{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,15]],"date-time":"2025-10-15T04:25:50Z","timestamp":1760502350806,"version":"3.37.3"},"reference-count":46,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2021,5,31]],"date-time":"2021-05-31T00:00:00Z","timestamp":1622419200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,5,31]],"date-time":"2021-05-31T00:00:00Z","timestamp":1622419200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"Rheinmetall"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2022,4]]},"abstract":"Abstract<\/jats:title>With numbers of exploitable vulnerabilities and attacks on networks constantly increasing, it is important to employ defensive techniques to protect one\u2019s systems. A wide range of defenses are available and new paradigms such as Moving Target Defense (MTD) rise in popularity. But to make informed decisions on which defenses to implement, it is necessary to evaluate their effectiveness first. In many cases, the full impact these techniques have on security is not well understood yet. In this paper we propose network defense evaluation based on detailed attack simulation. Using a flexible modeling language, networks, attacks, and defenses are described in high detail, yielding a fine-grained scenario definition. Based on this, an automated instantiator generates a wide range of realistic benchmark networks. These serve to perform simulations, allowing to evaluate the security impact of different defenses, both quantitatively and qualitatively. A case study based on a mid-sized corporate network scenario and different Moving Target Defenses illustrates the usefulness of this approach. Results show that virtual machine migration, a frequently suggested MTD technique, more often degrades than improves security. Hence, we argue that evaluation based on realistic attack simulation is a qualified approach to examine and verify claims of newly proposed defense techniques.<\/jats:p>","DOI":"10.1007\/s10207-021-00552-9","type":"journal-article","created":{"date-parts":[[2021,5,31]],"date-time":"2021-05-31T16:31:33Z","timestamp":1622478693000},"page":"253-278","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Automated benchmark network diversification for realistic attack simulation with application to moving target defense"],"prefix":"10.1007","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0967-5533","authenticated-orcid":false,"given":"Alexander","family":"Bajic","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1200-1508","authenticated-orcid":false,"given":"Georg T.","family":"Becker","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,5,31]]},"reference":[{"key":"552_CR1","unstructured":"Abdel Wahab, O., Bentahar, J., Otrok, H., Mourad, A.: Resource-aware detection and defense system against multi-type attacks in the cloud: repeated Bayesian stackelberg game. IEEE Trans. Depend. Secure Comput. 1 (2019)"},{"key":"552_CR2","doi-asserted-by":"crossref","unstructured":"Ahmed, N.O., Bhargava, B.: Bio-inspired formal model for space\/time virtual machine randomization and diversification. IEEE Trans. Cloud Comput. 1 (2020)","DOI":"10.1109\/TCC.2020.2969353"},{"key":"552_CR3","doi-asserted-by":"crossref","unstructured":"Ahmed, N.O., Bhargava, B.: Mayflies: a moving target defense framework for distributed systems. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense, pp. 59\u201364. MTD \u201916, ACM (2016)","DOI":"10.1145\/2995272.2995283"},{"key":"552_CR4","doi-asserted-by":"crossref","unstructured":"Alavizadeh, H., Jang-Jaccard, J., Kim, D.S.: Evaluation for combination of shuffle and diversity on moving target defense strategy for cloud computing. