{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,10]],"date-time":"2026-02-10T17:42:33Z","timestamp":1770745353463,"version":"3.49.0"},"reference-count":55,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2026,2,7]],"date-time":"2026-02-07T00:00:00Z","timestamp":1770422400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100004421","name":"Warsaw University of Technology","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100004421","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>Moving Target Defense (MTD) is a paradigm that has the potential to revolutionize the approach to network security. Although a significant number of papers have been published on the topic, there are still no standards or any dominant implementations of this concept. This article identifies and attempts to bridge the gap in understanding various aspects of MTD security while also defining the research directions necessary to implement MTD techniques in real-world scenarios. It discusses the security of key design principles of MTD, considers problems regarding applying MTD to real networks, and finally addresses threat modeling in the context of MTD. By aggregating various security aspects related to MTD, some of which have not been typically discussed in the available literature on the subject, this work aims to assist in designing future MTD schemes, help navigate around various security caveats, and highlight possible research directions that have not been sufficiently explored in the existing literature.<\/jats:p>","DOI":"10.3390\/fi18020089","type":"journal-article","created":{"date-parts":[[2026,2,9]],"date-time":"2026-02-09T14:05:15Z","timestamp":1770645915000},"page":"89","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Rethinking the Security Assurances of MTD: A Gap Analysis for Network Defense"],"prefix":"10.3390","volume":"18","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2447-0528","authenticated-orcid":false,"given":"\u0141ukasz","family":"Jalowski","sequence":"first","affiliation":[{"name":"Independent Researcher, 80-126 Gda\u0144sk, Poland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Marek","family":"Zmuda","sequence":"additional","affiliation":[{"name":"Intel Corporation, 80-126 Gda\u0144sk, Poland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7489-0785","authenticated-orcid":false,"given":"Mariusz","family":"Rawski","sequence":"additional","affiliation":[{"name":"Faculty of Electronics and Information Technology, Warsaw University of Technology, 00-661 Warsaw, Poland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Paulina","family":"Rekosz","sequence":"additional","affiliation":[{"name":"Intel Corporation, 80-126 Gda\u0144sk, Poland"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2026,2,7]]},"reference":[{"key":"ref_1","unstructured":"IBM Corporation (2024). X-Force Threat Intelligence Index 2024, IBM Corporation. Technical Report."},{"key":"ref_2","unstructured":"MSRC (2024, March 14). Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard. Available online: https:\/\/msrc.microsoft.com\/blog\/2024\/01\/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard\/."},{"key":"ref_3","unstructured":"Co-Chairs\u2019 Report (2009). National Cyber Leap Year Summit, Networking and Information Technology Research and Development. Online Report."},{"key":"ref_4","first-page":"80","article-title":"Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains","volume":"1","author":"Hutchins","year":"2011","journal-title":"Lead. Issues Inf. Warf. Secur. Res."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"1909","DOI":"10.1109\/COMST.2020.2982955","article-title":"A Survey of Moving Target Defenses for Network Security","volume":"22","author":"Sengupta","year":"2020","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"709","DOI":"10.1109\/COMST.2019.2963791","article-title":"Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense","volume":"22","author":"Cho","year":"2020","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Jalowski, \u0141., Zmuda, M., and Rawski, M. (2022). A Survey on Moving Target Defense for Networks: A Practical View. Electronics, 11.","DOI":"10.3390\/electronics11182886"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"207","DOI":"10.1007\/s11390-019-1906-z","article-title":"A Survey on the Moving Target Defense Strategies: An Architectural Perspective","volume":"34","author":"Zheng","year":"2019","journal-title":"J. Comput. Sci. Technol."