off between availability and security metrics, meaning that improving one implies compromising the other.