skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Effectiveness of OS Diversity in a Moving Target Defense Platform

; ;
Publication Date:
Research Org.:
Argonne National Lab. (ANL), Argonne, IL (United States)
Sponsoring Org.:
USDOE Office of Science (SC)
OSTI Identifier:
DOE Contract Number:
Resource Type:
Resource Relation:
Conference: 10th Annual Cyber and Information Security Research Conference, 04/07/15 - 04/09/15, Oak Ridge, TN, US
Country of Publication:
United States

Citation Formats

Thompson, Michael, Evans, Nathaniel, and Theel-Joyce, Amanda. Effectiveness of OS Diversity in a Moving Target Defense Platform. United States: N. p., 2015. Web.
Thompson, Michael, Evans, Nathaniel, & Theel-Joyce, Amanda. Effectiveness of OS Diversity in a Moving Target Defense Platform. United States.
Thompson, Michael, Evans, Nathaniel, and Theel-Joyce, Amanda. 2015. "Effectiveness of OS Diversity in a Moving Target Defense Platform". United States. doi:.
title = {Effectiveness of OS Diversity in a Moving Target Defense Platform},
author = {Thompson, Michael and Evans, Nathaniel and Theel-Joyce, Amanda},
abstractNote = {},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = 2015,
month = 1

Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share:
  • One of the biggest challenges faced by cyber defenders is that attacks evolve more rapidly than our ability to recognize them. We propose a moving target defense concept in which the means of detection is set in motion. This is done by moving away from static signature-based detection and instead adopting biological modeling techniques that describe families of related sequences. We present here one example for how to apply evolutionary models to cyber sequences, and demonstrate the feasibility of this technique on analysis of a complex, evolving software project. Specifically, we applied sequence-based and profile-based evolutionary models and report themore » ability of these models to recognize highly volatile code regions. We found that different drift models reliably identify different types of evolutionarily related code regions. The impact is that these (and possibly other) evolutionary models could be used in a moving target defense in which the "signature" being used to detect sequence-based behaviors is not a fixed signature but one that can recognize new variants of a known family based on multiple evolutionary models.« less
  • Abstract not provided.
  • Abstract not provided.
  • Address shuffling is a type of moving target defense that prevents an attacker from reliably contacting a system by periodically remapping network addresses. Although limited testing has demonstrated it to be effective, little research has been conducted to examine the theoretical limits of address shuffling. As a result, it is difficult to understand how effective shuffling is and under what circumstances it is a viable moving target defense. This paper introduces probabilistic models that can provide insight into the performance of address shuffling. These models quantify the probability of attacker success in terms of network size, quantity of addresses scanned,more » quantity of vulnerable systems, and the frequency of shuffling. Theoretical analysis will show that shuffling is an acceptable defense if there is a small population of vulnerable systems within a large network address space, however shuffling has a cost for legitimate users. These results will also be shown empirically using simulation and actual traffic traces.« less