文章基本信息

标题：Analyzing the Effect of Moving Target Defense for a Web System
本地全文：下载
作者：Wai Kyi Kyi Oo ; Hiroshi Koide ; Kouichi Sakurai 等
期刊名称：International Journal of Networking and Computing
印刷版ISSN：2185-2847
出版年度：2019
卷号：9
期号：2
页码：188-200
出版社：International Journal of Networking and Computing
摘要：Moving target defense (MTD) is a feasible idea for reducing the ratio of successful attacks by altering or diversifying the attributes or parameters of a protected system. As a result of applying MTD techniques to a system, an attacker would have more difficulties in launching attacks. Although several MTD techniques have been proposed for different types of attack, estimating the effectiveness of combining these MTDs remains a challenge. With the aim of setting up a method for evaluating MTDs, we first propose a model composed of two MTD diversification techniques to compare an attack success ratio between theoretical and experimental probability. To validate the proposed model, we conducted an experiment involving an actual attack and then analyzed how our MTD model can adequately estimate a binary-code injection attack. Results show that the rate of attack success is 100% when MTD diversification is not implemented, while the rate is reduced depending on how many variants can be diversified in a target system. Our method is an important first step toward establishing a method for evaluating MTDs, as well as predicting an MTD’s defensive abilities.
关键词：Moving target defense; Cyber defense; Attack success ratio; Binary-code injection; Diversification; Web system
其他关键词：Moving target defense;Cyber defense;Attack success ratio;Binary-code injection;Diversification;Web system