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 573\u2013578 (2018)","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00087"},{"key":"552_CR5","doi-asserted-by":"publisher","first-page":"507","DOI":"10.1016\/j.future.2019.10.009","volume":"111","author":"H Alavizadeh","year":"2019","unstructured":"Alavizadeh, H., Kim, D.S., Jang-Jaccard, J.: Model-based evaluation of combinations of shuffle and diversity MTD techniques on the cloud. Future Gener. Comput. Syst. 111, 507\u2013522 (2019)","journal-title":"Future Gener. Comput. Syst."},{"issue":"6","key":"552_CR6","doi-asserted-by":"publisher","first-page":"1361","DOI":"10.1109\/TIFS.2017.2779436","volume":"13","author":"HMJ Almohri","year":"2018","unstructured":"Almohri, H.M.J., Watson, L.T., Evans, D.: Misery digraphs: delaying intrusion attacks in obscure clouds. IEEE Trans. Inf. Forensics Secur. 13(6), 1361\u20131375 (2018)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"552_CR7","doi-asserted-by":"crossref","unstructured":"Anderson, N., Mitchell, R., Chen, I.R.: Parameterizing moving target defenses. In: 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp.\u00a01\u20136 (2016)","DOI":"10.1109\/NTMS.2016.7792466"},{"key":"552_CR8","doi-asserted-by":"crossref","unstructured":"Bajic, A., Becker, G.T.: Attack simulation for a realistic evaluation and comparison of network security techniques. In: Nordic Conference on Secure IT Systems, pp. 236\u2013254. Springer (2018)","DOI":"10.1007\/978-3-030-03638-6_15"},{"key":"552_CR9","doi-asserted-by":"crossref","unstructured":"Bajic, A., Becker, G.T.: A critical view on moving target defense and its analogies. In: Proceedings of the 17th ACM International Conference on Computing Frontiers, pp. 277\u2013283 (2020)","DOI":"10.1145\/3387902.3397225"},{"key":"552_CR10","doi-asserted-by":"crossref","unstructured":"Bangalore, A.K., Sood, A.K.: Securing web servers using self cleansing intrusion tolerance (SCIT). In: 2009 Second International Conference on Dependability, pp. 60\u201365 (2009)","DOI":"10.1109\/DEPEND.2009.15"},{"issue":"1","key":"552_CR11","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1109\/TNSM.2018.2889842","volume":"16","author":"S Chang","year":"2019","unstructured":"Chang, S., Park, Y., Ashok Babu, B.B.: Fast IP hopping randomization to secure hop-by-hop access in SDN. IEEE Trans. Netw. Serv. Manag. 16(1), 308\u2013320 (2019)","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"552_CR12","doi-asserted-by":"publisher","first-page":"11437","DOI":"10.1109\/ACCESS.2020.2965090","volume":"8","author":"Z Chen","year":"2020","unstructured":"Chen, Z., Chang, X., Han, Z., Yang, Y.: Numerical evaluation of job finish time under MTD environment. IEEE Access 8, 11437\u201311446 (2020)","journal-title":"IEEE Access"},{"issue":"1","key":"552_CR13","doi-asserted-by":"publisher","first-page":"709","DOI":"10.1109\/COMST.2019.2963791","volume":"22","author":"J Cho","year":"2020","unstructured":"Cho, J., Sharma, D.P., Alavizadeh, H., Yoon, S., Ben-Asher, N., Moore, T.J., Kim, D.S., Lim, H., Nelson, F.F.: Toward proactive, adaptive defense: a survey on moving target defense. IEEE Commun. Surv. Tutor. 22(1), 709\u2013745 (2020)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"552_CR14","doi-asserted-by":"crossref","unstructured":"Cho, J.H., Zhu, M., Singh, M.: Modeling and analysis of deception games based on hypergame theory. In: Autonomous Cyber Deception, pp. 49\u201374. Springer (2019)","DOI":"10.1007\/978-3-030-02110-8_4"},{"key":"552_CR15","doi-asserted-by":"crossref","unstructured":"Chowdhary, A., Alshamrani, A., Huang, D., Liang, H.: MTD analysis and evaluation framework in software defined network (MASON). In: Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization. SDN-NFV Sec \u201918, pp. 43\u201348. ACM (2018)","DOI":"10.1145\/3180465.3180473"},{"key":"552_CR16","unstructured":"Connell, W., Menasce, D.A., Albanese, M.: Performance modeling of moving target defenses with reconfiguration limits. IEEE Trans. Depend. Secure Comput. 