A Comprehensive Architectural Framework of Moving Target Defenses Against DDoS Attacks

Authors

  • Belal M. Amro College of Information Technology, Hebron University, Hebron, Palestine, P.O. Box 40
  • Saeed Salah Department of Computer Science, Al-Quds University, Jerusalem, Palestine, P.O. Box 20002
  • Mohammed Moreb Smart College for Modern Education (SCME), Hebron, Palestine, P.O. Box 777

DOI:

https://doi.org/10.13052/jcsm2245-1439.1248

Keywords:

MTD, DDoS, IoT, SCADA Systems, Enterprise Networks, Cloud Computing

Abstract

Distributed Denial-of-Service (DDoS) attacks are among the top toughest security threats in today’s cyberspace. The multitude, diversity, and variety of both the attacks and their countermeasures have the consequence that no optimal solutions exist. However, many mitigation techniques and strategies have been proposed among which is Moving Target Defense (MTD). MTD strategy keeps changing the system states and attack surface dynamically by continually applying various systems reconfigurations aiming at increasing the uncertainty and complexity for attackers. Current proposals of MTD fall into one of three strategies: shuffling, diversity, and redundancy, based on what to move? how to move? and when to move? Despite the existence of such strategies, a comprehensive Framework for MTD techniques against DDoS attacks that can be used for all types of DDoS attacks has not been proposed yet. In this paper, we propose a novel and comprehensive Framework of MTD techniques considering all stages, mechanisms, data sources, and criteria adopted by the research community, the Framework will apply to all DDoS attacks on different systems. To efficiently use our proposed model, a comprehensive taxonomy of MTD mitigation techniques and strategies is also provided and can be used as a reference guide for the best selection of the model’s parameters.

Downloads

Download data is not yet available.

Author Biographies

Belal M. Amro, College of Information Technology, Hebron University, Hebron, Palestine, P.O. Box 40

Belal M. Amro is an assistant professor at college of IT at Hebron University – Palestine. Dr Belal has received his PhD in Computer Science and Engineering from Sabanci University – Istanbul, Turkey in 2012. In 2004 he received his MSc in complexity and its interdisciplinary applications from IUSS, Pavia, Italy. His BSc degree was awarded from Palestine polytechnic university in computer systems engineering in 2003. Dr. Amro has served as technical program committee member for different international conferences and journals and reviewed more than 50 papers in the field of information technology including privacy and security. Currently, Mr. Amro is conducting research in network security, wireless security, privacy preserving data mining techniques and has published more than 18 papers in international journals and conferences in the field of computer security and privacy.

Saeed Salah, Department of Computer Science, Al-Quds University, Jerusalem, Palestine, P.O. Box 20002

Saeed Salah is an Assistant Professor and researcher at the Department of Computer Science at Al-Quds University in Jerusalem. He received his BSc. in Electrical/Computer Engineering from Al-Najah National University in 2003, his MSc. degree in Computer Science from Al-Quds University in 2009, and his Ph.D. from the Department of Signal Theory, Telematics and Communications of the University of Granada in 2015. His research interests are focused on network management, information and network security machine learning, data mining, MANETs, routing protocols, and blockchain. Dr. Salah published many peer-reviewed research papers in recognized international journals and conferences. Moreover, he acts as a reviewer for a number of journals in his field.

Mohammed Moreb, Smart College for Modern Education (SCME), Hebron, Palestine, P.O. Box 777

Mohammed Moreb is an Vice President of Academic Affairs at SCME. He obtained his Ph.D. in Electrical and Computer Engineering. Dr. Moreb Expertise in Cybercrimes & Digital Evidence Analysis, specifically focusing on Information and Network Security, with a strong publication track record, work for both conceptual and practical which built during works as a system developer and administrator for the data centre for more than 10 years, config, install, and admin enterprise system related to all security configuration, he improved his academic path with the international certificate such as CCNA, MCAD, MCSE; Academically he teaches the graduate-level courses such as Information and Network Security course, Mobile Forensics course, Advanced Research Methods, Computer Network Analysis and Design, and Artificial Intelligence Strategy for Business Leaders.

References

S. Salah, B. Amro, “Big Picture: Analysis of DDoS Attacks Map – Systems and Network, Cloud Computing, SCADA Systems, and IoT, Int. J. of Internet Technology and Secured Transactions, InderScience, vol. 12, no. 6, 2022.