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"7818","DOI":"10.1109\/JIOT.2020.3040358","article-title":"MTD, Where Art Thou? A Systematic Review of Moving Target Defense Techniques for IoT","volume":"8","author":"Navas","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"160","DOI":"10.1145\/948383.948413","article-title":"Security by obscurity","volume":"46","author":"Mercuri","year":"2003","journal-title":"Commun. ACM"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"1122","DOI":"10.1631\/FITEE.1601321","article-title":"Moving target defense: State of the art and characteristics","volume":"17","author":"Cai","year":"2016","journal-title":"Front. Inf. Technol. Electron. Eng."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"371","DOI":"10.1109\/TSE.2010.60","article-title":"An Attack Surface Metric","volume":"37","author":"Manadhata","year":"2011","journal-title":"Softw. Eng. IEEE Trans."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1016\/j.cose.2018.08.003","article-title":"Dynamic Security Metrics for Measuring the Effectiveness of Moving Target Defense Techniques","volume":"79","author":"Hong","year":"2018","journal-title":"Comput. Secur."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"102805","DOI":"10.1016\/j.jnca.2020.102805","article-title":"Dynamic Security Metrics for Software-Defined Network-based Moving Target Defense","volume":"170","author":"Sharma","year":"2020","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Ma, D., Wang, L., Lei, C., Xu, Z., Zhang, H., and Li, M. (2017). POSTER: Quantitative Security Assessment Method based on Entropy for Moving Target Defense. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, Association for Computing Machinery.","DOI":"10.1145\/3052973.3055161"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"163","DOI":"10.1109\/TDSC.2015.2443790","article-title":"Assessing the Effectiveness of Moving Target Defenses Using Security Models","volume":"13","author":"Hong","year":"2015","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Alavizadeh, H., Hong, J., Jang-Jaccard, J., and Kim, D. (2018). Comprehensive Security Assessment of Combined MTD Techniques for the Cloud. Proceedings of the 5th ACM Workshop on Moving Target Defense, Association for Computing Machinery.","DOI":"10.1145\/3268966.3268967"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"507","DOI":"10.1016\/j.future.2019.10.009","article-title":"Model-based evaluation of combinations of Shuffle and Diversity MTD techniques on the cloud","volume":"111","author":"Alavizadeh","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"102091","DOI":"10.1016\/j.cose.2020.102091","article-title":"Evaluating the Effectiveness of Shuffle and Redundancy MTD Techniques in the Cloud","volume":"102","author":"Alavizadeh","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"1772","DOI":"10.1109\/TETC.2022.3155272","article-title":"Evaluating the Security and Economic Effects of Moving Target Defense Techniques on the Cloud","volume":"10","author":"Alavizadeh","year":"2022","journal-title":"IEEE Trans. Emerg. Top. Comput."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Moghaddam, T., Kim, M., Cho, J.H., Lim, H., Moore, T., Nelson, F., and Kim, D. (2022). A Practical Security Evaluation of a Moving Target Defence against Multi-Phase Cyberattacks. 2022 52nd Annual IEEE\/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), IEEE.","DOI":"10.1109\/DSN-W54100.2022.00026"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Mendon\u00e7a, J., Kim, M., Graczyk, R., V\u00f6lp, M., and Kim, D. (2022). Security Modeling and Analysis of Moving Target Defense in Software Defined Networks. 2022 IEEE 27th Pacific Rim International Symposium on Dependable Computing (PRDC), IEEE.","DOI":"10.1109\/PRDC55274.2022.00028"},{"key":"ref_23","first-page":"1125","article-title":"DSEOM: A Framework for Dynamic Security Evaluation and Optimization of MTD in Container-based Cloud","volume":"18","author":"Jin","year":"2019","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Izadi, S., Izadi, M., Ranjbaran, G., and Homayounmajd, S. (2023). Enhancing Network Security Through Moving Target Defense Technology: An Analysis of the Impact on Attack Level. 