Proactive defense mechanism (2024)

Skip Abstract Section

1. Ajmal et al., 2021 Ajmal A.B., Alam M., Khaliq A.A., Khan S., Qadir Z., Mahmud M.P., Last line of defense: reliability through inducing cyber threat hunting with deception in scada networks, IEEE Access 9 (2021) 126789–126800.Google Scholar
2. Al-Shaer, 2011 Al-Shaer E., Toward network configuration randomization for moving target defense, in: Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Springer, 2011, pp. 153–159.Google Scholar
3. Alavizadeh et al., 2018 Alavizadeh H., Jang-Jaccard J., Kim D.S., Evaluation for combination of shuffle and diversity on moving target defense strategy for cloud computing, in: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), IEEE, 2018, pp. 573–578.Google Scholar
4. Alavizadeh et al., 2017 Alavizadeh H., Kim D.S., Hong J.B., Jang-Jaccard J., Effective security analysis for combinations of mtd techniques on cloud computing (short paper), in: International Conference on Information Security Practice and Experience, Springer, 2017, pp. 539–548.Google Scholar
5. Alavizadeh et al., 2020 Alavizadeh H., Kim D.S., Jang-Jaccard J., Model-based evaluation of combinations of shuffle and diversity mtd techniques on the cloud, Future Gener. Comput. Syst. 111 (2020) 507–522.Google Scholar
6. Almohaimeed et al., 2019 Almohaimeed A., Gampa S., Singh G., Privacy-preserving iot devices, in: 2019 IEEE Long Island Systems, Applications and Technology Conference (LISAT), IEEE, 2019, pp. 1–5.Google Scholar
7. Anirudh et al., 2017 Anirudh M., Thileeban S.A., Nallathambi D.J., Use of honeypots for mitigating dos attacks targeted on iot networks, in: 2017 International Conference on Computer, Communication and Signal Processing (ICCCSP), IEEE, 2017, pp. 1–4.Google Scholar
8. Antonatos et al., 2005 Antonatos S., Akritidis P., Markatos E.P., Anagnostakis K.G., Defending against hitlist worms using network address space randomization, in: Proceedings of the 2005 ACM Workshop on Rapid Malcode, 2005, pp. 30–40.Google Scholar
9. Anwar et al., 2020 Anwar A.H., Kamhoua C., Leslie N., Honeypot allocation over attack graphs in cyber deception games, in: 2020 International Conference on Computing, Networking and Communications (ICNC), IEEE, 2020, pp. 502–506.Google Scholar
10. Anwar and Kamhoua, 2022 Anwar A.H., Kamhoua C.A., Cyber deception using honeypot allocation and diversity: a game theoretic approach, in: 2022 IEEE 19th Annual Consumer Communications & Networking Conference (CCNC), IEEE, 2022, pp. 543–549.Google Scholar
11. Azab et al., 2011 Azab M., Hassan R., Eltoweissy M., Chameleonsoft: a moving target defense system, in: 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), IEEE, 2011, pp. 241–250.Google Scholar
12. Bawany et al., 2017 Bawany N.Z., Shamsi J.A., Salah K., Ddos attack detection and mitigation using sdn: methods, practices, and solutions, Arab. J. Sci. Eng. 42 (2017) 425–441.Google Scholar
13. Bernardos et al., 2014 Bernardos C.J., De La Oliva A., Serrano P., Banchs A., Contreras L.M., Jin H., Zúñiga J.C., An architecture for software defined wireless networking, IEEE Wirel. Commun. 21 (3) (2014) 52–61.Google Scholar
14. Bhunia and Gurusamy, 2017 Bhunia S.S., Gurusamy M., Dynamic attack detection and mitigation in iot using sdn, in: 2017 27th International Telecommunication Networks and Applications Conference (ITNAC), IEEE, 2017, pp. 1–6.Google Scholar
15. Borbor et al., 2019 Borbor D., Wang L., Jajodia S., Singhal A., Optimizing the network diversity to improve the resilience of networks against unknown attacks, Comput. Commun. 145 (2019) 96–112.Google ScholarDigital Library