1 (2018)"},{"key":"552_CR17","doi-asserted-by":"crossref","unstructured":"Connell, W., Albanese, M., Venkatesan, S.: A framework for moving target defense quantification. In: IFIP International Conference on ICT Systems Security and Privacy Protection, pp. 124\u2013138. Springer (2017)","DOI":"10.1007\/978-3-319-58469-0_9"},{"key":"552_CR18","doi-asserted-by":"crossref","unstructured":"Connell, W., Menasc\u00e9, D.A., Albanese, M.: Performance modeling of moving target defenses. In: Proceedings of the 2017 Workshop on Moving Target Defense. MTD \u201917, pp. 53\u201363. ACM (2017)","DOI":"10.1145\/3140549.3140550"},{"issue":"2","key":"552_CR19","doi-asserted-by":"publisher","first-page":"890","DOI":"10.1109\/TNSM.2020.2978425","volume":"17","author":"S Debroy","year":"2020","unstructured":"Debroy, S., Calyam, P., Nguyen, M., Neupane, R.L., Mukherjee, B., Eeralla, A.K., Salah, K.: Frequency-minimal utility-maximal moving target defense against DDoS in SDN-based systems. IEEE Trans. Netw. Serv. Manag. 17(2), 890\u2013903 (2020)","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"552_CR20","doi-asserted-by":"crossref","unstructured":"Dunlop, M., Groat, S., Urbanski, W., Marchany, R., Tront, J.: MT6D: a moving target IPv6 defense. In: Military Communications Conference\u2014MILCOM 2011, pp. 1321\u20131326 (2011)","DOI":"10.1109\/MILCOM.2011.6127486"},{"key":"552_CR21","doi-asserted-by":"crossref","unstructured":"Enoch, S.Y., Hong, J.B., Ge, M., Alzaid, H., Kim, D.S.: Automated security investment analysis of dynamic networks. In: Proceedings of the Australasian Computer Science Week Multiconference. ACSW \u201918. ACM (2018)","DOI":"10.1145\/3167918.3167964"},{"issue":"1","key":"552_CR22","first-page":"95","volume":"14","author":"Y Han","year":"2015","unstructured":"Han, Y., Chan, J., Alpcan, T., Leckie, C.: Using virtual machine allocation policies to defend against co-resident attacks in cloud computing. IEEE Trans. Depend. Secure Comput. 14(1), 95\u2013108 (2015)","journal-title":"IEEE Trans. Depend. Secure Comput."},{"issue":"6","key":"552_CR23","doi-asserted-by":"publisher","first-page":"626","DOI":"10.1109\/TDSC.2014.2382574","volume":"12","author":"H Holm","year":"2015","unstructured":"Holm, H., Shahzad, K., Buschle, M., Ekstedt, M.: P$$^{2}$$ CySeMoL: predictive, probabilistic cyber security modeling language. IEEE Trans. Depend. Secure Comput. 12(6), 626\u2013639 (2015)","journal-title":"IEEE Trans. Depend. Secure Comput."},{"issue":"2","key":"552_CR24","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1109\/TDSC.2015.2443790","volume":"13","author":"JB Hong","year":"2016","unstructured":"Hong, J.B., Kim, D.S.: Assessing the effectiveness of moving target defenses using security models. IEEE Trans. Depend. Secure Comput. 13(2), 163\u2013177 (2016)","journal-title":"IEEE Trans. Depend. Secure Comput."},{"key":"552_CR25","doi-asserted-by":"crossref","unstructured":"Johnson, P., Vernotte, A., Ekstedt, M., Lagerstr\u00f6m, R.: pwnpr3d: an attack-graph-driven probabilistic threat-modeling approach. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 278\u2013283. IEEE (2016)","DOI":"10.1109\/ARES.2016.77"},{"key":"552_CR26","doi-asserted-by":"crossref","unstructured":"Kewley, D., Fink, R., Lowry, J., Dean, M.: Dynamic approaches to thwart adversary intelligence gathering. In: DARPA Information Survivability Conference and Exposition II, 2001. DISCEX \u201901. Proceedings, vol.\u00a01, pp. 176\u2013185 (2001)","DOI":"10.1109\/DISCEX.2001.932214"},{"key":"552_CR27","doi-asserted-by":"publisher","first-page":"184","DOI":"10.1016\/j.comcom.2017.12.001","volume":"116","author":"C Lei","year":"2018","unstructured":"Lei, C., Zhang, H.Q., Wan, L.M., Liu, L., He Ma, D.: Incomplete information Markov game theoretic approach to strategy generation for moving target defense. Comput. Commun. 