Dynamic Security Metrics for Software-Defined Network-based Moving Target Defense

We propose a suite of dynamic security metrics that timely, dynamically, and adaptively assess the effectiveness of the software-defined network (SDN)-based moving target defense (MTD) techniques. The security metrics are developed to measure the dynamics of a network and a host state's information (e.g., IP address, port, software stacks, vulnerabilities, or network topology) introduced by various types of MTD techniques shuffling them. The key aspect of our proposed metrics is to capture variability that keeps track of changing patterns of the network and the host states upon every MTD triggering event. In this work, we propose the following security metrics capturing the variability based on the changes made by the MTD: (1) Network and host address-based metrics measuring variability of the network and host addresses based on a degree of uncertainty and unpredictability on the assigned IP address to the hosts in a network; (2) Attack path-based metrics measuring variability of attack paths using graphical models estimated based on the network state transitions from one topology to another topology upon triggering a network topology and/or IP shuffling MTD; and (3) Attack stage-based success metrics measuring the chances of discovering a vulnerable target host's information, exploiting the target host's vulnerability, and compromising the target host. Via extensive simulation study, we investigated the key parameters that can significantly affect the MTD performance based on the proposed security metrics. Our simulation results show that the metrics are viable to measure the effectiveness of deploying the MTD techniques.