Army research lends unique insight into cyber defense

By U.S. Army CCDC Army Research Laboratory Public AffairsApril 22, 2020

Army researchers provide insight into uncharted territory in cyber defense research that will serve as the foundation for more secure networks for future Soldiers.
Army researchers provide insight into uncharted territory in cyber defense research that will serve as the foundation for more secure networks for future Soldiers. (Photo Credit: U.S. Army - Shutterstock) VIEW ORIGINAL

ADELPHI, Md. -- Army researchers are providing new insights to computer systems defense that will lead to more secure systems for warfighters.

Researchers from the U.S. Army Combat Capabilities Development Command’s Army Research Laboratory, along with academic and industry partners, have published a survey paper, Toward proactive, adaptive defense: A survey on moving target defense, that discusses the overall trends of moving target defense research into critical aspects of defense systems for researchers who seek to develop proactive, adaptive mechanisms.

“We are facing a reality with the increase of persistent, advanced, intelligent attacks while defenders are often way behind attackers in taking appropriate actions to thwart potential attackers,” said Terrence Moore, a mathematician for the laboratory. “The concept of moving target defense has emerged as a proactive defense mechanism aiming to prevent attacks.”

Using this approach, researchers hope to increase uncertainty and confusion for the attacker by dynamically changing the attack surface of the system or network to be protected, Moore said.

According to Moore, this can be done by changing certain network configurations, such as IP addresses, port numbers, address space layouts, software stacks, etc. Any reconnaissance intelligence collected by the attacker is void after the attack surface changes.

“This approach is derived from the idiom that a moving target is hard to hit,” Moore said.

The purpose of this survey paper is to provide a baseline for a practitioner or other researcher to use to grasp a certain understanding of the subtopic area, Moore noted.

While there are other surveys out there that discuss this technique, this particular survey is unique, and dives in to areas that have been left untouched by the research community.

“There are other surveys on [moving target defense], but our approach addresses certain questions left unanswered by several of the other surveys,” Moore said. “Our survey considers various aspects of [moving target defense], such as key roles, design principles, classifications, common attack strategies, key defense methodologies, important algorithms, metrics, evaluation methods and application domains.”

In particular, the team seeks to link these aspects, for example, by considering the common attack strategies and defense methodologies for a particular application domain as well as the benefits and challenges of the moving target defense approaches in the domain.

The group, which also includes Dr. Frederica Nelson from the laboratory; researchers from the School of Electrical Engineering and Computer Science at the Gwangju Institute of Science and Technology; the School of Information Technology and Electrical Engineering at the University of Queensland; and the Department of Computer Science at Virginia Tech; has also recently considered the application of moving target defense techniques into a software defined networking-based in-vehicle network.

“In-vehicle networks were not designed to be connected to the outside world, but new tools have encouraged this extra-vehicular network connectivity without changing the original infrastructure,” Moore said. “This presents a real security threat. Moving target defense offers a potential temporary solution as an interface between the legacy in-vehicle network and external networks to provide real security until there is a sufficient mandate to update the existing vehicular network infrastructure.”

Additionally, the group has considered network performance effects due to moving target defense. This is an unusual tact for a security paper that doesn’t focus on the security aspects.

“The fact is that the benefits of [moving target defense] have a cost,” Moore said. “Packets, or messages, may be dropped or delayed because of the changes in the network configurations. This has an impact on the overall network performance and so we felt it was an important consideration.”

Moving forward, Moore said this research is very promising for future research endeavors that could benefit the technology Soldiers rely upon to safely and efficiently complete their missions.

“Future planned work includes developing metrics that measure the security and/or performance of the network dynamically,” Moore said. “Such measures could help determine optimal conditions for what, when and how to move when implementing an [moving target defense] mechanism.”

Another possible direction, Moore noted, is finding a way to distributize the process.

Currently, most approaches rely on some degree of centralized control of the movement, for example, using the controller in a software-defined networking environment, he said. A distributed approach may result in less cost and a reduced impairment on network performance.

“A centralized manager of the [moving target defense] decisions and actions solves a lot of potential problems, including network fault or error, since it has control of the “movement,” and it can by easier to implement,” Moore said. “However, this limits the potential of [ moving target defense] to certain application domains. If we want to implement this security approach in a more dynamic and challenging environment, such as in a tactical network environment, then there needs to be more research and implementation strategies using a decentralized and/or distributed approach.”

This research supports the Army Modernization Priorities for Network/C3I as well as the Army Functional Concepts of Intelligence and Maneuver Support, as this fundamental research provides an initial step toward the vision of a network strategy that dynamically changes network configurations in order to securely execute the mission.

This survey was made possible due to the CCDC International Technology Center-Pacific and ARL under Agreement FA5209-18-P-0037, as well as the current ITC-PAC CA FA5209-19-P-A056.

(Photo Credit: U.S. Army) VIEW ORIGINAL

CCDC Army Research Laboratory is an element of the U.S. Army Combat Capabilities Development Command. As the Army's corporate research laboratory, ARL discovers, innovates and transitions science and technology to ensure dominant strategic land power. Through collaboration across the command’s core technical competencies, CCDC leads in the discovery, development and delivery of the technology-based capabilities required to make Soldiers more lethal to win the nation’s wars and come home safely. CCDC is a major subordinate command of the U.S. Army Futures Command.