116, 184\u2013199 (2018)","journal-title":"Comput. Commun."},{"key":"552_CR28","doi-asserted-by":"crossref","unstructured":"Li, J., Yackoski, J., Evancich, N.: Moving target defense: a journey from idea to product. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense. MTD \u201916, pp. 69\u201379. ACM (2016)","DOI":"10.1145\/2995272.2995286"},{"key":"552_CR29","doi-asserted-by":"crossref","unstructured":"MacFarland, D.C., Shue, C.A.: The SDN shuffle: Creating a moving-target defense using host-based software-defined networking. In: Proceedings of the Second ACM Workshop on Moving Target Defense, MTD \u201915, pp. 37\u201341. ACM (2015)","DOI":"10.1145\/2808475.2808485"},{"key":"552_CR30","doi-asserted-by":"crossref","unstructured":"Maleki, H., Valizadeh, S., Koch, W., Bestavros, A., van Dijk, M.: Markov modeling of moving target defense games. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense. MTD \u201916, pp. 81\u201392. ACM (2016)","DOI":"10.1145\/2995272.2995273"},{"issue":"1","key":"552_CR31","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1080\/00031305.1978.10479236","volume":"32","author":"R Mcgill","year":"1978","unstructured":"Mcgill, R., Tukey, J.W., Larsen, W.A.: Variations of box plots. Am. Stat. 32(1), 12\u201316 (1978)","journal-title":"Am. Stat."},{"key":"552_CR32","doi-asserted-by":"crossref","unstructured":"Mendon\u00e7a, J., Cho, J.H., Moore, T.J., Nelson, F.F., Lim, H., Zimmermann, A., Kim, D.S.: Performability analysis of services in a software-defined networking adopting time-based moving target defense mechanisms. In: Proceedings of the 35th Annual ACM Symposium on Applied Computing. SAC \u201920, p. 1180\u20131189. ACM (2020)","DOI":"10.1145\/3341105.3374016"},{"key":"552_CR33","doi-asserted-by":"crossref","unstructured":"Narantuya, J., Yoon, S., Lim, H., Cho, J., Kim, D.S., Moore, T., Nelson, F.: SDN-based IP shuffling moving target defense with multiple SDN controllers. In: 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks\u2014Supplemental Volume (DSN-S), pp. 15\u201316 (2019)","DOI":"10.1109\/DSN-S.2019.00013"},{"key":"552_CR34","doi-asserted-by":"crossref","unstructured":"Neupane, R.L., Neely, T., Chettri, N., Vassell, M., Zhang, Y., Calyam, P., Durairajan, R.: Dolus: Cyber defense using pretense against DDoS attacks in cloud platforms. In: Proceedings of the 19th International Conference on Distributed Computing and Networking. ICDCN \u201918, pp. 30:1\u201330:10. ACM (2018)","DOI":"10.1145\/3154273.3154346"},{"key":"552_CR35","unstructured":"Ou, X., Govindavajhala, S., Appel, A.W.: Mulval: a logic-based network security analyzer. In: USENIX Security Symposium, p.\u00a08. Baltimore, MD (2005)"},{"key":"552_CR36","doi-asserted-by":"crossref","unstructured":"Prakash, A., Wellman, M.P.: Empirical game-theoretic analysis for moving target defense. In: Proceedings of the Second ACM Workshop on Moving Target Defense. MTD \u201915, pp. 57\u201365. ACM (2015)","DOI":"10.1145\/2808475.2808483"},{"key":"552_CR37","doi-asserted-by":"crossref","unstructured":"Taylor, J., Zaffarano, K., Koller, B., Bancroft, C., Syversen, J.: Automated effectiveness evaluation of moving target defenses: Metrics for missions and attacks. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense. MTD \u201916, pp. 129\u2013134. ACM (2016)","DOI":"10.1145\/2995272.2995282"},{"key":"552_CR38","unstructured":"Vadlamudi, S.G., Sengupta, S., Taguinod, M., Zhao, Z., Doup\u00e9, A., Ahn, G.J., Kambhampati, S.: Moving target defense for web applications using Bayesian stackelberg games: (extended abstract). In: Proceedings of the 2016 International Conference on Autonomous Agents and Multiagent Systems. AAMAS \u201916, pp. 1377\u20131378 (2016)"},{"key":"552_CR39","doi-asserted-by":"crossref","unstructured":"Wang, H., Li, F., Chen, S.: Towards cost-effective moving target defense against DDoS and covert channel attacks. