Dynamic defenses in cyber security:Techniques,methods and challenges Author links open overlay panel

Driven by the rapid development of the Internet of Things,cloud computing and other emerging technologies,the connotation of cyberspace is constantly expanding and becoming the fifth dimension of human activities.However,security problems in cyberspace are becoming serious,and traditional defense measures(e.g.,firewall,intrusion detection systems,and security audits)often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with a higher and higher degree of coordination and intelligence.By constructing and implementing the diverse strategy of dynamic transformation,the configuration characteristics of systems are constantly changing,and the probability of vulnerability exposure is increasing.Therefore,the difficulty and cost of attack are increasing,which provides new ideas for reversing the asymmetric situation of defense and attack in cyberspace.Nonetheless,few related works systematically introduce dynamic defense mechanisms for cyber security.The related concepts and development strategies of dynamic defense are rarely analyzed and summarized.To bridge this gap,we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security.Specifically,we firstly introduce basic concepts and define dynamic defense in cyber security.Next,we review the architectures,enabling techniques and methods for moving target defense and mimic defense.This is followed by taxonomically summarizing the implementation and evaluation of dynamic defense.Finally,we discuss some open challenges and opportunities for dynamic defense in cyber security.

DDoS Defense Algorithm Based on Multi-Segment Timeout Technology

Through the analysis to the DDoS（distributed denial of service） attack, it will conclude that at different time segments, the arrive rate of normal SYN （Synchronization） package are similar, while the abnormal packages are different with the normal ones. Toward this situation a DDoS defense algorithm based on multi-segment timeout technology is presented, more than one timeout segment are set to control the net flow. Experiment results show that in the case of little flow, multi-segment timeout has the ability dynamic defense, so the system performance is improved and the system has high response rate.

Flexible Defense Succeeds Creative Attacks!—A Simulation Approach Based on Position Data in Professional Football

Introduction: The key to success is finding the perfect mixture of tactical patterns and sudden breaks of them, which depends on the behavior of the opponent team and is not easy to estimate by just watching matches. According to the specific tactical team behavior of “attack vs. defense” professional football matches are investigated based on a simulation approach, professional football matches are investigated according to the specific tactical team behavior of “attack vs. defense.” Methods: The formation patterns of all the sample games are categorized by SOCCER© for defense and attack. Monte Carlo-Simulation can evaluate the mathematical, optimal strategy. The interaction simulation between attack and defense shows optimal flexibility rates for both tactical groups. Approach: A simulation approach based on 40 position data sets of the 2014/15 German Bundesliga has been conducted to analyze and optimize such strategic team behavior in professional soccer. Results: The results revealed that both attack and defense have optimal planning rates to be more successful. The more complex the success indicator, the more successful attacking player groups get. The results also show that defensive player groups always succeed in attacking groups below a specific planning rate value. Conclusion: Groups are always succeeding. The simulation-based position data analysis shows successful strategic behavior patterns for attack and defense. Attacking player groups need very high flexibility to be successful (stay in ball possession). In contrast, defensive player groups only need to be below a defined flexibility rate to be guaranteed more success.

Using Event-Based Method to Estimate Cybersecurity Equilibrium

Estimating the global state of a networked system is an important problem in many application domains.The classical approach to tackling this problem is the periodic(observation)method,which is inefficient because it often observes states at a very high frequency.This inefficiency has motivated the idea of event-based method,which leverages the evolution dynamics in question and makes observations only when some rules are triggered(i.e.,only when certain conditions hold).This paper initiates the investigation of using the event-based method to estimate the equilibrium in the new application domain of cybersecurity,where equilibrium is an important metric that has no closed-form solutions.More specifically,the paper presents an event-based method for estimating cybersecurity equilibrium in the preventive and reactive cyber defense dynamics,which has been proven globally convergent.The presented study proves that the estimated equilibrium from our trigger rule i)indeed converges to the equilibrium of the dynamics and ii)is Zeno-free,which assures the usefulness of the event-based method.Numerical examples show that the event-based method can reduce 98%of the observation cost incurred by the periodic method.In order to use the event-based method in practice,this paper investigates how to bridge the gap between i)the continuous state in the dynamics model,which is dubbed probability-state because it measures the probability that a node is in the secure or compromised state,and ii)the discrete state that is often encountered in practice,dubbed sample-state because it is sampled from some nodes.This bridge may be of independent value because probability-state models have been widely used to approximate exponentially-many discrete state systems.