A Survey of Moving Target Defenses for Network Security
Network defense techniques based on traditional tools, techniques, and procedures fail to account for the attacker's inherent advantage present due to the static nature of network services and configurations. Moving Target Defense (MTD), on the other hand, provides an intelligent countermeasure by dynamically re-configuring the underlying systems, thereby reducing the effectiveness of cyber attacks. In this survey, we analyze the recent advancements made in the development of MTDs and highlight how these defenses can be made more effective with the use of artificial intelligence techniques for decision making. We first define a unified formal notation for MTDs that can capture different aspects of such defenses. We then categorize these defenses into different sub-classes depending on how they answer the three questions -- what to move, when to move and how to move -- showcasing how game-theoretic strategies can effectively answer the latter question. To understand the usefulness of these defense methods, we study the implementation of such MTD techniques. We find that new networking technologies such as Software Defined Networking and Network Function Virtualization provide effective means for implementing these dynamic defense methods. To encourage researchers and industry experts in using such defenses, we highlight industry use-cases and discuss the practicality and maturity of these defenses. To aid readers who want to test or deploy MTD techniques, we highlight existing MTD test-beds. Our survey then performs both a qualitative and quantitative analysis to better understand the effectiveness of these MTDs in terms of security and performance. To that extent, we use well-defined metrics for measuring performance costs and security impacts of the surveyed MTDs. Finally, we conclude by summarizing research opportunities that our survey elucidates.
READ FULL TEXT