The effectiveness and the cost-sensitivity of moving target defense (MTD) strategies have not been studied thoroughly in previous research. In this paper, we propose a hybrid MTD model that considers the defender's preferences to shift the attack surfaces more effectively in a cost-sensitive manner by incorporating event- and time-based move selection engines. We model the protected system as a state machine where the states are the attack surfaces with their security levels which are determined by utilizing the Bayesian attack graph (BAG) as a dynamic risk assessment tool. In the event-based engine, the competitive Markov decision process (CMDP) is employed to find the proper moves for each possible state of the protected system. Moreover, the proposed time-based engine shifts the attack surface based on the history of the received alerts to maintain the unpredictability of the attack surface. The simulations demonstrate that the hybrid strategy outperforms other common strategies with regard to thwarting attacks in a cost-sensitive manner.

• 出版日期2018-6