Ghost-MTD: Moving Target Defense via Protocol Mutation for Mission-Critical Cloud Systems

Jun-Gyu Park, Yangjae Lee, Ki-Wan Kang, Sang-Hoon Lee and Ki-Woong Park
Additional contact information
Jun-Gyu Park: SysCore Laboratory, Sejong University, Seoul 05006, Korea
Yangjae Lee: SysCore Laboratory, Sejong University, Seoul 05006, Korea
Ki-Wan Kang: SysCore Laboratory, Sejong University, Seoul 05006, Korea
Sang-Hoon Lee: Agency for Defense Development, Daejeon 34060, Korea
Ki-Woong Park: Department of Computer and Information Security, Sejong University, Seoul 05006, Korea

Energies, 2020, vol. 13, issue 8, 1-12

Abstract: Research on various security technologies has been actively underway to protect systems from attackers. However, attackers can secure enough time to reconnoiter and attack the target system owing to its static nature. This develops asymmetric warfare in which attackers outwit defenders. Moving target defense (MTD) technologies, which obfuscate the attack surface by modifying the main properties of the potential target system, have been gaining attention as an active cyber security technology. Particularly, network-based MTD (NMTD) technologies, which dynamically mutate the network configuration information, such as IP and ports of the potential target system, can dramatically increase the time required for an attacker to analyze the system. Therefore, this system defense technology has been actively researched. However, increasing the analysis complexity of the target system is limited in conventional NMTD because the variation of system properties (e.g., IP, port) that can be mutated is restricted by the system configuration environment. Therefore, there is a need for an MTD technique that effectively delays an attacker during the system analysis by increasing the variation of system properties. Additionally, in terms of practicality, minimizing the computational overhead arising by the MTD technology and solving the compatibility problem with existing communication protocols are critical issues that cannot be overlooked. In this study, we propose a technology called Ghost-MTD ( gMTD ). gMTD allows only the user who is aware of protocol mutation patterns to correctly communicate with the service modules of the server system through protocol mutation using the pre-shared one-time bit sequence. Otherwise, gMTD deceives the attackers who attempt to infiltrate the system by redirecting their messages to a decoy-hole module. The experimental results show that the proposed technology enables protocol mutation and validation with a very low performance overhead of only 3.28% to 4.97% using an m-bit (m ≥ 4) length one-time bit sequence and can be applied to real systems regardless of the specific communication protocols.

Keywords: moving target defense; deception; protocol mutation; mission-critical cloud systems (search for similar items in EconPapers)
JEL-codes: Q Q0 Q4 Q40 Q41 Q42 Q43 Q47 Q48 Q49 (search for similar items in EconPapers)
Date: 2020
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1996-1073/13/8/1883/pdf (application/pdf)
https://www.mdpi.com/1996-1073/13/8/1883/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jeners:v:13:y:2020:i:8:p:1883-:d:344845

Access Statistics for this article

Energies is currently edited by Ms. Agatha Cao

More articles in Energies from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().