research-article

Evolutionary drift models for moving target defense

Authors:

Christopher Oehmen,

Elena Peterson,

Jeremy TeutonAuthors Info & Claims

CSIIRW '13: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop

Article No.: 37, Pages 1 - 4

https://doi.org/10.1145/2459976.2460018

Published: 08 January 2013 Publication History

Get Access

Abstract

One of the biggest challenges faced by cyber defenders is that attacks evolve more rapidly than our ability to recognize them. We propose a moving target defense concept in which the means of detection is set in motion. This is done by moving away from static signature-based detection and instead adopting biological modeling techniques that describe families of related sequences. We present here one example for how to apply evolutionary models to cyber sequences, and demonstrate the feasibility of this technique on analysis of a complex, evolving software project. Specifically, we applied sequence-based and profile-based evolutionary models and report the ability of these models to recognize highly volatile code regions. We found that different drift models reliably identify different types of evolutionarily related code regions. The impact is that these (and possibly other) evolutionary models could be used in a moving target defense in which the "signature" being used to detect sequence-based behaviors is not a fixed signature but one that can recognize new variants of a known family based on multiple evolutionary models.

References

[1]

C. Oehmen, E. Peterson and S. Dowson, "An Organic Model for Detecting Cyber Events," in CSIIRW'10, Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, 2010.

Digital Library

Google Scholar

[2]

C. Oehmen and J. Nieplocha, "ScalaBLAST: A scalable implementation of BLAST for High Performance Data-Intensive Bioinformatics Analysis," IEEE Trans. Parallel. Dist. Sys., vol. 17, pp. 740--749, 2006.

Digital Library

Google Scholar

[3]

S. Altschul, W. Gish, W. Miller, E. Myers, and D. Lipman, "Basic local alignment search tool," J. Mol. Biol., vol. 215, pp. 403--410, 1990.

Crossref

Google Scholar

[4]

K. Katoh, K. Kuma, H. Toh, and T. Miyata, "MAFFT version 5: improvement in accuracy of multiple sequence alignment," Nucl. Acid. Res., vol. 33, pp. 511--518, 2005.

Crossref

Google Scholar

[5]

S. Eddy, "A new generation of homology search tools based on probabilistic inference," Genome Inform, vol 23, pp. 205--211, 2009.

Google Scholar

Cited By

View all

Zincir-Heywood NKayacik G(2017)Evolutionary computation in network management and securityProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3067695.3067726(1094-1112)Online publication date: 15-Jul-2017
https://dl.acm.org/doi/10.1145/3067695.3067726
Cai GWang BHu WWang T(2016)Moving target defense: state of the art and characteristicsFrontiers of Information Technology & Electronic Engineering10.1631/FITEE.160132117:11(1122-1153)Online publication date: 11-Nov-2016
https://doi.org/10.1631/FITEE.1601321
Oehmen CBruillard PMatzke BPhillips AStar KJensen JNordwall DThompson SPeterson E(2016)LINEBACKER: LINE-Speed Bio-Inspired Analysis and Characterization for Event Recognition2016 IEEE Security and Privacy Workshops (SPW)10.1109/SPW.2016.44(88-95)Online publication date: May-2016
https://doi.org/10.1109/SPW.2016.44
Show More Cited By

Index Terms

Evolutionary drift models for moving target defense

Recommendations

Moving Target Defense Against Injection Attacks
Algorithms and Architectures for Parallel Processing
Abstract
With the development of network technology, web services become more convenient and popular. However, web services are also facing serious security threats, especially SQL injection attack(SQLIA). Due to the diversity of attack techniques and the ...
Evaluating Deception and Moving Target Defense with Network Attack Simulation
MTD'22: Proceedings of the 9th ACM Workshop on Moving Target Defense

In the field of network security, with the ongoing arms race between attackers, seeking new vulnerabilities to bypass defense mechanisms and defenders reinforcing their prevention, detection and response strategies, the novel concept of cyber deception ...
An organic model for detecting cyber-events
CSIIRW '10: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research

Cyber entities in many ways mimic the behavior of organic systems. Individuals or groups compete for limited resources using a variety of strategies, the most effective of which are reused and refined in later 'generations'. Traditionally this behavior ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CSIIRW '13: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop

January 2013

282 pages

ISBN:9781450316873

DOI:10.1145/2459976

Editors:
Frederick Sheldon
Oak Ridge National Laboratory
,
Annarita Giani
Los Alamos National Laboratory
,
Axel Krings
University of Idaho
,
Robert Abercrombie
Oak Ridge National Laboratory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 January 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Laboratory Directed Research and Development

Conference

CSIIRW '13

Sponsor:

Los Alamos National Labs
Sandia National Labs
DOE
Lawrence Livermore National Lab.
BERKELEYLAB
Argonne Natl Lab
Idaho National Lab.
Nevada National Security Site

CSIIRW '13: Cyber Security and Information Intelligence

January 8 - 10, 2013

Tennessee, Oak Ridge, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
203
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Zincir-Heywood NKayacik G(2017)Evolutionary computation in network management and securityProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3067695.3067726(1094-1112)Online publication date: 15-Jul-2017
https://dl.acm.org/doi/10.1145/3067695.3067726
Cai GWang BHu WWang T(2016)Moving target defense: state of the art and characteristicsFrontiers of Information Technology & Electronic Engineering10.1631/FITEE.160132117:11(1122-1153)Online publication date: 11-Nov-2016
https://doi.org/10.1631/FITEE.1601321
Oehmen CBruillard PMatzke BPhillips AStar KJensen JNordwall DThompson SPeterson E(2016)LINEBACKER: LINE-Speed Bio-Inspired Analysis and Characterization for Event Recognition2016 IEEE Security and Privacy Workshops (SPW)10.1109/SPW.2016.44(88-95)Online publication date: May-2016
https://doi.org/10.1109/SPW.2016.44
Jacob FWynne ALiu YGray J(2014)Domain-Specific Languages for Developing and Deploying Signature Discovery WorkflowsComputing in Science & Engineering10.1109/MCSE.2013.9716:1(52-64)Online publication date: Jan-2014
https://doi.org/10.1109/MCSE.2013.97
Teuton JPeterson ENordwall DAkyol BOehmen C(2013)LINEBACkER: Bio-inspired data reduction toward real time network traffic analysis2013 6th International Symposium on Resilient Control Systems (ISRCS)10.1109/ISRCS.2013.6623771(170-174)Online publication date: Aug-2013
https://doi.org/10.1109/ISRCS.2013.6623771
Peterson ECurtis DPhillips ATeuton JOehmen C(2013)A generalized bio-inspired method for discovering sequence-based signatures2013 IEEE International Conference on Intelligence and Security Informatics10.1109/ISI.2013.6578853(330-332)Online publication date: Jun-2013
https://doi.org/10.1109/ISI.2013.6578853

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Moving Target Defense Against Injection Attacks

Evaluating Deception and Moving Target Defense with Network Attack Simulation

An organic model for detecting cyber-events