Research and development on IT security yields many different techniques and concepts to thwart off attackers in computer systems and networks, all of which come with different advantages and disadvantages. Choosing a capable solution that fits one's needs is a crucial, but also very challenging task. This is especially true for new emerging security paradigms where empirical data from the real world are still missing.
One of these IT security paradigms is Moving Target Defense (MTD). Through repeatedly altering a system’s configuration and/or appearance, MTD intends to divert attackers, inhibit reconnaissance and increase effort of attacks. Many publications have emerged from research in this field, suggesting new techniques or providing practical implementations. However, it is not ultimately clear how effective these Moving Target Defense techniques actually are, and how they compare to each other or conventional defense mechanisms. Previous research mainly focused on the evaluation of individual techniques or on the comparison of at most two or three of them in very limited theoretical scenarios. What has been lacking so far is a flexible framework for assessing and fairly comparing the effectiveness of different defense techniques in diverse, and most importantly, realistic scenarios. This would assist researchers in benchmarking proposed techniques, and practitioners in selecting appropriate defenses that fit their scenarios.
To solve this problem, defense techniques and the attacks they are supposed to protect against need to be assessed under realistic conditions to be able to deliver meaningful results in the first place. Furthermore, such evaluation must not be limited to defenses arising from MTD or any other emerging paradigm for that matter, but be applicable to traditional and established defenses alike, to allow for a fair comparison. To this end, an attack simulation-based evaluation framework is proposed that --- based on detailed modeling --- is able to compare different types of defenses under realistic conditions to produce meaningful results on defense effects.
Case studies conducted with this framework, where different Moving Target Defenses are evaluated in a realistically modeled corporate network, reveal interesting and novel findings. Despite high-ranked publications saying otherwise, one of the most frequently suggested MTD techniques, virtual machine (VM) migration, may in fact have a negative effect on security. However, observed defense effects vary depending on details of the environment they are assessed in, implying that generalizing on the basis of incidental evidence is not advisable. Consequently, for evaluation to be fair and findings to be meaningful, detailed and realistic modeling is not sufficient but evaluation in diverse settings is equally important. To account for this newly determined requirement, the framework is extended with functionality allowing for the automated generation and diversification of realistic benchmark networks. Using this feature, simulation can automatically be scaled with ease, painting a more fine-grained picture of defense effects and their distribution. Analysis of simulation results obtained from 500 of such benchmark networks not only confirms findings of the first case study but also reveals additional effects of the employed defenses, thus further emphasizing the need to base evaluation on a broad range of diverse networks.
Apart from defense evaluation, anonymous and dynamic routing is inspected more closely as one form of Moving Target Defense. Despite being regarded as a promising approach, respective techniques are yet underrepresented in MTD research. To this end, suggested network-layer anonymity protocols for application in the internet are investigated and shortcomings identified to subsequently propose an improved anonymous and dynamic routing protocol that can generally be applied in the context of closed corporate networks and the internet alike.
