Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Machine Learning Based Resilience Testing of an Address Randomization Cyber Defense

Journal Article · · IEEE Transactions on Dependable and Secure Computing
 [1];  [1];  [1];  [2];  [1];  [1];  [2];  [3];  [2];  [4];  [5]
  1. Purdue Univ., West Lafayette, IN (United States)
  2. Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
  3. Univ. of North Carolina, Charlotte, NC (United States)
  4. Middle East Technical University, Ankara (Turkey)
  5. Roosevelt University, Chicago, IL (United States)
+ Show Author Affiliations

Moving target defenses (MTDs) are widely used as an active defense strategy for thwarting cyberattacks on cyber-physical systems by increasing diversity of software and network paths. Recently, machine Learning (ML) and deep Learning (DL) models have been demonstrated to defeat some of the cyber defenses by learning attack detection patterns and defense strategies. It raises concerns about the susceptibility of MTD to ML and DL methods. Here, in this article, we analyze the effectiveness of ML and DL models when it comes to deciphering MTD methods and ultimately evade MTD-based protections in real-time systems. Specifically, we consider a MTD algorithm that periodically randomizes address assignments within the MIL-STD-1553 protocol—a military standard serial data bus. Two ML and DL-based tasks are performed on MIL-STD-1553 protocol to measure the effectiveness of the learning models in deciphering the MTD algorithm: 1) determining whether there is an address assignments change i.e., whether the given system employs a MTD protocol and if it does 2) predicting the future address assignments. The supervised learning models (random forest and k-nearest neighbors) effectively detected the address assignment changes and classified whether the given system is equipped with a specified MTD protocol. On the other hand, the unsupervised learning model (K-means) was significantly less effective. The DL model (long short-term memory) was able to predict the future addresses with varied effectiveness based on MTD algorithm's settings.

Research Organization:
Sandia National Laboratories (SNL-NM), Albuquerque, NM (United States)
Sponsoring Organization:
USDOE National Nuclear Security Administration (NNSA); USDOE Laboratory Directed Research and Development (LDRD) Program
Grant/Contract Number:
NA0003525
OSTI ID:
2311703
Report Number(s):
SAND--2023-11339J
Journal Information:
IEEE Transactions on Dependable and Secure Computing, Journal Name: IEEE Transactions on Dependable and Secure Computing Journal Issue: 6 Vol. 20; ISSN 1545-5971
Publisher:
IEEECopyright Statement
Country of Publication:
United States
Language:
English

References (61)