S. Bhatia, S. Behal, and I. Ahmed, “Distributed Denial of Service Attacks and Defense Mechanisms: Current Landscape and Future Directions,” Advances in Information Security, vol. 72, pp. 55–97, 2018, doi: 10.1007/978-3-319-97643-3_3/FIGURES/7.

K. Kalkan, G. Gür, and F. Alagöz, “SDNScore: A Statistical Defense Mechanism Against DDoS Attacks in SDN Environment”.

J. E. Varghese and B. Muniyal, “An Efficient IDS Framework for DDoS Attacks in SDN Environment,” IEEE Access, vol. 9, pp. 69680–69699, 2021, doi: 10.1109/ACCESS.2021.3078065.

T. B. Jr, A. Sumits, S. Jain, U. Andra, T. K.- Cisco, and undefined 2016, “FCisco Visual Networking Index (VNI) and VNI Service Adoption,” audentia-gestion.fr, Accessed: Jul. 03, 2022. [Online]. Available: http://audentia-gestion.fr/cisco/pdf/2016-VNI-Complete-Forecast-PT.pdf.

N. Arbor, “Worldwide Infrastructure Security Report.” Accessed: Jul. 03, 2022. [Online]. Available: rbornetworks.com/rs/arbor/images/WISR2014.pdf.

T. Mahjabin, Y. Xiao, G. Sun, and W. Jiang, “A survey of distributed denial-of-service attack, prevention, and mitigation techniques:,” https://doi.org/10.1177/1550147717741463, vol. 13, no. 12, Dec. 2017, doi: 10.1177/1550147717741463.

S. Badotra and S. N. Panda, “SNORT based early DDoS detection system using Opendaylight and open networking operating system in software defined networking,” Cluster Comput, vol. 24, no. 1, pp. 501–513, Mar. 2020, doi: 10.1007/S10586-020-03133-Y.

A. Y. Nur, “Combating DDoS Attacks with Fair Rate Throttling,” 15th Annual IEEE International Systems Conference, SysCon 2021 – Proceedings, Apr. 2021, doi: 10.1109/SYSCON48628.2021.9447054.

R. K. Deka, D. K. Bhattacharyya, and J. K. Kalita, “DDoS Attacks: Tools, Mitigation Approaches, and Probable Impact on Private Cloud Environment,” Oct. 2017, doi: 10.48550/arxiv.1710.08628.

P. K. Senyo, E. Addae, and R. Boateng, “Cloud computing research: A review of research themes, frameworks, methods and future research directions,” Int J Inf Manage, vol. 38, no. 1, pp. 128–139, Feb. 2018, doi: 10.1016/J.IJINFOMGT.2017.07.007.

W. Xia, Y. Wen, C. H. Foh, D. Niyato, and H. Xie, “A Survey on Software-Defined Networking,” IEEE Communications Surveys and Tutorials, vol. 17, no. 1, pp. 27–51, Jan. 2015, doi: 10.1109/COMST.2014.2330903.

S. Madakam, R. Ramaswamy, and S. Tripathi, “Internet of Things (IoT): A Literature Review,” Journal of Computer and Communications, vol. 03, no. 05, pp. 164–173, 2015, doi: 10.4236/JCC.2015.35021.

D. Pliatsios, P. Sarigiannidis, T. Lagkas, and A. G. Sarigiannidis, “A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics,” IEEE Communications Surveys and Tutorials, vol. 22, no. 3, pp. 1942–1976, Jul. 2020, doi: 10.1109/COMST.2020.2987688.

“Trustworthy Cyberspace: Strategic plan for the Federal cybersecurity research and development program |Global System for Sustainable Development.” https://gssd.mit.edu/search-gssd/site/trustworthy-cyberspace-strategic-plan-59912-mon-02-11-2013-1132 (accessed Jul. 16, 2022).

S. Huang, H. Zhang, J. Wang, and J. Huang, “Markov Differential Game for Network Defense Decision-Making Method,” IEEE Access, vol. 6, pp. 39621–39634, Jun. 2018, doi: 10.1109/ACCESS.2018.2848242.

X. L. Xiong, L. Yang, and G. S. Zhao, “Effectiveness Evaluation Model of Moving Target Defense Based on System Attack Surface,” IEEE Access, vol. 7, pp. 9998–10014, 2019, doi: 10.1109/ACCESS.2019.2891613.

A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, “Survey of intrusion detection systems: techniques, datasets and challenges,” Cybersecurity, vol. 2, no. 1, pp. 1–22, Dec. 2019, doi: 10.1186/S42400-019-0038-7/FIGURES/8.

