IDEAS home Printed from https://ideas.repec.org/a/gam/jeners/v13y2020i8p1883-d344845.html
   My bibliography  Save this article

Ghost-MTD: Moving Target Defense via Protocol Mutation for Mission-Critical Cloud Systems

Author

Listed:
  • Jun-Gyu Park

    (SysCore Laboratory, Sejong University, Seoul 05006, Korea)

  • Yangjae Lee

    (SysCore Laboratory, Sejong University, Seoul 05006, Korea)

  • Ki-Wan Kang

    (SysCore Laboratory, Sejong University, Seoul 05006, Korea)

  • Sang-Hoon Lee

    (Agency for Defense Development, Daejeon 34060, Korea)

  • Ki-Woong Park

    (Department of Computer and Information Security, Sejong University, Seoul 05006, Korea)

Abstract

Research on various security technologies has been actively underway to protect systems from attackers. However, attackers can secure enough time to reconnoiter and attack the target system owing to its static nature. This develops asymmetric warfare in which attackers outwit defenders. Moving target defense (MTD) technologies, which obfuscate the attack surface by modifying the main properties of the potential target system, have been gaining attention as an active cyber security technology. Particularly, network-based MTD (NMTD) technologies, which dynamically mutate the network configuration information, such as IP and ports of the potential target system, can dramatically increase the time required for an attacker to analyze the system. Therefore, this system defense technology has been actively researched. However, increasing the analysis complexity of the target system is limited in conventional NMTD because the variation of system properties (e.g., IP, port) that can be mutated is restricted by the system configuration environment. Therefore, there is a need for an MTD technique that effectively delays an attacker during the system analysis by increasing the variation of system properties. Additionally, in terms of practicality, minimizing the computational overhead arising by the MTD technology and solving the compatibility problem with existing communication protocols are critical issues that cannot be overlooked. In this study, we propose a technology called Ghost-MTD ( gMTD ). gMTD allows only the user who is aware of protocol mutation patterns to correctly communicate with the service modules of the server system through protocol mutation using the pre-shared one-time bit sequence. Otherwise, gMTD deceives the attackers who attempt to infiltrate the system by redirecting their messages to a decoy-hole module. The experimental results show that the proposed technology enables protocol mutation and validation with a very low performance overhead of only 3.28% to 4.97% using an m-bit (m ≥ 4) length one-time bit sequence and can be applied to real systems regardless of the specific communication protocols.

Suggested Citation

  • Jun-Gyu Park & Yangjae Lee & Ki-Wan Kang & Sang-Hoon Lee & Ki-Woong Park, 2020. "Ghost-MTD: Moving Target Defense via Protocol Mutation for Mission-Critical Cloud Systems," Energies, MDPI, vol. 13(8), pages 1-12, April.
  • Handle: RePEc:gam:jeners:v:13:y:2020:i:8:p:1883-:d:344845
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1996-1073/13/8/1883/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/1996-1073/13/8/1883/
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jeners:v:13:y:2020:i:8:p:1883-:d:344845. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.