16. Bulle et al., 2020 Bulle B.B., Santin A.O., Viegas E.K., dos Santos R.R., A host-based intrusion detection model based on os diversity for scada, in: IECON 2020 the 46th Annual Conference of the IEEE Industrial Electronics Society, IEEE, 2020, pp. 691–696.Google Scholar
17. Butun et al., 2019 Butun I., Österberg P., Song H., Security of the Internet of things: vulnerabilities, attacks, and countermeasures, IEEE Commun. Surv. Tutor. 22 (1) (2019) 616–644.Google ScholarDigital Library
18. Cai et al., 2016 Cai G.-l., Wang B.-s., Hu W., Wang T.-z., Moving target defense: state of the art and characteristics, Front. Inf. Technol. Electron. Eng. 17 (11) (2016) 1122–1153.Google Scholar
19. Chaabouni et al., 2019 Chaabouni N., Mosbah M., Zemmari A., Sauvignac C., Faruki P., Network intrusion detection for iot security based on learning techniques, IEEE Commun. Surv. Tutor. 21 (3) (2019) 2671–2701.Google Scholar
20. Chen et al., 2021 Chen H., Cam H., Xu S., Quantifying cybersecurity effectiveness of dynamic network diversity, IEEE Trans. Dependable Secure Comput. 19 (6) (2021) 3804–3821.Google Scholar
21. Cho et al., 2020 Cho J.-H., Sharma D.P., Alavizadeh H., Yoon S., Ben-Asher N., Moore T.J., Kim D.S., Lim H., Nelson F.F., Toward proactive, adaptive defense: a survey on moving target defense, IEEE Commun. Surv. Tutor. 22 (1) (2020) 709–745.Google ScholarDigital Library
22. De Oliveira et al., 2015 De Oliveira B.T., Gabriel L.B., Margi C.B., Tinysdn: enabling multiple controllers for software-defined wireless sensor networks, IEEE Lat. Am. Trans. 13 (11) (2015) 3690–3696.Google Scholar
23. Dowling et al., 2017 Dowling S., Schukat M., Melvin H., A zigbee honeypot to assess iot cyberattack behaviour, in: 2017 28th Irish Signals and Systems Conference (ISSC), IEEE, 2017, pp. 1–6.Google Scholar
24. Du and Wang, 2019 Du M., Wang K., An sdn-enabled pseudo-honeypot strategy for distributed denial of service attacks in industrial internet of things, IEEE Trans. Ind. Inform. 16 (1) (2019) 648–657.Google Scholar
25. Duman et al., 2017 Duman O., Zhang M., Wang L., Debbabi M., Measuring the security posture of iec 61850 substations with redundancy against zero day attacks, in: 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm), IEEE, 2017, pp. 108–114.Google Scholar
26. Fda, 2017 Fda F.D.A., US Food and Drug Administration, 2017.Google Scholar
27. Galluccio et al., 2015 Galluccio L., Milardo S., Morabito G., Palazzo S., Sdn-wise: design, prototyping and experimentation of a stateful sdn solution for wireless sensor networks, in: 2015 IEEE Conference on Computer Communications (INFOCOM), IEEE, 2015, pp. 513–521.Google Scholar
28. Garcia et al., 2011 Garcia M., Bessani A., Gashi I., Neves N., Obelheiro R., Os diversity for intrusion tolerance: myth or reality?, in: 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN), IEEE, 2011, pp. 383–394.Google Scholar
29. Gärtner, 2003 Gärtner F.C., Byzantine failures and security: arbitrary is not (always) random, in: INFORMATIK 2003-Mit Sicherheit Informatik, Schwerpunkt “Sicherheit-Schutz und Zuverlässigkeit”, 2003.Google Scholar
30. Ge et al., 2021 Ge M., Cho J.-H., Kim D., Dixit G., Chen I.-R., Proactive defense for internet-of-things: moving target defense with cyberdeception, ACM Trans. Internet Technol. 22 (1) (2021) 1–31.Google Scholar
31. Ge et al., 2017 Ge M., Hong J.B., Guttmann W., Kim D.S., A framework for automating security analysis of the internet of things, J. Netw. Comput. Appl. 83 (2017) 12–27.Google Scholar
32. Gorbenko et al., 2019 Gorbenko A., Romanovsky A., Tarasyuk O., Biloborodov O., From analyzing operating system vulnerabilities to designing multiversion intrusion-tolerant architectures, IEEE Trans. Reliab. 69 (1) (2019) 22–39.Google Scholar
