Model-driven situational awareness for moving target defense

in Scanlon, Marc; Le-Khac, Nhien-An (Eds.) Proc. 16th European Conference on Cyber Warfare and Security (2017)

Moving Target Defense (MTD) presents dynamically changing attack surfaces and system configurations to attackers. This approach decreases the success probabilities of attacks and increases attacker's ... [more ▼]

Moving Target Defense (MTD) presents dynamically changing attack surfaces and system configurations to attackers. This approach decreases the success probabilities of attacks and increases attacker's workload since she must continually re-assess, re-engineer and re-launch her attacks. Existing research has provided a number of MTD techniques but approaches for gaining situational awareness and deciding when/how to apply these techniques are not well studied. In this paper, we present a conceptual framework that closely integrates a set of models with the system and obtains up-to-date situational awareness following the OODA loop methodology. To realize the framework, as the first step, we propose a modelling approach that provides insights about the dynamics between potential attacks and defenses, impact of attacks and adaptations on the system, and the state of the system. Based on these models, we demonstrate techniques to quantitatively assess the effectiveness of MTD and show how to formulate decision-making problems. [less ▲]

Automating Cyber Defense Response Using Attack-Defence Trees and Game Theory

in The 15th European Conference on Cyber Warfare and Security (2016)

Attack Trees with Sequential Conjunction

in Proceedings of the 30th IFIP TC 11 International Conference ICT Systems Security and Privacy Protection (SEC 2015) (2015)