2023 7th International Conference on Internet of Things and Applications (IoT), IEEE.","DOI":"10.1109\/IoT60973.2023.10365374"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Sun, R., Zhu, Y., Fei, J., and Chen, X. (2023). A Survey on Moving Target Defense: Intelligently Affordable, Optimized and Self-Adaptive. Appl. Sci., 13.","DOI":"10.3390\/app13095367"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Torquato, M., Maciel, P., and Vieira, M. (2020). Security and Availability Modeling of VM Migration as Moving Target Defense. 2020 IEEE 25th Pacific Rim International Symposium on Dependable Computing (PRDC), IEEE.","DOI":"10.1109\/PRDC50213.2020.00016"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Torquato, M., Maciel, P., and Vieira, M. (2021). Analysis of VM Migration Scheduling as Moving Target Defense against insider attacks. Proceedings of the 36th Annual ACM Symposium on Applied Computing, Association for Computing Machinery.","DOI":"10.1145\/3412841.3441899"},{"key":"ref_28","unstructured":"Torquato, M., and Vieira, M. (2019). Towards Models for Availability and Security Evaluation of Cloud Computing with Moving Target Defense. arXiv."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Alavizadeh, H., Alavizadeh, H., Kim, D., Jang-Jaccard, J., and Niazi Torshiz, M. (2020). An Automated Security Analysis Framework and Implementation for MTD Techniques on Cloud. Information Security and Cryptology\u2014ICISC 2019, Springer.","DOI":"10.1007\/978-3-030-40921-0_9"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Kim, M., Cho, J.H., Lim, H., Moore, T., Nelson, F., and Kim, D. (2022). Performance and Security Evaluation of a Moving Target Defense Based on a Software-Defined Networking Environment. 2022 IEEE 27th Pacific Rim International Symposium on Dependable Computing (PRDC), IEEE.","DOI":"10.1109\/PRDC55274.2022.00026"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"e190","DOI":"10.1002\/itl2.190","article-title":"Moving Target Defense to set Network Slicing Security as a KPI","volume":"3","author":"Cunha","year":"2020","journal-title":"Internet Technol. Lett."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Ravindran, K., Iannelli, M., and Adiththan, A. (2023). Moving-Target-Defense based Security Mechanisms: A System Management Perspective. 2023 15th International Conference on COMmunication Systems & NETworkS (COMSNETS), IEEE.","DOI":"10.1109\/COMSNETS56262.2023.10041246"},{"key":"ref_33","first-page":"90850Q","article-title":"Toward Effectiveness and Agility of Network Security Situational Awareness Using Moving Target Defense (MTD)","volume":"Volume 9085","author":"Ge","year":"2014","journal-title":"Sensors and Systems for Space Applications VII"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Gudla, C., and Sung, A. (2020). Moving Target Defense Discrete Host Address Mutation and Analysis in SDN. 2020 International Conference on Computational Science and Computational Intelligence (CSCI), IEEE.","DOI":"10.1109\/CSCI51800.2020.00017"},{"key":"ref_35","unstructured":"Riley, J. (2017). Understanding Metadata, National Information Standards Organization. Available online: http:\/\/www.niso.org\/publications\/press\/understandingmetadata.pdf."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"2034","DOI":"10.1109\/TMC.2018.2871156","article-title":"Estimation of Static and Dynamic Urban Populations with Mobile Network Metadata","volume":"18","author":"Khodabandelou","year":"2018","journal-title":"IEEE Trans. Mob. Comput."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1186\/s13635-021-00126-1","article-title":"Detection of illicit cryptomining using network metadata","volume":"2021","author":"Russo","year":"2021","journal-title":"EURASIP J. Inf. Secur."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Lazar, D., Gilad, Y., and Zeldovich, N. (2019). Yodel: Strong metadata security for voice calls. Proceedings of the 27th ACM Symposium on Operating Systems Principles, Association for Computing Machinery.","DOI":"10.1145\/3341301.3359648"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"184","DOI":"10.56553\/popets-2023-0105","article-title":"MAPLE: A Metadata-Hiding Policy-Controllable Encrypted Search Platform with Minimal Trust","volume":"2023","author":"Le","year":"2023","journal-title":"Proc. Priv. Enhancing Technol."