ABSTRACT
Static nature of cloud systems is useful from a service provisioning aspect. The cloud service providers want system configuration to remain unchanged once an application has been deployed. This makes the cloud system soft target for the attackers since they can spend the time to perform reconnaissance on the system and craft the necessary attacks based on the information gathered by cloud system exploration. The static and homogeneous nature of the cloud system, although it makes administration easy, increases the chance of a system being compromised.
MTD has been used as a defensive technique in many fields such as one-on-one air combats, Go game, chess, etc. The goal is to deceive the attacker. MTD allows the administrator to change the static nature of cloud resources. The cloud system information that is accessible to the attacker, such as open ports, Operating System (OS) information, and software version information together constitute the Attack Surface. By introducing MTD, the static nature of a cloud system can be changed to dynamic. The homogeneous attack surface becomes asymmetric and heterogeneous. The constantly changing attack surface reduces the probability of successful exploits by the attacker.
In this chapter, we introduce MTD-based proactive security . The introduction of cyber kill chain and how MTD can help in disruption of attack propagation at various stages of attack have been discussed in Section 7.1. The classification of different types of MTD mechanisms, along with illustrative examples, has been discussed in Section 7.2. We consider some examples of SDN-based MTD frameworks that utilize Service Randomization , OS hiding and other obfuscation techniques using SDN-based command and control have been discussed in Section 7.3. Section 7.4 considers MTD as a game between attacker and defender and discusses existing approaches that leverage game theoretic detection and defense mechanisms to deal with security attacks. The evaluation of the effectiveness of different MTD frameworks has been provided in Section 7.5.
