Poster: Effectiveness of Moving Target Defense Techniques to Disrupt Attacks in the Cloud
Pages 3415 - 3417
Abstract
Moving Target Defense (MTD) can eliminate the asymmetric advantage that attackers have in terms of time to explore a static system by changing a system's configuration dynamically to reduce the efficacy of reconnaissance and increase uncertainty and complexity for attackers. To this extent, a variety of MTDs have been proposed for specific aspects of a system. However, deploying MTDs at different layers/components of the Cloud and assessing their effects on the overall security gains for the entire system is still challenging since the Cloud is a complex system entailing physical and virtual resources, and there exists a multitude of attack surfaces that an attacker can target. Thus, we explore the combination of MTDs, and their deployment at different components (belonging to various operational layers) to maximize the security gains offered by the MTDs.We also propose a quantification mechanism to evaluate the effectiveness of the MTDs against the attacks in the Cloud.
References
[1]
Hooman Alavizadeh, Julian Jang-Jaccard, and Dong Seong Kim. 2018. Evaluation for Combination of Shuffle and Diversity on Moving Target Defense Strategy for Cloud Computing. In International Conference On Trust, Security And Privacy In Computing And Communications. IEEE, New York, NY, USA, 573--578. https: //doi.org/10.1109/TrustCom/BigDataSE.2018.00087
[2]
Ping Chen, Jun Xu, Zhiqiang Lin, Dongyan Xu, Bing Mao, and Peng Liu. 2015. A Practical Approach for Adaptive Data Structure Layout Randomization. In ESORICS. Springer, 69--89. https://doi.org/10.1007/978--3--319--24174--6_4
[3]
Nils Gruschka and Meiko Jensen. 2010. Attack Surfaces: A Taxonomy for Attacks on Cloud Services. In Proceedings of the International Conference on Cloud Computing. IEEE, Miami, FL, USA, 276--279. https://doi.org/10.1109/CLOUD.2010.23
[4]
Haadi Jafarian, Ehab Al-Shaer, and Qi Duan. 2015. An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks. IEEE Transactions on Information Forensics and Security 10, 12 (2015), 2562--2577. https://doi.org/10.1109/TIFS.2015. 2467358
[5]
Samuel King and Peter M. Chen. 2006. SubVirt: Implementing malware with virtual machines. In IEEE Symposium on Security and Privacy. IEEE, 14--327. https: //doi.org/10.1109/SP.2006.38
[6]
NIST. n.d. National Vulnerability Database. Retrieved 2022-06-01 from https: //nvd.nist.gov/
[7]
Diego Perez-Botero, Jakub Szefer, and Ruby Lee. 2013. Characterizing Hypervisor Vulnerabilities in Cloud Computing Servers. In Proceedings of the ACM International Workshop on Security in Cloud Computing. ACM, 3--10. https: //doi.org/10.1145/2484402.2484406
[8]
Rui Zhuang, Scott A DeLoach, and Xinming Ou. 2014. Towards a Theory of Moving Target Defense. In Proceedings of the First ACM Workshop on Moving Target Defense. 31--40. https://doi.org/10.1145/2663474.2663479
Index Terms
- Poster: Effectiveness of Moving Target Defense Techniques to Disrupt Attacks in the Cloud
Recommendations
POSTER: Toward Intelligent Cyber Attacks for Moving Target Defense Techniques in Software-Defined Networking
ASIA CCS '23: Proceedings of the 2023 ACM Asia Conference on Computer and Communications SecurityMoving Target Defenses (MTD) are proactive security countermeasures that change the attack surface in a system in ways that make it harder for attackers to succeed. These techniques have been shown to be effective, and their application in software-...
Hypothesis Test for Low-rate DDoS Attack Detection in Cloud Computing Environment
AbstractLow-rate Distributed Denial of Service (LDoS) attack is another form of DDoS attack for disrupting the cloud services. It differs from DDoS attack in terms of attack volume. DDoS attacks usually have very high attack volume; however, LDoS have ...
Insider Threat Mitigation Using Moving Target Defense and Deception
MIST '17: Proceedings of the 2017 International Workshop on Managing Insider Security ThreatsThe insider threat has been subject of extensive study and many approaches from technical perspective to behavioral perspective and psychological perspective have been proposed to detect or mitigate it. However, it still remains one of the most ...
Comments
Information & Contributors
Information
Published In
November 2022
3598 pages
ISBN:9781450394505
DOI:10.1145/3548606
- General Chairs:
- Heng Yin,
- Angelos Stavrou,
- Program Chairs:
- Cas Cremers,
- Elaine Shi
Copyright © 2022 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 07 November 2022
Check for updates
Author Tags
Qualifiers
- Poster
Funding Sources
- Engineering and Physical Sciences Research Council
- EC H2020 CONCORDIA
Conference
CCS '22
Sponsor:
CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security
November 7 - 11, 2022
CA, Los Angeles, USA
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '24
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 110Total Downloads
- Downloads (Last 12 months)47
- Downloads (Last 6 weeks)1
Reflects downloads up to
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in