},{"key":"ref_40","unstructured":"Eskandarian, S., Corrigan-Gibbs, H., Zaharia, M., and Boneh, D. (2021). Express: Lowering the Cost of Metadata-hiding Communication with Cryptographic Privacy. Proceedings of the 30th USENIX Security Symposium (USENIX Security 21), USENIX Association."},{"key":"ref_41","unstructured":"Lazar, D., Gilad, Y., and Zeldovich, N. (2018). Karaoke: Distributed Private Messaging Immune to Passive Traffic Analysis. Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18), USENIX Association."},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Cheng, R., Scott, W., Masserova, E., Zhang, I., Goyal, V., Anderson, T., Krishnamurthy, A., and Parno, B. (2020). Talek: Private Group Messaging with Hidden Access Patterns. Proceedings of the 36th Annual Computer Security Applications Conference, Association for Computing Machinery.","DOI":"10.1145\/3427228.3427231"},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"24","DOI":"10.2478\/popets-2020-0061","article-title":"PriFi: Low-Latency Anonymity for Organizational Networks","volume":"2020","author":"Barman","year":"2020","journal-title":"Proc. Priv. Enhancing Technol."},{"key":"ref_44","unstructured":"Bellare, M., and Miner, S. (2001). A Forward-Secure Digital Signature Scheme. Advances in Cryptology\u2014CRYPTO\u2019 99, Springer."},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"232","DOI":"10.1109\/SP.2015.22","article-title":"SoK: Secure messaging","volume":"Volume 2015","author":"Unger","year":"2015","journal-title":"2015 IEEE Symposium on Security and Privacy"},{"key":"ref_46","unstructured":"Lever, K., Merabti, M., and Kifayat, K. (2013). Single Points of Failure Within Systems-of-Systems. Proceedings of the 14th Annual Post Graduate Symposium on the Convergence of Telecommunications, Networking and Broadcasting (PGNet 2013), Liverpool John Moores University."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"208","DOI":"10.1109\/COMPSAC.2016.76","article-title":"Byzantine Fault Tolerant Software-Defined Networking (SDN) Controllers","volume":"Volume 2","author":"ElDefrawy","year":"2016","journal-title":"2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC)"},{"key":"ref_48","unstructured":"Cloudflare (2024, March 08). SYN Flood Attack. Available online: https:\/\/www.cloudflare.com\/learning\/ddos\/syn-flood-ddos-attack\/."},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"200","DOI":"10.1016\/j.jnca.2016.12.019","article-title":"Quality of Service (QoS) in Software Defined Networking (SDN): A survey","volume":"80","author":"Karakus","year":"2017","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_50","unstructured":"Shostack, A. (2014). Threat Modeling: Designing for Security, Wiley Publishing. [1st ed.]."},{"key":"ref_51","unstructured":"IBM Corporation (2023). IBM Security Cost of a Data Breach Report 2023, IBM Corporation. Technical Report."},{"key":"ref_52","unstructured":"(2024, March 09). Nmap: The Network Mapper. Available online: https:\/\/nmap.org\/."},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"1851","DOI":"10.1109\/COMST.2019.2891891","article-title":"A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities","volume":"21","author":"Alshamrani","year":"2019","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"Chen, P., Desmet, L., and Huygens, C. (2014). A Study on Advanced Persistent Threats. Communications and Multimedia Security, Springer.","DOI":"10.1007\/978-3-662-44885-4_5"},{"key":"ref_55","unstructured":"Sullivan, D.T., and Colbert, E.J. (2016). Network Analysis of Reconnaissance and Intrusion of an Industrial Control System, US Army Research Laboratory. Report ARL-TR-7775."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/18\/2\/89\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,10]],"date-time":"2026-02-10T05:17:22Z","timestamp":1770700642000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/18\/2\/89"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,7]]},"references-count":55,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2026,2]]}},"alternative-id":["fi18020089"],"URL":"https:\/\/doi.org\/10.3390\/fi18020089","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,7]]}}}