Transforming big data into smart data: An insight on the use of the k‐nearest neighbors algorithm to obtain quality data journal November 2018
Compiler-Generated Software Diversity book January 2011
An Automated Security Analysis Framework and Implementation for MTD Techniques on Cloud book January 2020
A Practical Attack on the MIFARE Classic book January 2008
A review on the long short-term memory model journal May 2020
A comprehensive survey of AI-enabled phishing attacks detection techniques journal October 2020
A Survey on the Moving Target Defense Strategies: An Architectural Perspective journal January 2019
Integrated moving target defense and control reconfiguration for securing Cyber-Physical systems journal March 2020
On hyperparameter optimization of machine learning algorithms: Theory and practice journal November 2020
Fast density clustering strategies based on the k-means algorithm journal November 2017
An Ensemble Random Forest Algorithm for Insurance Big Data Analysis journal January 2017
Dynamic Defense Strategy Against DoS Attacks Over Vehicular Ad Hoc Networks Based on Port Hopping journal January 2018
CAN ID Shuffling Technique (CIST): Moving Target Defense Strategy for Protecting In-Vehicle CAN journal January 2019
ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review journal January 2020
Machine Learning Approaches for Combating Distributed Denial of Service Attacks in Modern Networking Environments journal January 2021
Analysis of Machine learning Techniques Used in Behavior-Based Malware Detection
  • Firdausi, Ivan; lim, Charles; Erwin, Alva
  • 2010 Second International Conference on Advances in Computing, Control, and Telecommunication Technologies https://doi.org/10.1109/ACT.2010.33
conference December 2010
Techniques for the dynamic randomization of network attributes conference September 2015
A Port Hopping Based DoS Mitigation Scheme in SDN Network conference December 2016
A moving target defense mechanism for MANETs based on identity virtualization conference October 2013
A Survey of Moving Target Defenses for Network Security journal January 2020
SDN-Based IP Shuffling Moving Target Defense with Multiple SDN Controllers
  • Narantuya, Jargalsaikhan; Yoon, Seunghyun; Lim, Hyuk
  • 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks – Supplemental Volume (DSN-S) https://doi.org/10.1109/DSN-S.2019.00013
conference June 2019
Forecasting IPv4 exhaustion and IPv6 migration
  • Beeharry, Jailendrasingh; Nowbutsing, Bhissum
  • 2016 IEEE International Conference on Emerging Technologies and Innovative Business Practices for the Transformation of Societies (EmergiTech) https://doi.org/10.1109/EmergiTech.2016.7737362
conference August 2016
Security Function Virtualization Based Moving Target Defense of SDN-Enabled Smart Grid conference May 2019
AI Benchmark: All About Deep Learning on Smartphones in 2019 conference October 2019
Vanishing Gradient Mitigation with Deep Learning Neural Network Optimization conference June 2019
DeepX: A Software Accelerator for Low-Power Deep Learning Inference on Mobile Devices conference April 2016
Multiple OS rotational environment an implemented Moving Target Defense conference August 2014
Moving-Target Defenses for Computer Networks journal March 2014
Moving Target Defense for Space Systems conference August 2021
An empirical analysis of feature engineering for predictive modeling conference March 2016
No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis conference May 2016
MAIDENS: MIL-STD-1553 Anomaly-Based Intrusion Detection System Using Time-Based Histogram Comparison journal February 2020
Intrusion Detection System for the MIL-STD-1553 Communication Bus journal August 2020
Using Proactive Fault-Tolerance Approach to Enhance Cloud Service Reliability journal October 2018
From Byzantine Fault-Tolerance to Fault-Avoidance: An Architectural Transformation to Attack and Failure Resiliency journal January 2018
Bio-Inspired Formal Model for Space/Time Virtual Machine Randomization and Diversification journal April 2022
The Design of a Generic Intrusion-Tolerant Architecture for Web Servers journal January 2009
Analysis of Moving Target Defense Against False Data Injection Attacks on Power Grid journal January 2020
Deceiving Network Reconnaissance Using SDN-Based Virtual Topologies journal December 2017
Attack Graph-Based Moving Target Defense in Software-Defined Networks journal September 2020
FRVM: Flexible Random Virtual IP Multiplexing in Software-Defined Networks
  • Sharma, Dilli Prasad; Kim, Dong Seong; Yoon, Seunghyun
  • 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) https://doi.org/10.1109/TrustCom/BigDataSE.2018.00088
conference August 2018
Optimal Machine Learning Algorithms for Cyber Threat Detection conference March 2018
DDoSNet: A Deep-Learning Model for Detecting Network Attacks conference August 2020
Deep learning on mobile devices: a review conference May 2019
Using early phase termination to eliminate load imbalances at barrier synchronization points conference January 2007
Membership privacy conference January 2013
When Good Becomes Evil conference October 2015
ASLR-Guard conference October 2015
Deep Learning with Differential Privacy
  • Abadi, Martin; Chu, Andy; Goodfellow, Ian
  • CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security https://doi.org/10.1145/2976749.2978318
conference October 2016
ProcHarvester conference May 2018
Property Inference Attacks on Fully Connected Neural Networks using Permutation Invariant Representations conference October 2018
Dynamic Address Validation Array (DAVA) conference November 2020
Effective and efficient network anomaly detection system using machine learning algorithm journal June 2019
Learning to Forget: Continual Prediction with LSTM journal October 2000
A Review of Recurrent Neural Networks: LSTM Cells and Network Architectures journal July 2019
The advantages of the Matthews correlation coefficient (MCC) over F1 score and accuracy in binary classification evaluation journal January 2020
Optimal classifier for imbalanced data using Matthews Correlation Coefficient metric journal June 2017
VISIBLE: Video-Assisted Keystroke Inference from Tablet Backside Motion conference January 2016
OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS conference January 2018
ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models conference January 2019
Detecting spams in social networks using ML algorithms - a review journal January 2018

Similar Records

Grid Cyber-Security Strategy in an Attacker-Defender Model
Journal Article · Fri Apr 02 00:00:00 EDT 2021 · Cryptography · OSTI ID:1997527
Cyber Friendly Fire: Research Challenges for Security Informatics
Conference · Thu Jun 06 00:00:00 EDT 2013 · OSTI ID:1157007

Related Subjects

45 MILITARY TECHNOLOGY, WEAPONRY, AND NATIONAL DEFENSE
97 MATHEMATICS AND COMPUTING
cyber resilience
cyber security
cyber-attacks
long-short-term-memory
moving target defense
random forest
supervised learning
unsupervised learning