33. Guo et al., 2019 Guo X., Lin H., Li Z., Peng M., Deep-reinforcement-learning-based qos-aware secure routing for sdn-iot, IEEE Int. Things J. 7 (7) (2019) 6242–6251.Google Scholar
34. Hamada et al., 2018 Hamada A.O., Azab M., Mokhtar A., Honeypot-like moving-target defense for secure iot operation, in: 2018 IEEE 9th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), IEEE, 2018, pp. 971–977.Google Scholar
35. Hassija et al., 2019 Hassija V., Chamola V., Saxena V., Jain D., Goyal P., Sikdar B., A survey on iot security: application areas, security threats, and solution architectures, IEEE Access 7 (2019) 82721–82743.Google Scholar
36. Hong and Kim, 2013 Hong J.B., Kim D.S., Scalable security model generation and analysis using k-importance measures, in: Security and Privacy in Communication Networks: 9th International ICST Conference, in: Revised Selected Papers, vol. 9, SecureComm 2013, Sydney, NSW, Australia, September 25–28, 2013, Springer, 2013, pp. 270–287.Google Scholar
37. Hong and Kim, 2015 Hong J.B., Kim D.S., Assessing the effectiveness of moving target defenses using security models, IEEE Trans. Dependable Secure Comput. 13 (2) (2015) 163–177.Google ScholarDigital Library
38. Hong et al., 2017 Hong J.B., Kim D.S., Chung C.-J., Huang D., A survey on the usability and practical applications of graphical security models, Comput. Sci. Rev. 26 (2017) 1–16.Google ScholarDigital Library
39. Huang and Ghosh, 2011 Huang Y., Ghosh A.K., Introducing diversity and uncertainty to create moving attack surfaces for web services, in: Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Springer, 2011, pp. 131–151.Google Scholar
40. Islam and Al-Shaer, 2020 Islam M.M., Al-Shaer E., Active deception framework: an extensible development environment for adaptive cyber deception, in: 2020 IEEE Secure Development (SecDev), IEEE, 2020, pp. 41–48.Google Scholar
41. Jafarian et al., 2012 Jafarian J.H., Al-Shaer E., Duan Q., Openflow random host mutation: transparent moving target defense using software defined networking, in: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, 2012, pp. 127–132.Google Scholar
42. Kanellopoulos and Vamvoudakis, 2019 Kanellopoulos A., Vamvoudakis K.G., A moving target defense control framework for cyber-physical systems, IEEE Trans. Autom. Control 65 (3) (2019) 1029–1043.Google Scholar
43. Khosravi-Farmad et al., 2018 Khosravi-Farmad M., Ramaki A.A., Bafghi A.G., Moving target defense against advanced persistent threats for cybersecurity enhancement, in: 2018 8th International Conference on Computer and Knowledge Engineering (ICCKE), IEEE, 2018, pp. 280–285.Google Scholar
44. Koo et al., 2018 Koo H., Chen Y., Lu L., Kemerlis V.P., Polychronakis M., Compiler-assisted code randomization, in: 2018 IEEE Symposium on Security and Privacy (SP), IEEE, 2018, pp. 461–477.Google Scholar
45. Kotronis et al., 2012 Kotronis V., Dimitropoulos X., Ager B., Outsourcing the routing control logic: better internet routing based on sdn principles, in: Proceedings of the 11th ACM Workshop on Hot Topics in Networks, 2012, pp. 55–60.Google Scholar
46. Kouachi et al., 2018 Kouachi A.I., Sahraoui S., Bachir A., Per packet flow anonymization in 6lowpan iot networks, in: 2018 6th International Conference on Wireless Networks and Mobile Communications (WINCOM), IEEE, 2018, pp. 1–7.Google Scholar
47. Li et al., 2017 Li C., Qin Z., Novak E., Li Q., Securing sdn infrastructure of iot–fog networks from mitm attacks, IEEE Int. Things J. 4 (5) (2017) 1156–1164.Google Scholar
48. Liu et al., 2020a Liu W., Ge M., Kim D.S., Integrated proactive defense for software defined internet of things under multi-target attacks, in: 2020 20th IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing (CCGRID), IEEE, 2020, pp. 767–774.Google Scholar