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense. MTD \u201916, pp. 15\u201325. ACM (2016)","DOI":"10.1145\/2995272.2995281"},{"issue":"1","key":"552_CR40","doi-asserted-by":"publisher","first-page":"661","DOI":"10.1109\/JIOT.2019.2943151","volume":"7","author":"S Wang","year":"2020","unstructured":"Wang, S., Shi, H., Hu, Q., Lin, B., Cheng, X.: Moving target defense for internet of things based on the zero-determinant theory. IEEE Internet Things J. 7(1), 661\u2013668 (2020)","journal-title":"IEEE Internet Things J."},{"key":"552_CR41","doi-asserted-by":"publisher","first-page":"9998","DOI":"10.1109\/ACCESS.2019.2891613","volume":"7","author":"X Xiong","year":"2019","unstructured":"Xiong, X., Yang, L., Zhao, G.: Effectiveness evaluation model of moving target defense based on system attack surface. IEEE Access 7, 9998\u201310014 (2019)","journal-title":"IEEE Access"},{"key":"552_CR42","doi-asserted-by":"crossref","unstructured":"Zheng, J., Siami Namin, A.: Enforcing optimal moving target defense policies. In: 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), vol.\u00a01, pp. 753\u2013759 (2019)","DOI":"10.1109\/COMPSAC.2019.00112"},{"issue":"1","key":"552_CR43","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/s11390-019-1906-z","volume":"34","author":"J Zheng","year":"2019","unstructured":"Zheng, J., Namin, A.S.: A survey on the moving target defense strategies: an architectural perspective. J. Comput. Sci. Technol. 34(1), 207\u2013233 (2019)","journal-title":"J. Comput. Sci. Technol."},{"key":"552_CR44","doi-asserted-by":"crossref","unstructured":"Zhuang, R., Bardas, A.G., DeLoach, S.A., Ou, X.: A theory of cyber attacks: a step towards analyzing MTD systems. In: Proceedings of the Second ACM Workshop on Moving Target Defense. MTD \u201915, pp. 11\u201320. ACM (2015)","DOI":"10.1145\/2808475.2808478"},{"key":"552_CR45","doi-asserted-by":"crossref","unstructured":"Zhuang, R., DeLoach, S.A., Ou, X.: A model for analyzing the effect of moving target defenses on enterprise networks. In: Proceedings of the 9th Annual Cyber and Information Security Research Conference. CISR \u201914, pp. 73\u201376. ACM (2014)","DOI":"10.1145\/2602087.2602088"},{"key":"552_CR46","unstructured":"Zhuang, R., Zhang, S., DeLoach, S.A., Ou, X., Singhal, A.: Simulation-based approaches to studying effectiveness of moving-target network defense. In: National Symposium on Moving Target Research. NIST (2012)"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-021-00552-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-021-00552-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-021-00552-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,31]],"date-time":"2024-08-31T22:08:08Z","timestamp":1725142088000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-021-00552-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5,31]]},"references-count":46,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2022,4]]}},"alternative-id":["552"],"URL":"https:\/\/doi.org\/10.1007\/s10207-021-00552-9","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2021,5,31]]},"assertion":[{"value":"31 May 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}},{"value":"Python scripts are included to recalculate all boxplots, histograms, and tables of the simulation results, as well as the chart depicting the distribution of dominant effect combinations (Online Resource 2). Code for scenario translation and simulation engine is not included (copyright of the code lies with our industry partner Rhein-metall). The code in the high-level language describing the case study scenario as well as the additional smaller scenario developed for performance analysis together with attacker and defender actions is included (Online Resource 1).","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Code availability"}}]}}