In the world of cyber defense, what if the network was able to defend itself? How about if the network was a constant moving target? These scenarios may soon be in play.
That is because two cyber security wonks, Scott DeLoach, Kansas State University professor of computing and information sciences, and Xinming “Simon” Ou, associate professor of computing and information sciences, are trying to build a computer network that could protect itself against online attackers by automatically changing its setup and configuration.
DeLoach and Ou just won a five-year grant of more than $1 million from the Air Force Office of Scientific Research to fund the study “Understanding and quantifying the impact of moving target defenses on computer networks.”
The study, which began last month, will be the first to document whether this type of adaptive cyber security, called moving-target defense, can be effective. If it can work, researchers will determine if the benefits of creating a moving-target defense system outweigh the overhead and resources needed to build it.
“It’s important to investigate any scientific evidence that shows that this approach does work so it can be fully researched and developed,” DeLoach said. He started collaborating with Ou to apply intelligent adaptive techniques to cyber security several years ago after a conversation at a university open house.
The term moving-target defense first came about in 2008. The idea behind moving-target defense in the context of computer networks is to create a computer network that is no longer static in its configuration. Instead, as a way to thwart cyber attackers, the network automatically and periodically randomizes its configuration through various methods — such as changing the addresses of software applications on the network; switching between instances of the applications; and changing the location of critical system data.
The key is to make the network appear to an attacker that it is changing chaotically while to an authorized user the system operates normally, Ou and DeLoach said.
“If you have a Web server, pretty much anybody in the world can figure out where you are and what software you’re running,” DeLoach said. “If they know that, they can figure out what vulnerabilities you have. In a typical scenario, attackers scan your system and find out everything they can about your server configuration and what security holes it has. Then they select the best time for them to attack and exploit those security holes in order to do the most damage. This could change that.”
Creating a computer network that could automatically detect and defend itself against cyber attacks would substantially increase the security of online data — which has been the target of large-scale cyber attacks.
In February 2011, researchers found hackers got into the Nasdaq Stock Market’s computer network. Although federal investigators concluded it was unlikely the hackers stole any information, the network’s security was vulnerable for more than a year while the hackers visited it numerous times.
Creating a moving-target defense system would shift the power imbalance that currently resides with hackers — who need only find a single security hole to exploit — back to the network administrators, who would have a system that frequently removes whatever security privileges attackers may gain with a new clean slate, Ou said.
“This is a game-changing idea in cyber security,” Ou said. “People feel that we are currently losing against online attackers. In order to fundamentally change the cyber security landscape and reduce that high risk we need some big, fundamental changes to the way computers and networks are constructed and organized.”