Towards Effective Techniques For Cyber Maneuver Defenses

Open Access
Huang, Chu
Graduate Program:
Information Sciences and Technology
Doctor of Philosophy
Document Type:
Date of Defense:
October 07, 2015
Committee Members:
  • Sencun Zhu, Dissertation Advisor
  • Sencun Zhu, Committee Chair
  • Dinghao Wu, Committee Member
  • Anna Cinzia Squicciarini, Committee Member
  • Zhen Lei, Committee Member
  • moving target defense
  • software diversity
Due to the lowered cost and ease of integration, in the past decades, the commercial software market has been dominated by a small number of large vendors. Popular software, such as Microsoft Windows, Office, Linux, Mozilla Firefox, and Adobe Reader, etc, has been installed on hundreds of millions of computers worldwide. Such dominance in today's information technology environments has created a monoculture that may lead to significant security problems, due to the existence of the large proportion of common vulnerabilities. Among many proposed methods in the recent years, software diversity is a well-accepted and commonly used technique against monoculture threats. In this dissertation we present three topology-aware software assignment methods, which algorithmically distribute software to networked systems to increase the diversity at avoiding large scale propagation of worms or duplicated attacks. Following the survivability through heterogeneity philosophy, we present our first study to improve the survivability of networked systems based on graph multi-coloring. Specifically, we design an efficient algorithm to select and deploy a set of off-the-shelf software to hosts in a networked system, such that the number and types of vulnerabilities presented on one host would be different from that on its neighboring nodes. In this way, we are able to contain a worm in an isolated "island". Naturally, we extend our first study one step further by taking the vulnerability severity into consideration. So in our second study we further redefine the goal of the software assignment problem as reducing the overall potential damage caused by various attack, rather than the number of infected computers. Based on this research goal, we introduced an improved software assignment method by measuring the potential damage resulting by exploiting potential vulnerabilities. We also propose possible improvement on the algorithm by considering the topology of the networks, such as the in-degree, and betweenness, etc. Our evaluation on those improvements can be used as guidance for defender's adjustment according to their architecture in real-world. Extended from our second study, we transform the software assignment problem from single objective to multiple objectives, which incorporates several real-world criteria simultaneously, including network survivability, system feasibility and usability. To solve this multi-objective problem efficiently, we propose an ant colony optimization (ACO) based algorithm, where colonies of artificial ants work collaboratively through both heuristic information and pheromone-mediated communication to iteratively search for better solutions. To validate the generalizability of the proposed method, we experiment our algorithm on various types of network topologies with different parameter settings. The results show that our model can be applied as an effective method for assigning software for multiple objectives. Finally, we propose an evaluation framework for assessing and comparing various software assignment algorithms based on Analytic Hierarchy Process (AHP), which may help one to select a software assignment algorithm that best suit the security goal one is trying to achieve. We believe this thesis is of interest as it offers a way to add diversity to the current homogeneous information technology environments. Our proposed algorithms would be of practical value, as they can be applied as effective methods to avoid large-scale malicious attacks. Our evaluation also provide design implications for software assignment in real-world settings