49. Liu et al., 2020b Liu Y., Grigoryan G., Kamhoua C.A., Njilla L.L., Leverage sdn for cyber-security deception in internet of things, in: Modeling and Design of Secure Internet of Things, 2020, pp. 479–503.Google Scholar
50. Mahmood and Shila, 2016 Mahmood K., Shila D.M., Moving target defense for internet of things using context aware code partitioning and code diversification, in: 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), IEEE, 2016, pp. 329–330.Google Scholar
51. Mudaliar and Sivakumar, 2020 Mudaliar M.D., Sivakumar N., Iot based real time energy monitoring system using raspberry pi, Int. Things 12 (2020).Google Scholar
52. Navas et al., 2020 Navas R.E., Cuppens F., Cuppens N.B., Toutain L., Papadopoulos G.Z., Mtd, where art thou? A systematic review of moving target defense techniques for iot, IEEE Int. Things J. 8 (10) (2020) 7818–7832.Google Scholar
53. NIST, 2023 NIST , National Vulnerability Database. National Institute of Standards and Technology, U.S. Government, 2023.Google Scholar
54. Nizzi et al., 2019 Nizzi F., Pecorella T., Esposito F., Pierucci L., Fantacci R., Iot security via address shuffling: the easy way, IEEE Int. Things J. 6 (2) (2019) 3764–3774.Google Scholar
55. Oo and Koide, 2019 Oo W.K.K., Koide H., A framework of moving target defenses for the Internet of things, Bull. Netw. Comput. Syst. Softw. 8 (2) (2019) 104–107.Google Scholar
56. Qin et al., 2014 Qin Z., Denker G., Giannelli C., Bellavista P., Venkatasubramanian N., A software defined networking architecture for the internet-of-things, in: 2014 IEEE Network Operations and Management Symposium (NOMS), IEEE, 2014, pp. 1–9.Google Scholar
57. Ravi and Shalinie, 2020 Ravi N., Shalinie S.M., Learning-driven detection and mitigation of ddos attack in iot via sdn-cloud architecture, IEEE Int. Things J. 7 (4) (2020) 3559–3570.Google Scholar
58. Salman et al., 2018 Salman O., Elhajj I., Chehab A., Kayssi A., Iot survey: an sdn and fog computing perspective, Comput. Netw. 143 (2018) 221–246.Google ScholarDigital Library
59. Savola et al., 2012 Savola R.M., Abie H., Sihvonen M., Towards metrics-driven adaptive security management in e-health iot applications, in: BODYNETS, 2012, pp. 276–281.Google Scholar
60. Sengupta et al., 2020 Sengupta S., Chowdhary A., Sabur A., Alshamrani A., Huang D., Kambhampati S., A survey of moving target defenses for network security, IEEE Commun. Surv. Tutor. 22 (3) (2020) 1909–1941.Google Scholar
61. Smith et al., 2020 Smith J., Johnson A., Davis M., A comparative analysis of intrusion detection techniques for iot networks, in: IEEE International Conference on Internet of Things (iThings), IEEE, 2020.Google Scholar
62. Tambe et al., 2019 Tambe A., Aung Y.L., Sridharan R., Ochoa M., Tippenhauer N.O., Shabtai A., Elovici Y., Detection of threats to iot devices using scalable vpn-forwarded honeypots, in: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, 2019, pp. 85–96.Google Scholar
63. Team, 2003 Team P. (2003): Pax address space layout randomization. http://pax.grsecurity.net/docs/aslr.txt.Google Scholar
64. Torquato et al., 2020 Torquato M., Maciel P., Vieira M., Security and availability modeling of vm migration as moving target defense, in: 2020 IEEE 25th Pacific Rim International Symposium on Dependable Computing (PRDC), IEEE, 2020, pp. 50–59.Google Scholar
65. Wang and Lu, 2018 Wang C., Lu Z., Cyber deception: overview and the road ahead, IEEE Secur. Priv. 16 (2) (2018) 80–85.Google Scholar
66. Wang et al., 2017 Wang J., Miao Y., Zhou P., Hossain M.S., Rahman S.M.M., A software defined network routing in wireless multihop network, J. Netw. Comput. Appl. 85 (2017) 76–83.Google ScholarDigital Library
