The moving target defense (MTD) is a proactive cybersecurity defense technique Figure Skating - Clothing - Adult Activewear that constantly changes potentially vulnerable points to be attacked, to confuse the attackers, making it difficult for attackers to infer the system configuration and nullify reconnaissance activities to a victim system.We consider an MTD strategy for software-defined networking (SDN) environment where every SDN switch is controlled by a central SDN controller.As the MTD may incur excessive usage of the network/system resources for cybersecurity purposes, we propose to perform the MTD operations adaptively according to the security risk assessment based on a Bayesian attack graph (BAG) analysis.For accurate BAG analysis, we model random and weakest-first attack behaviors and Hunting Trousers incorporate the derived analytical models into the BAG analysis.Using the BAG analysis result, we formulate a knapsack problem to determine the optimal set of vulnerabilities to be reconfigured under a constraint of SDN reconfiguration overhead.
The experiment results prove that the proposed MTD strategy outperforms the full MTD and random MTD counterparts in terms of the maximum/average of attack success probabilities and the number of SDN reconfiguration updates.