E. Al-Shaer, Q. Duan, and J. H. Jafarian, “Random host mutation for moving target defense,” Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, vol. 106 LNICS, pp. 310–327, 2013, doi: 10.1007/978-3-642-36883-7_19/COVER.

D. Ding, M. Savi, and D. Siracusa, “Tracking Normalized Network Traffic Entropy to Detect DDoS Attacks in P4,” IEEE Trans Dependable Secure Comput, 2021, doi: 10.1109/TDSC.2021.3116345.

S. Musman and A. Turner, “A game theoretic approach to cyber security risk management,” Journal of Defense Modeling and Simulation, vol. 15, no. 2, pp. 127–146, Apr. 2018, doi: 10.1177/1548512917699724.

M. van Dijk, A. Juels, A. Oprea, and R. L. Rivest, “FlipIt: The game of ‘stealthy takeover,”’ Journal of Cryptology, vol. 26, no. 4, pp. 655–713, Oct. 2013, doi: 10.1007/S00145-012-9134-5/TABLES/2.

G. lin Cai, B. sheng Wang, W. Hu, and T. zuo Wang, “Moving target defense: state of the art and characteristics,” Frontiers of Information Technology and Electronic Engineering, vol. 17, no. 11, pp. 1122–1153, Nov. 2016, doi: 10.1631/FITEE.1601321/TABLES/7.

H. Shacham, M. Page, B. Pfaff, E. J. Goh, N. Modadugu, and D. Boneh, “On the effectiveness of address-space randomization,” Proceedings of the ACM Conference on Computer and Communications Security, pp. 298–307, 2004, doi: 10.1145/1030083.1030124.

H. Marco-Gisbert and I. R. Ripoll, “Address Space Layout Randomization Next Generation,” Applied Sciences 2019, Vol. 9, Page 2928, vol. 9, no. 14, p. 2928, Jul. 2019, doi: 10.3390/APP9142928.

V. Getov, “Security as a service in smart clouds – Opportunities and concerns,” Proceedings – International Computer Software and Applications Conference, pp. 373–379, 2012, doi: 10.1109/COMPSAC.2012.112.

N. Bandi, H. Tajbakhsh, and M. Analoui, “FastMove: Fast IP switching Moving Target Defense to mitigate DDOS Attacks,” 2021 IEEE Conference on Dependable and Secure Computing, DSC 2021, Jan. 2021, doi: 10.1109/DSC49826.2021.9346278.

P. Wang, M. Zhou, and Z. Ding, “A Two-Layer IP Hopping-Based Moving Target Defense Approach to Enhancing the Security of Mobile Ad-Hoc Networks,” Sensors 2021, Vol. 21, Page 2355, vol. 21, no. 7, p. 2355, Mar. 2021, doi: 10.3390/S21072355.

Di. P. Sharma, J. H. Cho, T. J. Moore, F. F. Nelson, H. Lim, and D. S. Kim, “Random Host and Service Multiplexing for Moving Target Defense in Software-Defined Networks,” IEEE International Conference on Communications, vol. 2019-May, May 2019, doi: 10.1109/ICC.2019.8761496.

M. F. Hyder and M. A. Ismail, “Toward Domain Name System privacy enhancement using intent-based Moving Target Defense framework over software defined networks,” Transactions on Emerging Telecommunications Technologies, vol. 32, no. 10, p. e4318, Oct. 2021, doi: 10.1002/ETT.4318.

Q. Jia, K. Sun, and A. Stavrou, “MOTAG: Moving target defense against internet denial of service attacks,” Proceedings – International Conference on Computer Communications and Networks, ICCCN, 2013, doi: 10.1109/ICCCN.2013.6614155.

D. Fleck, A. Stavrou, G. Kesidis, N. Nasiriani, Y. Shan, and T. Konstantopoulos, “Moving-target Defense against Botnet Reconnaissance and an Adversarial Coupon-Collection Model,” DSC 2018 – 2018 IEEE Conference on Dependable and Secure Computing, Dec. 2017, doi: 10.48550/arxiv.1712.01102.

N. Ben-Asher, J. Morris-King, B. Thompson, and W. Glodek, “Attacker Skill, Defender Strategies and the Effectiveness of Migration-Based Moving Target Defense in Cyber Systems”.

