Effectiveness Evaluation Model of Moving Target Defense Based on System Attack Surface

Evaluation of moving target defense (MTD) effectiveness has become one of the fundamental problems in current studies. In this paper, an evaluation model of MTD effectiveness based on system attack surface (SAS) is proposed to extend this model covering enterprise-class topology and multi-layered moving target (MT) techniques. The model is focused on the problem of incorrect performance assessment caused by inaccurately characterizing the process of attacking and defending. Existing evaluation models often fail to describe M ID dynamically in a process. To deal with this static view, offensive and defensive process based on a player's move is presented. Besides, it converts all the attack and defense actions into the process, and interactivities are evaluated by system view extended attack surface model. Previously, the proposed attack surface models are not concerned about the links between nodes and vulnerabilities affected by topologies. After comprehensively analyzing the impact of interactions in the system, a SAS model is proposed to demonstrate how resources of the system are affected by the actions of attackers and defenders, thus ensuring the correctness of parameters for SAS in measuring MT technology. Moreover, by generating a sequence of those shifting parameters, a nonhomogeneous hierarchical hidden Markov model is used to find the possible sequence of attacking states by introducing the partial Viterbi algorithm. Also, a sequence of attacking states is defined to illustrate how adversaries are handled by MT technologies and how much additional consumption costs are increased by the system resource reconfiguration. Finally, the simulation of the proposed approach is given in a case study to demonstrate the feasibility and validity of the proposed effectiveness evaluation model in a systematic and dynamic view.