• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

SD-MTD: Software-Defined Moving-Target Defense for Cloud-System Obfuscation


Abstract

In recent years, container techniques have been broadly applied to cloud computing systems to maximize their efficiency, flexibility, and economic feasibility. Concurrently, studies have also been conducted to ensure the security of cloud computing. Among these studies, moving-target defense techniques using the high agility and flexibility of cloud-computing systems are gaining attention. Moving-target defense (MTD) is a technique that prevents various security threats in advance by proactively changing the main attributes of the protected target to confuse the attacker. However, an analysis of existing MTD techniques revealed that, although they are capable of deceiving attackers, MTD techniques have practical limitations when applied to an actual cloud-computing system. These limitations include resource wastage, management complexity caused by additional function implementation and system introduction, and a potential increase in attack complexity. Accordingly, this paper proposes a software-defined MTD system that can flexibly apply and manage existing and future MTD techniques. The proposed software-defined MTD system is designed to correctly define a valid mutation range and cycle for each moving-target technique and monitor system-resource status in a software-defined manner. Consequently, the proposed method can flexibly reflect the requirements of each MTD technique without any additional hardware by using a software-defined approach. Moreover, the increased attack complexity can be resolved by applying multiple MTD techniques.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
K. Kang, J. T. Seo, S. H. Baek, C. W. Kim, K. Park, "SD-MTD: Software-Defined Moving-Target Defense for Cloud-System Obfuscation," KSII Transactions on Internet and Information Systems, vol. 16, no. 3, pp. 1063-1075, 2022. DOI: 10.3837/tiis.2022.03.017.

[ACM Style]
Ki-Wan Kang, Jung Taek Seo, Sung Hoon Baek, Chul Woo Kim, and Ki-Woong Park. 2022. SD-MTD: Software-Defined Moving-Target Defense for Cloud-System Obfuscation. KSII Transactions on Internet and Information Systems, 16, 3, (2022), 1063-1075. DOI: 10.3837/tiis.2022.03.017.

[BibTeX Style]
@article{tiis:25531, title="SD-MTD: Software-Defined Moving-Target Defense for Cloud-System Obfuscation", author="Ki-Wan Kang and Jung Taek Seo and Sung Hoon Baek and Chul Woo Kim and Ki-Woong Park and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2022.03.017}, volume={16}, number={3}, year="2022", month={March}, pages={1063-1075}}