E. M. Kandoussi, I. el Mir, M. Hanini, and A. Haqiq, “Modeling Virtual Machine Migration as a Security Mechanism by using Continuous-Time Markov Chain Model,” Proceedings of 2019 IEEE World Conference on Complex Systems, WCCS 2019, Apr. 2019, doi: 10.1109/ICOCS.2019.8930781.

M. Torquato and M. Vieira, “VM Migration Scheduling as Moving Target Defense against Memory DoS Attacks: An Empirical Study”, Accessed: Jul. 24, 2022. [Online]. Available: https://www.linux-kvm.org/.

R. Dhaya et al., “Energy-Efficient Resource Allocation and Migration in Private Cloud Data Centre,” Wirel Commun Mob Comput, vol. 2022, 2022, doi: 10.1155/2022/3174716.

M. Thompson, N. Evans, and V. Kisekka, “Multiple OS rotational environment an implemented Moving Target Defense,” 7th International Symposium on Resilient Control Systems, ISRCS 2014, Sep. 2014, doi: 10.1109/ISRCS.2014.6900086.

Y. wen Wang, J. xing Wu, Y. fei Guo, H. chao Hu, W. yan Liu, and G. zhen Cheng, “Scientific workflow execution system based on mimic defense in the cloud environment,” Frontiers of Information Technology and Electronic Engineering, vol. 19, no. 12, pp. 1522–1536, Dec. 2018, doi: 10.1631/FITEE.1800621.

T. Jackson et al., “Compiler-Generated Software Diversity,” pp. 77–98, 2011, doi: 10.1007/978-1-4614-0977-9_4.

J. Cabrera Arteaga, O. Floros, O. Vera Perez, B. Baudry, and M. Monperrus, “CROW: Code Diversification for WebAssembly”, doi: 10.14722/madweb.2021.23004.

J. Kim, S. Lee, B. Johnston, and J. S. Vetter, “IRIS: A Portable Runtime System Exploiting Multiple Heterogeneous Programming Systems”, Accessed: Jul. 24, 2022. [Online]. Available: http://energy.gov/downloads/doe-public-access-plan.

J. W. Jang, F. Verbeek, and B. Ravindran, “Verification of Functional Correctness of Code Diversification Techniques,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12673 LNCS, pp. 160–179, 2021, doi: 10.1007/978-3-030-76384-8_11.

O. A. Wahab, J. Bentahar, H. Otrok, and A. Mourad, “Resource-Aware Detection and Defense System against Multi-Type Attacks in the Cloud: Repeated Bayesian Stackelberg Game,” IEEE Trans Dependable Secure Comput, vol. 18, no. 2, pp. 605–622, Mar. 2021, doi: 10.1109/TDSC.2019.2907946.

B. Liu and H. Wu, “Systematic planning of moving target defence for maximising detection effectiveness against false data injection attacks in smart grid,” IET Cyber-Physical Systems: Theory & Applications, vol. 6, no. 3, pp. 151–163, Sep. 2021, doi: 10.1049/CPS2.12012.

M. Ge, J.-H. Cho, D. S. Kim, G. Dixit, and I.-R. Chen, “Proactive Defense for Internet-of-Things: Integrating Moving Target Defense with Cyberdeception,” ArXiv, pp. 1–19, May 2020, doi: 10.48550/arxiv.2005.04220.

N. Saputro, S. Tonyali, A. Aydeger, K. Akkaya, M. A. Rahman, and S. Uluagac, “A Review of Moving Target Defense Mechanisms for Internet of Things Applications,” Modeling and Design of Secure Internet of Things, pp. 563–614, Jul. 2020, doi: 10.1002/9781119593386.CH24.

A. A. Mercado-Velazquez, P. J. Escamilla-Ambrosio, and F. Ortiz-Rodriguez, “A Moving Target Defense Strategy for Internet of Things Cybersecurity,” IEEE Access, vol. 9, pp. 118406–118418, 2021, doi: 10.1109/ACCESS.2021.3107403.

A. Alshamrani, S. Myneni, A. Chowdhary, and D. Huang, “A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities,” IEEE Communications Surveys and Tutorials, vol. 21, no. 2, pp. 1851–1877, Apr. 2019, doi: 10.1109/COMST.2019.2891891.

L. Miao and S. Li, “Cyber security based on mean field game model of the defender: Attacker strategies,” Int J Distrib Sens Netw, vol. 13, no. 10, pp. 1–8, Oct. 2017, doi: 10.1177/1550147717737908.

