Security Modeling and Analysis of Moving Target Defense in Software Defined Networks

Rodrigues de Mendonça Neto, Júlio; Kim, Minjune; Graczyk, Rafal; Volp, Marcus; Kim, Dong Seong

Reference : Security Modeling and Analysis of Moving Target Defense in Software Defined Networks


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/52779

Title :	Security Modeling and Analysis of Moving Target Defense in Software Defined Networks
Language :	English
Author, co-author :	Rodrigues de Mendonça Neto, Júlio [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > CritiX >]
	Kim, Minjune [The University of Queensland - UQ > School of Information Technology and Electrical Engineering]
	Graczyk, Rafal [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > CritiX >]
	Volp, Marcus [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > CritiX >]
	Kim, Dong Seong [The University of Queensland > School of Information Technology and Electrical Engineering]
Publication date :	28-Nov-2022
Main document title :	Security Modeling and Analysis of Moving Target Defense in Software Defined Networks
Peer reviewed :	Yes
Audience :	International
Event name :	27th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2022)
Event date :	28-11-2022 to 1-12-2022
Keywords :	[en] Security ; Moving Target Defense ; Software Defined Networks ; Petri nets
Abstract :	[en] The use of traditional defense mechanisms or intrusion detection systems presents a disadvantage for defenders against attackers since these mechanisms are essentially reactive. Moving target defense (MTD) has emerged as a proactive defense mechanism to reduce this disadvantage by randomly and continuously changing the attack surface of a system to confuse attackers. Although significant progress has been made recently in analyzing the security effectiveness of MTD mechanisms, critical gaps still exist, especially in maximizing security levels and estimating network reconfiguration speed for given attack power. In this paper, we propose a set of Petri Net models and use them to perform a comprehensive evaluation regarding key security metrics of Software-Defined Network (SDNs) based systems adopting a time-based MTD mechanism. We evaluate two use-case scenarios considering two different types of attacks to demonstrate the feasibility and applicability of our models. Our analyses showed that a time-based MTD mechanism could reduce the attackers’ speed by at least 78% compared to a system without MTD. Also, in the best-case scenario, it can reduce the attack success probability by about ten times.
Target :	Researchers ; Professionals
Permalink :	http://hdl.handle.net/10993/52779
FnR project :	FnR ; FNR14689454 > Marcus Völp > HERA > Hypervisor-enforced Radiation Tolerance In Multi-core Socs For Space > 01/09/2021 > 31/08/2024 > 2020

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Limited access	prdc_pre_print.pdf		Author preprint	639.81 kB	Request a copy

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices