Security Modeling and Analysis of Moving Target Defense in Software Defined Networks
English
Rodrigues de Mendonça Neto, Júlio[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > CritiX >]
Kim, Minjune[The University of Queensland - UQ > School of Information Technology and Electrical Engineering]
Graczyk, Rafal[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > CritiX >]
Volp, Marcus[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > CritiX >]
Kim, Dong Seong[The University of Queensland > School of Information Technology and Electrical Engineering]
28-Nov-2022
Security Modeling and Analysis of Moving Target Defense in Software Defined Networks
Yes
International
27th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2022)
28-11-2022 to 1-12-2022
[en] Security ; Moving Target Defense ; Software Defined Networks ; Petri nets
[en] The use of traditional defense mechanisms or intrusion detection systems presents a disadvantage for defenders against attackers since these mechanisms are essentially reactive. Moving target defense (MTD) has emerged as a proactive defense mechanism to reduce this
disadvantage by randomly and continuously changing the attack surface of a system to confuse attackers. Although significant progress has been made recently in analyzing the security effectiveness of MTD mechanisms, critical gaps still exist, especially in maximizing security levels and estimating network reconfiguration speed for given attack power. In this paper, we propose a set of Petri Net models and use them to perform a comprehensive evaluation regarding key security metrics of Software-Defined Network (SDNs) based systems adopting a time-based MTD mechanism. We evaluate two use-case scenarios considering two different types of attacks to demonstrate the feasibility and applicability of our models. Our analyses showed that a time-based MTD mechanism could reduce the attackers’ speed by at least 78% compared to a system without MTD. Also, in the best-case scenario, it can reduce the attack success probability by about ten times.