P. M. Figliola, “CRS Report for Congress the Federal Networking and Information Technology Research and Development Program: Funding Issues and Activities,” 2010, Accessed: Jul. 24, 2022. [Online]. Available: www.crs.govRL33586.c11173008.

J. H. Cho et al., “Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense,” IEEE Communications Surveys and Tutorials, vol. 22, no. 1, pp. 709–745, Jan. 2020, doi: 10.1109/COMST.2019.2963791.

E. v. Doynikova, A. v. Fedorchenko, and R. O. Kryukov, “Determination of features of cyber-attack goals based on analysis of data in open security data sources,” IOP Conf Ser Mater Sci Eng, vol. 734, no. 1, Jan. 2020, doi: 10.1088/1757-899X/734/1/012160.

M. Nguyen and S. Debroy, “Moving Target Defense-Based Denial-of-Service Mitigation in Cloud Environments: A Survey,” Security and Communication Networks, vol. 2022, 2022, doi: 10.1155/2022/2223050.

M. Azab, M. Samir, and E. Samir, “‘MystifY’: A proactive Moving-Target Defense for a resilient SDN controller in Software Defined CPS,” Comput Commun, vol. 189, pp. 205–220, May 2022, doi: 10.1016/J.COMCOM.2022.03.019.

D. Krohmer and H. D. Schotten, “Decentralized Identifier Distribution for Moving Target Defense and beyond,” 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, Cyber SA 2020, Jun. 2020, doi: 10.1109/CYBERSA49311.2020.9139717.

H. Alavizadeh, J. Jang-Jaccard, and D. S. Kim, “Evaluation for Combination of Shuffle and Diversity on Moving Target Defense Strategy for Cloud Computing,” Proceedings – 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018, pp. 573–578, Sep. 2018, doi: 10.1109/TRUSTCOM/BIGDATASE.2018.00087.

M. Wright, S. Venkatesan, M. Albanese, and M. P. Wellman, “Moving Target Defense against DDoS Attacks: An Empirical Game-Theoretic Analysis,” Proceedings of the 2016 ACM Workshop on Moving Target Defense, doi: 10.1145/2995272.

P. J. Fortier and H. Edgar. Michel, “Computer systems performance evaluation and prediction,” p. 525, 2003.

S. Sengupta, A. Chowdhary, A. Sabur, A. Alshamrani, D. Huang, and S. Kambhampati, “A Survey of Moving Target Defenses for Network Security,” IEEE Communications Surveys and Tutorials, vol. 22, no. 3, pp. 1909–1941, May 2019, doi: 10.48550/arxiv.1905.00964.

M. Ayrault, E. Borde, U. Kuhne, and J. Leneutre, “Moving Target Defense Strategy in Critical Embedded Systems: A Game-theoretic Approach,” 2021 IEEE 26th Pacific Rim International Symposium on Dependable Computing (PRDC), vol. 2021-December, pp. 27–36, Dec. 2021, doi: 10.1109/PRDC53464.2021.00014.

A. Eldosouky and S. Sengupta, “Moving Target Defense Games for Cyber Security: Theory and Applications,” Game Theory and Machine Learning for Cyber Security, pp. 160–179, Sep. 2021, doi: 10.1002/9781119723950.CH10.

G. Kaur and R. Sachdeva, “Virtual machine migration approach in cloud computing using genetic algorithm,” Lecture Notes in Networks and Systems, vol. 135, pp. 195–204, 2021, doi: 10.1007/978-981-15-5421-6_20/COVER.

D. Evans, A. Nguyen-Tuong, and J. Knight, “Effectiveness of Moving Target Defenses,” pp. 29–48, 2011, doi: 10.1007/978-1-4614-0977-9_2.

B. Potteiger, Z. Zhang, and X. Koutsoukos, “Integrated data space randomization and control reconfiguration for securing cyber-physical systems,” ACM International Conference Proceeding Series, Apr. 2019, doi: 10.1145/3314058.3314064.

Downloads

Published

2023-06-30

How to Cite

1.
Amro BM, Salah S, Moreb M. A Comprehensive Architectural Framework of Moving Target Defenses Against DDoS Attacks. JCSANDM [Internet]. 2023 Jun. 30 [cited 2024 Aug. 7];12(04):605-28. Available from: https://journals.riverpublishers.com/index.php/JCSANDM/article/view/18533

Issue

2023: Vol 12 Iss 4

Section

Articles

License

Copyright (c) 2023 Journal of Cyber Security and Mobility

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.