Hamed Okhravi , MIT Lincoln Laboratory, Lexington
Thomas Hobson , MIT Lincoln Laboratory, Lexington
David Bigelow , MIT Lincoln Laboratory, Lexington
William Streilein , MIT Lincoln Laboratory, Lexington
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2013.137
Protecting critical systems and assets against cyber attacks is an ever more difficult challenge that strongly favors the attacker. While defenders must protect a large set of cyber systems containing an unknown number of vulnerabilities of various types, an attacker need only find one or a few exploitable vulnerabilities in order to mount a successful attack. One promising approach that can shift the balance in the defender's favor is to create uncertainty for the attacker by dynamically changing system properties in what is called a cyber moving target (MT). MT techniques seek to randomize system components, add dynamics to a system, and diversify otherwise-homogeneous collections of system. In this article, we review the five dominant domains of MT techniques available today as research prototypes and commercial solutions. Through our analysis we present the strengths and weaknesses of the techniques and make recommendations for future research that will improve current capabilities.
Hamed Okhravi, Thomas Hobson, David Bigelow, William Streilein, "Finding Focus in the Blur of Moving Target Techniques", IEEE Security & Privacy, , no. 1, pp. 1, PrePrints PrePrints, doi:10.1109/MSP.2013.137