67. Wang et al., 2019 Wang S., Shi H., Hu Q., Lin B., Cheng X., Moving target defense for internet of things based on the zero-determinant theory, IEEE Int. Things J. 7 (1) (2019) 661–668.Google Scholar
68. Winn et al., 2015 Winn M., Rice M., Dunlap S., Lopez J., Mullins B., Constructing cost-effective and targetable industrial control system honeypots for production networks, Int. J. Crit. Infrastruct. Prot. 10 (2015) 47–58.Google ScholarDigital Library
69. Yao et al., 2019 Yao S., Li Z., Guan J., Liu Y., Stochastic cost minimization mechanism based on identifier network for iot security, IEEE Int. Things J. 7 (5) (2019) 3923–3934.Google Scholar
70. Zeng et al., 2015 Zeng D., Li P., Guo S., Miyazaki T., Hu J., Xiang Y., Energy minimization in multi-task software-defined sensor networks, IEEE Trans. Comput. 64 (11) (2015) 3128–3139.Google Scholar
71. Zhang et al., 2014 Zhang L., Shetty S., Liu P., Jing J., Rootkitdet: practical end-to-end defense against kernel rootkits in a cloud environment, in: Computer Security-ESORICS 2014: 19th European Symposium on Research in Computer Security, Proceedings, Part II 19, Wroclaw, Poland, September 7–11, 2014, Springer, 2014, pp. 475–493.Google Scholar
72. Zhang et al., 2016 Zhang M., Wang L., Jajodia S., Singhal A., Albanese M., Network diversity: a security metric for evaluating the resilience of networks against zero-day attacks, IEEE Trans. Inf. Forensics Secur. 11 (5) (2016) 1071–1086.Google ScholarDigital Library
73. Zhang et al., 2012 Zhang Y., Li M., Bai K., Yu M., Zang W., Incentive compatible moving target defense against vm-colocation attacks in clouds, in: Information Security and Privacy Research: 27th IFIP TC 11 Information Security and Privacy Conference, Proceedings 27, SEC 2012, Heraklion, Crete, Greece, June 4–6, 2012, Springer, 2012, pp. 388–399.Google Scholar
74. Zhang et al., 2018 Zhang Z., Njilla L., Kamhoua C.A., Yu Q., Thwarting security threats from malicious fpga tools with novel fpga-oriented moving target defense, IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 27 (3) (2018) 665–678.Google Scholar
75. Zheng and Namin, 2019 Zheng J., Namin A.S., A survey on the moving target defense strategies: an architectural perspective, J. Comput. Sci. Technol. 34 (2019) 207–233.Google Scholar
76. Zhou et al., 2021 Zhou Y., Cheng G., Yu S., An sdn-enabled proactive defense framework for ddos mitigation in iot networks, IEEE Trans. Inf. Forensics Secur. 16 (2021) 5366–5380.Google ScholarDigital Library
77. Zscaler, 2023 Zscaler , Zscaler Deploying Services, 2023.Google Scholar

• Proactive Defense for Internet-of-things: Moving Target Defense With Cyberdeception

  Resource constrained Internet-of-Things (IoT) devices are highly likely to be compromised by attackers, because strong security protections may not be suitable to be deployed. This requires an alternative approach to protect vulnerable components in IoT ...

  Read More

• Moving Target Defense Against Injection Attacks

  Algorithms and Architectures for Parallel Processing

  Abstract

  With the development of network technology, web services become more convenient and popular. However, web services are also facing serious security threats, especially SQL injection attack(SQLIA). Due to the diversity of attack techniques and the ...

  Read More

• Evaluating the effectiveness of shuffle and redundancy MTD techniques in the cloud

  Abstract

  Moving Target Defense (MTD) is a defensive strategy to thwart adversaries by continuously shifting the attack surface. The MTD techniques can be applied to the cloud computing to make the cloud more unpredictable, hence more difficult ...

  Read More