Hackers who take aim at computer networks will find it more difficult to hit their mark if their target is a constantly moving one. At least that is the theory behind so-called “adaptive networks” and the work being done by researchers at Kansas State University (KSU).
The term “moving target defense” is not a new one, having been coined about 2008. Indeed, there is a National Symposium on Moving Target Research scheduled for June 11 in Annapolis, MD.
“But there hasn’t been a systematic study to show scientific evidence this defense can actually work—and how much it can improve security,” according to Xinming “Simon” Ou, a KSU assistant professor of computing and information sciences whose specialty is computer security. “We don’t know whether this will be more effective than other forms of cybersecurity; our research aims to answer that question.”
“This is a game-changing idea,” says Scott DeLoach, a KSU professor of computing and information sciences who specializes in adaptive systems. “We are at the point where we are losing the computer security war to attackers—some from other nations, some activists, some out for illegal gain. The situation has been underreported because so few victims want to admit they’ve been broken into. But suffice it to say there’s a lot of interest in new cybersecurity directions.”
A $1-million grant from the U.S. Air Force Office of Scientific Research is funding the two-part, five-year KSU project that began just last month. Part one involves research to determine the best way to adapt a network to protect it, the effectiveness of that solution, and the cost involved. Part two focuses on building a proof-of-concept system.
“The problem is our computer networks today are very static,” says DeLoach. “Attackers can take their time, mapping them out using software tools to determine every address and port in the network.”
The researchers hope to determine how many parts of the network need to adapt to enhance cybersecurity, starting with the addresses and port numbers. One approach would be to randomly change pieces and parts of the system at random times. A more expensive solution would be to add existing methods to detect cyberattacks and then respond to those suspected attacks through adaptation.
“We already have simulation results that say that, when attacking a very simple, static network, a hacker succeeded 24% of the time,” says DeLoach. “But by adding adaptation to the network, depending on the adaption interval, the attacker’s success rate was reduced to between 18% and 5%—the more/faster the adaptations, the lower the hacker’s success rate. So, while simulations are not proof positive, we believe we can make some real progress here.”
The researchers will present their results in an as-yet unfinished paper at next month’s symposium on moving target research.
Meanwhile, other varieties of moving target defense are in progress:
o Helix Project (University of Virginia, UC Davis, UC Santa Barbara, and University of New Mexico). A self-regenerative architecture that presents attackers with a continuously changing attack surface that is altered routinely and as attacks progress. Last developments reported Aug. 2010.
o Moving Target IPv6 Defense (Virginia Tech). Research on the new Internet Protocol, IPv6, and how to keep anonymity of communications. Last developments reported May 2011.
o Coronado Group, Ltd. The Bethesda, MD-based company is exploring a simplified version of the moving target defense where the machines on which the services run are “refreshed” periodically, restoring the machine to a known state so that, if an attacker gains access, the access will be lost. According to DeLoach, this approach can likely be partially effective, and is one of the types of adaptation included in the KSU study.
Paul Hyman is a science and technology writer based in Great Neck, NY.
No entries found